Network connectivity patterns for agents deployed on Amazon Bedrock AgentCore Runtime
Networking & Content Delivery Blog
This article explains four network connectivity patterns for AI agents deployed on Amazon Bedrock AgentCore Runtime, progressing from public internet access to complete network isolation.
- Pattern 1: Default public endpoint accessible over internet with OAuth/IAM authentication
- Pattern 2: VPC connectivity via ENIs enables secure access to private resources like RDS databases
- Pattern 3: Resource-based policies block public internet access; VPC endpoints restrict to private networks
- Pattern 4: Isolated VPC with VPC endpoints for AWS services; zero internet ingress/egress
- Security groups control agent access to VPC resources in all patterns
- Includes AWS CLI commands for configuring each connectivity pattern
These patterns enable enterprises to deploy AI agents with appropriate security controls matching their compliance and data sensitivity requirements.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 3
2026
2026
Private connectivity patterns for Amazon Bedrock AgentCore Gateway Targets
Nov 11
2025
2025
Introducing agent-to-agent protocol support in Amazon Bedrock AgentCore Runtime
Jan 12
2026
2026
Building Intelligent Network Operations Agent with Amazon Bedrock AgentCore
Feb 11
2026
2026
Amazon Bedrock AgentCore Browser now supports proxy configuration
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.