📄 中文摘要
在 Amazon Bedrock AgentCore 中,策略创建了一个独立于代理自身推理的确定性执行层。通过将自然语言描述的业务规则转化为 Cedar 策略,可以实现细粒度的身份感知控制,确保代理仅访问用户被授权使用的工具和数据。此外,AgentCore Gateway 通过拦截和评估每个代理与工具的请求,在运行时应用这些策略,从而增强了安全性和合规性。
在 Amazon Bedrock AgentCore 中使用策略确保 AI 代理的安全性
出处: Secure AI agents with Policy in Amazon Bedrock AgentCore
发布: 2026年3月12日
📄 English Summary
Secure AI agents with Policy in Amazon Bedrock AgentCore
In Amazon Bedrock AgentCore, Policy establishes a deterministic enforcement layer that functions independently of the agent's own reasoning. By transforming natural language descriptions of business rules into Cedar policies, fine-grained, identity-aware controls can be enforced, ensuring that agents only access the tools and data their users are authorized to use. Furthermore, Policy is applied through the AgentCore Gateway, which intercepts and evaluates every agent-to-tool request at runtime, thereby enhancing security and compliance.