Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™
Logo of TrendAI
Use the Knowledge Base AI to help improve your Cloud Posture

Use Customer-Managed Keys to Encrypt AgentCore Gateways

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: High (not acceptable risk)

Ensure that your Amazon Bedrock AgentCore gateways are configured to use AWS Key Management Service (KMS) Customer-Managed Keys (CMKs) for encryption at rest instead of the default service-managed AWS managed keys. By default, Amazon Bedrock AgentCore encrypts gateway data at rest using service-managed AWS KMS keys, which are owned and operated by AWS and provide no customer control over key management lifecycle. While service-managed keys provide baseline encryption, they do not meet the stricter compliance and governance requirements that many organizations must satisfy.

When a gateway is configured with a Customer-Managed Key, the encryption key ARN is stored in the kmsKeyArn attribute of the gateway configuration. If this field is null or absent, the gateway is relying on the default service-managed AWS managed key, which does not allow customer control over key rotation schedules, access policies, or audit visibility at the individual key level. Note that for AgentCore Gateway resources, AWS managed keys are single-tenant and differ per region.

Using a CMK for Amazon Bedrock AgentCore gateway encryption grants you significantly greater control over the encryption lifecycle. With a CMK, you can rotate the key on your own schedule, control access to the key through granular IAM and KMS key policies, disable or delete the key when it is no longer needed, and audit all key usage through AWS CloudTrail and Amazon CloudWatch Logs. The gateway service role requires the kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey permissions on the CMK.

Security

Using Customer-Managed Keys to encrypt Amazon Bedrock AgentCore gateways is essential for organizations with strict compliance, regulatory, or internal governance requirements, such as those operating under HIPAA, PCI-DSS, FedRAMP, or ISO 27001 frameworks. Service-managed keys provide no mechanism to restrict, audit, or revoke access to the key independently of the AWS service, meaning organizations cannot demonstrate individual key ownership or customized access control to auditors. With CMKs, security teams retain the ability to immediately revoke all access to encrypted gateway data by disabling or scheduling the deletion of the key, providing a critical incident response capability that is unavailable with service-managed encryption. Additionally, CMK usage is fully logged in AWS CloudTrail, enabling comprehensive audit trails that demonstrate who accessed or managed the key and when, which is a key control requirement in many compliance frameworks.

Audit

To determine if your Amazon Bedrock AgentCore gateways are encrypted with Customer-Managed Keys, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to the Amazon Bedrock AgentCore console available at https://console.aws.amazon.com/bedrock-agentcore/home#.

03 In the left navigation pane, choose Gateways.

04 Select the gateway you want to examine by clicking on its name.

05 In the gateway details page, locate the Encryption section.

06 Check the KMS key field. If the field displays AWS managed key or is not set to a customer-managed KMS key ARN (e.g., arn:aws:kms:us-east-1:123456789012:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx), the gateway is not encrypted with a CMK.

07 Repeat steps no. 4 – 6 for each gateway available in the selected AWS region.

08 Change the AWS cloud region from the console navigation bar and repeat the Audit process for other regions.

Using AWS CLI

01 Run list-gateways command (OSX/Linux/UNIX) to list all Amazon Bedrock AgentCore gateways available in the selected AWS region: 

aws bedrock-agentcore-control list-gateways
	--region us-east-1
	--query 'items[*].gatewayId'

02 The command output should return the requested gateway identifiers: 

[
	"cc-agentcore-gateway-aBcDeFgHiJ",
	"cc-tools-gateway-kLmNoPqRsT"
]

03 Run get-gateway command (OSX/Linux/UNIX) with the ID of the Amazon Bedrock AgentCore gateway that you want to examine as the identifier parameter and output query filters to describe the KMS encryption configuration: 

aws bedrock-agentcore-control get-gateway
	--region us-east-1
	--gateway-identifier cc-agentcore-gateway-aBcDeFgHiJ
	--query 'kmsKeyArn'

04 The command output should return the KMS key ARN if a CMK is configured: 

null

If the get-gateway command output returns null for the kmsKeyArn attribute, as shown in the example above, the selected Amazon Bedrock AgentCore gateway is using the default service-managed AWS managed key and is therefore not encrypted with a Customer-Managed Key.
A compliant gateway will return a customer-managed KMS key ARN, for example: 
"arn:aws:kms:us-east-1:123456789012:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

05 Repeat steps no. 3 and 4 for each gateway available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other regions.

Remediation / Resolution

To encrypt your Amazon Bedrock AgentCore gateways with a Customer-Managed Key, perform the following operations:

Before associating a CMK with a gateway, you must first create a customer-managed KMS key with the appropriate key policy that grants the gateway service role the necessary permissions (kms:CreateGrant, kms:DescribeKey, kms:Decrypt, kms:GenerateDataKey). If the key is disabled or deleted after association, access to the encrypted gateway data will be lost. For more information on creating KMS keys and key policies, see the AWS Key Management Service Developer Guide.

Using AWS CloudFormation

01 CloudFormation template (JSON): 

{
	"AWSTemplateFormatVersion": "2010-09-09",
	"Description": "Amazon Bedrock AgentCore Gateway encrypted with a Customer-Managed KMS Key",
	"Resources": {
		"AgentCoreGatewayKMSKey": {
			"Type": "AWS::KMS::Key",
			"Properties": {
				"Description": "CMK for encrypting AgentCore Gateway",
				"EnableKeyRotation": true,
				"KeyPolicy": {
					"Version": "2012-10-17",
					"Statement": [
						{
							"Sid": "Enable IAM User Permissions",
							"Effect": "Allow",
							"Principal": {
								"AWS": "arn:aws:iam::123456789012:root"
							},
							"Action": "kms:*",
							"Resource": "*"
						},
						{
							"Sid": "AllowServiceRoleAccess",
							"Effect": "Allow",
							"Principal": {
								"AWS": "arn:aws:iam::123456789012:role/cc-agentcore-gateway-role"
							},
							"Action": [
								"kms:CreateGrant",
								"kms:DescribeKey",
								"kms:Decrypt",
								"kms:GenerateDataKey"
							],
							"Resource": "*",
							"Condition": {
								"StringEquals": {
									"kms:ViaService": "bedrock-agentcore.us-east-1.amazonaws.com"
								}
							}
						}
					]
				}
			}
		},
		"AgentCoreGatewayKMSKeyAlias": {
			"Type": "AWS::KMS::Alias",
			"Properties": {
				"AliasName": "alias/cc-agentcore-gateway-key",
				"TargetKeyId": {
					"Ref": "AgentCoreGatewayKMSKey"
				}
			}
		}
	}
}

02 CloudFormation template (YAML): 

AWSTemplateFormatVersion: "2010-09-09"
Description: Amazon Bedrock AgentCore Gateway encrypted with a Customer-Managed KMS Key

Resources:
	AgentCoreGatewayKMSKey:
		Type: AWS::KMS::Key
		Properties:
		Description: CMK for encrypting AgentCore Gateway
		EnableKeyRotation: true
		KeyPolicy:
			Version: "2012-10-17"
			Statement:
			- Sid: Enable IAM User Permissions
				Effect: Allow
				Principal:
				AWS: "arn:aws:iam::123456789012:root"
				Action: "kms:*"
				Resource: "*"
			- Sid: AllowServiceRoleAccess
				Effect: Allow
				Principal:
				AWS: "arn:aws:iam::123456789012:role/cc-agentcore-gateway-role"
				Action:
				- "kms:CreateGrant"
				- "kms:DescribeKey"
				- "kms:Decrypt"
				- "kms:GenerateDataKey"
				Resource: "*"
				Condition:
				StringEquals:
					"kms:ViaService": "bedrock-agentcore.us-east-1.amazonaws.com"

	AgentCoreGatewayKMSKeyAlias:
		Type: AWS::KMS::Alias
		Properties:
		AliasName: alias/cc-agentcore-gateway-key
		TargetKeyId: !Ref AgentCoreGatewayKMSKey

Using Terraform (AWS Provider)

01 Terraform configuration file (.tf): 

terraform {
	required_providers {
		aws = {
			source  = "hashicorp/aws"
			version = "~> 5.0"
		}
	}
	required_version = ">= 1.0.0"
}

provider "aws" {
	profile = "default"
	region  = "us-east-1"
}

data "aws_caller_identity" "current" {}

resource "aws_kms_key" "agentcore_gateway_key" {
	description             = "CMK for encrypting AgentCore Gateway"
	deletion_window_in_days = 30
	enable_key_rotation     = true

	policy = jsonencode({
		Version = "2012-10-17"
		Statement = [
			{
				Sid    = "Enable IAM User Permissions"
				Effect = "Allow"
				Principal = {
					AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
				}
				Action   = "kms:*"
				Resource = "*"
			},
			{
				Sid    = "AllowServiceRoleAccess"
				Effect = "Allow"
				Principal = {
					AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/cc-agentcore-gateway-role"
				}
				Action = [
					"kms:CreateGrant",
					"kms:DescribeKey",
					"kms:Decrypt",
					"kms:GenerateDataKey"
				]
				Resource = "*"
				Condition = {
					StringEquals = {
						"kms:ViaService" = "bedrock-agentcore.us-east-1.amazonaws.com"
					}
				}
			}
		]
	})

	tags = {
		Name = "cc-agentcore-gateway-cmk"
	}
}

resource "aws_kms_alias" "agentcore_gateway_key_alias" {
	name          = "alias/cc-agentcore-gateway-key"
	target_key_id = aws_kms_key.agentcore_gateway_key.key_id
}

Note: As of March 2026, an official Terraform resource for aws_bedrock_agentcore_gateway may not yet be available in the AWS provider. Use the AWS CLI or CloudFormation method, or use the aws_bedrock_agentcore_control API via the null_resource with local-exec provisioner as an interim approach until Terraform support is available. Check the Terraform AWS Provider documentation for the latest resource support.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to the Amazon Bedrock AgentCore console available at https://console.aws.amazon.com/bedrock-agentcore/home#.

03 In the left navigation pane, choose Gateways.

04 Select the gateway identified in the Audit section (see Audit section part I to identify the right resource).

05 Choose Edit to modify the gateway configuration.

06 In the gateway configuration form, expand the KMS key - optional section.

07 Select Customize encryption settings (advanced).

08 For AWS KMS key, choose an existing customer-managed KMS key from the dropdown, or enter the ARN of the CMK you want to use for encryption. Ensure the CMK has the required key policy granting the gateway service role the necessary permissions.

09 Choose Save to apply the updated encryption configuration.

10 Verify the update is complete by checking that the gateway status returns to READY and the KMS key field in the gateway details displays your CMK ARN.

11 Repeat steps no. 4 – 10 for each gateway that is not encrypted with a CMK.

12 Change the AWS cloud region from the console navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 Run update-gateway command (OSX/Linux/UNIX) to associate a Customer-Managed KMS key with the Amazon Bedrock AgentCore gateway identified in the Audit section (see Audit section part II to identify the right resource). Replace --name, --role-arn, --protocol-type, and --authorizer-type with the values from your existing gateway configuration: 

aws bedrock-agentcore-control update-gateway
	--region us-east-1
	--gateway-identifier cc-agentcore-gateway-aBcDeFgHiJ
	--name cc-agentcore-gateway
	--role-arn arn:aws:iam::123456789012:role/cc-agentcore-gateway-role
	--protocol-type MCP
	--authorizer-type NONE
	--kms-key-arn arn:aws:kms:us-east-1:123456789012:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Note: The update-gateway command requires all mandatory gateway configuration parameters, as it performs a full replacement of the gateway configuration. The --name value must match the gateway's current name exactly (it cannot be changed via update — use the get-gateway command to retrieve the name). Use the get-gateway command to retrieve your current gateway settings before running the update. If your gateway uses CUSTOM_JWT authorization, also include the --authorizer-configuration parameter with your existing authorizer settings.

02 The command output should return the updated gateway information with the KMS key ARN: 

{
	"gatewayArn": "arn:aws:bedrock-agentcore:us-east-1:123456789012:gateway/cc-agentcore-gateway-aBcDeFgHiJ",
	"gatewayId": "cc-agentcore-gateway-aBcDeFgHiJ",
	"name": "cc-agentcore-gateway",
	"status": "UPDATING",
	"kmsKeyArn": "arn:aws:kms:us-east-1:123456789012:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
	"updatedAt": "2026-03-13T14:20:00Z"
}

03 Repeat steps no. 1 and 2 for each gateway that is not encrypted with a CMK, available in the selected AWS region.

04 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other regions.

References

Publication date Mar 17, 2026

Related BedrockAgentCore rules