Skip to content

Agentic AI with Data Mesh on AWS: Governance at Every Access Level

Bottom line: Governance for agentic AI requires access control at every level – from tool discovery through query execution to response synthesis – not just at a single central checkpoint like in RAG.

AWS demonstrates an architecture pattern for agentic AI applications that secures data access across multiple sources with granular access control. The concept extends existing RAG approaches with governance mechanisms that account for the complexity of autonomous agents.

Agentic AI systems expose governance gaps that the classical single-checkpoint model from Retrieval Augmented Generation (RAG) cannot close. When an AI agent independently explores database schemas, constructs SQL queries, and consolidates data from multiple sources, it requires controlled access to every component of this interaction chain – from tool discovery through query execution to response synthesis. Simple filtering of vector search results, as is common in RAG systems, is insufficient.

AWS describes a serverless Data Mesh pattern with three architectural changes compared to classical RAG implementations: First, Amazon S3 Vectors replaces the dependency on specialized vector databases and reduces storage and query costs by up to 90 percent for moderate query frequency, according to AWS. Second, S3 Tables with integrated Apache Iceberg and AWS Lake Formation provide a governance layer that delivers up to 10x higher transactions per second than self-managed Iceberg tables and enables granular security at row, column, and cell level. Third, the solution exposes the Data Mesh as Model Context Protocol (MCP) tools through an AgentCore Gateway with Lambda-backed interceptors for deterministic access control at every agent-to-tool invocation.

The architecture consists of four layers: The Agent Layer hosts the agent in the AgentCore Runtime with isolation in dedicated MicroVM environments and uses the LangGraph Framework for MCP tool integration. The Gateway Layer performs JWT validation, enforces scope in request interceptors, implements data redaction and audit logging in response interceptors, and uses Bedrock Guardrails against prompt injection and sensitive information. The Tools Layer provides four Lambda-backed MCP tools (get_user_tables, get_schema, run_query, kb_search). The Governed Data Mesh Layer combines S3 Tables, Athena, Lake Formation, and S3 Vectors as the data layer.

Implementation requires an AWS account with administrator access, IAM permissions for roles, policies, Lambda functions, S3 Tables and Lake Formation, Bedrock access with configured Model Access and AgentCore, and AWS CLI v2. The target audience is CTOs and platform engineers who need to deploy agents in production environments with high governance requirements.


Source: aws.amazon.com · Published June 25, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: