This article explains how to secure multi-tenant AI agents on Amazon Bedrock AgentCore using resource-based policies, enabling different tenants to access shared infrastructure with distinct security requirements.

• Resource-based policies provide centralized, resource-level control over AgentCore Runtime and endpoint access
• Cross-account access requires both resource-based policies (provider side) and identity-based policies (tenant side)
• Example Corp gains seamless cross-account access without credential sharing or role chaining
• AnyCompany enforces VPC-only traffic using Deny statements with aws:SourceVpc conditions for HIPAA compliance
• Policies must be applied to both AgentCore Runtime and Runtime endpoint resources for InvokeAgentRuntime operations
• OAuth authentication uses wildcard principals with network-level conditions instead of IAM role principals
• Explicit Deny statements override Allow statements, ensuring network isolation cannot be bypassed

Resource-based policies enable SaaS providers to serve multiple tenants with different compliance requirements from shared AgentCore infrastructure while maintaining centralized security controls.