AWS documents two WAF architecture patterns for securing Bedrock AgentCore Runtime
AWS Machine Learning Blog·low signal
AWS details two patterns for putting an internet-facing ALB with AWS WAF in front of AgentCore Runtime, routing traffic through a VPC Interface Endpoint. Published the same week as the AgentCore MCP tutorial, it signals that AWS now considers agent runtimes an edge-exposed attack surface deserving the same treatment as a public web app — a framing most self-hosted agent deployments have not caught up to.