Understanding workload identities

Workload identities represent the digital identity of your agents within the AWS ecosystem. They serve as a stable anchor point that persists across different deployment environments and authentication schemes, allowing agents to maintain consistent identity whether they're using IAM roles for AWS resource access, OAuth2 tokens for external service integration, or API keys for third-party tool access. The identity system abstracts the complexity of managing multiple credential types while providing a unified interface for authentication and authorization operations.

Workload identities integrate seamlessly with the broader AgentCore Identity ecosystem, including the token vault for secure credential storage (see Secure credential storage), Resource credential providers for external service access (see Configure credential provider), and the AgentCore Identity directory for centralized management

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Managing agent identities

Creating identities