Bedrock Agents Advanced

Bedrock Agents enable foundation models to autonomously plan and execute multi-step tasks. Agents can use tools (action groups), access knowledge bases, and chain operations together to accomplish complex goals. This lesson covers agent architecture, action groups, and guardrails.

Agent Architecture

A Bedrock Agent consists of four components:

  • Foundation model — The LLM that drives reasoning and planning (e.g., Claude 3.5 Sonnet)
  • Instructions — System prompt that defines the agent's persona and behavior
  • Action groups — Tools the agent can use, defined by OpenAPI schemas and backed by Lambda functions
  • Knowledge bases — RAG-enabled data sources the agent can query for information

Creating an Action Group

OpenAPI Schema
{
  "openapi": "3.0.0",
  "paths": {
    "/get-order-status": {
      "get": {
        "summary": "Get the status of a customer order",
        "parameters": [{
          "name": "orderId",
          "in": "query",
          "required": true,
          "schema": {"type": "string"}
        }]
      }
    }
  }
}

Guardrails

Bedrock Guardrails protect your agent from generating harmful or off-topic content:

  • Content filters — Block hate speech, violence, sexual content, and other harmful categories
  • Denied topics — Prevent the agent from discussing specific topics (e.g., competitor products, legal advice)
  • Word filters — Block specific words or phrases from appearing in responses
  • PII redaction — Automatically detect and redact personally identifiable information
  • Contextual grounding — Ensure responses are grounded in the provided context (reduce hallucination)

Agent Best Practices

  • Keep action groups focused — Each action group should handle a specific domain (orders, inventory, support)
  • Write clear API descriptions — The agent uses these descriptions to decide when to call each tool
  • Implement idempotent actions — The agent may retry actions; ensure they are safe to execute multiple times
  • Test with adversarial inputs — Try to break the agent with edge cases and prompt injection attempts
Security Note: Agent action groups execute Lambda functions with IAM roles. Apply least-privilege permissions to prevent the agent from accessing resources beyond its intended scope.

Ready to Build Knowledge Bases?

The next lesson covers RAG with Bedrock Knowledge Bases for grounded AI responses.

Next: Knowledge Bases →
← API IntegrationKnowledge Bases →