---
title: AWS Bedrock AgentCore connector
description: "Reference for the AWS Bedrock AgentCore connector: discover AgentCore runtimes, execution identity, workload identity, and inbound access policy."
component: openicf
page_id: openicf:connector-reference:aws-bedrock-agentcore
canonical_url: https://docs.pingidentity.com/openicf/connector-reference/aws-bedrock-agentcore.html
llms_txt: https://docs.pingidentity.com/openicf/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
section_ids:
  aws_bedrock_agentcore_requirements: AWS Bedrock AgentCore requirements
  required_permissions: Required permissions
  create_an_iam_user_for_explicit_credentials: Create an IAM user for explicit credentials
  install_the_aws_bedrock_agentcore_connector: Install the AWS Bedrock AgentCore connector
  configure_the_aws_bedrock_agentcore_connector: Configure the AWS Bedrock AgentCore connector
  connection_details: Connection details
  example_aws_bedrock_agentcore_configuration: Example AWS Bedrock AgentCore configuration
  test_the_aws_bedrock_agentcore_connector: Test the AWS Bedrock AgentCore connector
  aws_bedrock_agentcore_remote_connector: AWS Bedrock AgentCore remote connector
  implementation_specifics: Implementation specifics
  collection_architecture: Collection architecture
  live_data: Live data
  known_limitations: Known limitations
  use_the_aws_bedrock_agentcore_connector: Use the AWS Bedrock AgentCore connector
  account_attributes: __ACCOUNT__ attributes
  troubleshooting: Troubleshooting
  connector_initializes_but_reconciliation_fails_immediately: Connector initializes but reconciliation fails immediately
  no_runtime_objects_are_returned: No runtime objects are returned
  endpoint_attributes_are_empty: Endpoint attributes are empty
  resourcepolicy_is_empty: resourcePolicy is empty
  implemented-interfaces-org-forgerock-openicf-connectors-bedrockagentcore-BedrockAgentCoreConnector-1.5.20.33: OpenICF interfaces implemented by the AWS Bedrock AgentCore connector
  config-properties-org-forgerock-openicf-connectors-bedrockagentcore-BedrockAgentCoreConnector-1.5.20.33: AWS Bedrock AgentCore connector configuration
  basic-configuration-properties-org-forgerock-openicf-connectors-bedrockagentcore-BedrockAgentCoreConnector-1.5.20.33: Basic configuration properties
---

# AWS Bedrock AgentCore connector

AWS Bedrock AgentCore is Amazon Web Services' runtime environment for deploying AI agent workloads. The AWS Bedrock AgentCore connector is a read-only connector that discovers AgentCore runtimes and governance-relevant identity surfaces including execution identity, workload identity, runtime endpoint state, and resource-based inbound access policy.

Contact your Ping Identity Customer Success Outcome Manager (CSOM) or Account Executive to obtain this connector.

## AWS Bedrock AgentCore requirements

The AWS Bedrock AgentCore connector is read-only. It needs Bedrock AgentCore control-plane read permissions in the configured AWS region.

### Required permissions

Use the narrowest policy your environment allows. The following is a starting point:

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "BedrockAgentCoreConnectorReadOnly",
      "Effect": "Allow",
      "Action": [
        "bedrock-agentcore:ListAgentRuntimes",
        "bedrock-agentcore:GetAgentRuntime",
        "bedrock-agentcore:GetAgentRuntimeEndpoint",
        "bedrock-agentcore:GetResourcePolicy"
      ],
      "Resource": "*"
    }
  ]
}
```

`ListAgentRuntimes` requires `Resource: "*"`. The other read actions can be scoped to AgentCore runtime ARNs if your AWS environment supports the narrower resource policy.

The connector doesn't need account-wide Identity and Access Management (IAM) list/read permissions. It doesn't scan IAM roles or policies. Inbound access is collected from the AgentCore runtime resource policy by calling `GetResourcePolicy` on the runtime Amazon Resource Name (ARN).

### Create an IAM user for explicit credentials

If `useDefaultCredentialsProvider` is `false`, create a dedicated IAM user and attach the policy above to it.

1. In the AWS console, go to IAM > Policies > Create policy.

2. On the JSON tab, paste the policy from [Required permissions](#required_permissions), then select Next.

3. Name the policy `iga-bedrock-agentcore-connector-policy`, then select Create policy.

4. Go to IAM > Users > Create user.

5. Enter a username, for example `iga-bedrock-agentcore-connector`.

   |   |                                                                                                                                      |
   | - | ------------------------------------------------------------------------------------------------------------------------------------ |
   |   | Don't select Provide user access to the AWS Management Console. The connector authenticates with an access key, not console sign-on. |

6. Select Next.

7. Under Set permissions, choose Attach policies directly.

8. Search for `iga-bedrock-agentcore-connector-policy`, select it, then select Next > Create user.

To create the access key:

1. Open the user, then select the Security credentials tab.

2. Select Create access key.

3. For Use case, select Application running outside AWS, then select Next.

4. Copy the access key ID and secret access key. You'll need these for the `accessKeyId` and `secretAccessKey` configuration properties.

Before you configure the connector, confirm you have the following:

| Requirement                        | Value                                                                                           |
| ---------------------------------- | ----------------------------------------------------------------------------------------------- |
| AWS Bedrock AgentCore runtimes     | Configured in the target AWS account and region                                                 |
| AWS credentials                    | Available through the default AWS credentials provider chain or explicit access key credentials |
| Bedrock AgentCore read permissions | Required for AgentCore control-plane read APIs                                                  |

## Install the AWS Bedrock AgentCore connector

|   |                                                                                                                                                                                                                                                                                                 |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | To check for an Advanced Identity Cloud application for this connector, refer to:- [Application management](https://docs.pingidentity.com/pingoneaic/latest/app-management/applications.html)

- [App catalog](https://docs.pingidentity.com/pingoneaic/latest/app-management/app-catalog.html) |

To obtain the connector `.jar` file, contact your Ping Identity Customer Success Outcome Manager (CSOM) or Account Executive.

* If you're running the connector locally, place the `.jar` file in the `/path/to/openidm/connectors` directory.

* If you're using a remote connector server (RCS), place the `.jar` file in the `/path/to/openicf/connectors` directory on the RCS.

## Configure the AWS Bedrock AgentCore connector

Create a connector configuration using the IDM admin UI:

1. From the navigation bar, click Configure > Connectors.

2. On the Connectors page, click New Connector.

3. On the New Connector page, type a Connector Name.

4. From the Connector Type list, select AWS Bedrock AgentCore Connector - 1.5.20.33.

5. Complete the Base Connector Details and any applicable Additional Options.

   |   |                                                                                                                                             |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | For a list of all configuration properties, refer to [AWS Bedrock AgentCore Connector Configuration](#bedrockagentcore-config-prop-ezLink). |

6. Click Save.

When your connector is configured correctly, the connector displays as Active in the admin UI.

Refer to [this procedure](configure-connector.html#connector-wiz-REST) to create a connector configuration over REST.

### Connection details

The AWS Bedrock AgentCore connector uses the following configuration properties:

| Property                        | Type          | Required    | Default     | Description                                                                                                                  |
| ------------------------------- | ------------- | ----------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------- |
| `region`                        | String        | Yes         | `us-east-1` | AWS region. Deploy one connector configuration per region.                                                                   |
| `useDefaultCredentialsProvider` | Boolean       | Yes         | `true`      | When `true`, uses the AWS SDK `DefaultCredentialsProvider` chain. When `false`, provide `accessKeyId` and `secretAccessKey`. |
| `accessKeyId`                   | String        | Conditional | None        | AWS access key ID. Required when `useDefaultCredentialsProvider=false`.                                                      |
| `secretAccessKey`               | GuardedString | Conditional | None        | AWS secret access key. Required when `useDefaultCredentialsProvider=false`.                                                  |

The default credentials provider chain is the recommended production mode when the connector runs on AWS infrastructure with instance role, task role, or service account based credentials.

### Example AWS Bedrock AgentCore configuration

```json
{
  "connectorRef": {
    "bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
    "bundleVersion": "[1.5.0.0,1.6.0.0)",
    "connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
  },
  "configurationProperties": {
    "region": "us-east-1",
    "useDefaultCredentialsProvider": true
  }
}
```

If you use explicit credentials instead of the default provider chain:

```json
{
  "connectorRef": {
    "bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
    "bundleVersion": "[1.5.0.0,1.6.0.0)",
    "connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
  },
  "configurationProperties": {
    "region": "us-east-1",
    "useDefaultCredentialsProvider": false,
    "accessKeyId": "AKIA...",
    "secretAccessKey": {
      "$crypto": {
        "type": "x-simple-encryption",
        "value": {
          "cipher": "...",
          "data": "...",
          "iv": "...",
          "key": "openidm-sym-default"
        }
      }
    }
  }
}
```

### Test the AWS Bedrock AgentCore connector

Test that the configuration is correct by running the following command:

```
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system/bedrockagentcore?_action=test"
{
  "name": "bedrockagentcore",
  "enabled": true,
  "config": "config/provisioner.openicf/bedrockagentcore",
  "connectorRef": {
    "bundleVersion": "[1.5.0.0,1.6.0.0)",
    "bundleName": "org.forgerock.openicf.connectors.bedrockagentcore-connector",
    "connectorName": "org.forgerock.openicf.connectors.bedrockagentcore.BedrockAgentCoreConnector"
  },
  "displayName": "AWS Bedrock AgentCore Connector",
  "objectTypes": [
    "__ACCOUNT__",
    "__ALL__"
  ],
  "ok": true
}
```

If the command returns `"ok": true`, your connector has been configured correctly.

|   |                                                                                                                                                                                                                                                 |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | `TestOp` currently logs that the test operation was called but doesn't call AWS, and always succeeds regardless of credential validity. Validate credentials and IAM permissions by running a reconciliation against a known AgentCore runtime. |

### AWS Bedrock AgentCore remote connector

If you want to run this connector outside of PingOne Advanced Identity Cloud or IDM, you can configure the AWS Bedrock AgentCore connector as a remote connector. Java Connectors installed remotely on a Java Connector Server function identically to those bundled locally within PingOne Advanced Identity Cloud or installed locally on IDM.

Refer to [Remote connectors](remote-connector.html) for configuring the AWS Bedrock AgentCore remote connector.

## Implementation specifics

### Collection architecture

The AWS Bedrock AgentCore connector performs live collection during each reconciliation. There is no offline inventory mechanism for the current AgentCore connector.

For each runtime in the configured region, the connector calls AgentCore control-plane APIs and builds one ICF `__ACCOUNT__` object.

#### Live data

| Data                     | AWS API                                               |
| ------------------------ | ----------------------------------------------------- |
| Runtime list             | `ListAgentRuntimes`                                   |
| Runtime details          | `GetAgentRuntime`                                     |
| Default runtime endpoint | `GetAgentRuntimeEndpoint` with `endpointName=DEFAULT` |
| Runtime resource policy  | `GetResourcePolicy` using the runtime ARN             |

For GET-by-UID, the connector skips `ListAgentRuntimes` and calls `GetAgentRuntime` directly for the supplied `agentRuntimeId`, then fetches endpoint and resource policy details.

### Known limitations

| Limitation                                | Impact                                                                                                        |
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| Read-only connector                       | Can't create, update, or delete AgentCore runtimes.                                                           |
| No `SyncOp`                               | Every reconciliation is a full discovery pass.                                                                |
| Single region per instance                | Multi-region coverage requires multiple connector configurations.                                             |
| Only `__ACCOUNT__` object class           | Runtime, endpoint, workload identity, and resource policy data are flattened onto one object.                 |
| `TestOp` is a no-op                       | IDM test can pass even when AWS credentials or permissions are invalid.                                       |
| No retry logic                            | Transient AWS throttling or 5xx failures can fail reconciliation.                                             |
| `resourcePolicy` is raw JSON              | Downstream IDM policy logic must parse and evaluate policy statements.                                        |
| Workload identity grants are not expanded | The connector collects `workloadIdentityArn`, but doesn't discover what external systems trust that identity. |

## Use the AWS Bedrock AgentCore connector

The AWS Bedrock AgentCore connector discovers the following resource types:

| ICF Native Type | AWS Bedrock AgentCore Resource Type | Naming Attribute | Notes                                                                                                                                                                                                       |
| --------------- | ----------------------------------- | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `__ACCOUNT__`   | Bedrock AgentCore runtime           | `__NAME__`       | Represents one AgentCore runtime. UID is `agentRuntimeId`; name is `agentRuntimeName`. Runtime, endpoint, workload identity, code artifact, and resource policy details are flattened onto the same object. |

### `__ACCOUNT__` attributes

| Attribute                     | Type   | Multivalued | Description                                                                                                          |
| ----------------------------- | ------ | ----------- | -------------------------------------------------------------------------------------------------------------------- |
| `agentRuntimeArn`             | String | No          | Full AgentCore runtime ARN.                                                                                          |
| `agentRuntimeVersion`         | String | No          | Runtime version.                                                                                                     |
| `status`                      | String | No          | Runtime lifecycle status, such as `READY`.                                                                           |
| `roleArn`                     | String | No          | IAM execution role ARN for the runtime.                                                                              |
| `networkMode`                 | String | No          | Runtime network mode, such as `PUBLIC`.                                                                              |
| `createdAt`                   | String | No          | Runtime creation timestamp.                                                                                          |
| `lastUpdatedAt`               | String | No          | Runtime last updated timestamp.                                                                                      |
| `description`                 | String | No          | Runtime description. Empty string if absent.                                                                         |
| `workloadIdentityArn`         | String | No          | AgentCore workload identity ARN. Empty string if absent.                                                             |
| `lifecycleIdleTimeoutSeconds` | Long   | No          | Idle runtime session timeout. `0` if not set.                                                                        |
| `lifecycleMaxLifetimeSeconds` | Long   | No          | Maximum runtime lifetime. `0` if not set.                                                                            |
| `codeS3Bucket`                | String | No          | S3 bucket for the runtime code artifact. Empty string if absent.                                                     |
| `codeS3Prefix`                | String | No          | S3 prefix for the runtime code artifact. Empty string if absent.                                                     |
| `codeRuntime`                 | String | No          | Runtime language/runtime value, such as `PYTHON_3_14`. Empty string if absent.                                       |
| `codeEntryPoint`              | String | Yes         | Runtime entry point command list, when present.                                                                      |
| `endpointArn`                 | String | No          | Default runtime endpoint ARN. Empty string if the endpoint call fails.                                               |
| `endpointName`                | String | No          | Endpoint name. The connector requests `DEFAULT`.                                                                     |
| `endpointId`                  | String | No          | Endpoint ID. The connector expects `DEFAULT` in v1.                                                                  |
| `endpointLiveVersion`         | String | No          | Runtime version currently serving requests through the endpoint.                                                     |
| `endpointStatus`              | String | No          | Endpoint lifecycle status. Distinct from runtime `status`.                                                           |
| `endpointCreatedAt`           | String | No          | Endpoint creation timestamp.                                                                                         |
| `endpointLastUpdatedAt`       | String | No          | Endpoint last updated timestamp.                                                                                     |
| `resourcePolicy`              | String | No          | Raw JSON string returned by `GetResourcePolicy`. Empty string when no policy is attached or the policy lookup fails. |

## Troubleshooting

### Connector initializes but reconciliation fails immediately

Check:

1. `region` is valid for Bedrock AgentCore.

2. The connector principal has `bedrock-agentcore:ListAgentRuntimes`.

3. The AWS credentials provider mode is configured correctly.

4. If `useDefaultCredentialsProvider=false`, `accessKeyId` and `secretAccessKey` are populated.

5. The AWS SDK version bundled with the connector supports the `bedrockagentcorecontrol` module.

### No runtime objects are returned

Check:

1. The target region contains AgentCore runtimes.

2. The connector is configured for the same region where the runtimes exist.

3. `ListAgentRuntimes` succeeds for the connector principal.

4. `GetAgentRuntime` succeeds for each runtime ID.

5. Runtime objects are not being filtered out by an IDM-side query filter.

### Endpoint attributes are empty

Check:

1. The runtime has a `DEFAULT` endpoint.

2. The connector principal can call `bedrock-agentcore:GetAgentRuntimeEndpoint`.

3. The endpoint is available in the configured region.

4. Review connector logs; endpoint lookup failures are soft failures and don't suppress the runtime object.

### `resourcePolicy` is empty

Check:

1. A resource policy is attached to the AgentCore runtime ARN.

2. The connector principal can call `bedrock-agentcore:GetResourcePolicy`.

3. The runtime ARN in AWS matches the resource ARN used for policy retrieval.

4. If there is no attached policy, empty `resourcePolicy` is expected.

## OpenICF interfaces implemented by the AWS Bedrock AgentCore connector

The AWS Bedrock AgentCore connector implements the following OpenICF interfaces. You can find additional details in [ICF interfaces](interfaces.html):

* Schema

  Describes the object types, operations, and options that the connector supports.

* Search

  Searches the target resource for all objects that match the specified object class and filter.

* Test

  Tests the connector configuration.

  For this connector, `TestOp` logs that the test was called but does not make any AWS API calls, and always returns success regardless of credential validity. To validate credentials and IAM permissions, run a reconciliation against a known AgentCore runtime.

[]()

## AWS Bedrock AgentCore connector configuration

The AWS Bedrock AgentCore connector has the following configurable properties:

### Basic configuration properties

| Property                                                                                                                                                                      | Type            | Default     | Encrypted(1)             | Required(2)               |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | ----------- | ------------------------ | ------------------------- |
| `region`                                                                                                                                                                      | `String`        | `us-east-1` |                          | [icon: check, set=fas]Yes |
| AWS region where AgentCore runtimes are deployed, for example `us-east-1`.                                                                                                    |                 |             |                          |                           |
| `useDefaultCredentialsProvider`                                                                                                                                               | `Boolean`       | `true`      |                          | [icon: check, set=fas]Yes |
| When enabled, uses the AWS SDK DefaultCredentialsProvider chain (environment variables, shared config, EC2/ECS role). When disabled, provide accessKeyId and secretAccessKey. |                 |             |                          |                           |
| `accessKeyId`                                                                                                                                                                 | `String`        | `null`      |                          | [icon: times, set=fas]No  |
| AWS access key ID. Required when the default credentials provider is disabled.                                                                                                |                 |             |                          |                           |
| `secretAccessKey`                                                                                                                                                             | `GuardedString` | `null`      | [icon: lock, set=fas]Yes | [icon: times, set=fas]No  |
| AWS secret access key. Required when the default credentials provider is disabled.                                                                                            |                 |             |                          |                           |

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.
