Control where your AI agents can browse with Chrome enterprise policies on Amazon Bedrock AgentCore

2026-05-14 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure · Depth: Intermediate, long

Summary

Amazon Bedrock AgentCore Browser now supports Chrome enterprise policies and custom root CA certificates, enhancing security and control for AI agents. This integration allows organizations to configure over 450 browser settings, including URL filtering, download restrictions, and password manager controls, via Chrome enterprise JSON configuration. Additionally, custom root CA support enables agents to connect to internal services and work with corporate SSL-intercepting proxies by trusting an organization's certificate authority, resolving common HTTPS connection errors. The article details how these policies are applied at both browser and session levels, with managed policies taking precedence. A walkthrough demonstrates restricting an agent to specific AWS documentation domains and enabling connectivity to a site with an untrusted root CA using AWS Secrets Manager.

Key takeaway

For AI Engineers deploying agents that browse the web or interact with internal services, you should implement Chrome enterprise policies and custom root CA certificates within Amazon Bedrock AgentCore. This allows you to enforce strict security boundaries, prevent unauthorized data access, and ensure seamless connectivity to corporate infrastructure without embedding policy logic in agent code. Start by defining URL allowlists and disabling unnecessary browser features.

Key insights

Amazon Bedrock AgentCore now offers granular control over AI agent browsing via Chrome policies and custom root CAs.

Principles

• Browser-level policies enhance agent security.
• Separate policy management from agent development.
• Managed policies override session-level settings.

Method

Configure Chrome enterprise policy JSON files in Amazon S3 and custom root CA certificates in AWS Secrets Manager. Reference these resources when creating an AgentCore Browser or Code Interpreter via API calls.

In practice

• Restrict agent web access to approved domains.
• Disable risky browser features like password managers.
• Enable agents to trust internal corporate CAs.

Topics

• Amazon Bedrock AgentCore
• Chrome Enterprise Policies
• AI Agent Security
• Custom Root CA Certificates
• URL Filtering

Code references

• awslabs/amazon-bedrock-agentcore-samples
• awslabs/amazon-bedrock-agentcore-samples
• aws/bedrock-agentcore-sdk-python

Best for: AI Engineer, MLOps Engineer, AI Security Engineer

Related on AIssential

• Control which domains your AI agents can access — AWS Network Firewall provides robust domain-based egress filtering for AI agents using Amazon Bedrock AgentCore.
• Secure AI agents with Amazon Bedrock AgentCore Identity on Amazon ECS — Secure AI agent access to external services using OAuth 2.0 Authorization Code Grant with Amazon Bedrock AgentCore Identity.
• AWS Bedrock Agents: The Beginner’s Guide — AWS Bedrock Agents provide a managed platform for building and deploying AI agents with integrated orchestration and security.
• Semantic search across MCP tools with Amazon Bedrock AgentCore Gateway — Amazon Bedrock AgentCore Gateway enables scalable LLM agents through built-in semantic search for tool selection.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.