Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™
Logo of TrendAI
Use the Knowledge Base AI to help improve your Cloud Posture

Protect AgentCore Runtime with VPC

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that your Amazon Bedrock AgentCore runtimes are configured to use VPC network mode so that runtime workloads operate within your organization's private network boundaries. Amazon Bedrock AgentCore runtimes support two network modes: PUBLIC and VPC. By default, runtimes are deployed in PUBLIC mode, which means they run on shared AWS infrastructure with potential exposure to the public internet. When VPC mode is configured, Amazon Bedrock creates Elastic Network Interfaces (ENIs) in your specified subnets using the AWSServiceRoleForBedrockAgentCoreNetwork service-linked role, assigning each ENI a private IP address from your VPC and attaching the security groups you define. This enables the runtime to securely communicate with private resources such as databases, internal APIs, and other services within your VPC without traversing the public internet.

Configuring VPC mode requires providing a networkModeConfig object containing at least one subnet ID and at least one security group ID. The security groups attached to the ENIs control which resources the runtime can communicate with, enabling you to apply the principle of least privilege at the network level. To enable internet access for runtimes that require it (for example, to call external APIs), place the runtime in private subnets with a route to a NAT Gateway rather than using a public subnet, since AgentCore creates ENIs with private IP addresses only. Additionally, VPC endpoints for AWS services used by the runtime can improve security, reduce latency, and eliminate NAT Gateway charges for those service calls.

Security

Deploying Amazon Bedrock AgentCore runtimes in VPC mode provides critical network-level isolation that reduces the attack surface of your AI agent infrastructure. When a runtime operates in PUBLIC mode, it runs on shared infrastructure without the network boundaries of your organization's VPC, which means it cannot access private resources directly and its outbound traffic is not subject to your network-level security controls such as VPC security groups, network ACLs, and VPC flow logs. Placing runtimes inside a VPC enables you to enforce network segmentation, restrict outbound connectivity to only the resources and services required, capture network traffic logs for security auditing and incident response, and prevent unauthorized lateral movement within your environment in the event of a runtime compromise. This is especially important for production AI agent workloads that process sensitive data or interact with critical internal systems, where defense-in-depth requires that both IAM-level and network-level controls are applied together.

Audit

To determine if your Amazon Bedrock AgentCore runtimes are configured to use VPC network mode, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock AgentCore console available at https://console.aws.amazon.com/bedrock-agentcore/home#.

03 In the left navigation pane, choose Runtimes.

04 Select the runtime you want to examine by clicking on its name.

05 Choose Edit to open the runtime configuration.

06 In the Advanced configuration section, check the Network mode value. If it shows Public, the runtime is not deployed within a VPC.

07 Choose Cancel to exit without making changes.

08 Repeat steps no. 4 – 7 for each runtime available in the selected AWS region.

09 Change the AWS cloud region from the console navigation bar and repeat the Audit process for other regions.

Using AWS CLI

01 Run list-agent-runtimes command (OSX/Linux/UNIX) to list the IDs of all Amazon Bedrock AgentCore runtimes available in the selected AWS region: 

aws bedrock-agentcore-control list-agent-runtimes
	--region us-east-1
	--query 'agentRuntimes[*].agentRuntimeId'

02 The command output should return the requested AgentCore runtime identifiers: 

[
	"cc_ai_agent_runtime-aBcDeFgHiJ",
	"cc_data_agent_runtime-kLmNoPqRsT"
]

03 Run get-agent-runtime command (OSX/Linux/UNIX) with the ID of the Amazon Bedrock AgentCore runtime that you want to examine as the identifier parameter and output query filters to describe the network configuration for the selected runtime: 

aws bedrock-agentcore-control get-agent-runtime
	--region us-east-1
	--agent-runtime-id cc_ai_agent_runtime-aBcDeFgHiJ
	--query 'networkConfiguration'

04 The command output should return the requested network configuration: 

{
	"networkMode": "PUBLIC"
}

If the get-agent-runtime command output returns "networkMode": "PUBLIC" or does not include a networkModeConfig with VPC subnet and security group identifiers, as shown in the example above, the selected Amazon Bedrock AgentCore runtime is not deployed within a VPC and is therefore not network-isolated.

05 Repeat steps no. 3 and 4 for each AgentCore runtime available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other regions.

Remediation / Resolution

To configure your Amazon Bedrock AgentCore runtimes to use VPC network mode, perform the following operations:

Before configuring VPC mode, ensure you have an Amazon VPC with subnets located in the supported Availability Zones for your region and appropriate security groups that control the runtime's outbound network access. For internet access from within the VPC, place the runtime in private subnets with a route to a NAT Gateway. For private connectivity to AWS services, configure the required VPC endpoints. For more information, see the AgentCore VPC documentation.

Using AWS CloudFormation

01 Use the following AWS CloudFormation template to create an Amazon Bedrock AgentCore runtime with VPC network configuration enabled. 

{
	"AWSTemplateFormatVersion": "2010-09-09",
	"Description": "Amazon Bedrock AgentCore Runtime with VPC network configuration",
	"Resources": {
		"AgentCoreRuntimeVpc": {
			"Type": "AWS::BedrockAgentCore::AgentRuntime",
			"Properties": {
				"AgentRuntimeName": "cc-agentcore-runtime",
				"Description": "AgentCore runtime deployed within a VPC",
				"AgentRuntimeArtifact": {
					"ContainerConfiguration": {
						"ContainerUri": "123456789012.dkr.ecr.us-east-1.amazonaws.com/cc-ai-agent:latest"
					}
				},
				"RoleArn": "arn:aws:iam::123456789012:role/cc-agentcore-runtime-role",
				"NetworkConfiguration": {
					"NetworkMode": "VPC",
					"NetworkModeConfig": {
						"VpcConfig": {
							"Subnets": [
								"subnet-0abc1234def56789a",
								"subnet-0abc1234def56789b"
							],
							"SecurityGroups": [
								"sg-0abc1234def567890"
							]
						}
					}
				}
			}
		}
	}
}

02 Use the following AWS CloudFormation template in YAML format: 

AWSTemplateFormatVersion: "2010-09-09"
Description: Amazon Bedrock AgentCore Runtime with VPC network configuration
Resources:
	AgentCoreRuntimeVpc:
		Type: AWS::BedrockAgentCore::AgentRuntime
		Properties:
		AgentRuntimeName: cc-agentcore-runtime
		Description: AgentCore runtime deployed within a VPC
		AgentRuntimeArtifact:
			ContainerConfiguration:
			ContainerUri: 123456789012.dkr.ecr.us-east-1.amazonaws.com/cc-ai-agent:latest
		RoleArn: arn:aws:iam::123456789012:role/cc-agentcore-runtime-role
		NetworkConfiguration:
			NetworkMode: VPC
			NetworkModeConfig:
			VpcConfig:
				Subnets:
				- subnet-0abc1234def56789a
				- subnet-0abc1234def56789b
				SecurityGroups:
				- sg-0abc1234def567890

Using Terraform (AWS Provider)

01 Use the following Terraform configuration to deploy an Amazon Bedrock AgentCore runtime with VPC network configuration enabled. 

terraform {
	required_providers {
		aws = {
			source  = "hashicorp/aws"
			version = "~> 5.0"
		}
	}
	required_version = ">= 1.3.0"
}

provider "aws" {
	profile = "default"
	region  = "us-east-1"
}

resource "aws_bedrockagentcore_agent_runtime" "cc_agentcore_runtime" {
	agent_runtime_name = "cc-agentcore-runtime"
	description        = "AgentCore runtime deployed within a VPC"
	role_arn           = "arn:aws:iam::123456789012:role/cc-agentcore-runtime-role"

	agent_runtime_artifact {
		container_configuration {
			container_uri = "123456789012.dkr.ecr.us-east-1.amazonaws.com/cc-ai-agent:latest"
		}
	}

	network_configuration {
		network_mode = "VPC"
		network_mode_config {
			vpc_config {
				subnets         = ["subnet-0abc1234def56789a", "subnet-0abc1234def56789b"]
				security_groups = ["sg-0abc1234def567890"]
			}
		}
	}
}

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Bedrock AgentCore console available at https://console.aws.amazon.com/bedrock-agentcore/home#.

03 In the left navigation pane, choose Runtimes.

04 Select the runtime identified in the Audit section (see Audit section part I to identify the right resource).

05 Choose Edit to modify the runtime configuration.

06 In the Advanced configuration section, select VPC as the network mode.

07 Under VPC settings, select your target VPC from the VPC dropdown.

08 Select one or more Subnets located in the supported Availability Zones for your region. AWS recommends selecting at least two subnets in different Availability Zones for high availability.

09 Select one or more Security groups that define the allowed inbound and outbound traffic for the runtime.

10 Choose Save to apply the VPC configuration.

11 Repeat steps no. 4 – 10 for each runtime that requires VPC network isolation.

12 Change the AWS cloud region from the console navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 Run update-agent-runtime command (OSX/Linux/UNIX) to configure VPC network mode for the Amazon Bedrock AgentCore runtime identified in the Audit section (see Audit section part II to identify the right resource). Replace the --agent-runtime-artifact and --role-arn parameter values with the existing configuration from your runtime: 

aws bedrock-agentcore-control update-agent-runtime
	--region us-east-1
	--agent-runtime-id cc_ai_agent_runtime-aBcDeFgHiJ
	--agent-runtime-artifact '{"containerConfiguration":{"containerUri":"123456789012.dkr.ecr.us-east-1.amazonaws.com/cc-ai-agent:latest"}}'
	--role-arn arn:aws:iam::123456789012:role/cc-agentcore-runtime-role
	--network-configuration '{"networkMode":"VPC","networkModeConfig":{"subnets":["subnet-0abc1234def56789a","subnet-0abc1234def56789b"],"securityGroups":["sg-0abc1234def567890"]}}'

Note: The update-agent-runtime command requires the --agent-runtime-artifact and --role-arn parameters to be included even when you are only updating the network configuration. Replace these values with the existing configuration from your runtime to avoid unintended changes. Specify at least one subnet in a supported Availability Zone and at least one security group. For high availability, provide subnets in at least two different Availability Zones.

02 The command output should return the updated AgentCore runtime information: 

{
	"agentRuntimeArn": "arn:aws:bedrock-agentcore:us-east-1:123456789012:agent/AbCdEfGh-1234-5678-AbCd-AbCdEfGh1234:1",
	"agentRuntimeId": "cc_ai_agent_runtime-aBcDeFgHiJ",
	"agentRuntimeVersion": "2",
	"createdAt": "2026-01-15T10:30:00Z",
	"lastUpdatedAt": "2026-03-13T14:20:00Z",
	"status": "UPDATING"
}

03 Repeat steps no. 1 and 2 for each AgentCore runtime that is not configured with VPC network mode, available in the selected AWS region.

04 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.

References

Publication date Mar 17, 2026

Related BedrockAgentCore rules