OnRamp Docs

Appearance

Architecting Amazon Bedrock AgentCore within DuploCloud Multi-Tenant Environments: Resolving IaC Friction and Enforcing Compliance Boundaries

The rapid maturation of generative artificial intelligence has necessitated a fundamental shift in how organizations approach application deployment. Moving from isolated prototyping to enterprise-grade, production-ready deployments requires infrastructure that is both highly scalable and rigorously secure. Amazon Bedrock AgentCore has emerged as a robust, specialized solution for deploying, scaling, and operating AI agents, providing a fully managed runtime environment, a persistent memory fabric, and a secure tool integration layer.1 Simultaneously, modern enterprises are increasingly adopting advanced platform engineering solutions like DuploCloud to automate compliance, enforce strict multi-tenant isolation, and manage complex network and security boundaries at scale without manual intervention.3

However, deploying the highly automated, Infrastructure as Code (IaC)-driven AgentCore toolkit into a rigorously governed DuploCloud environment introduces profound architectural friction.5 The core of this friction lies in the collision between declarative automation toolkits—which inherently expect broad, unconstrained permissions to create globally named resources across an AWS account—and prescriptive security platforms that enforce strict naming conventions, bounded IAM roles, and deterministic network isolation to maintain compliance standards like SOC 2 and PCI-DSS.4

This report provides an exhaustive analysis of the architectural intersections between Amazon Bedrock AgentCore and the DuploCloud tenancy model. It dissects the primary areas of infrastructure friction, explores the underlying computational mechanisms of the AWS Cloud Development Kit (CDK) and AWS CloudFormation generation, and provides comprehensive engineering workarounds and architectural patterns to successfully bridge these two powerful paradigms.

The Architecture of Amazon Bedrock AgentCore

To systematically resolve the deployment friction, it is essential to first dissect the operational mechanics of the Amazon Bedrock AgentCore provisioning engine. AgentCore is designed to eliminate the undifferentiated heavy lifting of building specialized infrastructure for autonomous agents.7 It operates via a hybrid Control Plane and Data Plane architecture, orchestrated primarily through the AgentCore Starter Toolkit CLI (agentcore).8

Core AgentCore Services

The Amazon Bedrock AgentCore ecosystem comprises several modular services designed to operate independently or as a cohesive unit 2:

  • AgentCore Runtime: A secure, serverless computing environment purpose-built for AI agents. Unlike standard AWS Lambda functions, the AgentCore Runtime provides extended execution times (up to 8 hours), true session isolation via dedicated microVMs, and natively supports multi-modal and multi-agent workloads.2 It accepts containerized applications or direct zip deployments of Python or TypeScript code.10
  • AgentCore Memory: A persistent context management system that supports both short-term (session-based) and long-term memory. It utilizes built-in retrieval-augmented generation (RAG) strategies, such as Semantic, Summarization, and User Preference extraction, removing the need for developers to manually manage vector databases.12
  • AgentCore Gateway: A connectivity layer that allows agents to securely interface with external tools, APIs, and enterprise systems. It acts as an authorization proxy, intercepting tool calls and managing authentication via OAuth 2.0 or AWS JSON Web Tokens (JWT) before invoking targets like AWS Lambda functions or external OpenAPI schemas.14
  • AgentCore Identity: A robust framework for managing workload identities, facilitating secure machine-to-machine (M2M) communication, and integrating with external identity providers like Amazon Cognito or Auth0.14

The AgentCore Provisioning Lifecycle

When an engineer initiates a deployment using the agentcore launch command, the toolkit abstracts the complexity of AWS infrastructure by executing a multi-stage provisioning lifecycle 8:

  1. Configuration Parsing: The CLI inspects local configuration files—specifically agentcore.json, .bedrock_agentcore.yaml, and aws-targets.json.13 These files define the agent's core parameters, including its build type (Direct Code Deploy vs. Container), runtime version (e.g., Python 3.10 to 3.13), required memory strategies, and target AWS region.13
  2. Resource Synthesis via AWS CDK: Under the hood, the toolkit utilizes the AWS Cloud Development Kit (CDK)—specifically the @aws-cdk/aws-bedrock-agentcore-alpha construct library—to programmatically synthesize an AWS CloudFormation template that maps the requested logical agent to physical AWS resources.19
  3. Containerization Pipeline Orchestration: To alleviate the developer burden of running local Docker daemons, the toolkit dynamically generates an AWS CodeBuild project.22 The agent's source code and dependencies (e.g., requirements.txt or pyproject.toml) are uploaded to an automatically generated Amazon S3 bucket. CodeBuild then compiles the application into an ARM64-optimized container image, which is a strict requirement for AgentCore execution.23
  4. Registry Provisioning: The compiled ARM64 container image is subsequently pushed to a newly created Amazon Elastic Container Registry (ECR) repository.24
  5. IAM Role Generation: The CDK synthesizer generates highly specific, least-privilege AWS Identity and Access Management (IAM) execution roles. Separate roles are minted for the CodeBuild environment (to pull source code and push to ECR) and the final AgentCore Runtime endpoint (to write to CloudWatch and invoke foundation models).10
  6. Endpoint Instantiation: Finally, the AgentCore Runtime endpoint is deployed, mounting the ECR image, attaching the generated execution role, and configuring Amazon CloudWatch log groups for advanced observability and OpenTelemetry tracing.22

This highly automated pipeline is explicitly optimized for developer velocity. However, its fundamental architectural assumption is that the executing principal possesses broad administrative permissions across the AWS account—specifically, the unconstrained ability to create generic S3 buckets, ECR repositories, IAM roles, and CloudWatch log groups.2 This assumption becomes the primary catalyst for friction when introduced into governed environments.

The DuploCloud Governance and Tenancy Model

To effectively integrate AgentCore, one must understand the deterministic, application-centric governance philosophy of DuploCloud.3 Unlike traditional cloud management interfaces, DuploCloud is a DevOps-as-a-Service platform that enforces security, compliance, and multi-tenant isolation by default.4

Infrastructures and Tenants

The DuploCloud architecture is hierarchically divided into "Infrastructures" and "Tenants".6 An Infrastructure correlates on a one-to-one basis with a Virtual Private Cloud (VPC) network, providing the foundational routing, subnets, and NAT gateways across multiple Availability Zones.28

Beneath the Infrastructure layer lies the "Tenant" (or Project). The Tenant is the fundamental unit of deployment and the core isolation boundary within the platform.6 While the Infrastructure provides macro-level network isolation, the Tenant provides micro-segmentation across compute, security, and identity vectors.30

A DuploCloud Tenant functions as a multi-dimensional security boundary:

  • Kubernetes and Compute Isolation: Each Tenant maps directly to a dedicated Kubernetes namespace (e.g., duploservices-<tenant_name>). All compute workloads, whether running on EKS, ECS, or EC2, are strictly confined to this namespace.6
  • Network Micro-Segmentation: Tenants are isolated via automatically generated Security Groups. These groups enforce a default-deny posture for inter-tenant traffic while allowing intra-tenant communication. A workload in "Tenant A" cannot natively communicate with an RDS instance in "Tenant B" without explicit, audited cross-tenant policies.6
  • Identity and Access Management (IAM) Boundary: DuploCloud abstracts traditional AWS IAM complexities. Instead of relying on developers to author JSON policies or manage long-lived access keys, compute workloads within a Tenant are assigned an auto-generated Instance Profile.32 This profile acts as an IAM boundary, dictating precisely which Platform-as-a-Service (PaaS) resources the workload can access.33

The Cryptographic Linchpin: Resource Naming and Prefixes

To enforce these boundaries securely, DuploCloud relies heavily on strict resource naming conventions and pattern-matching IAM policies. Almost every AWS resource provisioned within a Tenant—including S3 buckets, SQS queues, KMS keys, ECR repositories, and IAM roles—must be explicitly prefixed with an identifier linked to the Tenant, overwhelmingly taking the format of duploservices-<tenant_name>-.6

This prefix is not merely an organizational suggestion; it is the cryptographic linchpin of DuploCloud's compliance engine. IAM permission boundaries and resource-based policies generated by the platform utilize AWS IAM Condition keys to explicitly deny actions unless the target resource ARN contains this exact prefix.6

For example, a typical permission boundary enforced by DuploCloud might employ a NotAction block or a StringLike condition:

JSON

{ "Version": "2012-10-17", "Statement":, "Resource": "arn:aws:s3:::duploservices-<tenant_name>-*" } ] }

Because of this reliance on string pattern matching for security enforcement, Tenant names in DuploCloud must be globally unique and cannot be substrings of one another (e.g., creating a tenant named dev prevents the creation of a tenant named dev2) to prevent regex collision during IAM policy evaluations.6

Just-In-Time (JIT) Access and Execution Contexts

Further complicating the deployment landscape is DuploCloud's approach to developer access. To adhere to strict compliance frameworks (such as SOC 2 and PCI-DSS), developers are rarely granted persistent, elevated AWS Console access or long-lived programmatic Access Keys.4

Instead, developers interact with the cloud environment via the DuploCloud portal, its native Terraform provider, or through Just-In-Time (JIT) credential federation.32 JIT access provides short-lived, STS-assumed role credentials that are strictly bound by the iam:PermissionsBoundary of the specific Tenant the developer is operating within.32 Consequently, any local CLI execution on a developer's workstation is constrained by the exact same IAM restrictions that govern the cloud-based compute workloads.

Comprehensive Analysis of Infrastructure Friction Points

When an engineering team attempts to deploy the Amazon Bedrock AgentCore toolkit into a DuploCloud managed AWS account, the collision between the toolkit's automated IaC generation and the platform's strict IAM boundaries results in immediate, systemic deployment failures. These friction points manifest across several critical infrastructure domains.

The Bedrock AgentCore toolkit leverages AWS CDK to provision resources with default or hashed names. The DuploCloud IAM Permission Boundary intercepts these API calls, rejecting any resource creation request that lacks the mandatory duploservices-<tenant_name>- prefix. This string pattern matching effectively blocks non-compliant CDK deployments.

1. S3 and ECR Naming Collisions

The most frequent and immediate point of failure is resource naming. The AWS Cloud Development Kit (CDK), which powers the AgentCore toolkit's backend, is engineered to auto-generate logical and physical IDs for resources to ensure uniqueness and prevent naming collisions across global AWS deployments.37

If an engineer executes agentcore launch for an agent named support_bot, the toolkit attempts to synthesize an AWS CloudFormation template that provisions an ECR repository typically named bedrock-agentcore-support_bot and an S3 bucket named bedrock-agentcore-code-<account_id>-<region>.10

Because the engineer's deployment credentials—operating via DuploCloud JIT federation—are constrained by the Tenant's IAM permission boundary, the AWS API categorically denies the s3:CreateBucket and ecr:CreateRepository actions.36 The AWS API validates the incoming request against the boundary policy, notes the absence of the duploservices-<tenant_name>- prefix in the requested resource name, and returns an AccessDeniedException.34

2. IAM Role Synthesis and Permission Boundaries

A fundamental tenet of the AWS CDK is the automated generation of granular, least-privilege IAM roles. During the agentcore launch phase, the toolkit attempts to synthesize and deploy new IAM roles for CodeBuild execution and AgentCore Runtime execution.16

In a standard, unmanaged AWS environment, this automated role generation is considered a security best practice.40 However, in a DuploCloud environment, it triggers an immediate failure. To prevent privilege escalation and maintain strict auditability, DuploCloud heavily restricts the iam:CreateRole action.36

When role creation is conditionally permitted for advanced IaC workflows, the DuploCloud governance engine mandates that any new IAM role must:

  1. Begin with the duploservices-<tenant_name>- prefix.
  2. Include a Condition block in the creation request that explicitly attaches a specific iam:PermissionsBoundary policy managed by DuploCloud.36

The standard AWS CDK synthesizer and the AgentCore CLI wrapper do not natively append these required permission boundaries, nor do they adhere to the proprietary role naming conventions, resulting in the CloudFormation stack rolling back upon initiation.

3. CloudWatch Log Group Routing Constraints

Observability is a critical component of the AgentCore ecosystem, providing necessary telemetry for traces, model latency, and runtime debugging.25 By default, the AgentCore toolkit automatically configures Amazon CloudWatch Log Groups. AgentCore dictates a strict internal naming structure for these logs, expecting them to reside under /aws/bedrock-agentcore/runtimes/<agent_id>-<endpoint_name> or the overarching /aws/vendedlogs/ prefix.25

This hardcoded logging structure creates severe friction with DuploCloud's centralized logging architecture. DuploCloud utilizes an integrated SIEM solution (Wazuh) and centralizes log ingestion via OpenSearch and Elastic Filebeat.43 To efficiently route logs from disparate AWS services into the tenant's isolated dashboard, DuploCloud relies on specific CloudWatch log group prefix captures—most commonly formatting bucket and log names as duplo-<INFRA_NAME>-awslogs-<ACCOUNTNUMBER>.34

Because AgentCore obscures the ability to seamlessly redefine its root logging prefixes within the standard CLI workflow, logs generated by the AI agent may successfully write to CloudWatch (assuming IAM permissions allow it) but will fail to be ingested by the DuploCloud Tenant's centralized SIEM, resulting in a fractured observability landscape.45

4. Account-Level Prerequisites and Service-Linked Roles

Beyond tenant-specific IAM roles and resource naming, advanced AgentCore deployments face structural friction regarding account-level prerequisites. Generative AI agents frequently require access to private corporate data stores, such as Amazon RDS databases or internal REST APIs located within a private subnet.46

To facilitate this, the AgentCore Runtime and built-in tools (like the Code Interpreter) must be deployed into an Amazon Virtual Private Cloud (VPC).47 When configuring VPC connectivity, AgentCore relies on AWS Service-Linked Roles (SLRs)—specifically the AWSServiceRoleForBedrockAgentCoreNetwork role—to create and manage Elastic Network Interfaces (ENIs) within the designated subnets on behalf of the user.47

Service-Linked Roles are immutable, account-level IAM constructs. Because a DuploCloud Tenant is an intentionally scoped, isolated sub-environment, Tenant administrators strictly lack the iam:CreateServiceLinkedRole permission.7 Therefore, any attempt by the AgentCore toolkit to deploy an agent requiring VPC access will fail if the organization's overarching AWS administrator has not manually pre-provisioned the necessary SLRs at the root AWS account level prior to the tenant initiating the deployment.

AgentCore Default BehaviorDuploCloud Governance RequirementResulting Friction Point
Auto-generates S3 bucket named bedrock-agentcore-code-...Mandates duploservices-<tenant>- prefix for all buckets.AccessDenied on s3:CreateBucket.
Auto-generates ECR repository named bedrock-agentcore-<agent>Mandates duploservices-<tenant>- prefix for all repositories.AccessDenied on ecr:CreateRepository.
Synthesizes generic IAM roles via AWS CDK.Restricts iam:CreateRole; requires iam:PermissionsBoundary.CloudFormation stack deployment failure.
Hardcodes CloudWatch logs to /aws/bedrock-agentcore/runtimes/...Expects specific patterns (e.g., duplo-<infra>-awslogs...) for SIEM ingestion.Broken observability; logs not routed to tenant dashboard.
Attempts to generate AWSServiceRoleForBedrockAgentCoreNetworkProhibits tenant-level users from creating Service-Linked Roles.Deployment blocked when requesting VPC configurations.

Architectural Workarounds and Engineering Solutions

Resolving the friction between Amazon Bedrock AgentCore and DuploCloud requires infrastructure architects to abandon the "black box" automated deployment of the starter toolkit. Instead, engineering teams must adopt deliberate integration strategies that enforce the required naming conventions and IAM boundaries while still leveraging the power of the AgentCore runtime.

The following solutions represent a progression of complexity, ranging from simple CLI overrides to advanced Abstract Syntax Tree (AST) manipulation and hybrid CI/CD pipeline orchestration.

Strategy 1: Pre-Provisioning and CLI Execution Overrides

The least invasive and most immediate method to resolve IaC friction is to circumvent the AgentCore toolkit's automated resource creation mechanisms entirely. The AgentCore CLI provides a robust suite of override flags during the agentcore configure and agentcore launch phases.16 By pre-provisioning compliant resources using DuploCloud's native interfaces (or the DuploCloud Terraform provider) and passing those specific ARNs to the AgentCore CLI, the naming collision is entirely bypassed.

Phase A: Foundational Pre-Provisioning

Engineers must first utilize the duplocloud_tenant resource and associated infrastructure providers to create the foundational elements. Utilizing Terraform ensures that the duploservices- prefix is inherently applied and tracked within the state file.34

  1. S3 Artifact Storage: Create a dedicated S3 bucket for the CodeBuild deployment artifacts. Terraform resource "duplocloud_s3_bucket" "agent_code" { tenant_id = duplocloud_tenant.dev.tenant_id name = "agentcore-artifacts" # DuploCloud prepends duploservices-<tenant>- }

  2. ECR Repository Definition: Although DuploCloud abstracts ECR through its container services, an explicit repository must be created conforming to the tenant boundary to house the compiled ARM64 agent image.51

  3. IAM Role Delegation: Rather than permitting the CDK to synthesize roles, the engineer must explicitly define the required AgentCore policies (e.g., AmazonBedrockFullAccess, scoped S3 read/write access, and CloudWatch permissions) and attach them to either the existing DuploCloud Tenant Instance Profile or a specially requested Tenant-bound IAM role.2

Phase B: CLI Execution with Strict Overrides

With the compliant resources established within the AWS account, the engineer executes the AgentCore CLI, explicitly commanding it to bypass its internal creation logic and utilize the pre-provisioned, prefixed infrastructure.2

Bash

agentcore configure \ --entrypoint app.py \ --name duploservices-dev-support-agent \ --execution-role arn:aws:iam::123456789012:role/duploservices-dev-agent-role \ --code-build-execution-role arn:aws:iam::123456789012:role/duploservices-dev-build-role \ --ecr duploservices-dev-agentcore-repo

By enforcing the --execution-role, --code-build-execution-role, and --ecr flags, the toolkit's underlying CDK synthesizer skips the CfnRole and CfnRepository compilation steps. The CLI updates the local agentcore.json state file with these specific ARNs.18 When agentcore launch is subsequently executed, the application compiles and deploys the agent data plane logic without triggering a violation of the DuploCloud IAM permission boundary.2

Strategy 2: Abstract Syntax Tree (AST) Manipulation via CDK Aspects

While manual CLI overrides are effective for simple agent deployments, highly complex agentic architectures—which may involve intricate Memory fabrics, multiple Gateways, custom evaluators, and Code Interpreter VPC integrations—often require teams to eject from the CLI wrapper and manage the underlying AWS CDK application directly.1

If an engineering team chooses to manage the @aws-cdk/aws-bedrock-agentcore-alpha constructs natively, they immediately face the challenge of the CDK's auto-naming conventions.21 Hardcoding prefixes into every single L2 construct (e.g., new s3.Bucket(this, 'duploservices-dev-bucket')) is a brittle, error-prone approach that fails to scale and cannot easily address nested resources automatically generated by higher-level constructs.54

The optimal programmatic solution to this challenge is the implementation of AWS CDK Aspects.55 Aspects implement the software engineering Visitor pattern, allowing an operation or mutation to be uniformly applied to all constructs within a given scope (such as an entire stack) immediately prior to CloudFormation template synthesis.55 This mechanism allows engineers to centrally inject the duploservices-<tenant_name>- prefix into the physical names of all resources generated by the AgentCore library without modifying the core construct code.50

To execute this, an engineer authors a class implementing the cdk.IAspect interface. The visit method within this class is invoked sequentially for every node in the CDK construct tree. The logic must be carefully designed to specifically target Level 1 (L1) constructs (e.g., CfnRole, CfnBucket, CfnProject). Targeting L1 constructs is critical because Level 2 (L2) constructs act as proxy objects; modifying their high-level properties post-instantiation may not accurately reflect in the final, synthesized AWS CloudFormation template.56

Furthermore, AWS imposes strict length limitations on physical resource names. For example, IAM role names possess a rigid 64-character limit.57 Therefore, the Aspect logic must dynamically evaluate the length of the generated logical ID, conditionally truncate it, and accommodate the injection of the duploservices-<tenant_name>- prefix to prevent AWS API validation failures during deployment.

![][image1]

The programmatic implementation of this AST manipulation requires utilizing the CfnResource.addPropertyOverride(path, value) method.58 For instance, when the Aspect visits a CfnRole node, it retrieves the resolved logical name, prepends the necessary tenant prefix, executes the truncation logic if required, and fires node.addPropertyOverride('RoleName', newName).59

This advanced technique ensures that even deeply nested, automatically generated resources created by the aws_bedrockagentcore library are deterministically renamed. Consequently, the subsequent CloudFormation deployment cleanly passes through DuploCloud's IAM permission boundaries without triggering unauthorized action alerts.

Strategy 3: The Hybrid CI/CD Pipeline Architecture

For enterprise organizations managing complex, multi-account serverless deployments, relying solely on manual CLI execution or isolated CDK manipulation is often insufficient for maintaining strict compliance and auditability.5 The most robust and scalable architectural pattern is the implementation of a Hybrid CI/CD Pipeline that intelligently leverages the strengths of both Terraform and the AgentCore CLI.

This pattern utilizes Terraform for its superiority in compliant foundational infrastructure provisioning, while harnessing the AgentCore CLI for its specialized orchestration of the Generative AI data plane.60 This workflow relies on sequential execution within a continuous integration runner (e.g., GitHub Actions or GitLab CI) that has securely assumed the necessary DuploCloud JIT credentials via OpenID Connect (OIDC).5

  1. Infrastructure Initialization (Terraform): The pipeline first executes Terraform code utilizing the official duplocloud provider.60 This phase statefully manages the core duplocloud_tenant, constructs strictly named S3 buckets, and provisions specific tenant IAM policies and ECR repositories.34 Terraform's declarative nature ensures the foundational security boundary is intact and perfectly aligns with the platform's expectations.
  2. State Output Extraction: Upon a successful terraform apply, the pipeline programmatically extracts the resulting ARNs and physical names of the generated resources (e.g., parsing $TENANT_ROLE_ARN and $ECR_REPO_NAME from the Terraform state output).
  3. AgentCore Configuration Injection: The pipeline utilizes shell scripting to dynamically inject these ARNs into the AgentCore deployment parameters. This is achieved either by appending explicit override flags to the agentcore configure command or by utilizing tools like jq to directly manipulate the agentcore.json and aws-targets.json configuration files.13
  4. Headless Agent Deployment: Finally, the pipeline executes agentcore launch --non-interactive.16 This instructs the toolkit to skip all user prompts, compile the agent source code utilizing the CodeBuild role passed via environment variables, push the resulting images to the injected ECR paths, and deploy the AgentCore Runtime.

![][image2]

This hybrid approach effectively decouples the underlying governance lifecycle—which remains strictly managed by DuploCloud and Terraform—from the rapid, iterative lifecycle of the Generative AI application, which benefits from the specialized orchestration of the AgentCore toolkit.

Advanced Configurations: Networking, Observability, and Identity

Resolving IAM and naming collisions addresses the primary deployment barriers. However, to construct truly enterprise-grade AI agents, architects must also address friction points surrounding network isolation, custom observability, and identity federation.

Resolving Network and VPC Connectivity Friction

Advanced AI agents frequently require access to private corporate data stores, such as internal REST APIs, vector databases, or Amazon RDS instances located within private subnets.46 To facilitate this, the AgentCore Runtime and its built-in tools must be deployed into a Virtual Private Cloud (VPC).47

Deploying AgentCore into a VPC within a DuploCloud Tenant requires careful orchestration of Security Groups. DuploCloud automatically generates specific, default-deny Security Groups for each Tenant to enforce blast-radius isolation.30 The engineer must retrieve these exact Security Group IDs (typically via Terraform data sources or the DuploCloud portal API) and explicitly provide them to the AgentCore CLI to ensure the agent's Elastic Network Interfaces (ENIs) are provisioned in a compliant manner.47

Bash

agentcore configure \ --vpc \ --subnets subnet-01234abcd,subnet-56789efgh \ --security-groups sg-0abc123def456

By passing the --vpc, --subnets, and --security-groups flags 16, the AgentCore Runtime integrates cleanly into the DuploCloud network boundary. The resulting ENIs inherit the Tenant's security posture, allowing the agent to securely query the private resources while remaining entirely isolated from adjacent Tenants on the same AWS account. It is crucial to reiterate that this process assumes the AWSServiceRoleForBedrockAgentCoreNetwork Service-Linked Role has been pre-provisioned at the root account level by an overarching administrator.47

Integrating Custom Observability and Log Routing

To circumvent the friction caused by AgentCore's default CloudWatch log group naming conventions (/aws/bedrock-agentcore/runtimes/...), engineers must modify how telemetry is exported.

To align with DuploCloud's centralized SIEM architecture (which expects logs to follow specific prefixes like duplo-<INFRA>-awslogs...), developers should utilize the AWS Distro for OpenTelemetry (ADOT) SDK within their agent code.62 By instrumenting the agent application manually, engineers can configure the ADOT exporter to write traces and standard output to custom CloudWatch Log Groups that explicitly match the required DuploCloud naming conventions.45 This ensures that critical agent telemetry—including tool invocation latencies and model generation errors—flows seamlessly into the Tenant's designated OpenSearch and Wazuh dashboards for compliance monitoring.

Furthermore, AgentCore supports the ingestion of custom headers (prefixed with X-Amzn-Bedrock-AgentCore-Runtime-Custom-) during runtime invocation.63 This allows upstream applications to pass contextual metadata, such as unique session identifiers or trace contexts, directly into the agent. This metadata can then be appended to the custom OpenTelemetry logs, ensuring end-to-end traceability of agent actions across the DuploCloud network boundary.63

When an AI agent requires access to external software-as-a-service (SaaS) platforms (e.g., Salesforce, GitHub, or internal protected endpoints), the AgentCore Gateway relies on OAuth 2.0 or JWT authentication flows.15 AgentCore Identity supports tight integration with Amazon Cognito to manage these client credentials and user pools.16

In a DuploCloud environment, spinning up generic Cognito User Pools via the agentcore identity setup-cognito command 16 will likely fail due to the same resource naming restrictions discussed previously. Engineers must pre-provision the Cognito User Pool and App Clients using DuploCloud-compliant IaC (ensuring the duploservices- prefix is applied to the User Pool name).

Once the compliant Cognito infrastructure is established, the engineer must extract the specific UserPoolId and ClientId and pass them into the AgentCore configuration using the --authorizer-config flag 16:

Bash

agentcore configure \ --authorizer-config "{\"customJWTAuthorizer\":{\"discoveryUrl\":\"https://cognito-idp.us-east-1.amazonaws.com/$POOL\_ID/.well-known/openid-configuration\\",\\"allowedClients\\":}}"

This configuration instructs the AgentCore Runtime to validate incoming JWT tokens against the pre-existing, compliant DuploCloud Cognito pool.64 This ensures that machine-to-machine (M2M) communication and user-delegated access flows operate securely without requiring the toolkit to dynamically generate non-compliant identity resources.

Conclusion

The integration of Amazon Bedrock AgentCore into a DuploCloud managed environment represents a sophisticated convergence of two distinct technological imperatives: the drive for rapid, highly automated Generative AI application deployment, and the absolute necessity of strict, deterministic infrastructure governance.

The friction experienced during deployment is not indicative of a critical flaw in either system; rather, it vividly illustrates the architectural collision between declarative IaC auto-generation (which assumes unbounded permissions) and prescriptive platform engineering (which enforces rigorous namespace and IAM isolation).

By deeply understanding the underlying mechanics of the AWS Cloud Development Kit, CloudFormation synthesis, and DuploCloud's pattern-matching permission boundaries, infrastructure architects can construct highly resilient solutions. Whether utilizing precise CLI configuration overrides to bypass automated creation, implementing CDK Aspects to dynamically rewrite the Abstract Syntax Tree, or orchestrating hybrid CI/CD pipelines that leverage Terraform for foundational state management, organizations can successfully execute cutting-edge Generative AI workloads. By adopting these strategies, enterprises unlock the full potential of autonomous AI agents without ever compromising their compliance posture, multi-tenant isolation, or security integrity.

Works cited

  1. Accelerate agentic application development with a full-stack starter template for Amazon Bedrock AgentCore | Artificial Intelligence - AWS, accessed March 27, 2026, https://aws.amazon.com/blogs/machine-learning/accelerate-agentic-application-development-with-a-full-stack-starter-template-for-amazon-bedrock-agentcore/
  2. Amazon Bedrock AgentCore - Developer Guide, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/bedrock-agentcore-dg.pdf
  3. Platform Engineering for Cloud Deployment and Operations - DuploCloud, accessed March 27, 2026, https://duplocloud.com/white-papers/platform-engineering/
  4. Provisioning Secure and Compliant Applications on AWS with DevSecOps and DuploCloud, accessed March 27, 2026, https://aws.amazon.com/blogs/apn/provisioning-secure-and-compliant-applications-on-aws-with-devsecops-and-duplocloud/
  5. Optimize multi-account serverless deployments by using the AWS CDK and GitHub Actions workflows - AWS Prescriptive Guidance - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/optimize-multi-account-serverless-deployments.html
  6. docs/automation-platform/application-focused-interface-duplocloud-architecture/tenant.md at main - GitHub, accessed March 27, 2026, https://github.com/duplocloud/docs/blob/main/automation-platform/application-focused-interface-duplocloud-architecture/tenant.md
  7. aws-cdk/aws-bedrock-agentcore-alpha module - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/cdk/api/v2/docs/aws-bedrock-agentcore-alpha-readme.html
  8. Turn Your AI Script into a Production-Ready Agent | AWS Builder Center, accessed March 27, 2026, https://builder.aws.com/content/33duot88gLusLRgJkalulTJLUrx/turn-your-ai-script-into-a-production-ready-agent
  9. Building AI Agents with Amazon Bedrock AgentCore Runtime: A Complete Setup Guide, accessed March 27, 2026, https://dev.to/aws-builders/building-ai-agents-with-amazon-bedrock-agentcore-runtime-a-complete-setup-guide-50oh
  10. Get started with Amazon Bedrock AgentCore Runtime direct code deployment, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started-code-deploy.html
  11. Get started with the Amazon Bedrock AgentCore starter toolkit in TypeScript, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started-toolkit-typescript.html
  12. Get started with AgentCore Memory - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/memory-get-started.html
  13. I tried deploying an AI agent to AgentCore using AgentCore CLI - DevelopersIO, accessed March 27, 2026, https://dev.classmethod.jp/en/articles/agentcore-cli-deploy/
  14. Get started with Amazon Bedrock AgentCore - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-get-started-toolkit.html
  15. Set up outbound authorization for your gateway - Amazon Bedrock AgentCore, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-outbound-auth.html
  16. AgentCore CLI - Amazon Bedrock AgentCore, accessed March 27, 2026, https://aws.github.io/bedrock-agentcore-starter-toolkit/api-reference/cli.html
  17. Amazon Bedrock AgentCore: Redefining Agent Infrastructure as Undifferentiated Heavy Lifting | Caylent, accessed March 27, 2026, https://caylent.com/blog/amazon-bedrock-agent-core-redefining-agent-infrastructure-as-undifferentiated-heavy-lifting
  18. agentcore-cli/docs/configuration.md at main - GitHub, accessed March 27, 2026, https://github.com/aws/agentcore-cli/blob/main/docs/configuration.md
  19. Build AI agents with Amazon Bedrock AgentCore using AWS CloudFormation, accessed March 27, 2026, https://aws.amazon.com/blogs/machine-learning/build-ai-agents-with-amazon-bedrock-agentcore-using-aws-cloudformation/
  20. Using the AWS CDK as an IaC tool - AWS Prescriptive Guidance - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/prescriptive-guidance/latest/choose-iac-tool/aws-cdk.html
  21. aws-cdk-lib.aws_bedrockagentcore module, accessed March 27, 2026, https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_bedrockagentcore-readme.html
  22. Runtime Quickstart - Amazon Bedrock AgentCore - Open Source at AWS, accessed March 27, 2026, https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/runtime/quickstart.html
  23. Get started without the starter toolkit - Amazon Bedrock AgentCore - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/getting-started-custom.html
  24. Deploying Agents to AWS with Bedrock AgentCore | CodeSignal Learn, accessed March 27, 2026, https://codesignal.com/learn/courses/deploying-agents-aws-with-bedrock-agentcore/lessons/deploying-agents-with-agentcore
  25. View observability data for your Amazon Bedrock AgentCore agents, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-view.html
  26. aws-samples/sample-agentcore-rai-strands-agents - GitHub, accessed March 27, 2026, https://github.com/aws-samples/sample-agentcore-rai-strands-agents
  27. How the DuploCloud platform allows customers to build SaaS on AWS, accessed March 27, 2026, https://aws.amazon.com/blogs/apn/how-the-duplocloud-platform-allows-customers-to-build-saas-on-aws/
  28. AWS User Guide - DuploCloud, accessed March 27, 2026, https://files.duplocloud.com/hubfs/Whitepapers/DuploCloud%20AWS%20User%20Guide.pdf
  29. Step 1: Create Infrastructure and Plan - DuploCloud Documentation, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/overview-2/quick-start/step-1-infrastructure
  30. Tenant as a Logical Concept: The Backbone of a Modern Developer Platform - DuploCloud, accessed March 27, 2026, https://duplocloud.com/blog/tenant-as-a-logical-concept/
  31. DuploCloud Tenancy Models, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/application-focused-interface-duplocloud-architecture/duplocloud-tenancy-models
  32. AWS FAQ - DuploCloud Documentation, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/overview/aws-faq
  33. IAM | DuploCloud Documentation, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/security-and-compliance/access-control/iam
  34. S3 Bucket | DuploCloud Documentation, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/overview/aws-services/s3-bucket
  35. How Amazon Elastic Container Registry works with IAM - Amazon ECR, accessed March 27, 2026, https://docs.aws.amazon.com/AmazonECR/latest/userguide/security_iam_service-with-iam.html
  36. Adventures with Boundary Policies in AWS IAM | by John Byrd | Medium, accessed March 27, 2026, https://maximaavem.medium.com/adventures-with-boundary-policies-in-aws-iam-31734715362b
  37. Global name prefix · Issue #3982 · aws/aws-cdk - GitHub, accessed March 27, 2026, https://github.com/aws/aws-cdk/issues/3982
  38. We need to stop saying "don't provide a name for resources in CDK/Cloudformation and let cloudformation name it", Its terrible.... : r/aws - Reddit, accessed March 27, 2026, https://www.reddit.com/r/aws/comments/1gffqb8/we_need_to_stop_saying_dont_provide_a_name_for/
  39. Get started with the Amazon Bedrock AgentCore starter toolkit in Python, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started-toolkit.html
  40. AWS CDK security best practices - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/cdk/v2/guide/best-practices-security.html
  41. Permissions boundaries for IAM entities - AWS Identity and Access Management, accessed March 27, 2026, https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
  42. AgentCore generated gateway observability data - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-gateway-metrics.html
  43. Logs | DuploCloud Documentation - Overview, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/central-logging
  44. FAQs | DuploCloud Documentation - Overview, accessed March 27, 2026, https://docs.duplocloud.com/docs/faq
  45. CloudWatch GenAI Observability AgentCore- missing CloudWatch Log Group - AWS re:Post, accessed March 27, 2026, https://repost.aws/questions/QUjPLsnlDZTEebOz42qYVPmA/cloudwatch-genai-observability-agentcore-missing-cloudwatch-log-group
  46. Deploying AI Agents on AWS Without Creating a Security Mess - DEV Community, accessed March 27, 2026, https://dev.to/aws/deploying-ai-agents-on-aws-without-creating-a-security-mess-4i
  47. Configure Amazon Bedrock AgentCore Runtime and tools for VPC, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-vpc.html
  48. Using service-linked roles for Amazon Bedrock AgentCore, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/service-linked-roles.html
  49. AWS Services - DuploCloud Documentation, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/overview/aws-services
  50. Resource: duplocloud_tenant - Terraform Registry, accessed March 27, 2026, https://registry.terraform.io/providers/duplocloud/duplocloud/latest/docs/resources/tenant
  51. Elastic Container Registry (ECR) - DuploCloud Documentation, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/overview/aws-services/elastic-container-registry-ecr
  52. aws-samples/sample-amazon-bedrock-agentcore-fullstack-webapp: Starter template for deploying AI agents with Amazon Bedrock AgentCore. Complete infrastructure scaffolding with authentication, API, and web interface - all automated in one command. - GitHub, accessed March 27, 2026, https://github.com/aws-samples/sample-amazon-bedrock-agentcore-fullstack-webapp
  53. Bedrock AgentCore Part 3: Code Interpreter Beyond Code Execution! - Level Up Coding, accessed March 27, 2026, https://levelup.gitconnected.com/bedrock-agentcore-part-3-code-interpreter-beyond-code-execution-70d3c6fbb1ab
  54. 10 Common Mistakes Developers Make with AWS CDK (and How to Avoid Them) - Medium, accessed March 27, 2026, https://medium.com/@lahiruchandika/10-common-mistakes-developers-make-with-aws-cdk-and-how-to-avoid-them-152efed85ecd
  55. Aspects and the AWS CDK - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/cdk/v2/guide/aspects.html
  56. Customize constructs from the AWS Construct Library - AWS Cloud Development Kit (AWS CDK) v2 - AWS Documentation, accessed March 27, 2026, https://docs.aws.amazon.com/cdk/v2/guide/cfn-layer.html
  57. Customize default role names by using AWS CDK aspects and escape hatches, accessed March 27, 2026, https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/customize-default-role-names-by-using-aws-cdk-aspects-and-escape-hatches.html
  58. CfnResource — AWS Cloud Development Kit 2.244.0 documentation, accessed March 27, 2026, https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk/CfnResource.html
  59. (aws-cdk-lib): Property overrides in CDK Aspects and CfnParameter · Issue #19447 - GitHub, accessed March 27, 2026, https://github.com/aws/aws-cdk/issues/19447
  60. Terraform FAQ | DuploCloud Documentation, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/terraform-support/terraform-faq
  61. Creating a Tenant (Environment) - DuploCloud Documentation, accessed March 27, 2026, https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/tenant-environment
  62. Add observability to your Amazon Bedrock AgentCore resources, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-configure.html
  63. Pass custom headers to Amazon Bedrock AgentCore Runtime, accessed March 27, 2026, https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-header-allowlist.html
  64. Set up custom domain names for Amazon Bedrock AgentCore Runtime agents - AWS, accessed March 27, 2026, https://aws.amazon.com/blogs/machine-learning/set-up-custom-domain-names-for-amazon-bedrock-agentcore-runtime-agents/

Internal documentation — gated behind Cloudflare Access.

© OnRamp