代理租户隔离：保护多租户代理资源.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.S A S 4 0 9Agentic tenant isolation:Securing multi-tenant agent resourcesAlex Pulver(he/him)Principal Solutions ArchitectAWSDave Roberts(he/him)Senior Solutions Arch

2、itectAWS 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AgendaTenant isolation conceptsAgent conceptsTenant isolation in a multi-tenant agent 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Tena

3、nt isolation concepts 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Single-tenant isolationSingle-tenantagentTenant resource 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Single-tenant isolationSingle-tenantagentTenant resourceAccess my resource 2025,Amazon

4、Web Services,Inc.or its affiliates.All rights reserved.Single-tenant isolationSingle-tenantagentTenant resource“Effect”:“Allow”,“Resource”:“TenantResourceArn”.Tenant-scopedIAM roleAccess my resource 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Single-tenant isolationSingle-tena

5、ntagentTenant resource“Effect”:“Allow”,“Resource”:“TenantResourceArn”.Tenant-scopedIAM roleAccess my resource 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Multi-tenant isolation w/AWS credentialsMulti-tenantagentTenant resource 2025,Amazon Web Services,Inc.or its affiliates.All

6、 rights reserved.Multi-tenant isolation w/AWS credentialsMulti-tenantagentTenant resourceAccess my resourceJWT 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Multi-tenant isolation w/AWS credentialsMulti-tenantagentTenant resourceToken vending machine(TVM)Access my resourceJWT 20