TLDR: Amazon has launched Bedrock AgentCore Identity, a new service designed to provide comprehensive identity and access management for agentic AI. This service aims to enable secure and scalable deployment of AI agents by managing their identities, credentials, and access to AWS and third-party resources, addressing critical security and governance challenges in the evolving AI landscape.
Amazon Web Services (AWS) has introduced Bedrock AgentCore Identity, a groundbreaking identity and access management (IAM) service specifically engineered for agentic AI. Announced on August 29, 2025, this new offering is poised to streamline the deployment and operation of highly capable AI agents by providing a centralized solution for managing their identities and securing their access to various resources.
The proliferation of AI agents, autonomous software systems that leverage artificial intelligence to reason, plan, and execute tasks, has highlighted a critical need for robust security and governance. As these agents operate independently across diverse digital environments, often on behalf of users or themselves, managing their authentication and authorization becomes paramount. Swami Sivasubramanian, AWS VP for Agentic AI, emphasized at the AWS Summit in New York that AI agents represent a “tectonic change” that “upends the way software is built” and introduces new challenges in deployment and operation.
Bedrock AgentCore Identity addresses these challenges through a dual authentication model: inbound and outbound. Inbound authentication focuses on “who can access the agent,” while outbound authentication tackles “what the agent can access.” This dual approach ensures comprehensive security for agent interactions.
The service is built upon four core components:
1. Agent Identity Directory: This component facilitates the creation, management, and organization of agent and workload identities within a unified directory service.
2. Agent Authorizer: It validates whether a user or another service is authorized to invoke a specific AI agent.
3. Resource Credential Provider: This stores the necessary configurations for an agent to obtain credentials, allowing it to securely access downstream resource servers such as Google or GitHub.
4. Resource Token Vault: Designed to securely store a user’s OAuth access tokens, enabling agents to retrieve and use them to perform actions on behalf of users.
Amazon asserts that Bedrock AgentCore Identity will significantly reduce the need for custom access controls and identity infrastructure development, potentially “extinguishing months of custom development.” The service promises “robust identity and access management at scale,” allowing agents to securely interact with AWS resources and third-party tools like GitHub, Salesforce, or Slack. This enterprise-grade security is crucial for deploying agents that can safely operate across organizational boundaries and access diverse resources.
Also Read:
- AWS Enhances Amazon Bedrock AgentCore Runtime with Custom Domain Name Support
- AWS Propels Autonomous Operations with Advanced Agentic AI Capabilities
The introduction of Bedrock AgentCore Identity underscores AWS’s commitment to building trust in agentic AI by providing a solid foundation for secure, reliable, and governed AI agent solutions.
