BedrockAgentCoreControl / Client / create_browser
create_browser¶
- BedrockAgentCoreControl.Client.create_browser(**kwargs)¶
Creates a custom browser.
See also: AWS API Documentation
Request Syntax
response = client.create_browser( name='string', description='string', executionRoleArn='string', networkConfiguration={ 'networkMode': 'PUBLIC'|'VPC', 'vpcConfig': { 'securityGroups': [ 'string', ], 'subnets': [ 'string', ], 'requireServiceS3Endpoint': True|False } }, recording={ 'enabled': True|False, 's3Location': { 'bucket': 'string', 'prefix': 'string', 'versionId': 'string' } }, browserSigning={ 'enabled': True|False }, enterprisePolicies=[ { 'location': { 's3': { 'bucket': 'string', 'prefix': 'string', 'versionId': 'string' } }, 'type': 'MANAGED'|'RECOMMENDED' }, ], certificates=[ { 'location': { 'secretsManager': { 'secretArn': 'string' } } }, ], clientToken='string', tags={ 'string': 'string' } )
- Parameters:
name (string) –
[REQUIRED]
The name of the browser. The name must be unique within your account.
description (string) – The description of the browser.
executionRoleArn (string) – The Amazon Resource Name (ARN) of the IAM role that provides permissions for the browser to access Amazon Web Services services.
networkConfiguration (dict) –
[REQUIRED]
The network configuration for the browser. This configuration specifies the network mode for the browser.
networkMode (string) – [REQUIRED]
The network mode for the browser. This field specifies how the browser connects to the network.
vpcConfig (dict) –
The VPC configuration for the browser. This configuration is required when the network mode is set to
VPC.securityGroups (list) – [REQUIRED]
The security groups associated with the VPC configuration.
(string) –
subnets (list) – [REQUIRED]
The subnets associated with the VPC configuration.
(string) –
requireServiceS3Endpoint (boolean) –
Note
This field applies only to Agent Runtimes. It is not applicable to Browsers or Code Interpreters.
Controls whether a service-managed Amazon S3 gateway endpoint is provisioned in the VPC network topology for the agent runtime. This gateway is used by Amazon Bedrock AgentCore Runtime to download code and container images during agent startup.
Starting May 5, 2026, Amazon Bedrock AgentCore Runtime is gradually rolling out a change to how network isolation is configured for VPC mode agents. Agent runtimes created on or after this rollout will no longer include the service-managed Amazon S3 gateway. Instead, all network access, including to Amazon S3, is governed exclusively by your VPC configuration. This field cannot be set on agent runtimes created after the rollout. Passing this field in an
UpdateAgentRuntimerequest for these agent runtimes returns aValidationException.Agent runtimes created before the rollout are not affected and continue to operate with the service-managed Amazon S3 gateway. To enforce full VPC network isolation on these existing agent runtimes, set this field to
falsevia theUpdateAgentRuntimeAPI. Before opting out, ensure your VPC provides the Amazon S3 access required for agent startup. If this field is not specified or is set totrue, the service-managed Amazon S3 gateway remains provisioned.This field is only supported in the
UpdateAgentRuntimeAPI for pre-rollout agent runtimes. Passing this field in aCreateAgentRuntimerequest returns aValidationException.
recording (dict) –
The recording configuration for the browser. When enabled, browser sessions are recorded and stored in the specified Amazon S3 location.
enabled (boolean) –
Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.
s3Location (dict) –
The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.
bucket (string) – [REQUIRED]
The name of the Amazon S3 bucket. This bucket contains the stored data.
prefix (string) – [REQUIRED]
The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
versionId (string) –
The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
browserSigning (dict) –
The browser signing configuration that enables cryptographic agent identification using HTTP message signatures for web bot authentication.
enabled (boolean) – [REQUIRED]
Specifies whether browser signing is enabled. When enabled, the browser will cryptographically sign HTTP requests to identify itself as an AI agent to bot control vendors.
enterprisePolicies (list) –
A list of enterprise policy files for the browser.
(dict) –
Browser enterprise policy configuration.
location (dict) – [REQUIRED]
The location of the enterprise policy file.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
s3.s3 (dict) –
The Amazon S3 location for storing data. This structure defines where in Amazon S3 data is stored.
bucket (string) – [REQUIRED]
The name of the Amazon S3 bucket. This bucket contains the stored data.
prefix (string) – [REQUIRED]
The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
versionId (string) –
The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
type (string) –
The type of browser enterprise policy. Available values are
MANAGEDandRECOMMENDED.
certificates (list) –
A list of certificates to install in the browser.
(dict) –
A certificate to install in the browser or code interpreter.
location (dict) – [REQUIRED]
The location of the certificate.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
secretsManager.secretsManager (dict) –
The Amazon Web Services Secrets Manager location of the certificate.
secretArn (string) – [REQUIRED]
The ARN of the Amazon Web Services Secrets Manager secret containing the certificate.
clientToken (string) –
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock AgentCore ignores the request but does not return an error.
This field is autopopulated if not provided.
tags (dict) –
A map of tag keys and values to assign to the browser. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'browserId': 'string', 'browserArn': 'string', 'createdAt': datetime(2015, 1, 1), 'status': 'CREATING'|'CREATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'|'DELETED' }
Response Structure
(dict) –
browserId (string) –
The unique identifier of the created browser.
browserArn (string) –
The Amazon Resource Name (ARN) of the created browser.
createdAt (datetime) –
The timestamp when the browser was created.
status (string) –
The current status of the browser.
Exceptions
BedrockAgentCoreControl.Client.exceptions.ServiceQuotaExceededExceptionBedrockAgentCoreControl.Client.exceptions.AccessDeniedExceptionBedrockAgentCoreControl.Client.exceptions.ConflictExceptionBedrockAgentCoreControl.Client.exceptions.ValidationExceptionBedrockAgentCoreControl.Client.exceptions.ThrottlingExceptionBedrockAgentCoreControl.Client.exceptions.InternalServerException