What is Amazon Bedrock AgentCore?
Amazon's announcement of Introducing Amazon Bedrock AgentCore: Securely deploy and operate AI agents at any scale (preview) made be very curious, because I kept asking myself how can I easily expose my existing AWS Serverless resources (like AWS Lambda and Amazon API Gateway) through MCP without changing them. AgentCore Gateway seems to be a solid answer to this question. But before we jump into the capabilities of the Amazon Bedrock AgentCore Gateway specifically let's introduce Amazon Bedrock AgentCore itself. This article is a summary of already available AWS resources.
Amazon Bedrock AgentCore enables you to deploy and operate highly effective agents securely, at scale using any framework and model. With Amazon Bedrock AgentCore, developers can accelerate AI agents into production with the scale, reliability, and security, critical to real-world deployment. AgentCore provides tools and capabilities to make agents more effective and capable, purpose-built infrastructure to securely scale agents, and controls to operate trustworthy agents. Amazon Bedrock AgentCore services are composable and work with popular open-source frameworks and any model, so you don’t have to choose between open-source flexibility and enterprise-grade security and reliability.
Currently AgentCore consists of 7 capabilities:
AgentCore Runtime – Provides low-latency serverless environments with session isolation, supporting any agent framework including popular open source frameworks, tools, and models, and handling multimodal workloads and long-running agents.
AgentCore Memory – Manages session and long-term memory, providing relevant context to models while helping agents learn from past interactions.
AgentCore Observability – Offers step-by-step visualization of agent execution with metadata tagging, custom scoring, trajectory inspection, and troubleshooting/debugging filters.
AgentCore Identity – Enables AI agents to securely access AWS services and third-party tools and services such as GitHub, Salesforce, and Slack, either on behalf of users or by themselves with pre-authorized user consent.
AgentCore Gateway – Transforms existing APIs and AWS Lambda functions into agent-ready tools, offering unified access across protocols, including MCP, and runtime discovery.
AgentCore Browser – Provides managed web browser instances to scale your agents’ web automation workflows.
AgentCore Code Interpreter – Offers an isolated environment to run the code your agents generate.
What is Amazon Bedrock AgentCore Gateway?
Amazon Bedrock AgentCore Gateway provides an easy and secure way for developers to build, deploy, discover, and connect to tools at scale. AI agents need tools to perform real-world tasks—from querying databases to sending messages to analyzing documents. With Gateway, developers can convert APIs (including existing Amazon API Gateway Rest APIs), Lambda functions, and existing services into Model Context Protocol (MCP)-compatible tools and make them available to agents through Gateway endpoints with just a few lines of code. Gateway supports OpenAPI, Smithy, and Lambda as input types, and is the only solution that provides both comprehensive ingress authentication and egress authentication in a fully-managed service. Gateway also provides 1-click integration with several popular tools such as Salesforce, Slack, Jira, Asana, and Zendesk. Gateway eliminates weeks of custom code development, infrastructure provisioning, and security implementation so developers can focus on building innovative agent applications.
To the key concepts of AgentCore belong:
Gateway - An Gateway acts like an MCP server, providing a single access point for an agent to interact with its tools. A Gateway can have multiple targets, each representing a different tool or set of tools.
Gateway Target - A target defines the APIs or Lambda function that a Gateway will provide as tools to an agent. Targets can be Lambda functions, OpenAPI specifications, Smithy models, or other tool definitions.
AgentCore Gateway Authorizer - Since MCP only supports OAuth, each Gateway must have an attached OAuth authorizer. If you don’t have an OAuth authorization server already, you will be able to create one in this guide using Cognito.
AgentCore Credential Provider - When Gateway makes calls to your APIs or Lambda function it must use some credentials to access those functionalities. When you create a Smithy or Lambda target, Gateway uses the attached execution role to make calls to those targets. When you create an OpenAPI target, you must attach an AgentCore credential provider which stores the API Key or OAuth credentials that Gateway will use to access the OpenAPI target.
AgentCore tool types currently supports several types of tools and integration methods:
OpenAPI specifications - Transform existing REST APIs into MCP-compatible tools by providing an OpenAPI specification. The gateway automatically handles the translation between MCP and REST formats.
Lambda functions - Connect Lambda functions as tools, allowing you to implement custom business logic in your preferred programming language. The gateway invokes the Lambda function and translates the response into the MCP format.
Smithy models - Use Smithy models to define your API interfaces and generate MCP-compatible tools. Smithy is a language for defining services and SDKs that can be used with AWS services. The gateway can use Smithy models to generate tools that interact with AWS services or custom APIs.
Amazon Bedrock AgentCore Gateway can connect to both AWS resources and external services. This means that along with the standard AWS Identity and Access Management (IAM) for managing permissions in Amazon Bedrock AgentCore Gateway, the permissions model supports additional external authentication mechanisms.
When working with Gateways, there are currently 3 main categories of permissions to consider:
- Gateway Management Permissions - Permissions needed to create and manage Gateways
- Gateway Access Permissions or Inbound Auth Configuration - Who can invoke what via the MCP protocol
- Gateway Execution Permissions or Outbound Auth configuration - Permissions that a Gateway needs to perform actions on other resources and services
With provided Amazon Bedrock AgentCore Observability AgentCore Gateway dlivery the following CloudWatch metrics:
Invocations - The total number of requests made to each Data Plane API. Each API call counts as one invocation regardless of the response status.
Throttles [429] - The number of requests throttled (status code 429) by the service.
SystemErrors [5xx] - The number of requests which failed with 5xx status code.
UserErrors [4xx] - The number of requests which failed with 4xx status codes other than 429.
Latency - The time elapsed between when the service receives the request and when it begins sending the first response token.
Duration - The total time elapsed between receiving the request and sending the final response token. Represents complete end-to-end processing time of the request.
TargetExecutionTime - The total time take to execute the target over Lambda, OpenAPI, etc. This metric helps you to determine the contribution of the target to the total Latency.
TargetType - The total number of requests served by each type of target (MCP, Lambda, OpenAPI).
Currently there is no support of the AgentCore Gateway in the recently announced CloudWatch Gen AI observability, see the table with data provided for each AgentCore resource type.
Conclusion
In this first article of this series, we introduced Amazon Bedrock AgentCore and specifically Amazon Bedrock AgentCore Gateway which transforms existing APIs and AWS Lambda functions into agent-ready tools, offering unified access across protocols, including into Model Context Protocol (MCP), and runtime discovery.
In the next part of the article, we'll use Amazon Bedrock AgentCore Gateway to convert the existing Amazon API Gateway REST API into MCP compatible tools and make it available to agents through Gateway endpoint. We'll also use Strands Agents MCP Server to to talk to this AgentCore Gateway endpoint. Stay tuned!
Please also check out my Amazon Bedrock AgentCore Runtime article series.
Top comments (0)