As enterprises deploy AI agents into production environments, traditional identity systems are being tested in new ways. These agents may act on behalf of users, interact with multiple third-party services, and require audit trails for every action; patterns that don’t align neatly with existing identity and access management (IAM) pricing models. Cloud providers are beginning to adapt, and AWS’s Amazon Bedrock AgentCore Identity is one example: it introduces usage-based models and identity features tailored for agentic AI. AWS positioned the product as a foundation for enabling enterprises to move beyond prototypes and deploy AI agents securely in production environments.
The Challenge with Traditional IAM Pricing
Rahul Sharma, Principal Product Manager – Technical at AWS, contributed to defining this direction by working on the product concept, usage metrics, and leadership alignment to support adoption. He oversaw the product’s conception, monetization, and go-to-market strategy, authoring the product and pricing proposal, securing alignment across engineering, finance, and sales teams, and presenting the framework to AWS senior leadership.
Most customer identity and access management (CIAM) platforms are priced around monthly active users or licensed seats. AI agents behave differently. They can run continuously, operate in short bursts, or be triggered by system events instead of human actions. A single agent might also require scoped access across multiple tools, such as GitHub, Slack, or Salesforce, which creates new considerations for consent, permissions, and cost allocation.
What AgentCore Identity Provides
AgentCore Identity is built to address these gaps. It provides inbound authentication controls to determine who can invoke an agent, outbound authentication for what services an agent can access, and a secure token vault for managing OAuth tokens and API keys. It also supports delegated and machine-to-machine OAuth 2.0 flows, fine-grained access policies, and audit logging for compliance. By enforcing least-privilege access and enabling durable credentials that can be revoked or audited, the service introduces enterprise-grade safeguards aligned with agent-specific behaviors.
Building a Business Model from the Ground Up
With limited well-defined or established models, the business framework for agent identity had to be created from the ground up. The pricing approach focused on metrics that directly reflect consumption, such as token or API key retrievals from the vault when agents connect to non-AWS services. This design enabled organizations to bill for using the agent identity product, track
Sharma led efforts to define this framework, working with engineering, finance, and security teams to test assumptions. He modeled infrastructure costs and analyzed real-world agentic workflows to ensure the pricing aligned with enterprise economics. He collaborated with customer-facing groups to validate that the model made sense in real-world scenarios, not just on paper.
Reducing Risk for Early Adopters
The approach helps minimize concerns for early adopters by avoiding upfront commitments or minimum fees, instead offering pay-as-you-use pricing for token and API key requests. For customers exploring new agent workloads, this flexibility reduces financial risk while ensuring transparency.
From Proposal to Launch
Once the framework was established, Sharma worked with cross-functional teams, including peers and executives, to move from proposal to launch. This included defining integration with existing identity providers, ensuring that the token vault met encryption and audit standards, prioritizing which flows to support at launch, and contributing to API design for easier developer adoption. AWS introduced AgentCore Identity in public preview in July 2025 as part of the broader Amazon Bedrock AgentCore announcement.
The development process also required AWS teams to test assumptions about how often agents would invoke downstream tools, what limits should be enforced to prevent service abuse, and how identity could remain compatible with existing IAM and CIAM systems. By reconciling these operational considerations with a sustainable business model, Sharma helped position Bedrock AgentCore Identity as a production-ready service.
Transparent Pricing and Enterprise Confidence
Customers are charged for non-AWS resource token or API key retrievals, with transparent billing that reflects consumption. In scenarios where AgentCore Identity is used through AgentCore Runtime or Gateway, charges do not apply, reducing friction for customers starting out.
Public documentation and coverage highlighted AgentCore Identity’s ability to secure agent interactions with both AWS and external services, maintain audit trails when agents need to access AWS services, and integrate with existing identity providers, including Amazon Cognito, Okta, and Microsoft Entra ID. AWS’s preview pricing materials emphasize transparency, showing token/API key retrieval counts and consumption tiers, which gave enterprises confidence as they evaluated the service.
Industry Significance and the Road Ahead
The product’s inclusion in the AWS NY Summit keynote underscored its significance within AWS’s agentic AI portfolio. Analysts noted that the lack of dedicated identity solutions had slowed the adoption of AI agents in sensitive enterprise environments. By combining security, governance, and a clear economic model, Bedrock AgentCore Identity aims to establish a framework enterprises can trust as they expand agent deployments.
AI Agent identity is an emerging category, and business model clarity can serve as a catalyst for enterprise adoption. By linking cost directly to measurable agent activity, AWS provided customers a transparent way to experiment without overcommitting.
AgentCore Identity’s model demonstrates how pricing and packaging, along with features, can be important considerations in determining how enterprises bring new identity paradigms into production. As providers introduce their own approaches, the debate over how to value agent activity — and how to charge for it — can shape the trajectory of this industry as much as the technical capabilities themselves.
