bedrock-agentcore-policy

from adaptationio/skrillz

No description

1 stars0 forksUpdated Jan 16, 2026
npx skills add https://github.com/adaptationio/skrillz --skill bedrock-agentcore-policy

SKILL.md

Amazon Bedrock AgentCore Policy

Overview

AgentCore Policy provides deterministic enforcement of agent boundaries, separate from the probabilistic nature of prompt engineering. Author policies in natural language that automatically convert to Cedar—AWS's open-source policy language—for real-time enforcement at the Gateway layer.

Purpose: Define what agents can and cannot do with deterministic, auditable rules

Pattern: Task-based (5 operations)

Key Principles (validated by AWS December 2025):

  1. Natural Language Authoring - Write policies in plain English
  2. Automated Cedar Generation - System converts to valid Cedar
  3. Real-time Enforcement - Gateway intercepts every tool call
  4. Automated Reasoning - Detects overly permissive/restrictive rules
  5. Default Deny - No permit policy = automatic denial
  6. Forbid Wins - Forbid always overrides permit

Quality Targets:

  • Policy generation: < 5 seconds
  • Enforcement latency: < 10ms per tool call
  • Validation coverage: 100% of tool schemas

When to Use

Use bedrock-agentcore-policy when:

  • Setting boundaries for what agents can do
  • Implementing role-based access control (RBAC)
  • Enforcing compliance rules (e.g., max refund amounts)
  • Temporarily disabling problematic tools
  • Requiring specific parameters for operations
  • Auditing agent actions

When NOT to Use:

  • Content filtering (use Bedrock Guardrails)
  • Rate limiting (use API Gateway)
  • Business logic (implement in tools)

Prerequisites

Required

  • AgentCore Gateway configured
  • Tools registered as Gateway targets
  • IAM permissions for policy operations

Recommended

  • Understanding of Cedar semantics
  • Tool schemas documented
  • Test scenarios defined

Operations

Operation 1: Natural Language Policy Authoring

Time: 2-5 minutes Automation: 95% Purpose: Create policies from plain English descriptions

Process:

  1. Define requirements in natural language:
"Allow all users to read policy details and claim status.
Only allow users with 'senior-adjuster' role to update coverage.
Block all claim filings unless a description is provided."
  1. Generate Cedar policy:
import boto3

control = boto3.client('bedrock-agentcore-control')

# Start policy generation from natural language
response = control.start_policy_generation(
    gatewayId='gateway-xxx',
    naturalLanguagePolicy="""
    Allow all users to get policy and get claim status.
    Only allow principals with the 'senior-adjuster' role to update coverage.
    Block principals from filing claims unless description is provided.
    """,
    policyName='insurance-agent-policy'
)

generation_id = response['policyGenerationId']

# Wait for completion
waiter = control.get_waiter('PolicyGenerationCompleted')
waiter.wait(policyGenerationId=generation_id)

# Get generated Cedar
result = control.get_policy_generation(
    policyGenerationId=generation_id
)

cedar_policy = result['generatedPolicy']
validation_results = result['validationResults']
  1. Review generated Cedar:
// Permit read-only actions for everyone
permit(
    principal,
    action in [
        AgentCore::Action::"InsuranceAPI__get_policy",
        AgentCore::Action::"InsuranceAPI__get_claim_status"
    ],
    resource
);

// Permit updates only for specific roles
permit(
    principal,
    action == AgentCore::Action::"InsuranceAPI__update_coverage",
    resource
)
when {
    principal.hasTag("role") &&
    principal.getTag("role") == "senior-adjuster"
};

// Block claims without description
forbid(
    principal,
    action == AgentCore::Action::"InsuranceAPI__file_claim",
    resource
)
unless {
    context.input has description
};

Operation 2: Create Policy Directly (Cedar)

Time: 5-10 minutes Automation: 80% Purpose: Write Cedar policies with full control

Cedar Syntax:

// Basic permit
permit(
    principal,
    action == AgentCore::Action::"ToolName__method",
    resource == AgentCore::Gateway::"arn:..."
);

// With conditions
permit(
    principal is AgentCore::OAuthUser,
    action == AgentCore::Action::"RefundAPI__process_refund",
    resource
)
when {
    context.input.amount < 1000
};

// Forbid with unless
forbid(
    principal,
    action == AgentCore::Action::"DeleteAPI__delete_record",
    resource
)
unless {
    principal.hasTag("role") &&
    principal.getTag("role") == "admin"
};

Create policy via boto3:

response = control.create_policy(
    name='refund-limit-policy',
    description='Limits refunds to under $1000 for non-managers',
    policyContent='''
permit(
    principal,
    action == AgentCore::Action::"RefundToolTarget___refund",
    resource == AgentCore::Gateway::"arn:aws:bedrock-agentcore:us-east-1:123456789012:gateway/refund"
)
when {
    context.input.amount < 1000
};

permit(
    principal,
    action == AgentCore::Action::"RefundToolTarget___refund",
    resource == Agent

...
Read full content

Repository

adaptationio
adaptationio/skrillzParent repository

Repository Stats

Stars1
Forks0