AWS published a blog post detailing two architecture patterns to secure Amazon Bedrock AgentCore Runtime using AWS WAF. The patterns involve routing traffic through a VPC Interface Endpoint with either a Lambda proxy or direct ALB targeting to control and protect requests. These methods also include resource policies to ensure traffic only flows through AWS WAF, enhancing security with SigV4 and OAuth authentication.
Source preview
Server-side extracted preview paragraphs from the original source.
This post shows you two architecture patterns that address this problem.
When you deploy generative AI agents with Amazon Bedrock AgentCore as production API endpoints, you might want to enforce web application firewall policies, rate limiting, protection against common web threats, or audit controls via AWS WAF.
