AIToday

AWS adds Policy and Lambda interceptors to Amazon Bedrock AgentCore gateway for securing AI agent access to tools

Amazon AI BlogJun 1, 2026
AWS adds Policy and Lambda interceptors to Amazon Bedrock AgentCore gateway for securing AI agent access to tools

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. Amazon Bedrock AgentCore gateway now supports two security mechanisms: Policy (using Cedar, a declarative policy language for deterministic access control) and Lambda interceptors (for dynamic validation, payload enrichment, token exchange, and response filtering).

  2. Policy enforces permit or forbid rules evaluated over a principal, an action, and a resource with optional conditions; Lambda interceptors run before or after each tool call to transform requests by replacing bearer tokens with tenant-scoped credentials and filter responses. The gateway evaluates the request interceptor before the Cedar policy, enabling interceptors to enrich request context for policy evaluation.

  3. In a lakehouse data agent example for an insurance company, the solution restricts tool access by user role (policyholders, adjusters, administrators) through policy forbid rules, and implements geography-based access control by combining both mechanisms with AWS Lake Formation row-level and column-level security enforcement.

Get the latest Large Language Models news every morning

AI-summarized, only the topics you pick — one digest a day via Email, Slack, or Discord.

Free · takes 30 seconds · unsubscribe anytime

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →