Security · AWS ML Blog ·
Securing Amazon Bedrock AgentCore Runtime with AWS WAF
AWS describes two patterns for securing Amazon Bedrock AgentCore Runtime with AWS WAF. Both use an internet-facing ALB and VPC Interface Endpoint, with either a Lambda proxy or direct ENI IP targeting, and a resource policy to prevent bypassing WAF. The patterns were tested with SigV4 and Cognito JWT auth.