Amazon Bedrock AgentCore Enables Multi-Tenant AI with Shared Infrastructure

Amazon Bedrock AgentCore provides a framework for developers to create multi-tenant AI applications that ensure tenant isolation, service tier differentiation, and granular cost tracking. The solution leverages shared infrastructure while maintaining logical separation between tenants, enabling scalable and secure AI deployments. This approach supports various use cases, including SaaS platforms, enterprise solutions, and managed services for different customer organizations. The solution uses a three-level hierarchy—Tier → Tenant → User—to enforce isolation at every layer through document management, memory, model access, and cost tracking. The example demonstrates how healthcare AI agents can serve multiple clinics and hospitals with differentiated service tiers.

The solution implements two service tiers: Basic Tier for small clinics using Mistral Ministral 3 8B Instruct, and Premium Tier for hospitals using OpenAI GPT OSS 120B with advanced reasoning capabilities. The pool model allows tenants to share the same underlying infrastructure and compute resources, maximizing resource utilization while maintaining tenant isolation through scoped identifiers, access policies, and data partitioning. This approach balances cost efficiency with the flexibility to offer differentiated service levels.

The architecture uses Amazon Cognito for user authentication and tenant metadata storage, Amazon API Gateway for tier-based rate limiting, and Amazon Bedrock Knowledge Bases for semantic search with metadata filtering. Amazon S3 stores clinical documents in tier-separated buckets, and cost tracking is enabled through cost allocation tags. The solution also includes AgentCore components like Runtime, Identity, Gateway, and Policy to manage tenant isolation and access control.

Source: awsml