Skip to content

SYSTEM Cited by 1 source

AgentCore Identity

What it is

AgentCore Identity is the Bedrock AgentCore surface responsible for authentication + authorisation of agents and their tool access — which agent is allowed to call which tool, read which knowledge base, or read / write which piece of memory.

"AgentCore Identity manages authentication and authorization for agents and their tool access, so that only authorized sub-agents can invoke specific tools and access the Knowledge Base." (Source: sources/2026-04-23-aws-modernizing-kyc-with-aws-serverless-solutions-and-agentic-ai)

Why it exists

In a multi-agent system, tool-scoped least privilege is a first- class requirement, not a nice-to-have. The Document Analysis sub-agent must not be able to trigger a core-banking account activation; the Compliance sub-agent must not be able to overwrite the customer-interaction history in DynamoDB. Without runtime enforcement, the guardrails collapse into prompt discipline — which doesn't survive adversarial inputs, model drift, or an agent rewrite.

AgentCore Identity is the runtime that makes tool-surface restriction enforced — the same motivation Byron Cook gives for AgentCore as a whole (capability envelopes rather than prompt instructions). (Source: systems/bedrock-agentcore.)

Pairing

  • With systems/agentcore-gateway: Identity authorises what an agent may call; Gateway executes it. One checks, one does.
  • With systems/agentcore-memory: Identity presumably also gates which agents can read / write shared memory — the KYC post implies this but doesn't call it out explicitly.

Role in the KYC architecture

Five sub-agents + one supervisor + a shared Knowledge Base + integrations to five on-prem system classes. Identity is the runtime ensuring:

  • Fraud Detection can query the fraud-history Knowledge Base but not the Compliance Attestation store.
  • Identity Verification can call the watchlist / sanctions API but not the Core Banking activation API.
  • Supervisor can dispatch any sub-agent but can't bypass a sub-agent and call its tools directly.

Caveats

  • No policy-language disclosure. The post names what Identity is responsible for but not how policies are expressed — IAM? Cedar? a custom AgentCore DSL? Treat this page as a placeholder until that detail lands.
  • No latency / scale numbers. Like the rest of AgentCore, Identity is described at the contract level.

Seen in

Last updated · 476 distilled / 1,218 read