Amazon Bedrock AgentCore Gateway and Identity Now Support VPC Egress for Enhanced Network Security
AWS has updated Amazon Bedrock AgentCore Gateway and Identity to support egress traffic through a Virtual Private Cloud. This enhancement enables agents to interact with private resources while maintaining a secure network perimeter. By routing traffic through the VPC, organizations can apply existing security groups and network access control lists to their AI agent interactions for better compliance.
#aws#cloud#official#marketing:marchitecture/artificial-intelligence
Comparison
| Aspect | Before / Alternative | After / This |
|---|---|---|
| Network Path | Public internet endpoints | Private VPC subnets |
| Security Controls | IAM policies only | IAM, Security Groups, and NACLs |
| Resource Access | Limited to public APIs | Internal DBs and private VPC resources |
| Traffic Monitoring | CloudTrail audit logs | VPC Flow Logs and CloudTrail integration |
Action Checklist
- Identify internal resources required by the Bedrock agent Map out private databases or APIs that require secure connectivity
- Configure VPC subnets and security groups Ensure the security groups allow necessary outbound traffic to your resources
- Update IAM roles for Bedrock agents Include permissions for creating and managing elastic network interfaces
- Enable VPC egress in Agent settings Apply the network configuration to the specific agent via the AWS Console or SDK
- Monitor connectivity using VPC Flow Logs Verify that traffic is correctly routed through the intended network paths
Source: AWS What's New
This page summarizes the original source. Check the source for full details.
