{"data":{"id":"8704540b-ee94-4ba1-9daa-54777338f4b2","title":"Secure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policies","summary":"Amazon Bedrock AgentCore is a tool that lets Software as a Service (SaaS) providers serve multiple clients, called tenants, with different security needs using the same AI agent. Resource-based policies (rules that control who can access a resource directly) let you grant some tenants cross-account access from their own AWS accounts while restricting others to traffic that stays only within a private virtual network, all without sharing credentials or creating separate user accounts for each tenant.","solution":"Use resource-based policies on AgentCore Runtime and AgentCore Runtime endpoint resources to centralize access control. For cross-account access (like Example Corp), implement both a resource-based policy on your resources and an identity-based policy (access rules tied to a user or role) in the tenant's AWS account. For VPC-restricted scenarios (like AnyCompany), use specific IAM conditions to enforce that requests originate only from an approved virtual private cloud (VPC, a private network in AWS), adding a network-level security boundary on top of identity-based controls.","labels":["security","policy"],"sourceUrl":"https://aws.amazon.com/blogs/security/secure-multi-tenant-ai-agents-with-amazon-bedrock-agentcore-resource-based-policies/","publishedAt":"2026-06-02T16:00:11.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon Bedrock","AgentCore"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-02T16:00:11.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}