AI Security
[Update] AgentCore Security Policies for Tenant Agents
Published June 04, 2026 by Dillip Chowdary
Amazon Bedrock AgentCore resource-based policies give SaaS and platform teams a direct way to control which accounts, roles, or users can invoke and manage agent resources.
What Changed
- Supported resources: Policies apply to Agent Runtime, Gateway, and Memory resources.
- Evaluation model: AWS evaluates identity-based IAM policies together with resource-based policies, and explicit deny still wins.
- Runtime boundary: Agent endpoint authorization can require permissions on both the runtime and the endpoint being invoked.
Architecture Impact
Multi-tenant agent systems need more than application-level tenant IDs. If an agent can invoke tools, read memory, or execute runtime commands, the access boundary must exist where those calls happen.
Resource-based policies make agent isolation more testable because the boundary is attached to the resource rather than hidden inside orchestration code. That helps teams separate tenants, environments, delegated admin roles, and cross-account integrations.
Rollout Checklist
Model each tenant access path as policy-as-code. Test allowed access, silent default deny, explicit deny, endpoint invocation, memory reads, and gateway calls before enabling shared agent infrastructure.
Store policy JSON next to infrastructure code, run drift checks, and require review for broad principals. A permissive agent policy is effectively a production data-plane exposure.