Securing Amazon Bedrock AgentCore Runtime with AWS WAF
Summary
This article presents two architecture patterns for integrating AWS WAF with Amazon Bedrock AgentCore Runtime to enforce web application firewall policies, rate limiting, and protection against common web threats. The primary challenge addressed is configuring Application Load Balancer (ALB) health checks for AgentCore, which requires SigV4 or OAuth authentication. Pattern 1 introduces an AWS Lambda proxy between the ALB and a VPC Interface Endpoint, offering request transformation, custom logging, and authentication translation, though adding 50-200 ms latency and compute costs. Pattern 2 connects the ALB directly to VPC Endpoint ENI IP addresses, providing a simpler, lower-latency, and lower-cost solution without request transformation. Both patterns route traffic through a com.amazonaws..bedrock-agentcore VPC Interface Endpoint and require a resource policy to prevent direct AgentCore access, ensuring all invocations pass through AWS WAF for defense-in-depth security.
Key takeaway
For AI Architects deploying Amazon Bedrock AgentCore agents as production API endpoints, carefully choose between the Lambda proxy or direct VPC Endpoint integration with AWS WAF. If your solution requires request transformation or multi-authentication translation, opt for Pattern 1. For minimal latency and simpler architecture, Pattern 2 is ideal. Crucially, implement the provided resource policy to prevent direct AgentCore access, ensuring all traffic is inspected by AWS WAF for robust defense-in-depth.
Key insights
Securing Amazon Bedrock AgentCore Runtime with AWS WAF requires specific ALB integration patterns and a resource policy to enforce WAF inspection.
Principles
- AgentCore Runtime requires authenticated health checks.
- Resource policies are crucial for WAF bypass prevention.
- Defense-in-depth layers enhance AI agent security.
Method
Implement AWS WAF for AgentCore via two patterns: ALB with Lambda proxy for transformation, or direct ALB to VPC Endpoint ENI IPs for low latency. Both require a resource policy to enforce WAF routing.
In practice
- Configure ALB health checks for 200-499 HTTP codes.
- Apply a resource policy to deny direct AgentCore access.
Topics
- Amazon Bedrock AgentCore
- AWS WAF
- Security Architecture
- VPC Interface Endpoints
- Application Load Balancer
- Resource Policies
Code references
Best for: AI Engineer, MLOps Engineer, AI Architect
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.