Introduction
In my articles about Amazon Bedrock AgentCore Gateway concretely in the Exposing existing Amazon API Gateway REST API via MCP and Gateway endpoint and Exposing existing AWS Lambda function via MCP and Gateway endpoint we ran the agent locally and it communicated with Amazon Bedrock AgentCore Gateway. This is, of course, not an enterprise-ready solution. Because agents built with Strands SDK (which we did in our examples) are essentially Python apps, they're portable and can run across different compute options, such as Bedrock AgentCore Runtime, Lambda functions, or ECS tasks. This makes Strands Agents SDK a powerful foundation for building scalable and goal-driven AI systems.
In this article series, we'll take a closer look at Amazon Bedrock AgentCore Runtime. Among others, Runtime gives us access to the fully managed, serverless AgentCore Memory primitive to manage sessions and long-term memory. AgentCore Identity primitive allows our AI agents to securely access AWS services and third-party tools either on behalf of users or as themselves with pre-authorized user consent. It provides managed OAuth 2.0 supported providers for both inbound and outbound authentication. More about it later. With these and other features, Amazon Bedrock AgentCore Runtime (currently in preview), aims at becoming the default choice for the hosting environment for deploying and running AI agents or tools.
We'll start with the introduction, and in the next parts of the series we'll deploy the same agent using the AgentCore Runtime. This article provides a brief summary of existing AWS resources about this feature.
Amazon Bedrock AgentCore Runtime
Amazon Bedrock AgentCore Runtime provides a secure, serverless and purpose-built hosting environment for deploying and running AI agents or tools. It offers the following benefits:
Framework agnostic - Runtime lets you transform any local agent code to cloud-native deployments with a few lines of code no matter the underlying framework. Works seamlessly with popular frameworks like LangGraph, Strands, and CrewAI. You can also leverage it with custom agents that don't use a specific framework.
Model flexibility - Runtime works with any Large Language Model, such as models offered by Amazon Bedrock, Anthropic Claude, Google Gemini, and OpenAI.
Protocol support - Runtime lets agents communicate with other agents and tools via Model Context Protocol (MCP).
Extended execution time - Runtime supports both real-time interactions and long-running workloads up to 8 hours, enabling complex agent reasoning and asynchronous workloads that may involve multi-agent collaboration or extended problem-solving sessions.
Session isolation - In Runtime, each user session runs in a dedicated microVM with isolated CPU, memory, and filesystem resources. This helps create complete separation between user sessions, safeguarding stateful agent reasoning processes and helps prevent cross-session data contamination. After session completion, the entire microVM is terminated and memory is sanitized, delivering deterministic security even when working with non-deterministic AI processes.
You can read more about secure agent execution with session lifecycle and session isolation in the article Securely launch and scale your agents and tools on Amazon Bedrock AgentCore Runtime.
- Built-in authentication - Runtime, powered by Amazon Bedrock AgentCore Identity, assigns distinct identities to AI agents. The service supports two primary authentication mechanisms for agents using this unique agent identity: IAM SigV4 Authentication for agents operating within AWS security boundaries, and OAuth based (JWT Bearer Token Authentication) integration with existing enterprise identity providers like Amazon Cognito, Okta, or Microsoft Entra ID, enabling your end users to authenticate into only the agents they have access to.
In addition, Runtime lets outbound authentication flows to securely access third-party services like Slack, Zoom, and GitHub - whether operating on behalf of users or autonomously (using either OAuth or API keys).
You can read more about AgentCore Runtime embedded identity in the article Securely launch and scale your agents and tools on Amazon Bedrock AgentCore Runtime.
- State persistence with AgentCore Memory - AgentCore Runtime provides ephemeral, session-specific state management that maintains context during active conversations but doesn’t persist beyond the session lifecycle. Each user session preserves conversational state, objects in memory, and local temporary files within isolated execution environments. For short-lived agents, you can use the state persistence offered by AgentCore Runtime without needing to save this information externally. However, at the end of the session lifecycle, the ephemeral state is permanently destroyed, making this approach suitable only for interactions that don’t require knowledge retention across separate conversations.
AgentCore Memory addresses this challenge by providing persistent storage that survives beyond individual sessions. Short-term memory captures raw interactions as events using create_event, storing the complete conversation history that can be retrieved with get_last_k_turns even if the runtime session restarts. Long-term memory uses configurable strategies to extract and consolidate key insights from these raw interactions, such as user preferences, important facts, or conversation summaries. Through retrieve_memories, agents can access this persistent knowledge across completely different sessions, enabling personalized experiences. The following diagram shows how AgentCore Runtime can use specific APIs to interact with Short-term and Long-term memory in AgentCore Memory.
You can read more about AgentCore Runtime Memory in the article Amazon Bedrock AgentCore Memory: Building context-aware agents.
- Agent-specific observability - Runtime provides specialized built-in tracing that captures agent reasoning steps, tool invocations, and model interactions, providing clear visibility into agent decision-making processes, a critical capability for debugging and auditing AI agent behaviors. The observability is provided with the help of the recently launched CloudWatch Generative AI observability service. You can read more about this service in the article Launching Amazon CloudWatch generative AI observability (Preview).
Amazon Bedrock AgentCore Runtime Key Components
There are 4 key components of AgenticCore Runtime
- Agent runtime - An AgentCore Runtime is the foundational component that hosts your AI agent or tool code. It represents a containerized application that processes user inputs, maintains context, and executes actions using AI capabilities. When you create an agent, you define its behavior, capabilities, and the tools it can access. For example, a customer support agent might answer product questions, process returns, and escalate complex issues to human representatives.
You can build and deploy agents to AgentCore Runtime using the AgentCore Python SDK or directly through AWS SDKs. With the Python SDK, you can define your agent using popular frameworks like LangGraph, CrewAI, or Strands Agents. The SDK handles infrastructure complexities, allowing you to focus on the agent's logic and capabilities.
Each Agent Runtime has a unique identity and is versioned to support controlled deployment and updates.
- Endpoints - Provide addressable access points (i.e., aliases) to specific versions of your AgentCore Runtime. Each endpoint has a unique ARN for invocation, references a specific version of your Agent Runtime and provides stable access to your agent even as you update implementations.
Key endpoint details:
1. The "DEFAULT" endpoint is automatically created when you call CreateAgentRuntime and points to the latest version
2. When you update your Agent Runtime, a new version is created but the DEFAULT endpoint automatically updates to reference it
3. Custom endpoints can be created via CreateAgentRuntimeEndpoint for different environments (dev, test, prod)
4. When a user makes a request to an endpoint, the request is resolved to the specific agent version referenced by that endpoint
Sessions - Sessions represent individual interaction contexts between users and your AgentCore Runtime. See the detailed description above or please read the article Securely launch and scale your agents and tools on Amazon Bedrock AgentCore Runtime .
Versions - Each AgentCore Runtime maintains immutable versions that capture a complete snapshot of the configuration at a specific point in time. When you create an Agent Runtime, Version 1 (V1) is automatically created. Each update to configuration (container image, protocol settings, network settings) creates a new version. This versioning system provides reliable deployment history and rollback capabilities.
Conclusion
In the first part of the series, we gave the introduction to the Amazon Bedrock AgentCore Runtime and the benefits it offers. We also described its key components.
In the next part of the series, we'll deploy the agent with the Amazon Bedrock AgentCore Runtime Starter Toolkit. This will be the same agent that we implemented in my articles Exposing existing Amazon API Gateway REST API via MCP and Gateway endpoint and Exposing existing AWS Lambda function via MCP and Gateway endpoint which ran locally and communicated with the Amazon Bedrock AgentCore Gateway.
Please also check out my Amazon Bedrock AgentCore Gateway article series.
Top comments (0)