2026/03/19 - Amazon Bedrock AgentCore Control - 4 updated api methods
Changes This release includes SDK support for the following new features on AgentCore Built In Tools. 1. Enterprise Policies for AgentCore Browser Tool. 2. Root CA Configuration Support for AgentCore Browser Tool and Code Interpreter. 3. API changes to AgentCore Browser Profile APIs
{'certificates': [{'location': {'secretsManager': {'secretArn': 'string'}}}],
'enterprisePolicies': [{'location': {'s3': {'bucket': 'string',
'prefix': 'string',
'versionId': 'string'}},
'type': 'MANAGED | RECOMMENDED'}]}
Creates a custom browser.
See also: AWS API Documentation
Request Syntax
client.create_browser(
name='string',
description='string',
executionRoleArn='string',
networkConfiguration={
'networkMode': 'PUBLIC'|'VPC',
'vpcConfig': {
'securityGroups': [
'string',
],
'subnets': [
'string',
]
}
},
recording={
'enabled': True|False,
's3Location': {
'bucket': 'string',
'prefix': 'string',
'versionId': 'string'
}
},
browserSigning={
'enabled': True|False
},
enterprisePolicies=[
{
'location': {
's3': {
'bucket': 'string',
'prefix': 'string',
'versionId': 'string'
}
},
'type': 'MANAGED'|'RECOMMENDED'
},
],
certificates=[
{
'location': {
'secretsManager': {
'secretArn': 'string'
}
}
},
],
clientToken='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The name of the browser. The name must be unique within your account.
string
The description of the browser.
string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the browser to access Amazon Web Services services.
dict
[REQUIRED]
The network configuration for the browser. This configuration specifies the network mode for the browser.
networkMode (string) -- [REQUIRED]
The network mode for the browser. This field specifies how the browser connects to the network.
vpcConfig (dict) --
VpcConfig for the Agent.
securityGroups (list) -- [REQUIRED]
The security groups associated with the VPC configuration.
(string) --
subnets (list) -- [REQUIRED]
The subnets associated with the VPC configuration.
(string) --
dict
The recording configuration for the browser. When enabled, browser sessions are recorded and stored in the specified Amazon S3 location.
enabled (boolean) --
Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.
s3Location (dict) --
The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.
bucket (string) -- [REQUIRED]
The name of the Amazon S3 bucket. This bucket contains the stored data.
prefix (string) -- [REQUIRED]
The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
versionId (string) --
The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
dict
The browser signing configuration that enables cryptographic agent identification using HTTP message signatures for web bot authentication.
enabled (boolean) -- [REQUIRED]
Specifies whether browser signing is enabled. When enabled, the browser will cryptographically sign HTTP requests to identify itself as an AI agent to bot control vendors.
list
A list of enterprise policy files for the browser.
(dict) --
Browser enterprise policy configuration.
location (dict) -- [REQUIRED]
The location of the enterprise policy file.
s3 (dict) --
The Amazon S3 location for storing data. This structure defines where in Amazon S3 data is stored.
bucket (string) -- [REQUIRED]
The name of the Amazon S3 bucket. This bucket contains the stored data.
prefix (string) -- [REQUIRED]
The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
versionId (string) --
The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
type (string) --
The type of browser enterprise policy. Available values are MANAGED and RECOMMENDED.
list
A list of certificates to install in the browser.
(dict) --
A certificate to install in the browser or code interpreter.
location (dict) -- [REQUIRED]
The location of the certificate.
secretsManager (dict) --
The Amazon Web Services Secrets Manager location of the certificate.
secretArn (string) -- [REQUIRED]
The ARN of the Amazon Web Services Secrets Manager secret containing the certificate.
string
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock AgentCore ignores the request but does not return an error.
This field is autopopulated if not provided.
dict
A map of tag keys and values to assign to the browser. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
(string) --
(string) --
dict
Response Syntax
{
'browserId': 'string',
'browserArn': 'string',
'createdAt': datetime(2015, 1, 1),
'status': 'CREATING'|'CREATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'|'DELETED'
}
Response Structure
(dict) --
browserId (string) --
The unique identifier of the created browser.
browserArn (string) --
The Amazon Resource Name (ARN) of the created browser.
createdAt (datetime) --
The timestamp when the browser was created.
status (string) --
The current status of the browser.
{'certificates': [{'location': {'secretsManager': {'secretArn': 'string'}}}]}
Creates a custom code interpreter.
See also: AWS API Documentation
Request Syntax
client.create_code_interpreter(
name='string',
description='string',
executionRoleArn='string',
networkConfiguration={
'networkMode': 'PUBLIC'|'SANDBOX'|'VPC',
'vpcConfig': {
'securityGroups': [
'string',
],
'subnets': [
'string',
]
}
},
certificates=[
{
'location': {
'secretsManager': {
'secretArn': 'string'
}
}
},
],
clientToken='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The name of the code interpreter. The name must be unique within your account.
string
The description of the code interpreter.
string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the code interpreter to access Amazon Web Services services.
dict
[REQUIRED]
The network configuration for the code interpreter. This configuration specifies the network mode for the code interpreter.
networkMode (string) -- [REQUIRED]
The network mode for the code interpreter. This field specifies how the code interpreter connects to the network.
vpcConfig (dict) --
VpcConfig for the Agent.
securityGroups (list) -- [REQUIRED]
The security groups associated with the VPC configuration.
(string) --
subnets (list) -- [REQUIRED]
The subnets associated with the VPC configuration.
(string) --
list
A list of certificates to install in the code interpreter.
(dict) --
A certificate to install in the browser or code interpreter.
location (dict) -- [REQUIRED]
The location of the certificate.
secretsManager (dict) --
The Amazon Web Services Secrets Manager location of the certificate.
secretArn (string) -- [REQUIRED]
The ARN of the Amazon Web Services Secrets Manager secret containing the certificate.
string
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock AgentCore ignores the request but does not return an error.
This field is autopopulated if not provided.
dict
A map of tag keys and values to assign to the code interpreter. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
(string) --
(string) --
dict
Response Syntax
{
'codeInterpreterId': 'string',
'codeInterpreterArn': 'string',
'createdAt': datetime(2015, 1, 1),
'status': 'CREATING'|'CREATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'|'DELETED'
}
Response Structure
(dict) --
codeInterpreterId (string) --
The unique identifier of the created code interpreter.
codeInterpreterArn (string) --
The Amazon Resource Name (ARN) of the created code interpreter.
createdAt (datetime) --
The timestamp when the code interpreter was created.
status (string) --
The current status of the code interpreter.
{'certificates': [{'location': {'secretsManager': {'secretArn': 'string'}}}],
'enterprisePolicies': [{'location': {'s3': {'bucket': 'string',
'prefix': 'string',
'versionId': 'string'}},
'type': 'MANAGED | RECOMMENDED'}]}
Gets information about a custom browser.
See also: AWS API Documentation
Request Syntax
client.get_browser(
browserId='string'
)
string
[REQUIRED]
The unique identifier of the browser to retrieve.
dict
Response Syntax
{
'browserId': 'string',
'browserArn': 'string',
'name': 'string',
'description': 'string',
'executionRoleArn': 'string',
'networkConfiguration': {
'networkMode': 'PUBLIC'|'VPC',
'vpcConfig': {
'securityGroups': [
'string',
],
'subnets': [
'string',
]
}
},
'recording': {
'enabled': True|False,
's3Location': {
'bucket': 'string',
'prefix': 'string',
'versionId': 'string'
}
},
'browserSigning': {
'enabled': True|False
},
'enterprisePolicies': [
{
'location': {
's3': {
'bucket': 'string',
'prefix': 'string',
'versionId': 'string'
}
},
'type': 'MANAGED'|'RECOMMENDED'
},
],
'certificates': [
{
'location': {
'secretsManager': {
'secretArn': 'string'
}
}
},
],
'status': 'CREATING'|'CREATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'|'DELETED',
'failureReason': 'string',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
browserId (string) --
The unique identifier of the browser.
browserArn (string) --
The Amazon Resource Name (ARN) of the browser.
name (string) --
The name of the browser.
description (string) --
The description of the browser.
executionRoleArn (string) --
The IAM role ARN that provides permissions for the browser.
networkConfiguration (dict) --
The network configuration for a browser. This structure defines how the browser connects to the network.
networkMode (string) --
The network mode for the browser. This field specifies how the browser connects to the network.
vpcConfig (dict) --
VpcConfig for the Agent.
securityGroups (list) --
The security groups associated with the VPC configuration.
(string) --
subnets (list) --
The subnets associated with the VPC configuration.
(string) --
recording (dict) --
The recording configuration for a browser. This structure defines how browser sessions are recorded.
enabled (boolean) --
Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.
s3Location (dict) --
The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.
bucket (string) --
The name of the Amazon S3 bucket. This bucket contains the stored data.
prefix (string) --
The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
versionId (string) --
The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
browserSigning (dict) --
The browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
enabled (boolean) --
Indicates whether browser signing is currently enabled for cryptographic agent identification using HTTP message signatures.
enterprisePolicies (list) --
The list of enterprise policy files configured for the browser.
(dict) --
Browser enterprise policy configuration.
location (dict) --
The location of the enterprise policy file.
s3 (dict) --
The Amazon S3 location for storing data. This structure defines where in Amazon S3 data is stored.
bucket (string) --
The name of the Amazon S3 bucket. This bucket contains the stored data.
prefix (string) --
The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
versionId (string) --
The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
type (string) --
The type of browser enterprise policy. Available values are MANAGED and RECOMMENDED.
certificates (list) --
The list of certificates configured for the browser.
(dict) --
A certificate to install in the browser or code interpreter.
location (dict) --
The location of the certificate.
secretsManager (dict) --
The Amazon Web Services Secrets Manager location of the certificate.
secretArn (string) --
The ARN of the Amazon Web Services Secrets Manager secret containing the certificate.
status (string) --
The current status of the browser.
failureReason (string) --
The reason for failure if the browser is in a failed state.
createdAt (datetime) --
The timestamp when the browser was created.
lastUpdatedAt (datetime) --
The timestamp when the browser was last updated.
{'certificates': [{'location': {'secretsManager': {'secretArn': 'string'}}}]}
Gets information about a custom code interpreter.
See also: AWS API Documentation
Request Syntax
client.get_code_interpreter(
codeInterpreterId='string'
)
string
[REQUIRED]
The unique identifier of the code interpreter to retrieve.
dict
Response Syntax
{
'codeInterpreterId': 'string',
'codeInterpreterArn': 'string',
'name': 'string',
'description': 'string',
'executionRoleArn': 'string',
'networkConfiguration': {
'networkMode': 'PUBLIC'|'SANDBOX'|'VPC',
'vpcConfig': {
'securityGroups': [
'string',
],
'subnets': [
'string',
]
}
},
'status': 'CREATING'|'CREATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'|'DELETED',
'certificates': [
{
'location': {
'secretsManager': {
'secretArn': 'string'
}
}
},
],
'failureReason': 'string',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
codeInterpreterId (string) --
The unique identifier of the code interpreter.
codeInterpreterArn (string) --
The Amazon Resource Name (ARN) of the code interpreter.
name (string) --
The name of the code interpreter.
description (string) --
The description of the code interpreter.
executionRoleArn (string) --
The IAM role ARN that provides permissions for the code interpreter.
networkConfiguration (dict) --
The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.
networkMode (string) --
The network mode for the code interpreter. This field specifies how the code interpreter connects to the network.
vpcConfig (dict) --
VpcConfig for the Agent.
securityGroups (list) --
The security groups associated with the VPC configuration.
(string) --
subnets (list) --
The subnets associated with the VPC configuration.
(string) --
status (string) --
The current status of the code interpreter.
certificates (list) --
The list of certificates configured for the code interpreter.
(dict) --
A certificate to install in the browser or code interpreter.
location (dict) --
The location of the certificate.
secretsManager (dict) --
The Amazon Web Services Secrets Manager location of the certificate.
secretArn (string) --
The ARN of the Amazon Web Services Secrets Manager secret containing the certificate.
failureReason (string) --
The reason for failure if the code interpreter is in a failed state.
createdAt (datetime) --
The timestamp when the code interpreter was created.
lastUpdatedAt (datetime) --
The timestamp when the code interpreter was last updated.