AI brokers in manufacturing environments typically want to achieve inside APIs, databases, and personal sources that sit behind Amazon Digital Non-public Cloud (Amazon VPC) boundaries. Managing non-public connectivity for every agent-to-tool path provides operational overhead and slows deployment. Amazon Bedrock AgentCore VPC connectivity is designed to deploy AI brokers and Mannequin Context Protocol (MCP) servers with out requiring the community visitors to be uncovered to the general public web. This functionality extends to managed Amazon VPC egress for Amazon Bedrock AgentCore Gateway, so you possibly can connect with endpoints inside non-public networks throughout your AWS atmosphere.
On this publish, you’ll configure Amazon Bedrock AgentCore Gateway to entry non-public endpoints utilizing Useful resource Gateway, a managed assemble that provisions Elastic Community Interfaces (ENIs) instantly inside your Amazon VPC, one per subnet. You’ll discover two implementation modes (managed and self-managed) and stroll by three sensible situations: connecting to a non-public Amazon API Gateway endpoint, integrating with a MCP server on Amazon Elastic Kubernetes Service (Amazon EKS), and accessing a non-public REST API.
Key phrases
The next phrases are used all through this publish. Overview them earlier than continuing to grasp how every element suits into the AgentCore Gateway VPC egress structure.
Useful resource VPC: The Amazon VPC the place your non-public useful resource lives. For instance, the VPC containing your privately hosted MCP server or API endpoint. That is the Amazon VPC that AgentCore Gateway wants to achieve. Useful resource VPC can both be in the identical AWS account because the AgentCore Gateway account or in a special account.
AgentCore Gateway account: The AWS account the place you create and handle your AgentCore Gateway sources. This account could or will not be the identical account because the Useful resource VPC.
Useful resource Gateway: Useful resource gateway acts because the non-public entry level into your Useful resource VPC. When created, it provisions one ENI per subnet that you just specify, every sitting inside your VPC. Site visitors from AgentCore Gateway to your non-public useful resource arrives by these ENIs.
Useful resource Configuration: Useful resource configuration for VPC sources defines the particular useful resource AgentCore Gateway is allowed to achieve by the Useful resource Gateway, recognized by a site identify, or IP tackle. Slightly than granting entry to your total Amazon VPC, a Useful resource Configuration scopes connectivity to a single endpoint.
Service Community Useful resource Affiliation: A service community useful resource affiliation connects a useful resource configuration to the AgentCore service community, which permits AgentCore Gateway service to invoke your non-public endpoint. AgentCore creates and manages this affiliation in your behalf, no matter which mode you employ.
How does AgentCore Gateway VPC egress work?
AgentCore Gateway VPC egress helps two modes relying on how a lot management you need over the underlying networking infrastructure and the way you need to architect for cross-VPC connectivity.
Managed VPC useful resource
On this mode, AgentCore Gateway handles the whole lot in your behalf. You present your VPC ID, subnet IDs, and safety teams as a part of your goal configuration, and AgentCore mechanically creates and manages the VPC Useful resource Gateway in your account. This mode integrates with present community architectures, whether or not you employ VPC peering for same-Area or cross-Area connectivity or a hub-and-spoke mannequin with AWS Transit Gateway for multi-VPC and hybrid environments.
The next structure reveals how AgentCore Gateway connects to non-public Amazon API Gateway utilizing managed VPC useful resource mode.
If you create an AgentCore Gateway Goal with a managed VPC useful resource configuration, AgentCore Gateway initiates the request and routes it to the Useful resource Gateway inside your Useful resource Proprietor VPC. The Useful resource Gateway forwards visitors by an ENI provisioned in your subnet, ruled by the safety teams you configure. From the ENI, the request reaches the execute-api VPC endpoint. In managed VPC Useful resource mode, AgentCore creates and manages the Useful resource Gateway in your behalf, you solely have read-only visibility into it.
Self-managed Lattice useful resource
On this mode, you create and handle the VPC Lattice Useful resource Gateway and Useful resource configuration earlier than referencing it throughout goal creation on AgentCore Gateway. This offers you visibility and management over the Useful resource configuration, together with the variety of IPv4 addresses per ENI, subnet placement, and safety group guidelines. Extra importantly, it offers you visibility into the useful resource configuration itself, with the power to view it, share it utilizing AWS Useful resource Entry Supervisor (AWS RAM) (required for cross-account connectivity), see associations tied to it, and retain the power to revoke these associations if you select.
The next structure reveals how AgentCore Gateway connects to non-public Relaxation API endpoints utilizing self-managed lattice useful resource mode.
In self-managed lattice useful resource mode, you pre-create the Useful resource Gateway and Useful resource Configuration earlier than configuring your AgentCore Gateway Goal. If you name CreateGatewayTarget, you move the Useful resource Configuration ID to affiliate AgentCore Gateway goal together with your non-public endpoint. At invocation time, Useful resource Gateway forwards the request by an ENI provisioned in your subnet, ruled by the safety teams you configure. From the ENI, the request reaches the execute-api VPC endpoint. Not like managed VPC Useful resource mode, you personal and handle the Useful resource Gateway and Useful resource Configuration.
Use the next desk to find out which mode suits your structure. Select managed VPC useful resource mode for streamlined setup, or self-managed Lattice useful resource mode for management over Useful resource Gateway lifecycle, cross-account connectivity, and visibility into associations.
Dimension
AgentCore Managed VPC Useful resource
Self-Managed Lattice Useful resource
Setup complexity
Simple; present VPC ID, subnet IDs, and safety group IDs. AgentCore manages the remaining
Superior; you create and handle the Amazon VPC Lattice Useful resource Gateway and Useful resource Configurations your self, then move the useful resource configuration ID to every goal
IPv4 consumption
Every managed useful resource gateway consumes 1 IP tackle per ENI. This isn’t configurable
When used with Amazon Bedrock AgentCore, it consumes one IP tackle per subnet. If additionally hooked up to different VPC Lattice service networks, it consumes extra IPs primarily based on the ipv4AddressesPerEni worth on the useful resource gateway
Cross-account
Not natively supported use hub-and-spoke architectures (VPC peering or AWS Transit Gateway ) for cross-account / cross-VPC situations.
Supported with AWS Useful resource Entry Handle (AWS RAM). Permits direct cross-account connectivity with out requiring VPC peering or Transit Gateways.
Reusing present ENIs
AgentCore mechanically reuses one Useful resource Gateway (and its ENIs) throughout targets within the account whose managedVpcResource config matches on Amazon VPC, subnet set, security-group set, tags, and IP tackle sort
You connect a number of Useful resource Configurations to a single Useful resource Gateway you personal; goal whose resourceConfigurationIdentifier resolves to that Useful resource Gateway shares its ENIs
Useful resource Gateway Lifecycle administration
Amazon Bedrock AgentCore creates, reuses, and deletes Useful resource Gateways in your behalf
You personal the total lifecycle of useful resource gateways and useful resource configurations
Governance and visibility
Useful resource Configurations are managed within the Amazon Bedrock AgentCore service account and aren’t seen in your Amazon VPC console. The underlying Useful resource Gateway is seen in your account in read-only mode
Full visibility into Useful resource Configurations, Service Community associations, and linked domains in your Amazon VPC Lattice console. You may audit connections and revoke entry at a granular degree
Pricing
Per-GB information processing costs solely (for information processed by the Useful resource Gateway)
1) Hourly cost for Service Community association2) Per-GB information processing costs
Get began with AgentCore Gateway VPC egress
On this publish, you concentrate on the managed VPC useful resource mode. If you wish to discover the self-managed lattice useful resource providing, comply with the code samples. Earlier than getting began, this publish assumes fundamental familiarity with Amazon VPC, AWS Command Line Interface (AWS CLI), Amazon Bedrock AgentCore, and Amazon Bedrock AgentCore Gateway. Just remember to have the next in place.
Presently AgentCore Gateway’s trusts publicly signed TLS certificates; it doesn’t belief certificates signed by a non-public CA, so the handshake to your backend fails. In case your endpoint is protected by a non-public or self-signed certificates, discover the working answer pattern on GitHub.
Your IAM principal wants the iam:CreateServiceLinkedRole permission for bedrock-agentcore.amazonaws.com, in order that AgentCore can create the service-linked position in your behalf if it doesn’t exist already. For the required IAM coverage, see Gateway service-linked position.
The Useful resource Gateway safety group controls what visitors the Useful resource Gateway ENIs can ship outbound to sources inside your Amazon VPC. When you don’t present the safety group whereas invoking CreateGatewayTarget API, then the default safety group is used.
This walkthrough assumes that you’ve an present AgentCore Gateway. When you haven’t created one but, run:
aws bedrock-agentcore create-gateway
–name my-gateway
–role-arn arn:aws:iam:::position/AgentCoreGatewayRole
Observe the gatewayId from the response. You want it when creating AgentCore Gateway Targets within the steps that comply with.
- For in-depth examples, see the GitHub repository .
Non-public Amazon API Gateway
On this part, you create an AgentCore Gateway goal that routes to a non-public Amazon API Gateway. Name the CreateGatewayTarget API with the next parameters. Within the openApiSchema area, present your non-public Amazon API Gateway endpoint URL (https://{api-id}-{vpce-id}.execute-api.{area}.amazonaws.com/{stage}). Within the managedVpcResource block, present your VPC ID, subnet IDs, and safety group ID.
aws bedrock-agentcore-control create-gateway-target
–region us-west-2
–cli-input-json ‘{
“gatewayIdentifier”: “”,
“identify”: “private-apigw”,
“description”: “Non-public API Gateway”,
“targetConfiguration”: {
“mcp”: {
“openApiSchema”: {
“inlinePayload”: “…”
}
}
},
“credentialProviderConfigurations”: […],
“privateEndpoint”: {
“managedVpcResource”: {
“vpcIdentifier”: “”,
“subnetIds”: [“”, “”],
“endpointIpAddressType”: “IPV4”,
“securityGroupIds”: [“”]
}
}
}’
After you run the command, AgentCore Gateway makes use of its service-linked position to provision a Useful resource Gateway in your VPC, creating one ENI per subnet you specified.
The next structure diagram reveals the community circulate.
AgentCore Gateway initiates the request and routes it to the Useful resource Gateway provisioned inside Useful resource Proprietor VPC. Site visitors passes by the ENI inside your non-public subnet, the place your safety group guidelines govern what reaches the following hop. From there, the request reaches the execute-api VPC endpoint, which offers non-public connectivity to your Amazon API Gateway inside endpoint. The endpoint URL format https://{api-id}-{vpce-id}.execute-api.{area}.amazonaws.com/{stage} is what you offered within the openApiSchema area of your CreateGatewayTarget name.
Non-public MCP server on Amazon EKS
On this part, you create an AgentCore Gateway goal that routes to a non-public MCP server operating on Amazon EKS. Name the CreateGatewayTarget API with the next parameters. Within the mcpServer block, present your inside MCP server endpoint URL. Within the managedVpcResource block, present your VPC ID, subnet IDs, and safety group ID.
aws bedrock-agentcore-control create-gateway-target
–region us-west-2
–cli-input-json ‘{
“gatewayIdentifier”: “”,
“identify”: “private-apigw”,
“description”: “Non-public API Gateway”,
“targetConfiguration”: {
“mcp”: {
“mcpServer”: {
“endpoint”: “https://inside.instance.com/csm/mcp”
}
}
},
“credentialProviderConfigurations”: […],
“privateEndpoint”: {
“managedVpcResource”: {
“vpcIdentifier”: “”,
“subnetIds”: [“”, “”],
“endpointIpAddressType”: “IPV4”,
“securityGroupIds”: [“”]
}
}
}’
After you run this command, AgentCore provisions a Useful resource Gateway in your VPC, creating one ENI per subnet you specified. The next structure diagram reveals the end-to-end visitors path.
AgentCore Gateway sends an HTTPS request to your inside endpoint. The Amazon Route 53 non-public hosted zone resolves that area to the interior Community Load Balancer (NLB). The request enters the Useful resource Proprietor VPC by the Useful resource Gateway, passes by the ENI ruled by your safety teams, and arrives on the NLB. The NLB terminates TLS on port 443 utilizing an AWS Certificates Supervisor (ACM) public certificates, then forwards the request over HTTP on port 80 to the NGINX Ingress Controller operating on Amazon EKS, which routes it to the suitable pod.
Non-public REST API goal
On this part, you create an AgentCore Gateway goal that routes to a non-public REST API endpoint. This is applicable to any REST API operating inside your Amazon VPC equivalent to a containerized microservice. The CreateGatewayTarget API name follows the identical sample because the earlier sections. Within the openApiSchema area, present your OpenAPI schema describing the REST API. Within the managedVpcResource block, present your VPC ID, subnet IDs, and safety group ID. After AgentCore Gateway provisions the Useful resource Gateway in your VPC, the next structure diagram reveals the end-to-end visitors path.
AgentCore Gateway sends an HTTPS request to your inside endpoint. The Amazon Route 53 non-public hosted zone resolves that area to the interior Software Load Balancer (ALB). The request enters the Useful resource Proprietor VPC by the Useful resource Gateway, passes by the ENI ruled by your safety teams, and arrives on the inside ALB. The ALB terminates TLS on port 443 utilizing an AWS Certificates Supervisor (ACM) public certificates, then forwards the request over HTTP on port 8000 to the goal group containing your backend servers.
Clear up
To keep away from ongoing costs, delete all sources created on this walkthrough. For reference, see the AgentCore Gateway VPC egress pricing web page. Moreover, Amazon EKS clusters, load balancers, and API Gateway endpoints incur costs whereas operating. Confirm that your sources are deleted to cease costs. When you adopted the GitHub pattern, be certain to run the cleanup part on the finish of every Jupyter Pocket book.
When you used managed VPC useful resource mode, deleting the Gateway Goal removes the related Amazon VPC Useful resource Gateway.
aws bedrock-agentcore delete-gateway-target
–gateway-identifier
–target-id
Conclusion
As AI brokers tackle extra advanced duties, they want safe entry to the instruments and companies that energy your enterprise, a lot of which stay inside non-public networks. AgentCore Gateway VPC egress permits your brokers to achieve non-public MCP servers, inside APIs, databases, and on-premises programs with out exposing them to the general public web.Managed VPC useful resource mode integrates instantly together with your present VPC and requires minimal configuration. Self-managed lattice useful resource mode offers you fine-grained management however requires extra setup. Each route visitors by a Useful resource Gateway that doesn’t go away the AWS community.
Subsequent steps
- Determine one inside API or MCP server in your atmosphere that might profit from AI agent entry
- Overview your present Amazon VPC structure to find out which mode (Managed VPC Useful resource or Self-Managed Lattice Useful resource) suits your necessities
- Overview the Amazon Bedrock AgentCore Gateway documentation for extra configuration choices
- Discover the Amazon VPC Lattice Useful resource Gateway documentation for cross-account situations
- Discover extra integration patterns and superior configurations, see GitHub samples.
In regards to the authors
Eashan Kaushik is a Specialist Options Architect AI/ML at Amazon Net Providers. He’s pushed by creating cutting-edge generative AI options whereas prioritizing a customer-centric strategy to his work. Earlier than this position, he obtained an MS in Laptop Science from NYU Tandon College of Engineering. Outdoors of labor, he enjoys sports activities, lifting, and operating marathons.
Thomas Mathew Veppumthara is a Sr. Software program Engineer at Amazon Net Providers (AWS) with Amazon Bedrock AgentCore. He has earlier generative AI management expertise in Amazon Bedrock Brokers and practically a decade of distributed programs experience throughout Amazon eCommerce Providers and Amazon Elastic Block Retailer (Amazon EBS). He holds a number of patents in distributed programs, storage, and generative AI applied sciences.
Rohin Meduri is a Software program Engineer at Amazon Net Providers (AWS) with Amazon Bedrock AgentCore. He has earlier AI growth expertise with Amazon Bedrock Brokers and Amazon Lex. Earlier than this position, he obtained a BS in Laptop Science from the College of Washington. Outdoors of labor, he enjoys chess, pool, and music manufacturing.
