Control where your AI agents can browse with Chrome enterprise policies on Amazon Bedrock AgentCore | Amazon Web Services

AI agents with unrestricted web access pose significant security risks. Without Chrome enterprise policies to control browser behavior, an agent might navigate to unauthorized domains, store credentials in the browser’s password manager, or download files outside approved workflows. Organizations with internal services that use a private certificate authority (CA) face an additional barrier. Every HTTPS connection to those services fails with certificate validation errors.

Amazon Bedrock AgentCore Browser now supports Chrome enterprise policies and custom root CA certificates to give organizations granular control over agent browser behavior and connectivity. With Chrome policies, you can configure over 450 browser settings, including URL filtering, download restrictions, and password manager controls, applied through familiar Chrome enterprise JSON configuration. Custom root CA support lets your agents connect to internal services and work with corporate SSL-intercepting proxies by trusting your organization’s certificate authority. For the full reference of available settings, see the Chrome Enterprise policy list.

In this post, you will configure Chrome enterprise policies to restrict a browser agent to a specific website, observe the policy enforcement through session recording, and demonstrate custom root CA certificates using a public test site. The walkthrough produces a working solution that researches Amazon Bedrock AgentCore documentation while operating under enterprise browser restrictions.