Amazon Bedrock AgentCore gateway secures AI agents with Policy and Lambda interceptors
New gateway controls LLM tool calls with deterministic policies and dynamic validation.
Amazon Bedrock's new AgentCore gateway addresses a fundamental governance challenge in AI agent platforms: the dynamic, runtime nature of LLM-driven tool selection makes pre-audit impossible. To solve this, the gateway offers two complementary mechanisms: Policy using Cedar, a declarative language that evaluates each tool request against principal, action, resource, and context conditions for deterministic allow/deny decisions, automatically logged; and Lambda interceptors that run custom code before or after each tool call for dynamic validation, payload enrichment, token exchange, and response filtering.
In a lakehouse data agent example for insurance claims, the gateway integrates with Cognito for authentication, DynamoDB for role-to-tool mappings, and Lake Formation for row/column-level SQL security. The Lambda interceptor extracts JWT tokens, validates tool access via tenant mappings, and generates scoped tokens. The Policy engine then checks each tool call before the MCP server executes it. This layered approach lets the agent safely query S3 tables via Athena, with all sessions logged in CloudWatch for audit compliance.
- Policy uses Cedar language for deterministic allow/deny on each tool call, with automatic audit logging.
- Lambda interceptors enable custom pre/post-processing like token exchange, payload enrichment, and response filtering.
- Lake Formation enforces row-level and column-level security at query time, ensuring data-scoped access even if agents construct broad SQL.
Why It Matters
Enterprises can now securely scale AI agents across thousands of tools with granular, auditable access control.