Actions, resources, and condition keys for Amazon Bedrock Agentcore
Amazon Bedrock Agentcore (service prefix: bedrock-agentcore) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
Topics
Actions defined by Amazon Bedrock Agentcore
You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The Access level column of the Actions table describes how the action is classified (List, Read, Permissions management, or Tagging). This classification can help you understand the level of access that an action grants when you use it in a policy. For more information about access levels, see Access levels in policy summaries.
The Resource types column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") to which the policy applies in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (*). If you limit resource access with the Resource element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.
The Condition keys column of the Actions table includes keys that you can specify in a policy statement's Condition element. For more information on the condition keys that are associated with resources for the service, see the Condition keys column of the Resource types table.
The Dependent actions column of the Actions table shows additional permissions that may be required to successfully call an action. These permissions may be needed in addition to the permission for the action itself. When an action specifies dependent actions, those dependencies may apply to additional resources defined for that action, not only the first resource listed in the table.
Note
Resource condition keys are listed in the Resource types table. You can find a link to the resource type that applies to an action in the Resource types (*required) column of the Actions table. The resource type in the Resource types table includes the Condition keys column, which are the resource condition keys that apply to an action in the Actions table.
For details about the columns in the following table, see Actions table.
| Actions | Description | Access level | Resource types (*required) | Condition keys | Dependent actions |
|---|---|---|---|---|---|
| AllowVendedLogDeliveryForResource [permission only] | Grants permission to configure vended telemetry for a resource | Permissions management | |||
| BatchCreateMemoryRecords | Grants permission to create one or more memory records | Write | |||
| BatchDeleteMemoryRecords | Grants permission to delete one or more memory records | Write | |||
| BatchUpdateMemoryRecords | Grants permission to update one or more memory records | Write | |||
| CompleteResourceTokenAuth | Grants permission to retrieve access token with OAuth2 for 3LO flow to access external resource | Read | |||
|
bedrock-agentcore:InboundJwtClaim/iss bedrock-agentcore:InboundJwtClaim/sub bedrock-agentcore:InboundJwtClaim/aud bedrock-agentcore:InboundJwtClaim/scope |
|||||
| ConnectBrowserAutomationStream | Grants permission to connect to a browser automation stream | Read | |||
| ConnectBrowserLiveViewStream | Grants permission to connect to a browser live view stream | Read | |||
| CreateAgentRuntime | Grants permission to create a new agent runtime | Write |
iam:PassRole |
||
| CreateAgentRuntimeEndpoint | Grants permission to create a new agent runtime endpoint | Write | |||
| CreateApiKeyCredentialProvider | Grants permission to create a new API Key Credential Provider | Write | |||
| CreateBrowser | Grants permission to create a new custom browser | Write | |||
| CreateCodeInterpreter | Grants permission to create a new custom code interpreter | Write | |||
| CreateEvent | Grants permission to create an Event | Write | |||
| CreateGateway | Grants permission to create a new gateway | Write |
iam:PassRole |
||
| CreateGatewayTarget | Grants permission to create a new target in an existing gateway | Write | |||
| CreateMemory | Grants permission to create a Memory resource | Write |
iam:PassRole |
||
| CreateOauth2CredentialProvider | Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol | Write | |||
| CreateWorkloadIdentity | Grants permission to create a new Workload Identity | Write | |||
| DeleteAgentRuntime | Grants permission to delete an agent runtime | Write | |||
| DeleteAgentRuntimeEndpoint | Grants permission to delete an agent runtime endpoint | Write | |||
| DeleteApiKeyCredentialProvider | Grants permission to delete a registered API Key Credential Provider | Write | |||
| DeleteBrowser | Grants permission to delete a custom browser | Write | |||
| DeleteCodeInterpreter | Grants permission to delete a custom code interpreter | Write | |||
| DeleteEvent | Grants permission to delete an Event | Write | |||
| DeleteGateway | Grants permission to delete an existing gateway | Write | |||
| DeleteGatewayTarget | Grants permission to delete an existing gateway target | Write | |||
| DeleteMemory | Grants permission to delete a Memory resource | Write | |||
| DeleteMemoryRecord | Grants permission to delete a Memory Record | Write | |||
| DeleteOauth2CredentialProvider | Grants permission to delete a registered OAuth2 Credential Provider | Write | |||
| DeleteWorkloadIdentity | Grants permission to delete a registered Workload Identity | Write | |||
| GetAgentCard | Grants permission to retrieve an agent card for A2A | Read | |||
| GetAgentRuntime | Grants permission to get details of an agent runtime | Read | |||
| GetAgentRuntimeEndpoint | Grants permission to get details of an agent runtime endpoint | Read | |||
| GetApiKeyCredentialProvider | Grants permission to fetch a registered API Key Credential Provider by its name | Read | |||
| GetBrowser | Grants permission to get details of a browser | Read | |||
| GetBrowserSession | Grants permission to get details of a browser session | Read | |||
| GetCodeInterpreter | Grants permission to get details of a code interpreter | Read | |||
| GetCodeInterpreterSession | Grants permission to get details of a code interpreter session | Read | |||
| GetEvent | Grants permission to fetch an Event | Read | |||
| GetGateway | Grants permission to retrieve an existing gateway | Read | |||
| GetGatewayTarget | Grants permission to retrieve an existing gateway target | Read | |||
| GetMemory | Grants permission to fetch details for a Memory resource | Read | |||
| GetMemoryRecord | Grants permission to fetch a Memory Record | Read | |||
| GetOauth2CredentialProvider | Grants permission to fetch a registered OAuth2 Credential Provider by its name | Read | |||
| GetResourceApiKey | Grants permission to retrieve an API Key associated with an Api Key Credential Provider | Read | |||
| GetResourceOauth2Token | Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource | Read | |||
| GetTokenVault | Grants permission to fetch the current configuration of the TokenVault, including encryption settings | Read | |||
| GetWorkloadAccessToken | Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user | Write | |||
| GetWorkloadAccessTokenForJWT | Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token | Write | |||
|
bedrock-agentcore:InboundJwtClaim/iss bedrock-agentcore:InboundJwtClaim/sub bedrock-agentcore:InboundJwtClaim/aud |
|||||
| GetWorkloadAccessTokenForUserId | Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id | Write | |||
| GetWorkloadIdentity | Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs | Read | |||
| InvokeAgentRuntime | Grants permission to invoke an agent runtime endpoint | Write | |||
| InvokeAgentRuntimeForUser | Grants permission to invoke an agent runtime endpoint with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header | Write | |||
| InvokeCodeInterpreter | Grants permission to invoke a code interpreter session | Write | |||
| InvokeGateway [permission only] | Grants permission to invoke a gateway | Permissions management | |||
| ListActors | Grants permission to list Actors | List | |||
| ListAgentRuntimeEndpoints | Grants permission to list agent runtime endpoints | List | |||
| ListAgentRuntimeVersions | Grants permission to list agent runtime versions | List | |||
| ListAgentRuntimes | Grants permission to list agent runtimes | List | |||
| ListApiKeyCredentialProviders | Grants permission to list all API Key Credential Providers in the Token Vault | Read | |||
| ListBrowserSessions | Grants permission to list browser sessions | List | |||
| ListBrowsers | Grants permission to list browsers | List | |||
| ListCodeInterpreterSessions | Grants permission to list code interpreter sessions | List | |||
| ListCodeInterpreters | Grants permission to list code interpreters | List | |||
| ListEvents | Grants permission to list events | List | |||
| ListGatewayTargets | Grants permission to list existing gateway targets | List | |||
| ListGateways | Grants permission to list existing gateways | List | |||
| ListMemories | Grants permission to list memory resources | List | |||
| ListMemoryRecords | Grants permission to list memory records | List | |||
| ListOauth2CredentialProviders | Grants permission to list all OAuth2 Credential Providers in the Token Vault | Read | |||
| ListSessions | Grants permission to list sessions | List | |||
| ListTagsForResource | Grants permission to list tags for a Bedrock-AgentCore resource | List | |||
| ListWorkloadIdentities | Grants permission to list all Workload Identities in the caller's AWS account | Read | |||
| RetrieveMemoryRecords | Grants permission to retrieve memory records through sematic query | List | |||
| SetTokenVaultCMK | Grants permission to associate a Customer Managed Key (CMK) or a Service Managed Key with a specific TokenVault | Read | |||
| StartBrowserSession | Grants permission to starts a new browser session | Write | |||
| StartCodeInterpreterSession | Grants permission to start a new code interpreter session | Write | |||
| StopBrowserSession | Grants permission to stop a browser session | Write | |||
| StopCodeInterpreterSession | Grants permission to stop a code interpreter session | Write | |||
| StopRuntimeSession | Grants permission to stop a runtime session | Write | |||
| SynchronizeGatewayTargets [permission only] | Grants permission to enable search on gateways | Permissions management | |||
| TagResource | Grants permission to Tag a Bedrock-AgentCore resource | Tagging | |||
| UntagResource | Grants permission to Untag a Bedrock-AgentCore resource | Tagging | |||
| UpdateAgentRuntime | Grants permission to update an agent runtime | Write |
iam:PassRole |
||
| UpdateAgentRuntimeEndpoint | Grants permission to update an agent runtime endpoint | Write | |||
| UpdateApiKeyCredentialProvider | Grants permission to update an existing API Key Credential Provider | Write | |||
| UpdateBrowserStream | Grants permission to update the status of browser session stream | Write | |||
| UpdateGateway | Grants permission to update an existing gateway | Write |
iam:PassRole |
||
| UpdateGatewayTarget | Grants permission to update an existing gateway target | Write | |||
| UpdateMemory | Grants permission to update a Memory resource | Write |
iam:PassRole |
||
| UpdateOauth2CredentialProvider | Grants permission to update an existing OAuth2 Credential Provider | Write | |||
| UpdateWorkloadIdentity | Grants permission to update the metadata of an existing Workload Identity | Write | |||
Resource types defined by Amazon Bedrock Agentcore
The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see Resource types table.
| Resource types | ARN | Condition keys |
|---|---|---|
| memory |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:memory/${MemoryId}
|
|
| gateway |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:gateway/${GatewayId}
|
|
| workload-identity |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}/workload-identity/${WorkloadIdentityName}
|
|
| oauth2credentialprovider |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/oauth2credentialprovider/${Name}
|
|
| apikeycredentialprovider |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/apikeycredentialprovider/${Name}
|
|
| runtime |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}
|
|
| runtime-endpoint |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}/runtime-endpoint/${Name}
|
|
| code-interpreter-custom |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:code-interpreter-custom/${CodeInterpreterId}
|
|
| code-interpreter |
arn:${Partition}:bedrock-agentcore:${Region}:aws:code-interpreter/${CodeInterpreterId}
|
|
| browser-custom |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:browser-custom/${BrowserId}
|
|
| browser |
arn:${Partition}:bedrock-agentcore:${Region}:aws:browser/${BrowserId}
|
|
| workload-identity-directory |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}
|
|
| token-vault |
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}
|
Condition keys for Amazon Bedrock Agentcore
Amazon Bedrock Agentcore defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see Condition keys table.
To view the global condition keys that are available to all services, see AWS global condition context keys.
| Condition keys | Description | Type |
|---|---|---|
| aws:RequestTag/${TagKey} | Filters access by creating requests based on the allowed set of values for each of the mandatory tags | String |
| aws:ResourceTag/${TagKey} | Filters access by having actions based on the tag value associated with the resource | String |
| aws:TagKeys | Filters access by creating requests based on the presence of mandatory tags in the request | ArrayOfString |
| bedrock-agentcore:GatewayAuthorizerType | Filters access by the authorizerType attribute on a Gateway | String |
| bedrock-agentcore:InboundJwtClaim/aud | Filters access by the audience claim (aud) in the JWT passed in the request | ArrayOfString |
| bedrock-agentcore:InboundJwtClaim/client_id | Filters access by the client_id claim in the JWT passed in the request | String |
| bedrock-agentcore:InboundJwtClaim/iss | Filters access by the issuer (iss) claim present in the JWT passed in the request | String |
| bedrock-agentcore:InboundJwtClaim/scope | Filters access by the scope claim in the JWT passed in the request | ArrayOfString |
| bedrock-agentcore:InboundJwtClaim/sub | Filters access by the subject claim (sub) in the JWT passed in the request | String |
| bedrock-agentcore:actorId | Filters access by Actor Id | String |
| bedrock-agentcore:namespace | Filters access by namespace | String |
| bedrock-agentcore:securityGroups | Filters access by the ID of security groups configured for the AgentCore runtime | ArrayOfString |
| bedrock-agentcore:sessionId | Filters access by Session Id | String |
| bedrock-agentcore:strategyId | Filters access by Memory Strategy Id | String |
| bedrock-agentcore:subnets | Filters access by the ID of subnets configured for the AgentCore runtime | ArrayOfString |
| bedrock-agentcore:userid | Filters access by the static user ID value passed in the request | String |
