Amazon releases identity and access management service for agentic AI

Want AI agents to work for you? You’ll need to manage them. Amazon has introduced Bedrock AgentCore Identity, a “comprehensive identity and access management service purpose-built for AI agents,” according to a post on the AWS blog.

The product provides centralized capability for managing agent identities, securing credentials, and supporting seamless integration with AWS and third-party services. It promises “robust identity and access management at scale so that agents can access your resources or tools either on behalf of users or themselves with pre-authorized user consent.”

“With AgentCore Identity AI, agent developers and administrators can securely access AWS resources and third-party tools such as GitHub, Salesforce, or Slack,” the post says. This aims to minimize the need for custom access controls and identity infrastructure development.

The main questions AgentCore Identity addresses involve authentication permissions around agentic AI. It works on a dual model. With inbound authentication, the key question is, who can access the agent? With outbound, the question is, what the agent can access?

Amazon’s product has four main components. An agent identity directory enables creation, management, and organization of agent and workload identities through a unified directory service. An agent authorizer validates whether a user or service is allowed to invoke an agent or not. A resource credential provider stores the configuration for an agent that needs to get credentials to access downstream resource servers, then retrieves credentials of downstream resource servers such as Google or GitHub to access them. Finally, a resource token vault stores a user’s OAuth access tokens and allows agents to retrieve them securely to perform actions on behalf of users.

The post has detailed integration instructions and tips on how to get started. Its claims are lofty: it “extinguishes months of custom development while providing enterprise-grade security,” making it “possible to deploy agents that can safely operate across organizational boundaries and access diverse resources.”

Core documentation on the product is available here.

Article Topics

access control  |  AI agents  |  Amazon Web Services (AWS)  |  digital identity  |  identity access management (IAM)