Skip to content

Security Model

Work in Progress

This page is currently under development.

Overview

The AgentCore CLI implements a comprehensive security model that focuses on least privilege, identity management, environment isolation, and secure deployment practices.

Key Security Components

IAM Role Management

  • Least Privilege: Each agent gets only the permissions it needs
  • Role Policies: Auto-generated IAM policies based on agent requirements
  • Role Separation: Different roles for different environments

Cognito Authentication

  • User Management: Integrated user registration and authentication
  • Identity Pools: Secure token-based access
  • Federation: Support for enterprise identity providers

Environment Isolation

  • Security Boundaries: Strict separation between environments
  • Region-Specific Resources: Resources isolated by AWS region
  • Access Control: Environment-specific access policies

Session Isolation

  • Dedicated microVMs: Isolated CPU, memory, and filesystem resources
  • Resource Constraints: Memory and timeout limits
  • Runtime Security: AWS Bedrock AgentCore Runtime security protections

Best Practices

Recommended security practices when working with AgentCore CLI will be covered in a future update.

Security Recommendations

Guidelines for securing your agents and deployments will be added in a future update.