Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™
Logo of TrendAI
Use the Knowledge Base AI to help improve your Cloud Posture

Require MMDSv2 for AgentCore Runtime

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that your Amazon Bedrock AgentCore runtimes are configured to require MicroVM Metadata Service Version 2 (MMDSv2) for metadata requests. Amazon Bedrock AgentCore Runtime uses MMDS (MicroVM Metadata Service), similar to the EC2 Instance Metadata Service (IMDS), to provide temporary AWS credentials and configuration data to the microVM environment where your agents run. MMDSv2 enforces a session-oriented authentication mechanism that requires a PUT request to obtain a session token before any metadata can be retrieved, which significantly reduces the risk of unauthorized metadata access through SSRF vulnerabilities. When `requireMMDSV2` is set to `true`, the runtime microVM will only accept MMDSv2 requests, blocking any attempts to access metadata using the less secure MMDSv1 protocol.

Security

Requiring MMDSv2 for Amazon Bedrock AgentCore runtimes provides critical protection against Server-Side Request Forgery (SSRF) attacks. SSRF is a common attack vector in which an attacker tricks the application running inside the microVM into making requests to the metadata endpoint, potentially exposing temporary AWS credentials and other sensitive configuration data. MMDSv2 mitigates this risk by requiring a session token obtained through a PUT request, which most SSRF exploits cannot perform. Since any code or actor running inside the microVM can access credentials by calling the metadata endpoint, enforcing MMDSv2 adds a vital layer of defense, especially when running AI agents that may execute LLM-generated code with unpredictable behavior.

Audit

To determine if your Amazon Bedrock AgentCore runtimes require MMDSv2, perform the following operations:

Using AWS Console

Currently, the Amazon Bedrock AgentCore console does not expose the Metadata configuration settings (including the Require MMDSv2 attribute) on the agent runtime detail page. To audit the MMDSv2 configuration for your AgentCore runtimes, use the AWS CLI method described below.

Using AWS CLI

  1. Run list-agent-runtimes command (OSX/Linux/UNIX) to list the IDs of all Amazon Bedrock AgentCore runtimes available in the selected AWS region:

    aws bedrock-agentcore-control list-agent-runtimes \
	--region us-east-1 \
	--query 'agentRuntimes[*].agentRuntimeId'

  2. The command output should return the requested AgentCore runtime identifiers:

    [
	"cc_ai_agent_runtime-aBcDeFgHiJ",
	"cc_data_agent_runtime-kLmNoPqRsT"
]

  3. Run get-agent-runtime command (OSX/Linux/UNIX) with the ID of the Amazon Bedrock AgentCore runtime that you want to examine as the identifier parameter and output query filters to describe the metadata configuration for the selected runtime:

    aws bedrock-agentcore-control get-agent-runtime \
	--region us-east-1 \
	--agent-runtime-id cc_ai_agent_runtime-aBcDeFgHiJ \
	--query 'metadataConfiguration'

  4. The command output should return the requested metadata configuration:

    {
	"requireMMDSV2": false
}

    If the get-agent-runtime command output returns "requireMMDSV2": false or null, as shown in the example above, the selected Amazon Bedrock AgentCore runtime does not require MMDSv2, and is therefore vulnerable to potential SSRF-based metadata access attacks.

  5. Repeat steps no. 3 and 4 for each AgentCore runtime available in the selected AWS region.

  6. Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other regions.

Remediation / Resolution

To require MMDSv2 for your Amazon Bedrock AgentCore runtimes, perform the following operations:

Using AWS Console

Currently, the Amazon Bedrock AgentCore console does not expose the Metadata configuration settings on the agent runtime detail page. To enable the MMDSv2 requirement for your AgentCore runtimes, use the AWS CLI method described below.

Using AWS CLI

  1. Run update-agent-runtime command (OSX/Linux/UNIX) to enable MMDSv2 requirement for the Amazon Bedrock AgentCore runtime identified in the Audit section (see Audit section part II to identify the right resource). Replace the --agent-runtime-artifact, --role-arn, and --network-configuration parameter values with the existing configuration from your runtime:

    aws bedrock-agentcore-control update-agent-runtime \
	--region us-east-1 \
	--agent-runtime-id cc_ai_agent_runtime-aBcDeFgHiJ \
	--agent-runtime-artifact '{"containerConfiguration":{"containerUri":"123456789012.dkr.ecr.us-east-1.amazonaws.com/cc-ai-agent:latest"}}' \
	--role-arn arn:aws:iam::123456789012:role/cc-agentcore-runtime-role \
	--network-configuration '{"networkMode":"PUBLIC"}' \
	--metadata-configuration '{"requireMMDSV2":true}'

  2. The command output should return the updated AgentCore runtime information:

    {
	"agentRuntimeArn": "arn:aws:bedrock-agentcore:us-east-1:123456789012:agent/AbCdEfGh-1234-5678-AbCd-AbCdEfGh1234:1",
	"agentRuntimeId": "cc_ai_agent_runtime-aBcDeFgHiJ",
	"agentRuntimeVersion": "2",
	"createdAt": "2026-01-15T10:30:00Z",
	"lastUpdatedAt": "2026-03-10T14:20:00Z",
	"status": "UPDATING"
}

  3. Repeat steps no. 1 and 2 for each AgentCore runtime that does not require MMDSv2, available in the selected AWS region.

  4. Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.

References

Publication date Mar 12, 2026

Related BedrockAgentCore rules