Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™
Logo of TrendAI
Use the Knowledge Base AI to help improve your Cloud Posture

Configure Policy Engine for AgentCore Gateway

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that your Amazon Bedrock AgentCore gateways have a policy engine configured to evaluate and authorize agent tool calls. A policy engine is a collection of Cedar-based policies that intercepts all agent requests to a gateway and determines whether to allow or deny each action based on the defined policies. Without a policy engine, agents can invoke any tool available through the gateway without additional authorization checks beyond the initial gateway-level authentication.

When a policy engine is associated with a gateway, it provides an additional layer of security by enforcing fine-grained access controls at the tool invocation level. Policy engines use Cedar, a policy language designed for authorization, to define rules that can restrict which tools agents can call, what parameters they can pass, and under what conditions tool calls are permitted. This enables organizations to implement guardrails that prevent agents from performing unauthorized or potentially harmful actions, even if the agent has valid credentials to access the gateway.

Security

Configuring a policy engine on Amazon Bedrock AgentCore gateways is essential for implementing defense-in-depth security for your AI agent infrastructure. While gateway-level authentication ensures that only authorized entities can access the gateway, a policy engine provides granular control over what actions agents can perform once authenticated. This is particularly important for production deployments where AI agents interact with sensitive systems such as databases, customer data, financial systems, or external APIs. Policy engines enable you to implement guardrails that prevent agents from accessing tools they shouldn't use, restrict parameter values to safe ranges, audit and log all policy decisions for compliance, and respond to changing security requirements by updating policies without modifying agent code.

Audit

To determine if your Amazon Bedrock AgentCore gateways have a policy engine configured, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the left navigation pane, under Build, choose AgentCore.

04 Choose Gateways from the AgentCore submenu.

05 Select the gateway you want to examine by clicking on its name.

06 In the gateway details page, locate the Associated Policies section.

07 Check if a policy engine is attached. If no policy engine is displayed or the field shows None, the gateway does not have a policy engine configured.

08 Repeat steps no. 5 – 7 for each gateway available in the selected AWS region.

09 Change the AWS cloud region from the console navigation bar and repeat the Audit process for other regions.

Using AWS CLI

01 Run list-gateways command (OSX/Linux/UNIX) to list all Amazon Bedrock AgentCore gateways available in the selected AWS region: 

aws bedrock-agentcore-control list-gateways
	--region us-east-1
	--query 'items[*].gatewayId'

02 The command output should return the requested gateway identifiers: 

[
	"cc-mcp-gateway-aBcDeFgHiJ",
	"cc-tools-gateway-kLmNoPqRsT"
]

03 Run get-gateway command (OSX/Linux/UNIX) with the ID of the Amazon Bedrock AgentCore gateway that you want to examine as the identifier parameter and output query filters to describe the policy engine configuration: 

aws bedrock-agentcore-control get-gateway
	--region us-east-1
	--gateway-identifier cc-mcp-gateway-aBcDeFgHiJ
	--query 'policyEngineConfiguration'

04 The command output should return the policy engine configuration if attached: 

null

If the get-gateway command output returns null for the policyEngineConfiguration attribute, as shown in the example above, the selected Amazon Bedrock AgentCore gateway does not have a policy engine configured.

05 Repeat steps no. 3 and 4 for each gateway available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other regions.

Remediation / Resolution

To configure a policy engine on your Amazon Bedrock AgentCore gateways, perform the following operations:

Before associating a policy engine with a gateway, you must first create a policy engine and define policies within it. The policy engine uses Cedar policy language for defining authorization rules. For information about Cedar policies, see the Cedar Policy Language Guide.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock console available at https://console.aws.amazon.com/bedrock/.

03 In the left navigation pane, under Build, choose AgentCore.

04 Choose Policy from the AgentCore submenu.

05 If you haven't created a policy engine yet, choose Create policy engine.

06 Enter a Name for the policy engine (e.g., cc_gateway_policy_engine). Note that policy engine names must match the pattern ^[A-Za-z][A-Za-z0-9_]*$ (letters, numbers, and underscores only — no hyphens).

07 Optionally, enter a Description for the policy engine.

08 Choose Create to create the policy engine.

09 After the policy engine is created, add policies to define your authorization rules.

10 Copy the policy engine ARN for use in the gateway configuration.

11 Choose Gateways from the AgentCore submenu.

12 Select the gateway identified in the Audit section (see Audit section part I to identify the right resource).

13 Choose Edit to modify the gateway configuration.

14 In the Associated Policies section, select the policy engine created in steps 5-8, or enter its ARN.

15 Choose Save to apply the configuration.

16 Repeat steps no. 12 – 15 for each gateway that requires a policy engine.

17 Change the AWS cloud region from the console navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 First, create a policy engine using create-policy-engine command (OSX/Linux/UNIX): 

aws bedrock-agentcore-control create-policy-engine
	--region us-east-1
	--name cc_gateway_policy_engine
	--description "Policy engine for gateway authorization"

02 The command output should return the policy engine details: 

{
	"policyEngineId": "cc_gateway_policy_engine-uVwXyZ1234",
	"policyEngineArn": "arn:aws:bedrock-agentcore:us-east-1:123456789012:policy-engine/cc_gateway_policy_engine-uVwXyZ1234",
	"name": "cc_gateway_policy_engine",
	"status": "CREATING",
	"createdAt": "2026-03-13T10:30:00Z"
}

03 Run update-gateway command (OSX/Linux/UNIX) to associate the policy engine with the Amazon Bedrock AgentCore gateway identified in the Audit section (see Audit section part II to identify the right resource): 

aws bedrock-agentcore-control update-gateway
	--region us-east-1
	--gateway-identifier cc-mcp-gateway-aBcDeFgHiJ
	--name cc-mcp-gateway
	--role-arn arn:aws:iam::123456789012:role/AgentCoreGatewayRole
	--protocol-type MCP
	--authorizer-type NONE
	--policy-engine-configuration '{"arn":"arn:aws:bedrock-agentcore:us-east-1:123456789012:policy-engine/cc_gateway_policy_engine-uVwXyZ1234","mode":"ENFORCE"}'

Note: The update-gateway command requires all gateway configuration parameters (it performs a full replacement). Replace --name, --role-arn, --protocol-type, and --authorizer-type with the values from your existing gateway configuration. If your gateway uses CUSTOM_JWT authorization, also include the --authorizer-configuration parameter. The mode field in --policy-engine-configuration accepts ENFORCE (block unauthorized actions) or LOG_ONLY (audit only).

04 The command output should return the updated gateway information: 

{
	"gatewayArn": "arn:aws:bedrock-agentcore:us-east-1:123456789012:gateway/cc-mcp-gateway-aBcDeFgHiJ",
	"gatewayId": "cc-mcp-gateway-aBcDeFgHiJ",
	"name": "cc-mcp-gateway",
	"status": "UPDATING",
	"policyEngineConfiguration": {
		"arn": "arn:aws:bedrock-agentcore:us-east-1:123456789012:policy-engine/cc_gateway_policy_engine-uVwXyZ1234",
		"mode": "ENFORCE"
	},
	"updatedAt": "2026-03-13T14:20:00Z"
}

05 Repeat steps no. 3 and 4 for each gateway that requires a policy engine, available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.

References

Publication date Mar 17, 2026

Related BedrockAgentCore rules