Amazon Bedrock AgentCore Adds Chrome Enterprise Policy and Custom Root CA Support for Browser Agents

Amazon Bedrock AgentCore’s browser component now supports Chrome enterprise policy JSON and the import of custom root CA certificates, giving organizations direct control over how AI agents navigate the web and establish trust. This lets administrators limit agent browsing to approved domains, disable risky browser features such as password saving and unregulated downloads, and enable secure HTTPS access to internal services or SSL‑intercepting proxies. As a result, enterprises can deploy browsing agents under familiar corporate browser controls rather than relying on ad hoc workarounds.

The integration exposes more than 450 configurable Chrome settings, including URL allowlists and denylists, download controls and password‑manager toggles. Administrators supply managed policy JSON files stored in Amazon S3 when creating a browser through the control plane API, and they can provide additional recommended policy JSON at session start via the data plane API. Custom root CA certificates are kept in AWS Secrets Manager and can be imported into the browser’s trust store so HTTPS connections to internal endpoints and intercepting proxies validate normally.

Policy enforcement is split into two layers that mirror Chrome’s own behavior. Managed policies are written to /etc/chromium/policies/managed/ and are persisted by the service so they apply to every session spawned from that browser. Recommended policies map to /etc/chromium/policies/recommended/ and act like user preferences; if a recommended setting conflicts with a managed one, the managed policy takes precedence. This mapping preserves the standard Chrome precedence model while allowing session‑level customization.

For connectivity and certificate trust, the workflow references organization root CA certificates stored in Secrets Manager when creating a browser or an AgentCore Code Interpreter. The service imports those certificates into the certificate trust store so agents can make validated HTTPS connections to internal services and SSL‑intercepting proxies without disabling certificate verification. That preserves standard TLS protections while enabling browsing where private CAs or interception are in use.

The capability is presented as a direct response to operational risks from unrestricted agent browsing: uncontrolled navigation to unauthorized domains, credential leakage to browser password managers, and ad hoc file downloads. For enterprises that rely on private certificate authorities, the custom CA support removes the prior need to disable certificate validation or alter internal services — barriers that have limited safe use of browsing agents in corporate environments.

A hands‑on walkthrough in the post demonstrates the setup: it confines a browser agent to a specific website using enterprise policies, verifies enforcement with session recording, and shows custom root CA usage against a public test site. The write‑up includes a reference diagram and points readers to the full Chrome Enterprise policy list for the complete catalog of settings, offering a reproducible pattern for letting agents research documentation or perform tasks under enterprise browser restrictions.