Capabilities
The AWS Bedrock AgentCore connector syncs the following resources:- Agents: Non-human identities (NHIs) for AI agents (workload identities).
- OAuth2 Credential Providers: OAuth2 client credentials stored in the Token Vault (GitHub, Slack, Google, etc.).
- API Key Credential Providers: API key credentials stored in the Token Vault (Stripe, SendGrid, etc.).
- Gateways: Proxies connecting agents to external tools. Each gateway has a “Gateway Access” entitlement showing which agent is associated.
- Gateway Targets: External tool/API endpoints connected through a gateway (e.g., MCP servers). Each target has a “Target Access” entitlement derived from its parent gateway.
Actions
The connector exposes the following Baton actions:provision_oauth_credential: Create or update an AgentCore OAuth2 credential provider (e.g. from a C1 Personal Client Credential) and point an existing gateway target at it.
Gather AWS credentials
1
Sign in to the AWS Management Console.
2
Go to IAM > Users > select your user (or create a new one).
3
Attach the
BedrockAgentCoreFullAccess managed policy (or create a custom
policy with bedrock-agentcore:*).4
Click Security Credentials > Create access key > choose Application running outside AWS.
5
Copy the Access Key ID and Secret Access Key.
Configure the AWS Bedrock AgentCore connector
- Cloud-hosted
- Self-hosted
Follow these instructions to use a built-in, no-code connector hosted by C1.Done. Your AWS Bedrock AgentCore connector is now pulling access data into C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for AWS Bedrock AgentCore and click Add.
3
Choose how to set up the new connector:
- Add the connector to a currently unmanaged app
- Add the connector to a managed app
- Create a new managed app
4
Set the owner for this connector.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
Enter the required configuration:
- AWS Access Key ID: The IAM access key ID.
- AWS Secret Access Key: The IAM secret access key.
- AWS Region: The AWS region (defaults to
us-east-1). - AWS Session Token: Optional, for temporary/SSO credentials.
8
Click Save.
9
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.