Connect with us

Books, Courses & Certifications

Latest Hotlist You Won’t Want To Miss

Published

5 months ago

on


eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

AI certifications demonstrate that you possess a specified level of proficiency and competence in artificial intelligence job-related skills, making you more attractive to employers. As a tech professional, AI certification courses can boost your career growth, expand your knowledge and expertise, and help you keep abreast of emerging trends in this dynamic technology.

As AI continues to transform industries, and professionals race to acquire the skills to stay ahead of the curve, certifications are becoming increasingly important to recruiters looking for assurance that candidates understand the fundamentals of AI and its various aspects, including machine learning, natural language processing, computer vision, robotics, and AI software.

Here are my picks for the top AI certifications for learners of all levels.

Best AI certifications: Comparison chart

The following chart summarizes the experience level, certifying institutions, duration, and cost of the eight leading AI certification courses to help you find the right one for your skills and interests, or keep reading for more detailed information about each of my picks.

Top 8 AI certifications for 2025

Artificial intelligence certification programs usually involve completing training courses, passing assessments or exams, and meeting specific criteria set by certifying bodies or organizations. The AI certifications recommended here include some mix of these tasks, but they take very different approaches. This includes the amount of time and expertise required to complete the AI certification. Study the requirements carefully to make sure the program is a fit for you.

AI For Everyone, by DeepLearning.AI

Best for understanding AI concepts | Beginner level

Who it’s for: Non-technical professionals or AI engineers looking for a beginner-friendly course for learning the business aspect of AI.

Offered by DeepLearning.AI, AI for Everyone is a non-technical course that will help you understand AI technologies and identify opportunities to apply them to your business or organization. Without requiring any prior technical knowledge, this course provides a comprehensive introduction to AI concepts, terminology, and applications. It aims to equip non-technical professionals with the necessary understanding and skills to navigate the AI landscape. Machine learning engineers and data scientists can also benefit from this course to understand what AI can and cannot do for your business or organization.

Why I recommend it

This course is an excellent choice for anyone seeking a foundational understanding of AI. Designed for learners with no prior background, it breaks down complex concepts into four digestible modules and focuses more on practical applications and real-world scenarios. Unlike AI programs geared towards programmers, this course focuses on the “why” and “what” of AI, helping learners build a strong foundation without getting overwhelmed with technical information.

Skills acquired

  • Common AI terminologies and concepts
  • Potential AI real-life applications 
  • How to work with an AI team and build an AI strategy
  • How to navigate the workflow of machine learning and data science projects
  • Ethical and societal discussions about AI

Key course details

Course requirements

  • No prerequisites
  • This course is suitable for both technical and non-technical individuals

Who It’s For

  • Non-technical professionals or AI engineers looking for a beginner-friendly course for learning the business aspect of AI

Course Requirements

  • No prerequisites
  • This course is suitable for both technical and non-technical individuals

Course fee, duration, and format

  • Free to audit or $49 per month for Coursera subscription
  • Six hours to complete
  • Self-paced online learning via Coursera

Course content and assessments

There are four modules:

  • What is AI?
  • Building AI Projects
  • Building AI in your Company
  • AI and Society

To pass the course, you must complete four assessments with one quiz at the end of each module.

Computer Science for AI, by Harvard University

Best for acquiring AI-related programming skills | Beginner level

HarvardX offers a self-paced but comprehensive professional certificate series that combines CS50’s legendary Introduction to Computer Science course with a program that delves into the concepts and algorithms of modern AI. Three experts from Harvard University facilitate this course: Doug Lloyd and Brian Yu are senior preceptors in computer science, and David J. Malan is Gordon McKay Professor of the Practice of Computer Science. Learners can apply their AI knowledge through hands-on projects and gain exposure to the theory behind graph search algorithms, classification, optimization, reinforcement learning, and other topics in artificial intelligence.

Harvard University - Computer Science for Artificial Intelligence course screenshot.

Why I recommend it

This professional certificate stands out for building a strong foundation in programming skills essential for AI. Unlike other courses that jump right into AI concepts, this program starts with CS50’s Introduction to Computer Science, ensuring that you have a solid foundation of core programming skills in Python. With this approach, you’re better equipped to understand advanced AI-specific programming languages and frameworks used in building intelligent systems.

Skills Acquired

  • Understanding of computer science and programming
  • Articulating principles of AI and ML
  • Designing intelligent systems
  • Using AI in Python programs
  • Learning theories behind graph search algorithms and reinforcement learning

Key course details

Who it’s for

  • Beginners new to the field of computer science who want to learn AI-related programming

Course requirements

  • No prerequisites
  • Basic understanding of computer programming concepts is a plus

Course fee, duration, and format

  • $466.20
  • Five months, up to 22 hours per week
  • Expert instruction and self-paced online learning via edX

Course content and assessments

This program includes two courses:

  • CS50’s Introduction to Computer Science 
  • CS50’s Introduction to Artificial Intelligence with Python

Introduction to TensorFlow for AI, ML, and Deep Learning

Best for learning fundamentals of TensorFlow | Intermediate level

Introduction to TensorFlow for Artificial Intelligence, Machine Learning, and Deep Learning is a certification course offered by Deeplearning.ai on Coursera. The course covers essential topics such as the fundamentals of machine learning, neural networks, deep learning, and TensorFlow. It includes hands-on practical exercises and assignments to help learners gain valuable experience in using TensorFlow to solve real-world problems. The certification course is ideal for individuals interested in AI, ML, and DL, including students, software engineers, data scientists, and anyone seeking to expand their knowledge and skills in TensorFlow.

DeepLearning.AI - Introduction to TensorFlow for Artificial Intelligence, Machine Learning and Deep Learning course screenshot.

Why I recommend it

This course caters to individuals who have a foundational knowledge of machine learning and deep learning concepts. It prioritizes practical applications, providing learners with hands-on experience in building and training neural networks directly within TensorFlow. By focusing on best practices and working with real-world applications, you’ll gain a strong understanding of how to effectively apply this open-source framework to your own AI projects. Additionally, this course is part of the DeepLearning.AI TensorFlow Developer Professional Certificate, which helps you prepare for the Google TensorFlow Certificate exam.

Skills acquired

  • Understanding TensorFlow, ML, and computer vision fundamentals
  • Learning the best practices for using TensorFlow
  • Training a neural network for a computer vision application
  • Building a basic neural network in TensorFlow
  • Using convolutions to improve a neural network

Key course details

Who it’s for

  • Software developers who want to learn the fundamentals and application of TensorFlow

Course requirements

  • The course requires experience in Python coding and high school-level math.
  • Prior machine learning or deep learning knowledge is helpful but not required.

Course fee, duration, and format

  • Free to audit or $49 per month for Coursera subscription
  • Approximately 22 hours
  • Self-paced online learning via Coursera

Course content and assessments

There are four modules in this course:

  • A New Programming Paradigm
  • Introduction to Computer Vision
  • Enhancing Vision with Convolutional Neural Networks
  • Using Real-World Images

To pass the course, you must complete four assessments and four programming assignments.

IBM AI Engineering Professional Certificate by IBM

Best for demonstrating proficiency in ML and DL | Intermediate level

Taught by seven experts, this intermediate-level certificate course offered by IBM takes approximately two months at 10 hours per week to complete. It consists of six courses, which will teach learners how to write Python code that implements various classification techniques, including K-nearest neighbors (KNN), decision trees, and regression trees; image processing and analysis techniques for computer vision problems; and how to build Deep Neural Networks using PyTorch. The last course includes an AI capstone project with deep learning. By completing this certificate, students will gain the knowledge and skills needed to start a career in AI engineering or further their existing AI careers.

IBM - IBM AI Engineering Professional Certificate course screenshot.

Why I recommend it

This professional certificate is an excellent choice for professionals who want to validate their comprehensive expertise in machine learning and deep learning. IBM’s program goes beyond basic theoretical knowledge but digs deeper into practical applications, offering learners the tools and skills that employers in the AI industry look for. Learning how to use popular ML and DL libraries like TensorFlow, Keras, PyTorch, and Scikit-learn through hands-on projects helps you become more capable of solving real-world problems using these techniques.

Additionally, you can earn college credit if you’re admitted to one of the online degree programs offered by Illinois Tech, the University of London, or Ball State University once you complete this professional certificate. You will also earn a professional certificate from Coursera and receive a digital badge from IBM recognizing your proficiency in AI engineering.

Skills acquired

  • Describe machine learning, deep learning, neural networks, and ML algorithms
  • Deploying ML algorithms and pipelines on Apache Spark
  • Implementing supervised and unsupervised ML models using SciPy and ScikitLearn 
  • Building DL models and neural networks using Keras, PyTorch, and TensorFlow

Key course details

Who it’s for

  • AI or ML engineers who want to master fundamental concepts of machine learning and deep learning

Course requirements

This certificate’s prerequisites include:

  • Working knowledge of Python and Data Analysis and Visualization techniques
  • High school mathematics
  • Fundamentals of Generative AI

Course fee, duration, and format

  • Free to audit or $49 per month for Coursera subscription
  • Four months (10 hours per week)
  • Self-paced online learning via Coursera

Course content and assessments

There are thirteen courses in this specialization:

  • Machine Learning with Python 
  • Introduction to Deep Learning and Neural Networks with Keras
  • Deep Learning with Keras and Tensorflow
  • Introduction to Neural Networks and PyTorch
  • Deep Neural Networks with PyTorch
  • AI Capstone Project with Deep Learning
  • Generative AI and LLMs: Architecture and Data Preparation
  • Gen AI Foundational Models for NLP & Language Understanding
  • Generative AI Language Modeling with Transformers
  • Generative AI Engineering and Fine-Tuning Transformers
  • Generative AI Advance Fine-Tuning for LLMs
  • Fundamentals of AI Agents Using RAG and LangChain
  • Project: Generative AI Applications with RAG and LangChain

Certified AI Professional (CAIP)

Best for enhancing business skills with AI | Intermediate level

Future Skills Academy’s Certified AI Professional (CAIP) program equips you with practical experience using AI for business innovation. Anyone who wants to deepen their understanding of AI will find this certification valuable, including business analysts, consultants, entrepreneurs, and marketing professionals. You’ll learn AI core concepts and advanced techniques to help enhance technical skills you can apply in the real world. Future Skill’s CAIP certification is accredited by the Continuing Professional Development (CPD) organization, demonstrating your dedication to pursuing professional development in AI.

Certified AI Professional (CAIP) course title screenshot.

Why I recommend it

Future Skill’s CAIP certification is an ideal program for learners who want to learn problem-solving strategies through real-world case studies and hands-on experience. Unlike instructor-led courses, this program is more flexible, making it ideal for those who prefer self-paced learning. This course will help you gain an in-depth understanding of AI core concepts, contemporary AI techniques, and AI applications for business innovation, entrepreneurship, and business strategy.

Skills acquired

  • Fundamentals, history, myths, and realities of AI
  • Machine learning, deep learning, and neural network basics
  • Natural language processing and computer vision
  • Practical uses of AI in different industries
  • AI for business innovation, entrepreneurship, and business strategy
  • Emerging AI trends
  • AI in everyday life and its societal implications

Key course details

Who it’s for

  • Marketing professionals, business analysts, consultants, entrepreneurs, and innovation managers who want to expand their AI skillset

Course requirements

Course fee, duration, and format

  • $299
  • Four weeks
  • Self-paced online learning via Future Skills

Course content and assessments

This certification program includes 80 lessons that cover the following areas:

  • Artificial Intelligence Fundamentals
  • Core concepts of AI
  • Advanced AI techniques
  • AI in practice
  • Business and entrepreneurial applications of AI
  • AI for everyday use and productivity 
  • The future of AI and AI career opportunities

Learners must pass the final exam to gain a shareable certificate equivalent to 10 hours of CPD credit.

CertNexus Certified Artificial Intelligence Practitioner Professional Certificate

Best for CertNexus CAIP certification exam preparation | Intermediate level

The CertNexus Certified Artificial Intelligence Practitioner (CAIP) Professional Certificate is designed for data scientists looking to enhance their skills and knowledge in the AI space. To earn CertNexus’s CAIP Professional Certificate, learners need to complete the CAIP specialization, which provides a comprehensive understanding of AI and ML concepts, workflows, algorithms, and technologies. The specialization covers data analysis, model training, regression, classification, clustering, advanced algorithms, and deep learning.

CertNexus - CertNexus Certified Artificial Intelligence Practiotioner Professional Certificate course screenshot.

Why I recommend it

This certification stands out for its comprehensive five-course series that helps you earn an industry-validated certification from a respected organization. CertNexus is a vendor-neutral certification body that meets one of the most rigorous development standards following a global framework, and its CAIP specialization validates an individual’s capability in a wide variety of AI job functions. Coursera’s CAIP certificate lets you apply AI and ML approaches to business problems, develop and test tools, and overall prepare for CertNexus’ certification using both theoretical and practical knowledge. You can also add the projects you complete at the end of each module to your work portfolio.

Skills acquired

  • Identifying business problems that AI and ML can solve
  • Understanding workflow tasks and ML automation
  • Using ML algorithms to solve supervised and unsupervised problems
  • Exploring advanced algorithms in AI and ML
  • Building multiple models to solve business problems

Key course details

Who it’s for

  • Data science professionals preparing for the CAIP certification examination

Course requirements

  • Understanding of fundamental AI concepts and experience working with databases and high-level programming languages such as Python, Java, or C/C++ recommended.

Course fee, duration, and format

  • $49 per month
  • Two months (10 hours per week)
  • Online via Coursera

Course content and assessments

This five-course series proves the following skills:

  • Solving business problems with AI and machine learning
  • Follow a Machine Learning Workflow
  • Building regression, classification, and clustering models
  • Building decision trees, SVMs, and artificial neural networks
  • Preparing for your CertNexus certification exam

Advanced AI Techniques for Product Marketing

Best for applying generative AI to product marketing | Intermediate level

Offered by the Pragmatic Institute, this course covers advanced techniques for using generative AI, automated workflows, and other technologies to boost marketing effectiveness. You’ll learn the latest tactics for accelerating and enhancing Product Marketing Management (PMM) deliverables. Marketing professionals can learn advanced AI techniques through hands-on learning and actionable insights, empowering you to use AI technology to gain a major competitive advantage in the B2B landscape. Throughout the workshop, you’ll learn about the pivotal role of prompting, various prompt structures, and how prompts contribute to structured campaign goal setting, detailed buyer journeys, and more.

Pragmatic Institute - Advanced AI Techniques for Producte Marketing course screenshot.

Why I recommend it

This course goes beyond the basics and focuses specifically on applying generative AI in the dynamic field of marketing. You’ll learn how to craft compelling product descriptions and marketing materials using AI tools, personalize user experiences, and generate creative and targeted content. Unlike general AI courses, this program equips you with skills that you can directly apply to your existing marketing campaigns and business strategies.

Skills acquired

  • Applying generative AI and prompt engineering best practices
  • Writing effective prompts for product marketing
  • Using AI to differentiate marketing and messaging strategies
  • Analyzing and identifying trends in complex marketing datasets
  • Crafting data-driven ideal customer profiles and buyer personas

Key course details

Who it’s for

  • Product marketers and marketing managers who want to use generative AI and prompt engineering for their business.

Course requirements

  • Participants are required to have access to GPT-4, through a ChatGPT Plus, Teams, or Enterprise. level access. All students will be provided access to a GPT-4 Team account during the workshop.

Course fee, duration, and format

  • $1,295
  • Seven and-a-half hours 
  • In-person or online

Course content and assessments

The workshop will cover three modules:

  • Introduction to Generative AI
  • Using AI in Product Marketing
  • AI Landscape for Product Marketing

ARTiBA AI Engineer (AiE) Certification

Best for validating AI engineering expertise | Advanced level

The Artificial Intelligence Engineer (AiE) certification process is offered by the Artificial Intelligence Board of America (ARTiBA), which is a professional membership body dedicated to promoting and advancing AI practices. To receive the AiE certification, individuals must undergo a structured evaluation process assessing their knowledge and skills in various AI-related domains. Gaining this certification helps you stand out in the competitive AI industry by establishing your advanced skillset in conceiving, building, training, and running ML models and in-depth knowledge in NLP, different types of learning, cognitive computing, and more.

ARTiBA - Artificial Intelligence Engineer (AiE) Certification course screenshot.

Why I recommend it

The AiE certification offered by ARTiBA is specifically designed to demonstrate your expertise in building and deploying AI systems. It also emphasizes the ARTiBA-developed AMDEX knowledge framework, which goes beyond platform-specific tools and focuses on in-depth practical skills. The programs also provide exclusive resources to applicants to help them in their exam preparation and in achieving an industry-recognized certification.

Skills acquired

  • Developing expertise in popular AI and ML technologies and problem-solving methodologies
  • Understanding advanced concepts and approaches to AI modeling and application development
  • Proving capability and expertise in preparing for AI and ML applications
  • Demonstrating proficiency and the ability to understand AI and ML applications in a business context

Key course details

Who it’s for

  • AI engineers who want to demonstrate comprehensive expertise in AI systems and applications

Course requirements

ARTiBA currently offers three registration tracks for AiE certification applicants:

  • AIE Track 1: Associate degree or diploma in Computer Science, IT, or related discipline plus two years’ work history in any of the computing sub-functions required
  • AIE Track 2: Bachelor’s degree in Computer Science, Data Science, or related discipline plus beginner level programming experience
  • AIE Track 3: Master’s degree in Computer Science, Data Science, or any related discipline plus proficiency in programming

Course fee, duration, and format

  • $550
  • The allotted time for the examination is one hour and 30 minutes. 
  • Candidates should also pass the AIE certification exam 180 days from the date of registration confirmation.
  • Online and digitally proctored

Course content and assessments

The AiE certification exam is based on the AMDEX™ knowledge framework covering 48 themes spread across four essential knowledge segments:

  • AI and ML
  • AI and ML Programming
  • NLP
  • Neural Networks and DL

How to prepare for an AI certification exam

Preparing for an AI certification exam requires a structured approach, hands-on practice, and time management. Here’s a guide to help you ace your AI certification exam.

  • Master core concepts: Start with AI fundamentals such as machine learning, deep learning, and AI ethics and governance to familiarize yourself with core AI concepts. If you’re taking business-focused certifications, study AI applications such as their different use cases and their relevance to your chosen field. When mastering core concepts, consider looking for free online resources and practicing with real-world scenarios to hone your practical knowledge.
  • Understand the exam objectives: When preparing for an AI certification exam, it’s crucial to thoroughly understand the official syllabus or exam requirements provided by the certifying body. This document outlines the topics and domains covered in the exam, including the weight assigned to each section.
  • Develop a study plan: Based on the exam syllabus and your assessment of your current knowledge, create a realistic study plan. Allot enough time for each topic to ensure that you have enough buffer for reviewing AI concepts and practicing your skills. You can cut down the exam syllabus into smaller chunks to schedule specific topics and easily track your progress.
  • Engage in active learning: Artificial intelligence is a practical field, so applying the concepts you learn through hands-on projects, coding exercises, or lab work applicable to your certification is a great way of understanding AI concepts in depth. You can join online communities or study groups so you can learn from other AI professionals’ perspectives.
  • Focus on practice exams: When preparing for an AI certification exam, simulate exam conditions as closely as possible. Replicating the actual exam environment can help you manage distractions on the exam day and adhere to the time limits.

AI certifications vs. AI courses: Which one is right for you?

Choosing between an AI certification and an AI course depends on your career goals and the specific skills you want to develop. Here’s a comparison to help you make the right decision:

Factos AI certifications AI courses
Purpose Validates AI expertise for career advancement Provides foundational AI knowledge
Structure Exam-focused with strict timelines Flexible pacing; Ideal for learning at your own pace
Career impact Employer-recognized credentials for a specific AI job title Skill-building for personal projects, entry-level roles, or certification exam preparation
Best for Professionals seeking industry validation or career advancement opportunities Beginners or individuals learning AI fundamentals without immediate certification goals

AI job titles and salary ranges

The field of AI has created diverse job roles, each demanding a unique skill set. As the industry continues to expand, with new AI companies forming every year, so does the complexity of AI job titles and their corresponding salary ranges.

Role Salary Range (Annual)
Machine Learning Engineer $92,000 – $284,000
AI Engineer $89,000 – $215,000
Data Scientist $91,000 – $229,000
Computer Vision Engineer $84,000 – $237,000
Natural Language Processing Engineer $114,000 – $344,000
Deep Learning Engineer $92,000 – $284,000
AI Research Scientist $124,000 – $265,000
Business Development Manager $94,000 – $193,000
AI Product Manager $111,000 – $276,000
AI Consultant $97,000 – $174,000

We sourced AI jobs and salary data from Glassdoor, a certified site for professionals to access salary insights and company reviews. See our annual AI jobs salary report for an in-depth review of AI job salaries by experience and industry.

Frequently Asked Questions (FAQs)

What are the key benefits of earning an AI certification?

AI certifications validate your expertise in a specific domain. This can enhance your credibility in the AI industry, increase your earning potential, and boost your job prospects. Obtaining comprehensive AI certifications indicates that you’re dedicated to lifelong learning and career growth, which employers respect. Certifications also provide structured learning, whether online or in person, helping you master key concepts and skills as you navigate through your chosen career path.

How Do You Prepare for an AI Certification?

Preparing for an AI certification requires a structured approach that combines theoretical knowledge and practical application. It’s important to build a solid math, statistics, and programming foundation and understand AI concepts like machine learning, deep learning, and NLP. After ensuring you have a foundational knowledge of essential AI concepts, choose the right certification that aligns with your career goals, current learning level, and resources. Aside from researching online, you should also explore specialized AI communities for insights and discussions.

You can also start building your portfolio before signing up for an AI certification to give you a guided list of personal projects you want to take during the course duration. Once you start your AI course or program, create a study plan and practice regularly to reinforce concepts and improve your problem-solving abilities. Use the resources in your course, such as reading materials, PowerPoint presentations, and mock exams, or tools like AI chatbots to help you summarize lessons, answer practice tests, and explain technical terms.

Which AI certification should I get first?

Choosing the right certification depends on your career goals and current skill level. For beginners, consider foundational certifications like those offered by Coursera or edX to gain a general overview of AI concepts. If you have some programming experience, certifications emphasizing Python and AI libraries can be a good starting point. Meanwhile, AI professionals with more comprehensive experience should look for specialized certifications in machine learning, deep learning, or data science. If you work in a particular industry, consider certifications that align with the field you’re working in, such as healthcare, finance, marketing, and more.

Can you get a job in AI with just certifications?

While certifications are valuable, they should be complemented by practical experience. A strong portfolio of AI projects can significantly enhance your job prospects and validate your expertise as an AI professional. While taking your certifications, document your hands-on experiences and special projects to add to your portfolio.

Aside from certifications and practical experience, it’s also important to expand your network and be updated with the latest trends in the AI field. Search for opportunities to join industry gatherings or AI conferences to meet other professionals, learn best practices, and find career opportunities. AI certifications can help you advance your career, but you can also use your knowledge and skills to make money with AI or optimize your operations if you’re an entrepreneur. It’s important to assess which certifications can offer you the best skillset for your industry.

Bottom Line: Choosing the Right AI Certification

Choosing the right AI certification depends on your career goals and unique factors, such as skill level, industry focus, and available resources. Carefully consider your objectives to find a certification that aligns with your career aspiration and assess how much you can invest in terms of time, money, and other resources. You should also prioritize certifications that validate your practical skills, are widely recognized by employers, and offer a strong return on investment on your career advancement and earning potential. After finding the right AI certification, complement it with practical skills, knowledge of the latest AI trends, and a strong network of AI professionals.

If you’re specifically looking for programs focused on machine learning, read our list of the best machine learning certificates.



Source link

Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Books, Courses & Certifications

XPROMOS Launches Theia Institute™-Endorsed AI Fluency Program Offering Practitioner Certification Across Business Roles. Certified AI Training With Nod From Emerging Tech Think Tank Signals AI Fluency

Published

12 hours ago

on

August 29, 2025

By


“The XPROMOS AI training program delivers productivity gains beyond traditional business functions like IT, BI, and analytics. It democratizes AI productivity while increasing business ROI so that everyone wins,” said Executive Director, Todd A. Jacobs.

XPROMOS launches the first Theia Institute-endorsed certified AI training program designed to build AI fluency across non-technical teams in marketing, sales, HR, and finance. This premier global endorsement supports XPROMOS’ certified AI training that turns curiosity into capability by guiding participants to create scalable AI pilots that drive measurable value. The program aligns with the Washington DC-based nonprofit think tank’s mission of responsible, ethical, and practical AI adoption.

LOS ANGELES, CA – XPROMOS, a longtime leader in revenue‑driving strategy for enterprise brands, announces a premier global endorsement by Washington DC’s Theia Institute, a non-profit emerging technologies think tank shaping the standards of responsible AI use in business and policy. XPROMOS now offers an official Theia Institute certification for AI Fluency to qualified AI Training participants in their respective domains, including marketing, sales, operations, HR, finance, and more.

“This program turns dabblers into AI Fluents: people who use AI with clarity, not just curiosity,” said co-founder Yvette Brown.

“We built it to teach AI fluency and drive business value across functions, grounded in real understanding of governance, bias, and responsible use. Theia’s endorsement validates what we’ve always believed: AI literacy isn’t enough. If teams are going to extract real value responsibly, they need fluency, so they can think with the tech, not just use it.” Yvette Brown added, “When humans don’t understand AI’s capabilities and its limitations, they create unnecessary risk. This program changes that,” concluded Yvette Brown.

XPROMOS’ training is one of the first programs of its kind to be endorsed by Theia Institute, making it a trusted on‑ramp to strategic, ethical AI integration for non‑technical professionals. Participants who complete the program are awarded a credential that aligns directly with their business function, offering credibility, clarity, and a new kind of career capital.

“We’re proud to provide our most exclusive endorsement seal to XPROMOS’ AI training materials and educational methodology as it aligns with our think tank’s focus at the intersection of people and technology of preparing people for today’s evolving workplace.” stated Executive Director, Todd A. Jacobs.

“AI Fluency credentials ensure that people in marketing, sales, and HR also benefit from the growing workplace adoption of AI tools. The XPROMOS AI training program delivers productivity gains beyond traditional business functions like IT, BI, and analytics. It democratizes AI productivity while increasing business ROI so that everyone wins.”

— Todd A. Jacobs, Executive Director

  Theia Institute™ Non-Profit Think Tank

The program was built for professionals navigating the AI shift without hype; early adopters in business units who need capability, not just content. With Theia’s endorsement, XPROMOS positions its AI training not just as a course, but as a new standard for responsible intelligence.

About XPROMOS

XPROMOS is an AI Fluency accelerator built by enterprise marketing veterans. With decades of experience driving results at scale, the company now helps professionals across industries gain the skills and strategic perspective needed to lead with AI. Through its Theia Institute-endorsed training, XPROMOS empowers creators and business leaders to earn real certification as Generative AI Practitioners, making them relevant, resilient, and ready for what’s next.

About Theia Institute

Theia Institute is a nonprofit AI governance, ethics, and cybersecurity think tank based in Washington, D.C., dedicated to advancing policy and decision-making through rigorous research and comprehensive analysis. Its commitment to an ethical, balanced, and unbiased approach sets it apart in the realm of business privacy, AI governance, and public policy.

Media Contact
Company Name: XPROMOS
Contact Person: Yvette Brown, XPROMOS Co-Founder
Email: Send Email
Phone: 7143370371
City: Laguna Hills
State: California
Country: United States
Website: https://xpromos.com



Source link

Continue Reading

Books, Courses & Certifications

Detect Amazon Bedrock misconfigurations with Datadog Cloud Security

Published

17 hours ago

on

August 29, 2025

By


This post was co-written with Nick Frichette and Vijay George from Datadog. 

As organizations increasingly adopt Amazon Bedrock for generative AI applications, protecting against misconfigurations that could lead to data leaks or unauthorized model access becomes critical. The AWS Generative AI Adoption Index, which surveyed 3,739 senior IT decision-makers across nine countries, revealed that 45% of organizations selected generative AI tools as their top budget priority in 2025. As more AWS and Datadog customers accelerate their adoption of AI, building AI security into existing processes will become essential, especially as more stringent regulations emerge. But looking at AI risks in a silo isn’t enough; AI risks must be contextualized alongside other risks such as identity exposures and misconfigurations. The combination of Amazon Bedrock and Datadog’s comprehensive security monitoring helps organizations innovate faster while maintaining robust security controls.

Amazon Bedrock delivers enterprise-grade security by incorporating built-in protections across data privacy, access controls, network security, compliance, and responsible AI safeguards. Customer data is encrypted both in transit using TLS 1.2 or above and at rest with AWS Key Management Service (AWS KMS), and organizations have full control over encryption keys. Data privacy is central: your input, prompts, and outputs are not shared with model providers nor used to train or improve foundation models (FMs). Fine-tuning and customizations occur on private copies of models, providing data confidentiality. Access is tightly governed through AWS Identity and Access Management (IAM) and resource-based policies, supporting granular authorization for users and roles. Amazon Bedrock integrates with AWS PrivateLink and supports virtual private cloud (VPC) endpoints for private, internal communication, so traffic doesn’t leave the Amazon network. The service complies with key industry standards such as ISO, SOC, CSA STAR, HIPAA eligibility, GDPR, and FedRAMP High, making it suitable for regulated industries. Additionally, Amazon Bedrock includes configurable guardrails to filter sensitive or harmful content and promote responsible AI use. Security is structured under the AWS Shared Responsibility Model, where AWS manages infrastructure security and customers are responsible for secure configurations and access controls within their Amazon Bedrock environment.

Building on these robust AWS security features, Datadog and AWS have partnered to provide a holistic view of AI infrastructure risks, vulnerabilities, sensitive data exposure, and other misconfigurations. Datadog Cloud Security employs both agentless and agent-based scanning to help organizations identify, prioritize, and remediate risks across cloud resources. This integration helps AWS users prioritize risks based on business criticality, with security findings enriched by observability data, thereby enhancing their overall security posture in AI implementations.

We’re excited to announce new security capabilities in Datadog Cloud Security that can help you detect and remediate Amazon Bedrock misconfigurations before they become security incidents. This integration helps organizations embed robust security controls and secure their use of the powerful capabilities of Amazon Bedrock by offering three critical advantages: holistic AI security by integrating AI security into your broader cloud security strategy, real-time risk detection through identifying potential AI-related security issues as they emerge, and simplified compliance to help meet evolving AI regulations with pre-built detections.

AWS and Datadog: Empowering customers to adopt AI securely

The partnership between AWS and Datadog is focused on helping customers operate their cloud infrastructure securely and efficiently. As organizations rapidly adopt AI technologies, extending this partnership to include Amazon Bedrock is a natural evolution. Amazon Bedrock is a fully managed service that makes high-performing FMs from leading AI companies and Amazon available through a unified API, making it an ideal starting point for Datadog’s AI security capabilities.

The decision to prioritize Amazon Bedrock integration is driven by several factors, including strong customer demand, comprehensive security needs, and the existing integration foundation. With over 900 integrations and a partner-built Marketplace, Datadog’s long-standing partnership with AWS and deep integration capabilities have helped Datadog quickly develop comprehensive security monitoring for Amazon Bedrock while using their existing cloud security expertise.

Throughout Q4 2024, Datadog Security Research observed increasing threat actor interest in cloud AI environments, making this integration particularly timely. By combining the powerful AI capabilities of AWS with Datadog’s security expertise, you can safely accelerate your AI adoption while maintaining robust security controls.

How Datadog Cloud Security helps secure Amazon Bedrock resources

After adding the AWS integration to your Datadog account and enabling Datadog Cloud Security, Datadog Cloud Security continuously monitors your AWS environment, identifying misconfigurations, identity risks, vulnerabilities, and compliance violations. These detections use the Datadog Severity Scoring system to prioritize them based on infrastructure context. The scoring considers a variety of variables, including if the resource is in production, is publicly accessible, or has access to sensitive data. This multi-layer analysis can help you reduce noise and focus your attention to the most critical misconfigurations by considering runtime behavior.

Partnering with AWS, Datadog is excited to offer detections for Datadog Cloud Security customers, such as:

  • Amazon Bedrock custom models should not output model data to publicly accessible S3 buckets
  • Amazon Bedrock custom models should not train from publicly writable S3 buckets
  • Amazon Bedrock guardrails should have a prompt attack filter enabled and block prompt attacks at high sensitivity
  • Amazon Bedrock agent guardrails should have the sensitive information filter enabled and block highly sensitive PII entities

Detect AI misconfigurations with Datadog Cloud Security

To understand how these detections can help secure your Amazon Bedrock infrastructure, let’s look at a specific use case, in which Amazon Bedrock custom models should not train from publicly writable Amazon Simple Storage Service (Amazon S3) buckets.

With Amazon Bedrock, you can customize AI models by fine-tuning on domain specific data. To do this, that data is stored in an S3 bucket. Threat actors are constantly evaluating the configuration of S3 buckets, looking for the potential to access sensitive data or even the ability to write to S3 buckets.

If a threat actor finds an S3 bucket that was misconfigured to permit public write access, and that same bucket contained data that was used to train an AI model, a bad actor could poison that dataset and introduce malicious behavior or output to the model. This is known as a data poisoning attack.

Normally, detecting these types of misconfigurations requires multiple steps: one to identify the S3 bucket misconfigured with write access, and one to identify that the bucket is being used by Amazon Bedrock. With Datadog Cloud Security, this detection is one of hundreds that are activated out of the box.

In the Datadog Cloud Security system, you can view this issue alongside surrounding infrastructure using Cloud Map. This provides live diagrams of your cloud architecture, as shown in the following screenshot. AI risks are then contextualized alongside sensitive data exposure, identity risks, vulnerabilities, and other misconfigurations to give you a 360-view of risks.

Datadog Cloudcraft View for Cloud Security

For example, you might see that your application is using Anthropic’s Claude 3.7 on Amazon Bedrock and accessing training or prompt data stored in an S3 bucket that also has public write access. This could inadvertently impact model integrity by introducing unapproved data to the large language model (LLM), so you will want to update this configuration. Though basic, the first step for most security initiatives is identifying the issue. With agentless scanning, Datadog scans your AWS environment at intervals between 15 minutes and 2 hours, so users can identify misconfigurations as they are introduced to their environment. The next step is to remediate this risk. Datadog Cloud Security offers automatically generated remediation guidance, specifically for each risk (see the following screenshot). You will get a step-by-step explanation of how to fix each finding. In this situation, we can remediate this issue by modifying the S3 bucket’s policy, helping prevent public write access. You can do this directly in AWS, create a JIRA ticket, or use the built-in workflow automation tools. From here, you can apply remediation steps directly within Datadog and confirm that the misconfiguration has been resolved.

Datadog Cloud Security Bedrock Misconfiguration View

Resolving this issue will positively impact your compliance posture, as illustrated by the posture score in Datadog Cloud Security, helping teams meet internal benchmarks and regulatory standards. Teams can also create custom frameworks or iterate on existing ones for tailored compliance controls.

Datadog Cloud Security Compliance Frameworks

As generative AI is embraced across industries, the regulatory environment will evolve. Datadog will continue partnering with AWS to expand their detection library and support secure AI adoption and compliance.

How Datadog Cloud Security detects misconfigurations in your cloud environment

You can deploy Datadog Cloud Security either with the Datadog agent, agentlessly, or both to maximize security coverage in your cloud environment. Datadog customers can start monitoring their AWS accounts for misconfigurations by first adding the AWS integration to Datadog. This enables Datadog to crawl cloud resources in customer AWS accounts.

As the Datadog system finds resources, it runs through a catalog of hundreds of out-of-the-box detection rules against these resources, looking for misconfigurations and threat paths that adversaries can exploit.

Secure your AI infrastructure with Datadog

Misconfigurations in AI systems can be risky, but with the right tools, you can have the visibility and context needed to manage them. With Datadog Cloud Security, teams gain visibility into these risks, detect threats early, and remediate issues with confidence. In addition, Datadog has also released numerous agentic AI security features, designed to help teams gain visibility into the health and security of critical AI workload, which includes new announcements made to Datadog’s LLM observability features.

Lastly, Datadog announced Bits AI Security Analyst alongside other Bits AI agents at DASH. Included as part of Cloud SIEM, Bits is an agentic AI security analyst that automates triage for AWS CloudTrail signals. Bits investigates each alert like a seasoned analyst: pulling in relevant context from across your Datadog environment, annotating key findings, and offering a clear recommendation on whether the signal is likely benign or malicious. By accelerating triage and surfacing real threats faster, Bits helps reduce mean time to remediation (MTTR) and frees analysts to focus on important threat hunting and response initiatives. This helps across different threats, including AI-related threats.

To learn more about how Datadog helps secure your AI infrastructure, see Monitor Amazon Bedrock with Datadog or check out our security documentation. If you’re not already using Datadog, you can get started with Datadog Cloud Security with a 14-day free trial.

About the Authors

Nina Chen is a Customer Solutions Manager at AWS specializing in leading software companies to use the power of the AWS Cloud to accelerate their product innovation and growth. With over 4 years of experience working in the strategic independent software vendor (ISV) vertical, Nina enjoys guiding ISV partners through their cloud transformation journeys, helping them optimize their cloud infrastructure, driving product innovation, and delivering exceptional customer experiences.

Sujatha Kuppuraju is a Principal Solutions Architect at AWS, specializing in cloud and generative AI security. She collaborates with software companies’ leadership teams to architect secure, scalable solutions on AWS and guide strategic product development. Using her expertise in cloud architecture and emerging technologies, Sujatha helps organizations optimize offerings, maintain robust security, and bring innovative products to market in an evolving tech landscape.

Nick Frichette is a Staff Security Researcher for Cloud Security Research at Datadog.

Vijay George is a Product Manager for AI Security at Datadog.



Source link

Continue Reading

Books, Courses & Certifications

Set up custom domain names for Amazon Bedrock AgentCore Runtime agents

Published

17 hours ago

on

August 29, 2025

By


When deploying AI agents to Amazon Bedrock AgentCore Runtime (currently in preview), customers often want to use custom domain names to create a professional and seamless experience.

By default, AgentCore Runtime agents use endpoints like https://bedrock-agentcore.{region}.amazonaws.com/runtimes/{EncodedAgentARN}/invocations.

In this post, we discuss how to transform these endpoints into user-friendly custom domains (like https://agent.yourcompany.com) using Amazon CloudFront as a reverse proxy. The solution combines CloudFront, Amazon Route 53, and AWS Certificate Manager (ACM) to create a secure, scalable custom domain setup that works seamlessly with your existing agents.

Benefits of Amazon Bedrock AgentCore Runtime

If you’re building AI agents, you have probably wrestled with hosting challenges: managing infrastructure, handling authentication, scaling, and maintaining security. Amazon Bedrock AgentCore Runtime helps address these problems.

Amazon Bedrock AgentCore Runtime is framework agnostic; you can use it with LangGraph, CrewAI, Strands Agents, or custom agents you have built from scratch. It supports extended execution times up to 8 hours, perfect for complex reasoning tasks that traditional serverless functions can’t handle. Each user session runs in its own isolated microVM, providing security that’s crucial for enterprise applications.

The consumption-based pricing model means you only pay for what you use, not what you provision. And unlike other hosting solutions, Amazon Bedrock AgentCore Runtime includes built-in authentication and specialized observability for AI agents out of the box.

Benefits of custom domains

When using Amazon Bedrock AgentCore Runtime with Open Authorization (OAuth) authentication, your applications make direct HTTPS requests to the service endpoint. Although this works, custom domains offer several benefits:

  • Custom branding – Client-side applications (web browsers, mobile apps) display your branded domain instead of AWS infrastructure details in network requests
  • Better developer experience – Development teams can use memorable, branded endpoints instead of copying and pasting long AWS endpoints across code bases and configurations
  • Simplified maintenance – Custom domains make it straightforward to manage endpoints when deploying multiple agents or updating configurations across environments

Solution overview

In this solution, we use CloudFront as a reverse proxy to transform requests from your custom domain into Amazon Bedrock AgentCore Runtime API calls. Instead of using the default endpoint, your applications can make requests to a user-friendly URL like https://agent.yourcompany.com/.

The following diagram illustrates the solution architecture.

The workflow consists of the following steps:

  1. A client application authenticates with Amazon Cognito and receives a bearer token.
  2. The client makes an HTTPS request to your custom domain.
  3. Route 53 resolves the DNS request to CloudFront.
  4. CloudFront forwards the authenticated request to the Amazon Bedrock Runtime agent.
  5. The agent processes the request and returns the response through the same path.

You can use the same CloudFront distribution to serve both your frontend application and backend agent endpoints, avoiding cross-origin resource sharing (CORS) issues because everything originates from the same domain.

Prerequisites

To follow this walkthrough, you must have the following in place:

Although Amazon Bedrock AgentCore Runtime can be in other supported AWS Regions, CloudFront requires SSL certificates to be in the us-east-1 Region.

You can choose from the following domain options:

  • Use an existing domain – Add a subdomain like agent.yourcompany.com
  • Register a new domain – Use Route 53 to register a domain if you don’t have one
  • Use the default URL from CloudFront – No domain registration or configuration required

Choose the third option if you want to test the solution quickly before setting up a custom domain.

Create an agent with inbound authentication

If you already have an agent deployed with OAuth authentication, you can skip to the next section to set up the custom domain. Otherwise, follow these steps to create a new agent using Amazon Cognito as your OAuth provider:

  1. Create a new directory for your agent with the following structure:
your_project_directory/
├── agent_example.py # Your main agent code
├── requirements.txt # Dependencies for your agent
└── __init__.py # Makes the directory a Python package

  1. Create the main agent code in agent_example.py:
# agent_example.py
from strands import Agent
from bedrock_agentcore.runtime import BedrockAgentCoreApp

agent = Agent()
app = BedrockAgentCoreApp()
@app.entrypoint
def invoke(payload):
    """Process user input and return a response"""
    user_message = payload.get("prompt", "Hello")
    response = agent(user_message)
    return str(response) # response should be json serializable
if __name__ == "__main__":
    app.run()

  1. Add dependencies to requirements.txt:
# requirements.txt
strands-agents
bedrock-agentcore

  1. Run the following commands to create an Amazon Cognito user pool and test user:
# Create User Pool and capture Pool ID
export POOL_ID=$(aws cognito-idp create-user-pool \
  --pool-name "MyUserPool" \
  --policies '{"PasswordPolicy":{"MinimumLength":8}}' \
  --region us-east-1 | jq -r '.UserPool.Id')

# Create App Client and capture Client ID
export CLIENT_ID=$(aws cognito-idp create-user-pool-client \
  --user-pool-id $POOL_ID \
  --client-name "MyClient" \
  --no-generate-secret \
  --explicit-auth-flows "ALLOW_USER_PASSWORD_AUTH" "ALLOW_REFRESH_TOKEN_AUTH" \
  --region us-east-1 | jq -r '.UserPoolClient.ClientId')

# Create and configure a test user
aws cognito-idp admin-create-user \
  --user-pool-id $POOL_ID \
  --username "testuser" \
  --temporary-password "Temp1234" \
  --region us-east-1 \
  --message-action SUPPRESS

aws cognito-idp admin-set-user-password \
  --user-pool-id $POOL_ID \
  --username "testuser" \
  --password "MyPassword123" \
  --region us-east-1 \
  --permanent

echo "Pool ID: $POOL_ID"
echo "Discovery URL: https://cognito-idp.us-east-1.amazonaws.com/$POOL_ID/.well-known/openid-configuration"
echo "Client ID: $CLIENT_ID"

  1. Deploy the agent using the Amazon Bedrock AgentCore command line interface (CLI) provided by the starter toolkit:
pip install bedrock-agentcore-starter-toolkit #install the starter toolkit

agentcore configure --entrypoint agent_example.py \
--name my_agent \
--execution-role your-execution-role-arn \
--requirements-file requirements.txt \
--authorizer-config "{\"customJWTAuthorizer\":{\"discoveryUrl\":\"https://cognito-idp.us-east-1.amazonaws.com/$POOL_ID/.well-known/openid-configuration\",\"allowedClients\":[\"$CLIENT_ID\"]}}"

agentcore launch

Make note of your agent runtime Amazon Resource Name (ARN) after deployment. You will need this for the custom domain configuration.

For additional examples and details, see Authenticate and authorize with Inbound Auth and Outbound Auth.

Set up the custom domain solution

Now let’s implement the custom domain solution using the AWS CDK. This section shows you how to create the CloudFront distribution that proxies your custom domain requests to Amazon Bedrock AgentCore Runtime endpoints.

  1. Create a new directory and initialize an AWS CDK project:
mkdir agentcore-custom-domain
cd agentcore-custom-domain
cdk init app --language python
source .venv/bin/activate
pip install aws-cdk-lib constructs

  1. Encode the agent ARN and prepare the CloudFront origin configuration:
# agentcore_custom_domain_stack.py 
import urllib.parse

agent_runtime_arn = "arn:aws:bedrock-agentcore:us-east-1:accountId:runtime/my_agent-xbcDkz4FR9"
encoded_arn = urllib.parse.quote(agent_runtime_arn, safe="") # URL-encode the ARN
region = agent_runtime_arn.split(':')[3]  # Extract region from ARN

If your frontend application runs on a different domain than your agent endpoint, you must configure CORS headers. This is common if your frontend is hosted on a different domain (for example, https://app.yourcompany.com calling https://agent.yourcompany.com), or if you’re developing locally (for example, http://localhost:3000 calling your production agent endpoint).

  1. To handle CORS requirements, create a CloudFront response headers policy:
# agentcore_custom_domain_stack.py 
from aws_cdk.aws_cloudfront import ResponseHeadersPolicy, ResponseHeadersCorsBehavior

# Create CORS response headers policy
cors_policy = ResponseHeadersPolicy(self, 'CorsPolicy',
    cors_behavior=ResponseHeadersCorsBehavior(
        access_control_allow_origins=['*'], # Or specify your frontend domains
        access_control_allow_headers=[
            'Authorization',
            'Content-Type', 
            'X-Amzn-*',
            'X-Requested-With'
        ],
        access_control_allow_methods=['GET', 'POST', 'OPTIONS'],
        access_control_allow_credentials=False,
        access_control_expose_headers=['*'],
        origin_override=True # Overrides CORS headers from origin
    )
)

  1. Create a CloudFront distribution to act as a reverse proxy for your agent endpoints:
# agentcore_custom_domain_stack.py
 from aws_cdk.aws_cloudfront import (
    Distribution, BehaviorOptions, CachePolicy, 
    AllowedMethods, ViewerProtocolPolicy,
    OriginProtocolPolicy, OriginRequestPolicy
)
from aws_cdk.aws_cloudfront_origins import HttpOrigin

bedrock_agentcore_hostname = f"bedrock-agentcore.{region}.amazonaws.com"
origin_path = f"/runtimes/{encoded_arn}/invocations"

distribution = Distribution(self, 'Distribution',
    default_behavior=BehaviorOptions(
        origin=HttpOrigin(
            bedrock_agentcore_hostname,
            origin_path=origin_path, 
            protocol_policy=OriginProtocolPolicy.HTTPS_ONLY,
            read_timeout=Duration.seconds(120) # Optional: for responses >30s, adjust as needed
        ),
        viewer_protocol_policy=ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
        cache_policy=CachePolicy.CACHING_DISABLED,  # Critical for dynamic APIs
        allowed_methods=AllowedMethods.ALLOW_ALL,
        response_headers_policy=cors_policy,  # Add CORS policy if created
        origin_request_policy=OriginRequestPolicy.ALL_VIEWER,  # Forward headers for MCP
    ),
    # Add domain configuration if using custom domains
    domain_names=[domain_name] if domain_name else None,
    certificate=certificate if domain_name else None,
)

Set cache_policy=CachePolicy.CACHING_DISABLED to make sure your agent responses remain dynamic and aren’t cached by CloudFront.

  1. If you’re using a custom domain, add an SSL certificate and DNS configuration to your stack:
# agentcore_custom_domain_stack.py 
from aws_cdk.aws_certificatemanager import Certificate, CertificateValidation
from aws_cdk.aws_route53 import HostedZone, ARecord, RecordTarget
from aws_cdk.aws_route53_targets import CloudFrontTarget

# For existing domains
hosted_zone = HostedZone.from_lookup(self, 'HostedZone',
    domain_name="yourcompany.com"
)
# SSL certificate with automatic DNS validation
certificate = Certificate(self, 'Certificate',
    domain_name="my-agent.yourcompany.com",
    validation=CertificateValidation.from_dns(hosted_zone),
)
# DNS record pointing to CloudFront
ARecord(self, 'AliasRecord',
    zone=hosted_zone,
    record_name="my-agent.yourcompany.com",
    target=RecordTarget.from_alias(CloudFrontTarget(distribution)),
)

The following code is the complete AWS CDK stack that combines all the components:

# agentcore_custom_domain_stack.py
import urllib.parse
from aws_cdk import Stack, CfnOutput, Duration
from aws_cdk.aws_cloudfront import (
    Distribution, BehaviorOptions,
    CachePolicy, AllowedMethods,
    ViewerProtocolPolicy, OriginProtocolPolicy,
    ResponseHeadersPolicy, ResponseHeadersCorsBehavior,
    OriginRequestPolicy
)
from aws_cdk.aws_cloudfront_origins import HttpOrigin
from aws_cdk.aws_certificatemanager import Certificate, CertificateValidation
from aws_cdk.aws_route53 import HostedZone, ARecord, RecordTarget
from aws_cdk.aws_route53_targets import CloudFrontTarget
from constructs import Construct

class AgentcoreCustomDomainStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Configuration - Update these for your setup
        agent_runtime_arn = "arn:aws:bedrock-agentcore:us-east-1:accountId:runtime/my_agent-xbcDkz4FR9"
        region = agent_runtime_arn.split(':')[3]  # Extract region from ARN
        domain_name = "agent.yourcompany.com"  # Using your hosted zone
        hosted_zone_id = "Z1234567890ABC"  # Your hosted zone ID
        enable_cors = True  # Set to False if serving frontend and backend from same domain

        # Encode the agent ARN for the origin path
        encoded_arn = urllib.parse.quote(agent_runtime_arn, safe="")
        bedrock_agentcore_hostname = f"bedrock-agentcore.{region}.amazonaws.com"
        origin_path = f"/runtimes/{encoded_arn}/invocations"

        # Create CORS response headers policy if needed
        cors_policy = None
        if enable_cors:
            cors_policy = ResponseHeadersPolicy(self, 'CorsPolicy',
                cors_behavior=ResponseHeadersCorsBehavior(
                    access_control_allow_origins=['*'],  # Or specify your frontend domains
                    access_control_allow_headers=[
                        'Authorization',
                        'Content-Type', 
                        'X-Amzn-*',
                        'X-Requested-With'
                    ],
                    access_control_allow_methods=['GET', 'POST', 'OPTIONS'],
                    access_control_expose_headers=['*'],
                    access_control_allow_credentials=False,
                    origin_override=True  # Overrides CORS headers from origin
                )
            )

        # Base distribution configuration
        distribution_props = {
            "default_behavior": BehaviorOptions(
                origin=HttpOrigin(
                    bedrock_agentcore_hostname,
                    origin_path=origin_path,  # Direct path to agent endpoint
                    protocol_policy=OriginProtocolPolicy.HTTPS_ONLY,
                    read_timeout=Duration.seconds(120) # Optional: for responses >30s, adjust as needed
                ),
                viewer_protocol_policy=ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
                cache_policy=CachePolicy.CACHING_DISABLED,
                allowed_methods=AllowedMethods.ALLOW_ALL,
                response_headers_policy=cors_policy,  # Add CORS policy if enabled
                origin_request_policy=OriginRequestPolicy.ALL_VIEWER,  # Forward headers for MCP
            )
        }

        # Optional: Add custom domain
        if domain_name:
            # Use from_hosted_zone_attributes for specific zone
            hosted_zone = HostedZone.from_hosted_zone_attributes(self, 'HostedZone',
                                                                 zone_name="yourcompany.com",  # Your root domain
                                                                 hosted_zone_id=hosted_zone_id
                                                                 )

            certificate = Certificate(self, 'Certificate',
                                      domain_name=domain_name,
                                      validation=CertificateValidation.from_dns(
                                          hosted_zone),
                                      )

            # Add custom domain to distribution
            distribution_props["domain_names"] = [domain_name]
            distribution_props["certificate"] = certificate

        distribution = Distribution(self, 'Distribution', **distribution_props)

        # Create DNS record if using custom domain
        if domain_name:
            ARecord(self, 'AliasRecord',
                    zone=hosted_zone,
                    record_name=domain_name,
                    target=RecordTarget.from_alias(
                        CloudFrontTarget(distribution)),
                    )

        # Outputs
        if domain_name:
            domain_url = f"https://{domain_name}/"
            CfnOutput(self, "AgentEndpoint",
                      value=domain_url,
                      description="Your custom domain endpoint"
                      )

        CfnOutput(self, "CloudFrontDistribution",
                  value=f"https://{distribution.distribution_domain_name}/",
                  description="CloudFront default domain (works without custom domain)"
                  )

  1. Configure the AWS CDK app entry point:
# app.py
#!/usr/bin/env python3
import aws_cdk as cdk
from agentcore_custom_domain.agentcore_custom_domain_stack import AgentCoreCustomDomainStack

app = cdk.App()
AgentcoreCustomDomainStack(app, "AgentCoreCustomDomainStack",
    # CloudFront requires certificates in us-east-1
    env=cdk.Environment(region='us-east-1'),
)
app.synth()

Deploy your custom domain

Now you can deploy the solution and verify it works with both custom and default domains. Complete the following steps:

  1. Update the following values in agentcore_custom_domain_stack.py:
    • Your Amazon Bedrock AgentCore Runtime ARN
    • Your domain name (if using a custom domain)
    • Your hosted zone ID (if using a custom domain)
  2. Deploy using the AWS CDK:

Test your endpoint

After you deploy the custom domain, you can test your endpoints using either the custom domain or the CloudFront default domain.First, get a JWT token from Amazon Cognito:

export TOKEN=$(aws cognito-idp initiate-auth \
  --client-id "your-client-id" \
  --auth-flow USER_PASSWORD_AUTH \
  --auth-parameters USERNAME='testuser',PASSWORD='MyPassword123' \
  --region us-east-1 | jq -r '.AuthenticationResult.AccessToken')

Use the following code to test with your custom domain:

curl -X POST "https://my-agent.yourcompany.com/" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-Amzn-Bedrock-AgentCore-Runtime-Session-Id: session-12345678901234567890123456789012345" \
  -d '{"prompt": "Hello, how can you help me today?"}'

Alternatively, use the following code to test with the CloudFront default domain:

curl -X POST "https://d1234567890123.cloudfront.net/" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-Amzn-Bedrock-AgentCore-Runtime-Session-Id: session-12345678901234567890123456789012345" \
  -d '{"prompt": "Hello, how can you help me today?"}'

If everything works correctly, you will receive a response from your agent through either endpoint. You’ve successfully created a custom domain for your Amazon Bedrock AgentCore Runtime agent!

Considerations

As you implement this solution in production, the following are some important considerations:

  • Cost implications – CloudFront adds costs for data transfer and requests. Review Amazon CloudFront pricing to understand the impact for your usage patterns.
  • Security enhancements – Consider implementing the following security measures:
    • AWS WAF rules to help protect against common web exploits.
    • Rate limiting to help prevent abuse.
    • Geo-restrictions if your agent should only be accessible from specific Regions.
  • Monitoring – Enable CloudFront access logs and set up Amazon CloudWatch alarms to monitor error rates, latency, and request volume.

Clean up

To avoid ongoing costs, delete the resources when you no longer need them:

You might need to manually delete the Route 53 hosted zones and ACM certificates from their respective service consoles.

Conclusion

In this post, we showed you how to create custom domain names for your Amazon Bedrock AgentCore Runtime agent endpoints using CloudFront as a reverse proxy. This solution provides several key benefits: simplified integration for development teams, custom domains that align with your organization, cleaner infrastructure abstraction, and straightforward maintenance when endpoints need updates. By using CloudFront as a reverse proxy, you can also serve both your frontend application and backend agent endpoints from the same domain, avoiding common CORS challenges.

We encourage you to explore this solution further by adapting it to your specific needs. You might want to enhance it with additional security features, set up monitoring, or integrate it with your existing infrastructure.

To learn more about building and deploying AI agents, see the Amazon Bedrock AgentCore Developer Guide. For advanced configurations and best practices with CloudFront, refer to the Amazon CloudFront documentation. You can find detailed information about SSL certificates in the AWS Certificate Manager documentation, and domain management in the Amazon Route 53 documentation.

Amazon Bedrock AgentCore is currently in preview and subject to change. Standard AWS pricing applies to additional services used, such as CloudFront, Route 53, and Certificate Manager.

About the authors

Rahmat Fedayizada is a Senior Solutions Architect with the AWS Energy and Utilities team. He works with energy companies to design and implement scalable, secure, and highly available architectures. Rahmat is passionate about translating complex technical requirements into practical solutions that drive business value.

Paras Bhuva is a Senior Manager of Solutions Architecture at AWS, where he leads a team of solution architects helping energy customers innovate and accelerate their transformation. Having started as a Solution Architect in 2012, Paras is passionate about architecting scalable solutions and building organizations focused on application modernization and AI initiatives.



Source link

Continue Reading

Trending