TalksAWS re:Invent 2025 - Securing agent access with Amazon Bedrock AgentCore Identity (SEC313)

AWS re:Invent 2025 - Securing agent access with Amazon Bedrock AgentCore Identity (SEC313)

Securing Agent Access with Amazon Bedrock AgentCore Identity

Industry Context

  • Enterprises are rapidly embracing agent-based AI systems, with Gartner predicting:
    • 33% of enterprise applications will have an agent-based AI element by 2028 (up from 1% in 2022)
    • 50% of decisions will be made autonomously
  • Key drivers for agent adoption include:
    • Increased productivity and efficiency
    • Contextual decision-making and experiences
    • Faster time-to-market for new applications

Authentication Challenges for Agent-based Systems

  • Validating the identity of the agent caller and ensuring they are authorized
  • Managing consent for agents to access various systems and resources
  • Enabling granular, scoped access control for agents
  • Avoiding custom code and "glue" to integrate identity and access management

Impact of Identity and Access Challenges

  • Lack of trust in agents slows broader adoption and productivity gains
  • Additional developer burden to implement identity plumbing delays agent deployments
  • Consent fatigue and poor user experience hinders agent usage

Introduction to Amazon Bedrock AgentCore Identity

  • Provides a set of primitives to enable secure, delegated access for agents:
    • Identity Directory: Assigns unique workload IDs for agents and gateways
    • Authorizer: Verifies user identity and authorization using existing IDPs
    • Resource Credential Providers: Securely stores and provides credentials for agents
    • Token Vault: Manages OAuth token flows and exchanges
  • Enables agents to access both AWS resources and external, OAuth/API-protected systems

Access Patterns Supported

  1. AWS Resource Access:

    • Agents assume an IAM role and use AWS Signature Version 4 to access resources
    • AgentCore Identity handles the STS credential exchange

  2. Non-AWS Resource Access:

    • Three-Legged OAuth:
      • User authenticates with their IDP, grants consent for agent to access resources
      • AgentCore Identity brokers the OAuth token exchange for the agent
    • Two-Legged OAuth:
      • Agents access resources based on pre-authorized user consent, such as scheduled jobs or event-driven automation

Technical Deep Dive

  1. AWS Resource Access:

    • Agent signs API calls using AWS Signature Version 4
    • Assumes an IAM role to access the desired AWS resources

  2. Non-AWS Resource Access:

    • Three-Legged OAuth:
      • User authenticates with their IDP, grants consent for agent to access resources
      • AgentCore Identity:
        • Validates user identity and authorization
        • Captures and persists user consent
        • Provisions a unique "workload access token" to bind the agent to the user
        • Facilitates the OAuth token exchange for the agent to access the target resources
    • Two-Legged OAuth:
      • Agent accesses resources based on pre-authorized user consent
      • AgentCore Identity manages the OAuth token exchange on behalf of the agent

Governance and Observability

  • AgentCore Identity integrates with AWS CloudTrail to provide auditable logs of all API calls
  • Integrates with AgentCore Observability to monitor authentication requests, token fetches, and other key metrics

Recent Enhancements

  • Support for custom claims and scopes in the authorizer
  • Three-legged OAuth support for AgentCore Gateway
  • Custom Lambda interceptors in AgentCore Gateway
  • Policy-based access control using Cedar

Getting Started

  • Detailed documentation, developer guides, and GitHub samples available
  • Encourages exploring the various access patterns and features of AgentCore Identity

Key Takeaways

  • AgentCore Identity provides a comprehensive solution to address the identity and access management challenges for agent-based AI systems
  • It enables secure, delegated access to both AWS and external resources, streamlining the development and deployment of agent-based applications
  • The platform-agnostic design and integration with existing IDPs make it easy to adopt and integrate into existing infrastructure
  • Robust governance and observability features ensure visibility and control over agent activities
  • Continuous enhancements and new capabilities keep pace with the evolving agent-based AI landscape

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.