bedrock-agentcore: custom execution role policy for runtime lacks proper permissions

[go-to-k]

Describe the bug

ECR permissions are attached even when the role is a custom role (or an imported role). (https://github.com/aws/aws-cdk/blob/v2.221.0/packages/%40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts#L65)

However, the other required permissions are only granted to a policy for an auto-generated role. (https://github.com/aws/aws-cdk/blob/v2.221.0/packages/%40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts#L252-L259)

In constructs of other common modules, permissions are attached even when a custom role is passed.

• https://github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts#L693
• https://github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1468
• https://github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts#L1161

So we need to add the permissions to the custom role.

FYI: If you avoid to add the permissions to the custom role, you can use withoutPolicyUpdates() method for Role.

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Library Version

No response

Expected Behavior

The same permissions are attached to the custom role as to the auto-generated role.

Current Behavior

Permissions other than ECR are not granted to the custom role.

Reproduction Steps

Deploy the following CDK code:

const app = new cdk.App();
const stack = new cdk.Stack(app, 'stack');

const runtimeArtifact = agentcore.AgentRuntimeArtifact.fromAsset(
  path.join(__dirname, 'testArtifact'),
);

const role = new iam.Role(stack, 'ExecutionRole', {
  assumedBy: new iam.ServicePrincipal('bedrock-agentcore.amazonaws.com'),
});

const runtime = new agentcore.Runtime(stack, 'Runtime', {
  runtimeName: 'integ_test_runtime',
  agentRuntimeArtifact: runtimeArtifact,
  executionRole: role,
});

And then you can see the permissions in the console or cdk.out.

FYI: correct permissions: https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-permissions.html#runtime-permissions-execution

Possible Solution

Add the same permissions to the custom role.

Additional Information/Context

No response

AWS CDK Library version (aws-cdk-lib)

v2.221.0

AWS CDK CLI version

2.1030.0

Node.js Version

v22.14.0

OS

Mac

Language

TypeScript

Language Version

No response

Other information

No response

[pahud]

Hi @go-to-k,

Thank you for reporting this issue. Based on the analysis, this appears to be a valid inconsistency in how the bedrock-agentcore Runtime construct handles permissions for custom execution roles.

The current implementation only adds ECR permissions to custom roles (via AgentRuntimeArtifact.bind()), while other required permissions (CloudWatch Logs, X-Ray, CloudWatch Metrics, Workload Identity) are only added to auto-generated roles in the createExecutionRole() method.

This differs from the pattern used in other AWS constructs like Lambda, CodePipeline, and ECS, which add permissions to roles regardless of whether they're custom or auto-created. As you correctly noted, users who want to prevent automatic permission additions can use role.withoutPolicyUpdates().

The fix would involve extracting the permission-granting logic from createExecutionRole() into a separate method and calling it for both custom and auto-created roles. This would ensure that custom roles receive all the permissions documented in the AWS Bedrock Agent Runtime permissions guide.

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.