AWS managed policies for Amazon Bedrock AgentCore

An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.

For more information, see AWS managed policies in the IAM User Guide.

AWS managed policy: BedrockAgentCoreFullAccess

You can attach BedrockAgentCoreFullAccess to your users, groups, and roles.

This policy grants permissions that allow full access to the Amazon Bedrock AgentCore.

Permissions details

This policy includes the following permissions:

• bedrock-agentcore (Amazon Bedrock Agent Core) – Allows principals full access to all Amazon Bedrock Agent Core resources.

• iam (AWS Identity and Access Management) – Allows principals to list and get information about roles and policies, and to pass roles with "BedrockAgentCore" in the name to the bedrock-agentcore service. Also allows creating service-linked roles for CloudWatch Application Signals and Amazon Bedrock AgentCore network.

• secretsmanager (AWS Secrets Manager) – Allows principals to create, update, retrieve, and delete secrets with names that begin with "bedrock-agentcore".

• kms (AWS Key Management Service) – Allows principals to list and describe keys, and to decrypt data within the same AWS account when called via the Bedrock Agent Core service.

• s3 (Amazon Simple Storage Service) – Allows principals to get objects from S3 buckets with names that begin with "bedrock-agentcore-gateway-" when called via the Bedrock Agent Core service.

• lambda (AWS Lambda) – Allows principals to list Lambda functions.

• logs (Amazon CloudWatch Logs) – Allows principals to access, query, and manage log data in log groups related to Bedrock Agent Core and Application Signals, including creating log groups and streams.

• application-autoscaling (Application Auto Scaling) – Allows principals to describe scaling policies.

• application-signals (Amazon CloudWatch Application Signals) – Allows principals to retrieve information about application signals and start discovery.

• autoscaling (Amazon EC2 Auto Scaling) – Allows principals to describe Auto Scaling resources.

• cloudwatch (Amazon CloudWatch) – Allows principals to retrieve and list metrics, generate queries, and access other CloudWatch resources.

• oam (Amazon CloudWatch Observability Access Manager) – Allows principals to list sinks.

• rum (Amazon CloudWatch RUM) – Allows principals to retrieve and list RUM resources.

• synthetics (Amazon CloudWatch Synthetics) – Allows principals to describe and get information about Synthetics resources.

• xray (AWS X-Ray) – Allows principals to retrieve trace information, manage trace segment destinations, and work with indexing rules.

AWS managed policy: BedrockAgentCoreNetworkServiceRolePolicy

This policy is attached to a service-linked role that allows the service to perform actions on your behalf. You cannot attach this policy to your users, groups, or roles.

This policy grants permissions that allow AgentCore to create and manage network interfaces in your VPC when running in VPC mode.

Permissions details

This policy includes the following permissions:

• ec2 (Amazon Elastic Compute Cloud) – Allows the service to create, manage, and delete network interfaces in your VPC, assign and unassign private IP addresses, and describe VPC resources. Network interfaces are tagged with "AmazonBedrockAgentCoreManaged" to ensure the service only manages resources it creates.

You can view this policy at BedrockAgentCoreNetworkServiceRolePolicy.

For more information about the service-linked role that uses this policy, see Using service-linked roles for Amazon Bedrock AgentCore.

AWS managed policy: AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy

You can attach AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy to your users, groups, and roles.

This policy grants permissions that allow full access to the Amazon Bedrock Agent Core Memory.

Permissions details

This policy includes the following permissions.

• bedrock – Allows principals to call the Amazon Bedrock Invokemodel and InvokeModelWithResponseStream actions. This is required so that an agent can store memories.

AgentCore updates to AWS managed policies

View details about updates to AWS managed policies for AgentCore since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the AgentCore Document history page.

Change	Description	Date
BedrockAgentCoreFullAccess – Updated policy	Added permission to create the Amazon Bedrock AgentCore network service-linked role.	September 19, 2025
BedrockAgentCoreNetworkServiceRolePolicy – New policy	Added a new AWS managed policy that allows AgentCore to create and manage network interfaces in your VPC when running in VPC mode.	September 19, 2025
AgentCore started tracking changes	AgentCore started tracking changes for its AWS managed policies.	July 16, 2025