AWS Bedrock AgentCore Secures Coding Agents with Production Hosting

Amazon Web Services

Jun 9, 2026

AWS has updated Amazon Bedrock AgentCore to provide production-grade infrastructure for hosting coding agents. This offers isolated environments, centralized credentials, and audit logs, moving agent execution from insecure local setups to a managed cloud environment. The platform addresses common developer challenges with untracked usage and inconsistent access controls for tools like Claude Code and Codex.

AWS has updated Amazon Bedrock AgentCore to offer production-grade infrastructure for hosting coding agents. This new capability provides isolated environments, centralized credential management, audit logs, and platform-enforced security for tools such as Claude Code, Codex, and Kiro. It moves agent execution from local machines to a managed cloud environment.

Dedicated environment: Isolated Linux microVM
Session storage: Persistent /mnt/workspace (14 days inactivity)
Interactive shells: PTY-backed terminal access
Max runtime: Up to 8 hours per session
Supported agents: Claude Code, Codex, Kiro, OpenCode, Cursor CLI, Gemini CLI
Max mounts: 5 filesystems (S3 Files, EFS) per runtime

Developers often run coding agents locally, storing sensitive tokens in .env files, which leads to untracked usage and inconsistent access controls. This update addresses those security and operational challenges by providing dedicated microVMs for each agent session. It enables parallel execution of multiple agents without resource collisions and ensures work persists across reboots or network disconnections.

Amazon Bedrock AgentCore allows you to host any coding agent, packaging it as a container or zip file, and selecting models from Amazon Bedrock or external APIs. The platform offers persistent storage for agent workspaces, interactive shell access into running microVMs, and secure tool access via AgentCore Gateway and Identity. This builds on previous managed agent harness capabilities for AgentCore, enabling parallel execution for tasks like fixing GitHub issues or benchmarking model performance.

View the full update on aws.amazon.com

AWS AI

@AWSAI1d ago

Developers are already running coding agents in Kiro, Claude Code, and Codex. Many are running setups with tokens in .env files, leading to untracked usage and inconsistent access controls. Amazon Bedrock AgentCore gives you one place to host any coding agent with production-grade infrastructure: isolated environments, centralized credentials, audit logs, and security enforced at the platform layer. https://t.co/Nn4WWKUSr8

View on X

Still wondering? A few quick answers below.

Amazon Bedrock AgentCore addresses the challenges of running coding agents locally, where developers often use insecure setups with tokens in .env files. This can lead to untracked usage, inconsistent access controls, and security risks like prompt injection. The platform provides a secure, managed environment for these agents.

AgentCore provides isolated Linux microVMs for each agent session, ensuring that agents do not collide on shared resources like local databases or SSH keys. This physical isolation enhances security and allows multiple agents to run in parallel without interference.

Yes, AgentCore Runtime is model agnostic. You can route your coding agent's model calls through Amazon Bedrock, which hosts models from Anthropic, OpenAI, and others, or directly via providers' APIs, or through your own LLM gateway.

AgentCore Gateway manages tool access, exposing a single Model Context Protocol (MCP) endpoint for tools like GitHub and Jira. AgentCore Identity securely holds credentials in AWS Secrets Manager and a Token Vault, attaching the right downstream credential for each tool call without exposing secrets to the agent's environment.

If an agent session remains idle past its configurable timeout (15 minutes by default), the compute resources for the microVM shut down. However, the persistent /mnt/workspace filesystem, along with any S3 Files or EFS mounts, remains intact. You can resume the same session ID later, and a fresh microVM will mount the same files.

Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

Keep reading

AWS Launches Managed Agent Harness to Automate Infrastructure for AI Agents

AWS introduced a managed agent harness for Amazon Bedrock AgentCore that allows developers to launch working AI agents in three API calls without writing orchestration code. By handling sandboxing, session persistence, and security, the platform reduces the time required to move from an initial agent prototype to a production-ready deployment.

Vercel integrates AWS Bedrock AgentCore for secure cloud browser automation

VercelApr 3

Vercel integrates AWS Bedrock AgentCore for secure cloud browser automation

Vercel added AWS Bedrock AgentCore support to its agent-browser CLI, enabling AI agents to run authenticated web sessions on AWS infrastructure. This allows developers to move agentic computer use from local machines to enterprise-grade cloud environments with native IAM security.

OpenAI launches frontier models and Codex on Amazon Bedrock for enterprises

OpenAIJun 2

OpenAI launches frontier models and Codex on Amazon Bedrock for enterprises

OpenAI has moved its frontier models and the Codex coding agent into general availability on Amazon Bedrock. This allows organizations to run OpenAI's most capable reasoning and automation tools within their existing AWS security and compliance perimeters.

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

CloudflareApr 13

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Cloudflare Sandboxes are now generally available, providing AI agents with isolated, persistent environments to execute code and manage development servers. This infrastructure shift allows agents to perform multi-step engineering tasks like human developers while maintaining security through programmable credential injection.

What problem does Amazon Bedrock AgentCore solve for coding agents?

What kind of isolation does AgentCore provide?

Can I use my preferred AI model with AgentCore?

How does AgentCore handle credentials and tool access?

What happens if my agent session goes idle?

Keep reading

AWS Launches Managed Agent Harness to Automate Infrastructure for AI Agents

AWS Launches Managed Agent Harness to Automate Infrastructure for AI Agents

Vercel integrates AWS Bedrock AgentCore for secure cloud browser automation

Vercel integrates AWS Bedrock AgentCore for secure cloud browser automation

OpenAI launches frontier models and Codex on Amazon Bedrock for enterprises

OpenAI launches frontier models and Codex on Amazon Bedrock for enterprises

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Keep reading

AWS Launches Managed Agent Harness to Automate Infrastructure for AI Agents

AWS Launches Managed Agent Harness to Automate Infrastructure for AI Agents

Vercel integrates AWS Bedrock AgentCore for secure cloud browser automation

Vercel integrates AWS Bedrock AgentCore for secure cloud browser automation

OpenAI launches frontier models and Codex on Amazon Bedrock for enterprises

OpenAI launches frontier models and Codex on Amazon Bedrock for enterprises

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer