Amazon Bedrock AgentCore : Runtime with Langgraph, CrewAI and Google Gemini

Amazon Bedrock AgentCore is a agentic platform for building, deploying, and operating agents using any framework and any foundation model.

AgentCore Service	Description
AgentCore Runtime	Serverless agent and tools such as MCP and A2A deployment.
AgentCore Gateway	Connect agent to services such as Lambda function and API that converted to MCP compatible.
AgentCore Identity	Identity and access management for agent and tool.
AgentCore Memory	Store context across interaction both short-term and long-term.
AgentCore Browser	Browser runtime that interact with web app.
AgentCore Code Interpreter	Execute code across multiple languages such as Python.
AgentCore Observability	Monitoring agent and tools in Amazon CloudWatch.
AgentCore Evaluation	Improve agent quality and performance.
AgentCore Policy	Control agent and tool interaction.

However, I create 3 blog only for explain how to AgentCore works.

1. AgentCore Runtime using Langgraph, CrewAI, Google Gemini and AgentCore Observability (this blog).
2. MCP Server on AgentCore Runtime and AgentCore Gateway.
3. AgentCore Identity and AgentCore Memory.

FLASHBACK : I have already created AI candidate screening agent using Langgraph, CrewAI and Amazon Nova on Amazon Bedrock in my Github repository. I think it is time to deploy this AI agent to Amazon Bedrock AgentCore Runtime with Google Gemini.

REQUIREMENTS :

1. AWS account (or AWS credentials), you can sign up/sign in here
2. Google Gemini account, you can sign up/sign in here
3. Langgraph and CrewAI.

The AWS services used by this AI agent such as :

1. Amazon S3 : upload file from local to S3 and download file from S3 to AI agent processes.
2. AWS Secret Manager : store Gemini API Key and LLM inference in AI agent.
3. AgentCore Runtime and AgentCore Observability (or CloudWatch Logs).
4. AgentCore Starter Toolkit : quickly configure and deploy AI agent with several AWS services such as Amazon ECR, AWS CodeBuild, and AWS IAM.

STEP-BY-STEP :

A. Creating Amazon S3 bucket and store Gemini API key in AWS Secret Manager.

Use this code to create a Amazon S3 bucket.

s3 = boto3.client('s3', 'us-west-2')
s3.create_bucket(
    Bucket="screening-candidate",
    CreateBucketConfiguration={
        'LocationConstraint': 'us-west-2'
    }
)
print("This bucket is now available.")

Use this code to create Gemini API Key in AWS Secret Manager.

apikey = boto3.client('secretsmanager', 'us-west-2')
secret_dict = {"GEMINI_API_KEY": gemini}
response = apikey.create_secret(
    Name=secret_name,
    Description="Gemini API Key",
    SecretString=json.dumps(secret_dict)
)
print("Gemini API Key is now stored.")

B. Langgraph and CrewAI Development

Use this code to packaging AgentCore Starter Toolkit with AI agent code.

from bedrock_agentcore.runtime import BedrockAgentCoreApp
app = BedrockAgentCoreApp()

Explaining the above code:

• from bedrock_agentcore.runtime import BedrockAgentCoreApp means import runtime.
• app = BedrockAgentCoreApp() means initialize runtime.

Use this code to retrieve Gemini API Key from AWS Secret Manager.

secretmanager = boto3.client('secretsmanager', region_name="us-west-2")
response = secretmanager.get_secret_value(SecretId='geminiapikey')
secret_json = json.loads(response["SecretString"])
api_key = secret_json["GEMINI_API_KEY"]
llm = init_chat_model("google_genai:gemini-2.5-flash", google_api_key=api_key)

Explaining the above code:

• from first row until four row means retrieve Gemini API key from AWS Secret Manager.
• last row means initialize Langgraph/Langchain chat model using Gemini 2.5 Flash with Gemini API Key.

This structure is very important for creating AI agent using Langgraph or CrewAI.

1. Candidate upload CV PDF file then extract CV PDF file.
2. Compare and Match between Job Requirements and CV.
3. Score to the Next Step of the Recruitment Process.
4. Create Rejection or Interview Email.
5. Create Interview Question for candidate who pass the interview session.

Use this code to configure the AgentCore Runtime.

from bedrock_agentcore_starter_toolkit import Runtime
agentcore_runtime = Runtime()
region = "us-west-2"
agent_name = ... # gemini_Langgraph or gemini_crewai

response = agentcore_runtime.configure(
    entrypoint= ... # langgraph or crewai
    auto_create_execution_role=True,
    auto_create_ecr=True,
    requirements_file="/runtime/requirements.txt",
    region=region,
    agent_name=agent_name
)
response

Explaining the above code:

• from first row until second row means import and initialize AgentCore Runtime.
• agentcore_runtime.configure means configure the AgentCore Runtime with entry point (AI agent Python code), create IAM role for Runtime, create ECR image, requirements (install libraries), region and agent name.

Use this code to launch AI agent to AgentCore Runtime. Wait up to one minute.

launch_result = agentcore_runtime.launch()

C. TROUBLESHOOTING / VERY IMPORTANT INFORMATION

After AgentCore Runtime is available then invoke AI agent and get error like this screenshot below.

Open CloudWatch Logs or AgentCore Observability to see what happened with this error.

Go to Amazon Bedrock AgentCore -> Agent runtime then click your agent name that already created. Click "Observability dashboard" or "Cloudwatch logs" to see this error.

This error is happened because secretsmanager:GetSecretValue action is not allowed in IAM role for Runtime.

Go to Amazon Bedrock AgentCore -> Agent runtime then click your agent name that already created.

Click "Version 1" then click IAM service role of Permissions (e.g. AmazonBedrockAgentCoreSDKRuntime-{region-name}-{random-number-letter}) like above screenshot.

Click IAM policy name that related (e.g. BedrockAgentCoreRuntimeExecutionPolicy-{your-agent-name}) like above screenshot.

Go to AWS Secret Manager, click secret name then copy Secret ARN of Gemini API Key.

Add your Secret ARN of Gemini API Key in resource of "secretsManager:GetSecretValue" action with this code :

arn:aws:secretsmanager:us-west-2:{aws_account_id}:secret:geminiapikey-{random-number-letter}

Add S3 access action like this screenshot below :

Click Next, click Save, and view the IAM policy after changing it.

Try invoke agent runtime again.

Open AgentCore Observability or CloudWatch Logs. I prefer open AgentCore Observability like this screenshot and invocation completed successfully.

D. AgentCore Observability

Open AgentCore Runtime -> Agent runtime then click your agent name that already created. I have already created one AI agent using Langgraph and one using CrewAI. For this tutorial, I am using Langgraph because observability of Langgraph and CrewAI is the same.

Click View dashboard.

Click Sessions and click session ID.

Click "CloudWatch logs" in Agent runtime that automatically open a new tab and see log events like this screenshot.

Open Amazon ECR (Elastic Container Registry) console then click image of agent runtime like this screenshot.

Open AWS CodeBuild console then click build of agent runtime like this screenshot.

CONCLUSION : Amazon Bedrock AgentCore Runtime can handle AI agent request while AgentCore Observability can help monitoring session and trace of AI agent. I using AWS CDK for infrastructure as code to improve my AI engineering skill. Stay tune!

DOCUMENTATION :

• Amazon Bedrock AgentCore documentation
• CrewAI documentation
• Langgraph documentation
• Google Gemini documentation

GITHUB REPOSITORY : https://github.com/budionosanai/amazon-bedrock-agentcore-one-to-one/tree/main/runtime

Thank you,
Budi :)