ICF 1.5.20.35

AWS Bedrock AgentCore connector

AWS Bedrock AgentCore is Amazon Web Services' runtime environment for deploying AI agent workloads. The AWS Bedrock AgentCore connector is a read-only connector that discovers AgentCore runtimes and governance-relevant identity surfaces including execution identity, workload identity, runtime endpoint state, and resource-based inbound access policy.

Contact your Ping Identity Customer Success Outcome Manager (CSOM) or Account Executive to obtain this connector.

AWS Bedrock AgentCore requirements

The AWS Bedrock AgentCore connector is read-only. It needs Bedrock AgentCore control-plane read permissions in the configured AWS region.

Required permissions

Use the narrowest policy your environment allows. The following is a starting point:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "BedrockAgentCoreConnectorReadOnly",
      "Effect": "Allow",
      "Action": [
        "bedrock-agentcore:ListAgentRuntimes",
        "bedrock-agentcore:GetAgentRuntime",
        "bedrock-agentcore:GetAgentRuntimeEndpoint",
        "bedrock-agentcore:GetResourcePolicy"
      ],
      "Resource": "*"
    }
  ]
}

ListAgentRuntimes requires Resource: "*". The other read actions can be scoped to AgentCore runtime ARNs if your AWS environment supports the narrower resource policy.

The connector doesn’t need account-wide Identity and Access Management (IAM) list/read permissions. It doesn’t scan IAM roles or policies. Inbound access is collected from the AgentCore runtime resource policy by calling GetResourcePolicy on the runtime Amazon Resource Name (ARN).

Create an IAM user for explicit credentials

If useDefaultCredentialsProvider is false, create a dedicated IAM user and attach the policy above to it.

  1. In the AWS console, go to IAM > Policies > Create policy.

  2. On the JSON tab, paste the policy from Required permissions, then select Next.

  3. Name the policy iga-bedrock-agentcore-connector-policy, then select Create policy.

  4. Go to IAM > Users > Create user.

  5. Enter a username, for example iga-bedrock-agentcore-connector.

    Don’t select Provide user access to the AWS Management Console. The connector authenticates with an access key, not console sign-on.
  6. Select Next.

  7. Under Set permissions, choose Attach policies directly.

  8. Search for iga-bedrock-agentcore-connector-policy, select it, then select Next > Create user.

To create the access key:

  1. Open the user, then select the Security credentials tab.

  2. Select Create access key.

  3. For Use case, select Application running outside AWS, then select Next.

  4. Copy the access key ID and secret access key. You’ll need these for the accessKeyId and secretAccessKey configuration properties.

Before you configure the connector, confirm you have the following:

Requirement Value

AWS Bedrock AgentCore runtimes

Configured in the target AWS account and region

AWS credentials

Available through the default AWS credentials provider chain or explicit access key credentials

Bedrock AgentCore read permissions

Required for AgentCore control-plane read APIs

Install the AWS Bedrock AgentCore connector

To check for an Advanced Identity Cloud application for this connector, refer to:

To obtain the connector .jar file, contact your Ping Identity Customer Success Outcome Manager (CSOM) or Account Executive.

  • If you’re running the connector locally, place the .jar file in the /path/to/openidm/connectors directory.

  • If you’re using a remote connector server (RCS), place the .jar file in the /path/to/openicf/connectors directory on the RCS.

Configure the AWS Bedrock AgentCore connector

Create a connector configuration using the IDM admin UI:

  1. From the navigation bar, click Configure > Connectors.

  2. On the Connectors page, click New Connector.

  3. On the New Connector page, type a Connector Name.

  4. From the Connector Type list, select AWS Bedrock AgentCore Connector - 1.5.20.33.

  5. Complete the Base Connector Details and any applicable Additional Options.

    For a list of all configuration properties, refer to AWS Bedrock AgentCore Connector Configuration.
  6. Click Save.

When your connector is configured correctly, the connector displays as Active in the admin UI.

Refer to this procedure to create a connector configuration over REST.

Connection details

The AWS Bedrock AgentCore connector uses the following configuration properties:

Property Type Required Default Description

region

String

Yes

us-east-1

AWS region. Deploy one connector configuration per region.

useDefaultCredentialsProvider

Boolean

Yes

true

When true, uses the AWS SDK DefaultCredentialsProvider chain. When false, provide accessKeyId and secretAccessKey.

accessKeyId

String

Conditional

None

AWS access key ID. Required when useDefaultCredentialsProvider=false.

secretAccessKey

GuardedString

Conditional

None

AWS secret access key. Required when useDefaultCredentialsProvider=false.

The default credentials provider chain is the recommended production mode when the connector runs on AWS infrastructure with instance role, task role, or service account based credentials.

Example AWS Bedrock AgentCore configuration

{
  "connectorRef": {
    "bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
    "bundleVersion": "[1.5.0.0,1.6.0.0)",
    "connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
  },
  "configurationProperties": {
    "region": "us-east-1",
    "useDefaultCredentialsProvider": true
  }
}

If you use explicit credentials instead of the default provider chain:

{
  "connectorRef": {
    "bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
    "bundleVersion": "[1.5.0.0,1.6.0.0)",
    "connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
  },
  "configurationProperties": {
    "region": "us-east-1",
    "useDefaultCredentialsProvider": false,
    "accessKeyId": "AKIA...",
    "secretAccessKey": {
      "$crypto": {
        "type": "x-simple-encryption",
        "value": {
          "cipher": "...",
          "data": "...",
          "iv": "...",
          "key": "openidm-sym-default"
        }
      }
    }
  }
}

Test the AWS Bedrock AgentCore connector

Test that the configuration is correct by running the following command:

curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system/bedrockagentcore?_action=test"
{
  "name": "bedrockagentcore",
  "enabled": true,
  "config": "config/provisioner.openicf/bedrockagentcore",
  "connectorRef": {
    "bundleVersion": "[1.5.0.0,1.6.0.0)",
    "bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
    "connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
  },
  "displayName": "AWS Bedrock AgentCore Connector",
  "objectTypes": [
    "__ACCOUNT__",
    "__ALL__"
  ],
  "ok": true
}

If the command returns "ok": true, your connector has been configured correctly.

TestOp currently logs that the test operation was called but doesn’t call AWS, and always succeeds regardless of credential validity. Validate credentials and IAM permissions by running a reconciliation against a known AgentCore runtime.

AWS Bedrock AgentCore remote connector

If you want to run this connector outside of PingOne Advanced Identity Cloud or IDM, you can configure the AWS Bedrock AgentCore connector as a remote connector. Java Connectors installed remotely on a Java Connector Server function identically to those bundled locally within PingOne Advanced Identity Cloud or installed locally on IDM.

Refer to Remote connectors for configuring the AWS Bedrock AgentCore remote connector.

Implementation specifics

Collection architecture

The AWS Bedrock AgentCore connector performs live collection during each reconciliation. There is no offline inventory mechanism for the current AgentCore connector.

For each runtime in the configured region, the connector calls AgentCore control-plane APIs and builds one ICF __ACCOUNT__ object.

Live data

Data AWS API

Runtime list

ListAgentRuntimes

Runtime details

GetAgentRuntime

Default runtime endpoint

GetAgentRuntimeEndpoint with endpointName=DEFAULT

Runtime resource policy

GetResourcePolicy using the runtime ARN

For GET-by-UID, the connector skips ListAgentRuntimes and calls GetAgentRuntime directly for the supplied agentRuntimeId, then fetches endpoint and resource policy details.

Known limitations

Limitation Impact

Read-only connector

Can’t create, update, or delete AgentCore runtimes.

No SyncOp

Every reconciliation is a full discovery pass.

Single region per instance

Multi-region coverage requires multiple connector configurations.

Only __ACCOUNT__ object class

Runtime, endpoint, workload identity, and resource policy data are flattened onto one object.

TestOp is a no-op

IDM test can pass even when AWS credentials or permissions are invalid.

No retry logic

Transient AWS throttling or 5xx failures can fail reconciliation.

resourcePolicy is raw JSON

Downstream IDM policy logic must parse and evaluate policy statements.

Workload identity grants are not expanded

The connector collects workloadIdentityArn, but doesn’t discover what external systems trust that identity.

Use the AWS Bedrock AgentCore connector

The AWS Bedrock AgentCore connector discovers the following resource types:

ICF Native Type AWS Bedrock AgentCore Resource Type Naming Attribute Notes

__ACCOUNT__

Bedrock AgentCore runtime

__NAME__

Represents one AgentCore runtime. UID is agentRuntimeId; name is agentRuntimeName. Runtime, endpoint, workload identity, code artifact, and resource policy details are flattened onto the same object.

__ACCOUNT__ attributes

Attribute Type Multivalued Description

agentRuntimeArn

String

No

Full AgentCore runtime ARN.

agentRuntimeVersion

String

No

Runtime version.

status

String

No

Runtime lifecycle status, such as READY.

roleArn

String

No

IAM execution role ARN for the runtime.

networkMode

String

No

Runtime network mode, such as PUBLIC.

createdAt

String

No

Runtime creation timestamp.

lastUpdatedAt

String

No

Runtime last updated timestamp.

description

String

No

Runtime description. Empty string if absent.

workloadIdentityArn

String

No

AgentCore workload identity ARN. Empty string if absent.

lifecycleIdleTimeoutSeconds

Long

No

Idle runtime session timeout. 0 if not set.

lifecycleMaxLifetimeSeconds

Long

No

Maximum runtime lifetime. 0 if not set.

codeS3Bucket

String

No

S3 bucket for the runtime code artifact. Empty string if absent.

codeS3Prefix

String

No

S3 prefix for the runtime code artifact. Empty string if absent.

codeRuntime

String

No

Runtime language/runtime value, such as PYTHON_3_14. Empty string if absent.

codeEntryPoint

String

Yes

Runtime entry point command list, when present.

endpointArn

String

No

Default runtime endpoint ARN. Empty string if the endpoint call fails.

endpointName

String

No

Endpoint name. The connector requests DEFAULT.

endpointId

String

No

Endpoint ID. The connector expects DEFAULT in v1.

endpointLiveVersion

String

No

Runtime version currently serving requests through the endpoint.

endpointStatus

String

No

Endpoint lifecycle status. Distinct from runtime status.

endpointCreatedAt

String

No

Endpoint creation timestamp.

endpointLastUpdatedAt

String

No

Endpoint last updated timestamp.

resourcePolicy

String

No

Raw JSON string returned by GetResourcePolicy. Empty string when no policy is attached or the policy lookup fails.

Troubleshooting

Connector initializes but reconciliation fails immediately

Check:

  1. region is valid for Bedrock AgentCore.

  2. The connector principal has bedrock-agentcore:ListAgentRuntimes.

  3. The AWS credentials provider mode is configured correctly.

  4. If useDefaultCredentialsProvider=false, accessKeyId and secretAccessKey are populated.

  5. The AWS SDK version bundled with the connector supports the bedrockagentcorecontrol module.

No runtime objects are returned

Check:

  1. The target region contains AgentCore runtimes.

  2. The connector is configured for the same region where the runtimes exist.

  3. ListAgentRuntimes succeeds for the connector principal.

  4. GetAgentRuntime succeeds for each runtime ID.

  5. Runtime objects are not being filtered out by an IDM-side query filter.

Endpoint attributes are empty

Check:

  1. The runtime has a DEFAULT endpoint.

  2. The connector principal can call bedrock-agentcore:GetAgentRuntimeEndpoint.

  3. The endpoint is available in the configured region.

  4. Review connector logs; endpoint lookup failures are soft failures and don’t suppress the runtime object.

resourcePolicy is empty

Check:

  1. A resource policy is attached to the AgentCore runtime ARN.

  2. The connector principal can call bedrock-agentcore:GetResourcePolicy.

  3. The runtime ARN in AWS matches the resource ARN used for policy retrieval.

  4. If there is no attached policy, empty resourcePolicy is expected.

OpenICF interfaces implemented by the AWS Bedrock AgentCore connector

The AWS Bedrock AgentCore connector implements the following OpenICF interfaces. You can find additional details in ICF interfaces:

Schema

Describes the object types, operations, and options that the connector supports.

Search

Searches the target resource for all objects that match the specified object class and filter.

Test

Tests the connector configuration.

For this connector, TestOp logs that the test was called but does not make any AWS API calls, and always returns success regardless of credential validity. To validate credentials and IAM permissions, run a reconciliation against a known AgentCore runtime.

AWS Bedrock AgentCore connector configuration

The AWS Bedrock AgentCore connector has the following configurable properties:

Basic configuration properties

Property Type Default Encrypted(1) Required(2)

region

String

us-east-1

Yes

AWS region where AgentCore runtimes are deployed, for example us-east-1.

useDefaultCredentialsProvider

Boolean

true

Yes

When enabled, uses the AWS SDK DefaultCredentialsProvider chain (environment variables, shared config, EC2/ECS role). When disabled, provide accessKeyId and secretAccessKey.

accessKeyId

String

null

No

AWS access key ID. Required when the default credentials provider is disabled.

secretAccessKey

GuardedString

null

Yes

No

AWS secret access key. Required when the default credentials provider is disabled.

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.