AWS Bedrock AgentCore connector
AWS Bedrock AgentCore is Amazon Web Services' runtime environment for deploying AI agent workloads. The AWS Bedrock AgentCore connector is a read-only connector that discovers AgentCore runtimes and governance-relevant identity surfaces including execution identity, workload identity, runtime endpoint state, and resource-based inbound access policy.
Contact your Ping Identity Customer Success Outcome Manager (CSOM) or Account Executive to obtain this connector.
AWS Bedrock AgentCore requirements
The AWS Bedrock AgentCore connector is read-only. It needs Bedrock AgentCore control-plane read permissions in the configured AWS region.
Required permissions
Use the narrowest policy your environment allows. The following is a starting point:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BedrockAgentCoreConnectorReadOnly",
"Effect": "Allow",
"Action": [
"bedrock-agentcore:ListAgentRuntimes",
"bedrock-agentcore:GetAgentRuntime",
"bedrock-agentcore:GetAgentRuntimeEndpoint",
"bedrock-agentcore:GetResourcePolicy"
],
"Resource": "*"
}
]
}
ListAgentRuntimes requires Resource: "*". The other read actions can be scoped to AgentCore runtime ARNs if your AWS environment supports the narrower resource policy.
The connector doesn’t need account-wide Identity and Access Management (IAM) list/read permissions. It doesn’t scan IAM roles or policies. Inbound access is collected from the AgentCore runtime resource policy by calling GetResourcePolicy on the runtime Amazon Resource Name (ARN).
Create an IAM user for explicit credentials
If useDefaultCredentialsProvider is false, create a dedicated IAM user and attach the policy above to it.
-
In the AWS console, go to IAM > Policies > Create policy.
-
On the JSON tab, paste the policy from Required permissions, then select Next.
-
Name the policy
iga-bedrock-agentcore-connector-policy, then select Create policy. -
Go to IAM > Users > Create user.
-
Enter a username, for example
iga-bedrock-agentcore-connector.Don’t select Provide user access to the AWS Management Console. The connector authenticates with an access key, not console sign-on. -
Select Next.
-
Under Set permissions, choose Attach policies directly.
-
Search for
iga-bedrock-agentcore-connector-policy, select it, then select Next > Create user.
To create the access key:
-
Open the user, then select the Security credentials tab.
-
Select Create access key.
-
For Use case, select Application running outside AWS, then select Next.
-
Copy the access key ID and secret access key. You’ll need these for the
accessKeyIdandsecretAccessKeyconfiguration properties.
Before you configure the connector, confirm you have the following:
| Requirement | Value |
|---|---|
AWS Bedrock AgentCore runtimes |
Configured in the target AWS account and region |
AWS credentials |
Available through the default AWS credentials provider chain or explicit access key credentials |
Bedrock AgentCore read permissions |
Required for AgentCore control-plane read APIs |
Install the AWS Bedrock AgentCore connector
|
To check for an Advanced Identity Cloud application for this connector, refer to: |
To obtain the connector .jar file, contact your Ping Identity Customer Success Outcome Manager (CSOM) or Account Executive.
-
If you’re running the connector locally, place the
.jarfile in the/path/to/openidm/connectorsdirectory. -
If you’re using a remote connector server (RCS), place the
.jarfile in the/path/to/openicf/connectorsdirectory on the RCS.
Configure the AWS Bedrock AgentCore connector
Create a connector configuration using the IDM admin UI:
-
From the navigation bar, click Configure > Connectors.
-
On the Connectors page, click New Connector.
-
On the New Connector page, type a Connector Name.
-
From the Connector Type list, select AWS Bedrock AgentCore Connector - 1.5.20.33.
-
Complete the Base Connector Details and any applicable Additional Options.
For a list of all configuration properties, refer to AWS Bedrock AgentCore Connector Configuration. -
Click Save.
When your connector is configured correctly, the connector displays as Active in the admin UI.
Refer to this procedure to create a connector configuration over REST.
Connection details
The AWS Bedrock AgentCore connector uses the following configuration properties:
| Property | Type | Required | Default | Description |
|---|---|---|---|---|
|
String |
Yes |
|
AWS region. Deploy one connector configuration per region. |
|
Boolean |
Yes |
|
When |
|
String |
Conditional |
None |
AWS access key ID. Required when |
|
GuardedString |
Conditional |
None |
AWS secret access key. Required when |
The default credentials provider chain is the recommended production mode when the connector runs on AWS infrastructure with instance role, task role, or service account based credentials.
Example AWS Bedrock AgentCore configuration
{
"connectorRef": {
"bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
"bundleVersion": "[1.5.0.0,1.6.0.0)",
"connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
},
"configurationProperties": {
"region": "us-east-1",
"useDefaultCredentialsProvider": true
}
}
If you use explicit credentials instead of the default provider chain:
{
"connectorRef": {
"bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
"bundleVersion": "[1.5.0.0,1.6.0.0)",
"connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
},
"configurationProperties": {
"region": "us-east-1",
"useDefaultCredentialsProvider": false,
"accessKeyId": "AKIA...",
"secretAccessKey": {
"$crypto": {
"type": "x-simple-encryption",
"value": {
"cipher": "...",
"data": "...",
"iv": "...",
"key": "openidm-sym-default"
}
}
}
}
}
Test the AWS Bedrock AgentCore connector
Test that the configuration is correct by running the following command:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system/bedrockagentcore?_action=test"
{
"name": "bedrockagentcore",
"enabled": true,
"config": "config/provisioner.openicf/bedrockagentcore",
"connectorRef": {
"bundleVersion": "[1.5.0.0,1.6.0.0)",
"bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
"connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
},
"displayName": "AWS Bedrock AgentCore Connector",
"objectTypes": [
"__ACCOUNT__",
"__ALL__"
],
"ok": true
}
If the command returns "ok": true, your connector has been configured correctly.
TestOp currently logs that the test operation was called but doesn’t call AWS, and always succeeds regardless of credential validity. Validate credentials and IAM permissions by running a reconciliation against a known AgentCore runtime.
|
AWS Bedrock AgentCore remote connector
If you want to run this connector outside of PingOne Advanced Identity Cloud or IDM, you can configure the AWS Bedrock AgentCore connector as a remote connector. Java Connectors installed remotely on a Java Connector Server function identically to those bundled locally within PingOne Advanced Identity Cloud or installed locally on IDM.
Refer to Remote connectors for configuring the AWS Bedrock AgentCore remote connector.
Implementation specifics
Collection architecture
The AWS Bedrock AgentCore connector performs live collection during each reconciliation. There is no offline inventory mechanism for the current AgentCore connector.
For each runtime in the configured region, the connector calls AgentCore control-plane APIs and builds one ICF __ACCOUNT__ object.
Live data
| Data | AWS API |
|---|---|
Runtime list |
|
Runtime details |
|
Default runtime endpoint |
|
Runtime resource policy |
|
For GET-by-UID, the connector skips ListAgentRuntimes and calls GetAgentRuntime directly for the supplied agentRuntimeId, then fetches endpoint and resource policy details.
Known limitations
| Limitation | Impact |
|---|---|
Read-only connector |
Can’t create, update, or delete AgentCore runtimes. |
No |
Every reconciliation is a full discovery pass. |
Single region per instance |
Multi-region coverage requires multiple connector configurations. |
Only |
Runtime, endpoint, workload identity, and resource policy data are flattened onto one object. |
|
IDM test can pass even when AWS credentials or permissions are invalid. |
No retry logic |
Transient AWS throttling or 5xx failures can fail reconciliation. |
|
Downstream IDM policy logic must parse and evaluate policy statements. |
Workload identity grants are not expanded |
The connector collects |
Use the AWS Bedrock AgentCore connector
The AWS Bedrock AgentCore connector discovers the following resource types:
| ICF Native Type | AWS Bedrock AgentCore Resource Type | Naming Attribute | Notes |
|---|---|---|---|
|
Bedrock AgentCore runtime |
|
Represents one AgentCore runtime. UID is |
__ACCOUNT__ attributes
| Attribute | Type | Multivalued | Description |
|---|---|---|---|
|
String |
No |
Full AgentCore runtime ARN. |
|
String |
No |
Runtime version. |
|
String |
No |
Runtime lifecycle status, such as |
|
String |
No |
IAM execution role ARN for the runtime. |
|
String |
No |
Runtime network mode, such as |
|
String |
No |
Runtime creation timestamp. |
|
String |
No |
Runtime last updated timestamp. |
|
String |
No |
Runtime description. Empty string if absent. |
|
String |
No |
AgentCore workload identity ARN. Empty string if absent. |
|
Long |
No |
Idle runtime session timeout. |
|
Long |
No |
Maximum runtime lifetime. |
|
String |
No |
S3 bucket for the runtime code artifact. Empty string if absent. |
|
String |
No |
S3 prefix for the runtime code artifact. Empty string if absent. |
|
String |
No |
Runtime language/runtime value, such as |
|
String |
Yes |
Runtime entry point command list, when present. |
|
String |
No |
Default runtime endpoint ARN. Empty string if the endpoint call fails. |
|
String |
No |
Endpoint name. The connector requests |
|
String |
No |
Endpoint ID. The connector expects |
|
String |
No |
Runtime version currently serving requests through the endpoint. |
|
String |
No |
Endpoint lifecycle status. Distinct from runtime |
|
String |
No |
Endpoint creation timestamp. |
|
String |
No |
Endpoint last updated timestamp. |
|
String |
No |
Raw JSON string returned by |
Troubleshooting
Connector initializes but reconciliation fails immediately
Check:
-
regionis valid for Bedrock AgentCore. -
The connector principal has
bedrock-agentcore:ListAgentRuntimes. -
The AWS credentials provider mode is configured correctly.
-
If
useDefaultCredentialsProvider=false,accessKeyIdandsecretAccessKeyare populated. -
The AWS SDK version bundled with the connector supports the
bedrockagentcorecontrolmodule.
No runtime objects are returned
Check:
-
The target region contains AgentCore runtimes.
-
The connector is configured for the same region where the runtimes exist.
-
ListAgentRuntimessucceeds for the connector principal. -
GetAgentRuntimesucceeds for each runtime ID. -
Runtime objects are not being filtered out by an IDM-side query filter.
Endpoint attributes are empty
Check:
-
The runtime has a
DEFAULTendpoint. -
The connector principal can call
bedrock-agentcore:GetAgentRuntimeEndpoint. -
The endpoint is available in the configured region.
-
Review connector logs; endpoint lookup failures are soft failures and don’t suppress the runtime object.
resourcePolicy is empty
Check:
-
A resource policy is attached to the AgentCore runtime ARN.
-
The connector principal can call
bedrock-agentcore:GetResourcePolicy. -
The runtime ARN in AWS matches the resource ARN used for policy retrieval.
-
If there is no attached policy, empty
resourcePolicyis expected.
OpenICF interfaces implemented by the AWS Bedrock AgentCore connector
The AWS Bedrock AgentCore connector implements the following OpenICF interfaces. You can find additional details in ICF interfaces:
- Schema
-
Describes the object types, operations, and options that the connector supports.
- Search
-
Searches the target resource for all objects that match the specified object class and filter.
- Test
-
Tests the connector configuration.
For this connector,
TestOplogs that the test was called but does not make any AWS API calls, and always returns success regardless of credential validity. To validate credentials and IAM permissions, run a reconciliation against a known AgentCore runtime.
AWS Bedrock AgentCore connector configuration
The AWS Bedrock AgentCore connector has the following configurable properties:
Basic configuration properties
| Property | Type | Default | Encrypted(1) | Required(2) |
|---|---|---|---|---|
|
|
|
|
Yes |
AWS region where AgentCore runtimes are deployed, for example |
||||
|
|
|
|
Yes |
When enabled, uses the AWS SDK DefaultCredentialsProvider chain (environment variables, shared config, EC2/ECS role). When disabled, provide accessKeyId and secretAccessKey. |
||||
|
|
|
|
No |
AWS access key ID. Required when the default credentials provider is disabled. |
||||
|
|
|
Yes |
No |
AWS secret access key. Required when the default credentials provider is disabled. |
||||
(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.
(2) A list of operations in this column indicates that the property is required for those operations.