Amazon Bedrock AgentCore is in preview release and is subject to change.
AWS managed policies for Amazon Bedrock AgentCore
An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.
You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.
For more information, see AWS managed policies in the IAM User Guide.
AWS managed policy: BedrockAgentCoreFullAccess
You can attach BedrockAgentCoreFullAccess to your users, groups, and roles.
This policy grants permissions that allow full access to the Amazon Bedrock AgentCore.
Permissions details
This policy includes the following permissions:
-
bedrock-agentcore(Amazon Bedrock Agent Core) – Allows principals full access to all Amazon Bedrock Agent Core resources. -
iam(AWS Identity and Access Management) – Allows principals to list and get information about roles and policies, and to pass roles with "BedrockAgentCore" in the name to the bedrock-agentcore service. Also allows creating service-linked roles for CloudWatch Application Signals. -
secretsmanager(AWS Secrets Manager) – Allows principals to create, update, retrieve, and delete secrets with names that begin with "bedrock-agentcore". -
kms(AWS Key Management Service) – Allows principals to list and describe keys, and to decrypt data within the same AWS account when called via the Bedrock Agent Core service. -
s3(Amazon Simple Storage Service) – Allows principals to get objects from S3 buckets with names that begin with "bedrock-agentcore-gateway-" when called via the Bedrock Agent Core service. -
lambda(AWS Lambda) – Allows principals to list Lambda functions. -
logs(Amazon CloudWatch Logs) – Allows principals to access, query, and manage log data in log groups related to Bedrock Agent Core and Application Signals, including creating log groups and streams. -
application-autoscaling(Application Auto Scaling) – Allows principals to describe scaling policies. -
application-signals(Amazon CloudWatch Application Signals) – Allows principals to retrieve information about application signals and start discovery. -
autoscaling(Amazon EC2 Auto Scaling) – Allows principals to describe Auto Scaling resources. -
cloudwatch(Amazon CloudWatch) – Allows principals to retrieve and list metrics, generate queries, and access other CloudWatch resources. -
oam(Amazon CloudWatch Observability Access Manager) – Allows principals to list sinks. -
rum(Amazon CloudWatch RUM) – Allows principals to retrieve and list RUM resources. -
synthetics(Amazon CloudWatch Synthetics) – Allows principals to describe and get information about Synthetics resources. -
xray(AWS X-Ray) – Allows principals to retrieve trace information, manage trace segment destinations, and work with indexing rules.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "BedrockAgentCoreFullAccess", "Effect": "Allow", "Action": [ "bedrock-agentcore:*" ], "Resource": "arn:aws:bedrock-agentcore:*:*:*" }, { "Sid": "IAMListAccess", "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoles" ], "Resource": "arn:aws:iam::*:role/*" }, { "Sid": "BedrockAgentCorePassRoleAccess", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*BedrockAgentCore*", "Condition": { "StringEquals": { "iam:PassedToService": "bedrock-agentcore.amazonaws.com" } } }, { "Sid": "SecretsManagerAccess", "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:PutSecretValue", "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret" ], "Resource": "arn:aws:secretsmanager:*:*:secret:bedrock-agentcore*" }, { "Sid": "BedrockAgentCoreKMSReadAccess", "Effect": "Allow", "Action": [ "kms:ListKeys", "kms:DescribeKey" ], "Resource": [ "arn:aws:kms:*:*:key/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "BedrockAgentCoreKMSAccess", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:*:*:key/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "bedrock-agentcore.amazonaws.com" ] } } }, { "Sid": "BedrockAgentCoreS3Access", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::bedrock-agentcore-gateway-*" ], "Condition": { "StringEquals": { "aws:CalledViaLast": "bedrock-agentcore.amazonaws.com", "s3:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "BedrockAgentCoreGatewayLambdaAccess", "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": [ "arn:aws:lambda:*:*:*" ] }, { "Sid": "LoggingAccess", "Effect": "Allow", "Action": [ "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:Describe*", "logs:TestMetricFilter", "logs:FilterLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/bedrock-agentcore/*", "arn:aws:logs:*:*:log-group:/aws/application-signals/data:*", "arn:aws:logs:*:*:log-group:aws/spans:*" ] }, { "Sid": "ObservabilityReadOnlyPermissions", "Effect": "Allow", "Action": [ "application-autoscaling:DescribeScalingPolicies", "application-signals:BatchGet*", "application-signals:Get*", "application-signals:List*", "autoscaling:Describe*", "cloudwatch:BatchGet*", "cloudwatch:Describe*", "cloudwatch:GenerateQuery", "cloudwatch:Get*", "cloudwatch:List*", "oam:ListSinks", "rum:BatchGet*", "rum:Get*", "rum:List*", "synthetics:Describe*", "synthetics:Get*", "synthetics:List*", "xray:BatchGet*", "xray:Get*", "xray:List*", "xray:StartTraceRetrieval", "xray:CancelTraceRetrieval", "logs:DescribeLogGroups", "logs:StartLiveTail", "logs:StopLiveTail" ], "Resource": "*" }, { "Sid": "TransactionSearchXRayPermissions", "Effect": "Allow", "Action": [ "xray:GetTraceSegmentDestination", "xray:UpdateTraceSegmentDestination", "xray:GetIndexingRules", "xray:UpdateIndexingRule" ], "Resource": "*" }, { "Sid": "TransactionSearchLogGroupPermissions", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutRetentionPolicy" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/application-signals/data:*", "arn:aws:logs:*:*:log-group:aws/spans:*" ] }, { "Sid": "TransactionSearchLogsPermissions", "Effect": "Allow", "Action": [ "logs:DescribeResourcePolicies" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "TransactionSearchApplicationSignalsPermissions", "Effect": "Allow", "Action": [ "application-signals:StartDiscovery" ], "Resource": "*" }, { "Sid": "CloudWatchApplicationSignalsCreateServiceLinkedRolePermissions", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals", "Condition": { "StringLike": { "iam:AWSServiceName": "application-signals.cloudwatch.amazonaws.com" } } }, { "Sid": "CloudWatchApplicationSignalsGetRolePermissions", "Effect": "Allow", "Action": "iam:GetRole", "Resource": "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals" } ] }
AWS managed policy: AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy
You can attach AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy to your users, groups, and roles.
This policy grants permissions that allow full access to the Amazon Bedrock Agent Core Memory.
Permissions details
This policy includes the following permissions.
-
bedrock– Allows principals to call the Amazon BedrockInvokemodelandInvokeModelWithResponseStreamactions. This is required so that an agent can store memories.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Resource": [ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:inference-profile/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } } ] }
AgentCore updates to AWS managed policies
View details about updates to AWS managed policies for AgentCore since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the AgentCore Document history page.
| Change | Description | Date |
|---|---|---|
|
AgentCore started tracking changes |
AgentCore started tracking changes for its AWS managed policies. |
July 16, 2025 |
