Secure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policies
Summary
Amazon Bedrock AgentCore is a tool that lets Software as a Service (SaaS) providers serve multiple clients, called tenants, with different security needs using the same AI agent. Resource-based policies (rules that control who can access a resource directly) let you grant some tenants cross-account access from their own AWS accounts while restricting others to traffic that stays only within a private virtual network, all without sharing credentials or creating separate user accounts for each tenant.
Solution / Mitigation
Use resource-based policies on AgentCore Runtime and AgentCore Runtime endpoint resources to centralize access control. For cross-account access (like Example Corp), implement both a resource-based policy on your resources and an identity-based policy (access rules tied to a user or role) in the tenant's AWS account. For VPC-restricted scenarios (like AnyCompany), use specific IAM conditions to enforce that requests originate only from an approved virtual private cloud (VPC, a private network in AWS), adding a network-level security boundary on top of identity-based controls.
Classification
Affected Vendors
Related Issues
Original source: https://aws.amazon.com/blogs/security/secure-multi-tenant-ai-agents-with-amazon-bedrock-agentcore-resource-based-policies/
First tracked: June 2, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%