AWS Details Secure Private Connectivity for Amazon Bedrock AI Agents

AWS has recently provided detailed guidance on securely connecting AI agents to private internal resources protected by Amazon Virtual Private Cloud (VPC) boundaries, utilizing the Amazon Bedrock AgentCore Gateway. This capability is crucial for enterprises seeking to integrate AI agents into critical workflows that require access to sensitive data sources and proprietary APIs. The traditional approach of managing private connectivity for each agent's tool path often leads to significant operational overhead and can slow down deployment, a challenge that this new guidance directly addresses.

The core of this secure connectivity is achieved through the Amazon Bedrock AgentCore VPC connectivity, designed to enable AI agents and Model Context Protocol (MCP) servers to interact with internal APIs, databases, and private resources without exposing network traffic to the public internet. This managed capability extends to Amazon Bedrock AgentCore Gateway, allowing connections to endpoints inside private networks across an AWS environment. It leverages a managed construct called Resource Gateway, which provisions Elastic Network Interfaces (ENIs) directly within an organization's Amazon VPC, with one ENI deployed per designated subnet, acting as the private entry point.

The architecture relies on several key components: the Resource VPC, which hosts the private resource that AgentCore Gateway needs to reach; the AgentCore Gateway account, where gateway resources are managed; and the Resource Configuration. This configuration defines the specific private resource, identified by a domain name or IP address, that AgentCore Gateway is permitted to access through the Resource Gateway, thereby scoping connectivity to a single endpoint rather than granting broad access to the entire Amazon VPC. A Service Network Resource Association then connects this resource configuration to the AgentCore service network, allowing the AgentCore Gateway service to invoke the private endpoint.

AgentCore Gateway VPC egress supports two primary modes of operation, depending on the desired level of control over the underlying networking infrastructure. In the 'Managed VPC resource' mode, AgentCore Gateway handles all aspects on the user's behalf. Users provide their VPC ID, subnet IDs, and security groups as part of the target configuration, and AgentCore automatically creates and manages the Resource Gateway within their account. This mode is designed to integrate seamlessly with existing network architectures, whether they utilize VPC peering for same — Region or cross — Region connectivity, or a hub-and-spoke model with AWS Transit Gateway for multi — VPC and hybrid environments.

Conversely, the 'Self-managed Lattice resource' mode offers greater visibility and control. In this mode, users are responsible for pre-creating and managing the VPC Lattice Resource Gateway and the Resource Configuration before referencing them during target creation on AgentCore Gateway. This allows for precise control over aspects such as the number of IPv4 addresses per ENI, subnet placement, and security group rules. Importantly, it provides enhanced visibility into the resource configuration itself, including the ability to view it, share it using AWS Resource Access Manager (AWS RAM) — a necessity for cross — account connectivity — and retain the option to revoke those associations at any time.

This robust framework facilitates several practical scenarios, including securely connecting to private Amazon API Gateway endpoints, integrating with Model Context Protocol (MCP) servers hosted on Amazon Elastic Kubernetes Service (Amazon EKS), and accessing private REST APIs. By offering these capabilities, AWS significantly reduces the operational complexity and security management overhead typically associated with network configurations, ultimately accelerating the deployment of AI agents from development into secure, production environments and making advanced AI solutions more accessible and manageable for enterprise architects and AI developers.