Amazon Bedrock AgentCore Gateway and Identity support VPC egress

Amazon Web Services has launched VPC egress support for Amazon Bedrock AgentCore Gateway and Identity services, enabling organizations to securely manage outbound traffic from their AI agents to resources within their Virtual Private Cloud environments. The new capability allows customers to invoke private resources, such as EKS-hosted Model Context Protocol (MCP) servers, directly from their AgentCore Gateway while maintaining network isolation and security controls. The VPC egress functionality comes in both managed and self-managed configurations to accommodate different networking requirements. For AgentCore Gateway, the feature enables direct communication with private infrastructure, while AgentCore Identity gains the ability to connect to Identity Providers running inside customer VPCs. This connectivity supports two critical functions: validating access tokens issued by private identity providers and fetching authentication tokens for outbound requests. AWS has also included private DNS resolution support for managed VPC egress resources across both Gateway and Identity services. The enhanced networking capabilities are now available across fourteen AWS regions, including major markets in North America, Europe, and Asia-Pacific. The rollout represents AWS's continued effort to provide enterprise-grade networking controls for AI workloads that require integration with existing private infrastructure while maintaining security boundaries.