AWS has introduced two architecture patterns to secure Amazon Bedrock AgentCore Runtime using AWS WAF, enabling rate limiting and threat protection for production endpoints. The solution addresses the challenge of integrating AWS WAF with AgentCore Runtime, which requires authentication for all API calls, including health checks. Standard ALB health checks send unauthenticated requests, which fail by default. The two patterns use an internet-facing ALB with AWS WAF and route traffic through a VPC Interface Endpoint to AgentCore Runtime. This ensures that traffic flows through AWS WAF while maintaining authentication requirements for production traffic. Pattern 1 places an AWS Lambda proxy between the ALB and the V, giving full control over request transformation.

Pattern 2 targets the VPC Endpoint ENI IP addresses directly from the ALB, removing the Lambda hop entirely. Both patterns have been tested end-to-end with SigV4 and OAuth (Amazon Cognito JWT) authentication. The solution enables organizations to enforce web application firewall policies, rate limiting, protection against common web threats, and audit controls via AWS WAF. AWS WAF integrates with Elastic Load Balancing Application Load Balancers (ALBs), Amazon CloudFront distributions, and Amazon API Gateway REST APIs. Amazon CloudFront is designed for caching and content delivery, but agent invocations are real-time and dynamic, so caching doesn’t apply. Amazon API Gateway adds its own authentication and request transformation layer, which can create a double-authentication problem with the built-in SigV4 and OAuth handling in AgentCore. That leaves an internet-facing ALB as the integration point: It passes headers through transparently, supports VPC-internal routing, and attaches directly to an AWS WAF WebACL. From there, you route traffic to AgentCore through a VPC Interface Endpoint for the Bedrock AgentCore data plane service.

This is where the challenge appears. ALBs require health checks to verify that backend targets are responsive. But AgentCore Runtime requires authentication, SigV4 or OAuth, on API calls, including health check requests. Standard ALB health checks send unauthenticated requests, so they fail out of the box. You need a way to make health checks work without credentials while still passing authenticated production traffic through to AgentCore. This post shows you two architecture patterns that address this problem.

Both use an internet-facing ALB with AWS WAF and route traffic through a VPC Interface Endpoint to AgentCore Runtime. Pattern 1 places an AWS Lambda proxy between the ALB and the VPC Endpoint, giving you full control over request transformation. Pattern 2 targets the VPC Endpoint ENI IP addresses directly from the ALB, removing the Lambda hop entirely. You also learn how to close the direct-access backdoor with a resource policy so that traffic flows through AWS WAF only. Both patterns have been tested end-to-end with SigV4 and OAuth (Amazon Cognito JWT) authentication.

Source: awsml