Private connectivity patterns for Amazon Bedrock AgentCore Gateway Targets
Networking & Content Delivery Blog
This article explains four private connectivity patterns for Amazon Bedrock AgentCore Gateway to securely route traffic to targets without using the public internet.
- MCP server targets connect via Amazon VPC Lattice private endpoints (managed or self-managed)
- REST API targets use private endpoints with OpenAPI specifications and routing domains
- Regional REST API Gateway targets route through VPC Link V1 or V2 for private VPC access
- AWS Lambda targets use Hyperplane ENI for VPC connectivity to private resources
- Advanced patterns support on-premises connectivity via Direct Connect or Site-to-Site VPN
- Multi-cloud connectivity available through VPN or AWS Interconnect to other cloud providers
- Multi-VPC/account scenarios use VPC peering, Transit Gateway, Cloud WAN, or AWS RAM
The post provides architecture guidance for platform engineers designing secure, compliant agentic AI workloads across various deployment scenarios.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
May 11
2026
2026
Network connectivity patterns for agents deployed on Amazon Bedrock AgentCore Runtime
Apr 30
2026
2026
Configuring Amazon Bedrock AgentCore Gateway for secure access to private resources
Sep 10
2025
2025
Amazon Bedrock AgentCore Gateway supports AWS PrivateLink invocation and invocation logging
Feb 11
2026
2026
Amazon Bedrock AgentCore Browser now supports proxy configuration
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.