Amazon Bedrock AgentCore Browser now supports Chrome enterprise policies and custom root CA certificates to give organizations granular control over agent browser behavior and connectivity. With Chrome policies, you can configure over 450 browser settings, including URL filtering, download restrictions, and password manager controls, applied through familiar Chrome enterprise JSON configuration. Custom root CA support lets your agents connect to internal services and work with corporate SSL-intercepting proxies by trusting your organization’s certificate authority. For the full reference of available settings, see the Chrome Enterprise policy list.

In this post, you will configure Chrome enterprise policies to restrict a browser agent to a specific website, observe the policy enforcement through session recording, and demonstrate custom root CA certificates using a public test site. The walkthrough produces a working solution that researches Amazon Bedrock AgentCore documentation while operating under enterprise browser restrictions.

Chrome enterprise policies address three organizational needs when applied to AI browser agents.

First, you can restrict agent scope to approved domains. URL allowlists and denylists limit where agents can navigate. An agent tasked with processing invoices on a specific portal doesn’t need access to social media or search engines. Policies enforce these boundaries at the browser level, independent of the agent’s prompt or reasoning.

Second, you can disable risky browser features. With Chrome policies, you can turn off the password manager, block file downloads, disable autofill, and control dozens of other browser capabilities. For data-entry agents that interact with sensitive systems, these controls reduce the risk of unintended data storage or exfiltration.