Control which domains your AI agents can access

2026-04-02 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure · Depth: Intermediate, long

Summary

Amazon Bedrock AgentCore tools, including Browser, Code Interpreter, and Runtime, can be secured using AWS Network Firewall to implement domain-based egress filtering. This architecture allows AI agents to access the internet while adhering to enterprise security and compliance requirements by restricting outbound traffic to an allowlist of approved domains. The solution deploys AgentCore Browser within a private subnet, routing all outbound HTTPS requests through AWS Network Firewall, which inspects TLS Server Name Indication (SNI) headers to enforce filtering rules. This setup enables explicit domain allowlisting, category-based blocking, and connection logging for audit purposes, mitigating risks like unauthorized access and data exfiltration, and defending against prompt injection attacks that could redirect agents to unintended sites. The post details a CloudFormation template for deployment and configuration steps for IAM roles, Network Firewall rules, and security groups.

Key takeaway

For AI Architects or MLOps Engineers deploying AI agents with internet access in regulated environments, you should implement AWS Network Firewall with Amazon Bedrock AgentCore. This configuration provides essential domain-based egress filtering, ensuring compliance and mitigating prompt injection risks by restricting agent navigation to approved domains. Your team can quickly establish network isolation and audit capabilities using managed AWS services, avoiding complex custom proxy solutions.

Key insights

AWS Network Firewall provides robust domain-based egress filtering for AI agents using Amazon Bedrock AgentCore.

Principles

• Implement defense-in-depth for AI agent security.
• Use SNI inspection for domain-level egress filtering.
• Prioritize allowlisting over denylisting for strict control.

Method

Deploy AgentCore in a private subnet, route outbound traffic through AWS Network Firewall, and configure stateful rules to allow or block domains based on TLS SNI headers, logging all connection attempts.

In practice

• Add ".amazonaws.com" to allowlist for AWS service access.
• Enable ALERT and FLOW logs for auditing and troubleshooting.
• Configure HOME_NET for multi-VPC centralized firewall deployments.

Topics

• AI Agent Security
• AWS Network Firewall
• Amazon Bedrock AgentCore
• Domain Filtering
• Egress Control

Code references

• awslabs/amazon-bedrock-agentcore-samples

Best for: AI Security Engineer, AI Architect, MLOps Engineer

Related on AIssential

• Control where your AI agents can browse with Chrome enterprise policies on Amazon Bedrock AgentCore — Amazon Bedrock AgentCore now offers granular control over AI agent browsing via Chrome policies and custom root CAs.
• Secure AI agents with Amazon Bedrock AgentCore Identity on Amazon ECS — Secure AI agent access to external services using OAuth 2.0 Authorization Code Grant with Amazon Bedrock AgentCore Identity.
• Amazon’s OpenAI gambit signals a new phase in the cloud wars — one where exclusivity no longer applies — AWS's new offerings position it as a comprehensive platform for agentic AI, integrating top models with robust security and specialized applications.
• AWS Bedrock Agents: The Beginner’s Guide — AWS Bedrock Agents provide a managed platform for building and deploying AI agents with integrated orchestration and security.
• Google and AWS split the AI agent stack between control and execution — AI agent management is splitting into system-layer governance (Google) and execution-layer velocity (AWS) to address state drift.
• Semantic search across MCP tools with Amazon Bedrock AgentCore Gateway — Amazon Bedrock AgentCore Gateway enables scalable LLM agents through built-in semantic search for tool selection.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.