Amazon Bedrock AgentCore is an agentic platform to build, deploy and operate highly capable agents securely at scale. AgentCore lets you build agents faster, enable agents to take actions across tools and data, run agents securely with low-latency and extended runtimes, and monitor agents in production - all without any infrastructure management. AgentCore helps developers to accelerate agents into production with the scale, reliability, and security critical to real-world deployment. Its services are composable and work with any open-source framework and any model, so you don’t have to choose between open-source flexibility and enterprise-grade security and reliability.

AgentCore is designed for organizations who want to move agents from proofs of concept built using open-source or custom agent frameworks to production. It serves developers and enterprises who need robust infrastructure to support dynamic execution paths at runtime, controls to monitor behavior, powerful tools to enhance agents, and the flexibility to adapt as the landscape evolves.

AgentCore consists of seven modular services:
Runtime: Provides a secure, serverless environment purpose-built for deploying and scaling dynamic agents and tools.
Memory: Enables developers to build context-aware agents by eliminating complex memory infrastructure management while providing full control over agent memory.
Gateway: Offers an easy and secure way for agents to access tools by transforming APIs and Lambda functions into agent-compatible tools and connecting to existing MCP servers.
Browser tool: Provides a fast, secure, cloud-based browser runtime to enable agents to interact with websites.
Code Interpreter: Enables agents to write and execute code securely in sandbox environments, enhancing their accuracy and expanding their ability to solve complex end-to-end tasks.
Identity: Allows agents to securely access and operate across AWS resources or third-party tools and services, on behalf of users or by themselves.
Observability: Gives developers complete visibility into agent workflows to trace, debug, and monitor agents' performance.

AgentCore works with custom frameworks and any open-source framework, including CrewAI, LangGraph, LlamaIndex, Google ADK, OpenAI Agents SDK, and Strands Agents.

AgentCore supports Model Context Protocol (MCP) and Agent to Agent Protocol (A2A). A2A support is currently available in AgentCore Runtime, with broader A2A support across other AgentCore services coming soon. By supporting these emerging standards, AgentCore aims to be the preferred choice for hosting agents regardless of the protocols used.

AgentCore is designed to be model-agnostic, working with any foundation model in or outside of Amazon Bedrock including OpenAI, Google's Gemini, Anthropic's Claude, Amazon Nova, Meta Llama, and Mistral models.

Strands Agents enables developers to leverage modern models' capabilities for planning, reasoning, and tool use, while seamlessly integrating with AgentCore services through a simple SDK. Developers can connect to AgentCore Gateway, configure memory stores, and deploy agents with just a few lines of code.

AgentCore is available in nine AWS Regions: Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Dublin), Europe (Frankfurt), US East (N. Virginia), US East (Ohio), and US West (Oregon). This expanded regional coverage allows customers to deploy closer to their users and data, improving performance and helping to meet data residency requirements across geographical locations.

AgentCore accelerates development by eliminating months of infrastructure work. With just a few lines of code, it integrates with any framework - including LangChain, Strands Agents, and CrewAI - and model, while providing essential services (Runtime, Memory, Gateway, Browser tool, Code Interpreter, Identity, and Observability) that help build, deploy, and operate your agents in production. Automatic infrastructure provisioning lets developers focus on innovation while ensuring protocol compatibility, reducing development time from months to hours.

If you are using Amazon Bedrock Agents today, you can continue to do so. With that said, AgentCore is an agentic platform that provides enhanced capabilities including support for any open-source framework including Strands Agents, LangChain, LangGraph, LlamaIndex, and CrewAI and the flexibility to use any foundation model of your choice, whether in or outside of Amazon Bedrock. AgentCore delivers enterprise-grade capabilities with Model Context Protocol (MCP) support for standardized tool access, Virtual Private Cloud (VPC) connectivity for secure network access, and Agent-to-Agent (A2A) support for inter-agent communication.

AgentCore's agentic infrastructure services include Runtime for secure, serverless deployment, Memory for customizable context retention, Gateway for seamless tool integration, Browser tool and Code Interpreter for enhanced agent capabilities, Identity for fine-grained access control, and Observability for comprehensive monitoring. These services work together to help you move agents from prototype to production with the scale, reliability, and security critical for real-world deployment.

Yes, AgentCore offers VPC connectivity across all its services - Runtime, Memory, Gateway, Browser tool, Code Interpreter, Identity, and Observability. This allows secure access to resources within your private network environment. You can configure each AgentCore service to integrate with your VPC to ensure secure communication between agents and your internal resources.

AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic agents and tools using any open-source framework (including CrewAI, LangGraph, LlamaIndex, Google ADK, Openagents SDK, and Strands Agents), any protocol (MCP and A2A), and any model (i.e. Bedrock, OpenAI, Gemini, etc.). Developers can securely and reliably run any type of agent including multi-modal, real-time, or long-running agents in a VPC-enabled environment with PrivateLink support. The service is highly reliable with checkpointing and recovery capabilities to ensure graceful recovery in case of unexpected interruptions and failures, and can scale up to thousands of agent sessions in seconds so developers don't have to worry about managing infrastructure and only pay for actual usage. It provides complete session isolation with dedicated execution environments for each user interaction. AgentCore Runtime also seamlessly integrates with leading identity providers such as Amazon Cognito, Microsoft Entra ID, and Okta, as well as popular OAuth providers such as Google and GitHub. It supports all authentication methods, from OAuth tokens and API keys to IAM roles, so developers don't have to build custom security infrastructure.

1/Accelerate time to market: Deploy and host any agent or tool using your preferred open-source frameworks, models, and tools without needing to manage any infrastructure. With native support for MCP and A2A protocols, developers can build sophisticated agent-to-agent and agent-to-tool interactions while focusing on innovative capabilities, speeding up deployment and freeing developers to focus on building innovative agents.

2/Seamlessly scale from real-time to multi-hour agentic workloads: AgentCore Runtime supports both interactive experiences with low latency, and complex asynchronous workloads running up to 8 hours along across any modality. AgentCore Runtime automatically handles scaling from zero to thousands of concurrent sessions, eliminating capacity planning and infrastructure maintenance.

3/Deploy with enterprise-grade security and compliance: Protect sensitive data with true session isolation that provides dedicated compute environments for each user interaction, VPC connectivity and PrivateLink support. AgentCore Runtime seamlessly integrates with your existing identity providers (Amazon Cognito, Microsoft Entra ID, and Okta) to limit who can authenticate in your agent, and manages credentials for downstream services like Salesforce, Github, and Stripe—delivering security without development overhead.

Amazon Bedrock AgentCore Gateway enables agents to easily discover and securely connect with tools through a unified endpoint. It transforms APIs and Lambda functions into agent-compatible tools and connects to existing MCP servers, secured by native IAM enforcement and OAuth integration. Gateway eliminates weeks of custom integration work, accelerating innovative agent application development. It provides 1-click integration with popular tools like Salesforce, Slack, Jira, Asana, and Zendesk. By handling complex tool management and security at enterprise scale, Gateway eliminates weeks of custom integration work so developers can focus on building innovative agent applications.

1/Accelerate agent development through unified access: Combine multiple tool sources—from APIs to Lambda functions to MCP servers—into one unified endpoint. This single, secure endpoint with native IAM enforcement and OAuth integration enables your agents to discover and use tools effortlessly so developers can build and scale agent workflows faster without managing multiple tool connections or reimplementing integrations.

2/Simplify tool development and integration: Transform existing enterprise resources into agent-ready tools in just a few lines of code and seamlessly connect to existing MCP servers and popular tools like Salesforce, Slack, Jira, Asana, and Zendesk. AgentCore Gateway handles the complex tasks of tool management and security at enterprise scale, freeing developers to focus on building differentiated agent capabilities.

3/Scale with confidence through intelligent tool discovery: As your tool collection grows, help your agents find and use the right tools through contextual search. Built-in semantic search capabilities help agents effectively utilize available tools based on their task context, improving agent performance and reducing development complexity at scale.

AgentCore Gateway includes built-in semantic search to help agents identify the most relevant tools for their tasks, and supports metadata-based filtering to manage tool access based on criteria like risk levels, improving agent efficiency and security. 

AgentCore Gateway enables developers to bring a wide range of tools through a unified interface. These include AWS services (S3, DynamoDB, Aurora, Redshift, Lambda), and third-party services. Developers can also integrate custom tools using API specifications, function code, MCP servers, OpenAPI, Smithy, Lambda functions, or containerized solutions via ECR images.

AgentCore Gateway provides multiple authentication methods including IAM-based, OAuth 2.1, and API keys. It offers secure credential exchange mechanisms between different identity providers. Through integration with AgentCore Observability, customers gain detailed visibility into authentication events, tool invocations, and access patterns. AgentCore Gateway also supports web application firewall capabilities with configurable web ACLs to filter malicious requests. For more details see AgentCore Gateway documentation.

AgentCore Gateway works with AgentCore Runtime for secure tool execution, AgentCore Identity for authentication and authorization, and AgentCore Observability for comprehensive metrics and audit logs. AWS Partner tools procured through AWS Marketplace can be automatically imported into AgentCore Gateway. Through these integrations, developers can access a wide range of tools and services through a unified interface while maintaining enterprise-grade security and monitoring capabilities.

AgentCore Memory makes it easy for developers to build context-aware agents using any open-source framework. Memory provides industry-leading accuracy along with support for both short-term memory for multi-turn conversations and long-term memory that persists across sessions, with the ability to share memory stores across agents. The capability offers unique flexibility, allowing developers to create custom extraction logic using their preferred large language models and prompts to capture exactly what matters for their use case. With managed infrastructure that handles vector embeddings and memory consolidation along with enterprise features like observability, developers can focus on building intelligent agents rather than managing memory systems.

1/Eliminates infrastructure management: AgentCore Memory eliminates the need for developers to manage complex memory infrastructure. Developers can store and retrieve memories with just a few lines of code while AgentCore automatically handles vector embeddings, storage, and memory consolidation behind the scenes.

2/Enterprise-grade: AgentCore memory provides encrypted, namespaces-based storage with VPC support to allow the developer to segment memory based on their preferred taxonomy such as by user, project, or business unit, keeping data isolated and easy to retrieve.

3/Deep customization: AgentCore Memory provides developers with the option to use pre-defined strategies to extract user preferences and facts across sessions, or create custom extraction logic using their preferred large language models and prompts to capture exactly what matters for their use case.

AgentCore Code Interpreter enables agents to write and execute code securely in sandbox environments, enhancing their accuracy and expanding their ability to solve complex end-to-end tasks. Code Interpreter comes with pre-built runtimes for multiple languages and advanced features, including large file support and internet access. Developers can customize environments with specific instance types and session properties to meet security requirements. Code Interpreter reduces manual intervention while enabling sophisticated AI development without compromising security or performance.

1/Execute code securely: Develop agents that can perform complex workflows and data analysis in isolated sandbox environments with VPC support, while accessing internal data sources without exposing sensitive data or compromising security.

2/Large-scale data processing: When working with large datasets, developers can easily reference files stored in Amazon S3, enabling efficient processing of gigabyte-scale data without API limitations.

3/Ease of use: Provides a fully managed default mode with pre-built execution runtimes that support popular programming languages like JavaScript, TypeScript, and Python with common libraries pre-installed.

AgentCore Browser tool provides a fast, secure, cloud-based browser runtime to enable agents to interact with websites at scale. It includes enterprise-grade security features including VM-level isolation and federated identity integration. The tool offers observability via live viewing, CloudTrail logging, session replay to easily troubleshoot, maintain quality, and support compliance, and CAPTCHA handling via Bot Control Vendors, to ensure smooth automated interactions without request blocking. With automatic scaling, AgentCore Browser tool eliminates infrastructure overhead while helping to maintain rigorous security and compliance standards.

1/Serverless Browser Infrastructure: Provides agents with a fast, fully-managed browser that automatically scales without infrastructure overhead.

2/Enterprise-grade security: Browser tool provides extensive security through VM-level isolated sandboxes with VPC support, robust audit capabilities, complemented by advanced features like session-level isolation and automated CAPTCHA handling.

3/Enterprise observability: Easily troubleshoot issues, maintain quality control, and ensure compliance, with real-time visibility and complete recorded history of all browser interactions, whether performed by agents or humans.

Amazon Bedrock AgentCore Identity is a scalable agent identity and access management capability that helps you securely build enterprise-ready agents at speed. It accelerates agent development by providing standards-based authentication, compatibility with existing identity providers, and native support for OAuth-enabled services. With just-enough access, secure permission delegation, and identity-aware authorization, your agents can securely access and perform actions on AWS resources or third-party services, on behalf of users or by themselves with pre-authorized user consent. AgentCore Identity features a secure token vault, enabling frictionless user experiences for all your agent-powered interactions while maintaining precise access controls.

1/ Secure, delegated access for agents

AgentCore Identity allows your agents to securely access AWS resources and third-party tools and services with scoped access controls and secure permissions delegation. Identity-aware authorization ensures agents get only the right access through dynamic decisions based on the user’s identity context, delivering enhanced security controls.

2/ Accelerate agent development

AgentCore Identity accelerates secure enterprise-ready agent development by lowering the development efforts you typically need for building custom identity infrastructure. With standards-based authentication, you can use your existing identity providers such as Amazon Cognito, Microsoft Entra ID, or Okta without migrating users or rebuilding authentication flows. With support across popular Infrastructure-as-code tools such as AWS CloudFormation, Terraform, and AWS CDK, you can easily configure and manage the lifecycle of AgentCore Identity resources in an automated manner for accelerated productivity.

3/ Build streamlined agent experiences

AgentCore Identity streamlines end-user and agent builder experiences while providing precise access controls. With a secure token vault that stores users’ tokens, AgentCore Identity simplifies authentication flows and minimizes consent fatigue to deliver frictionless user experiences for all your agent-powered interactions.

4/ Simplify authentication across enterprise services

AgentCore Identity offers native support for OAuth-enabled services such as Slack, Salesforce, and GitHub, simplifying implementation of custom OAuth flows or token handling. Your agents can seamlessly and securely operate across enterprise applications and AWS resources, on behalf of users or by themselves with pre-authorized user consent.

AgentCore Identity implements a secure token vault that stores users' tokens and allows agents to retrieve them securely. For OAuth 2.0 compatible tools and services, when a user first grants consent for an agent to act on their behalf, AgentCore Identity collects and stores the user's tokens issued by the tool in its vault, along with securely storing the agent's OAuth client credentials. Agents, operating with their own distinct identity and when invoked by the user, can then access these tokens as needed, reducing the need for frequent user consent. When the user token expires, AgentCore Identity triggers a new authorization prompt to the user for the agent to obtain updated user tokens. For tools that use API keys, AgentCore Identity also stores these keys securely and provides agents with controlled access to retrieve them when needed. This secure storage streamlines the user experience while maintaining robust access controls, enabling agents to operate effectively across various tools and services.

Amazon Bedrock AgentCore Observability is a managed service that helps developers trace, debug, and monitor agent performance in production environments with any framework or model. Available across all AgentCore services, it offers detailed visualizations of each step in the agent workflow, enabling developers to inspect execution paths, audit intermediate outputs, and debug performance bottlenecks. Powered by Amazon CloudWatch, AgentCore Observability provides real-time visibility into operational performance through Amazon CloudWatch dashboards and telemetry for key metrics such as traces, session count, latency, duration, token usage, and error rates. Rich metadata tagging and filtering simplify issue investigation, while OpenTelemetry (OTEL)-compatible telemetry enables integration with existing monitoring tools including Dynatrace, Datadog, Arize Phoenix, LangSmith, and Langfuse. You can easily add custom attributes and business metadata to your agent traces, making observability directly relevant to business outcomes and decision-making.

1/Maintain quality and trust: Get a comprehensive, end to end view of agent behavior, seeing detailed reasoning, inputs, outputs, and tool usage. Accelerate debugging and quality audits with comprehensive visibility into agent workflows, applications, and infrastructure. Enable swift issue detection and root cause identification to aid in agentic application debugging, helping teams maintain the quality and trustworthiness of their AI-powered systems.

2/Accelerate time to market: Real-time dashboards powered by Amazon CloudWatch save developers time with a single-pane-of-glass view into agents' operational health, without the need to manually stitch together data from multiple sources. This helps teams quickly detect issues, assess performance trends, and take timely corrective actions. Minimal observability infrastructure setup enables faster time to market into production environments. Easily add custom attributes and business metadata to your agent traces, making observability directly relevant to business outcomes and decision-making.

3/Integrate with the observability tool of your choice: AgentCore emits telemetry data in standardized OpenTelemetry (OTEL)-compatible format, enabling developers to easily integrate logs, metrics, and traces with their existing monitoring and observability tools such as CloudWatch, Datadog, Arize Phoenix, LangSmith, and Langfuse. Service-vended spans help support enhanced scrutiny and deep dive analysis, providing comprehensive observability data.

The AgentCore SDK is a developer toolkit that allows you to build, configure, and deploy agents using Amazon Bedrock AgentCore services with your preferred agent framework (e.g. Strands, LangGraph, CrewAI, or custom). It supports defining agent behavior, memory (both short-term per session and long-term shared memory), built-in tools like code interpreter and browser, tool server connections via the AgentCore Gateway, observability, and full identity/authentication controls. You access the SDK via your AWS account (installing the Python SDK or using the AgentCore starter toolkit), and use AWS IAM / AgentCore Identity for inbound auth, standard protocols / API access for outbound auth and tool integrations.

The open-source AgentCore MCP Server enables natural language development workflows between Agentic IDEs like Kiro and AI coding assistants (Claude Code, GitHub Copilot, and Q Developer CLI) and AgentCore services. It converts your natural language instructions and existing code to work seamlessly with AgentCore services, enabling you to get started faster with AgentCore. You can install the MCP Server with a single command and use it through your preferred AI coding assistant to perform tasks from code transformation to agent deployment, while the MCP Server automatically manages AgentCore configurations and dependencies in the background.    

AgentCore offers flexible, consumption-based pricing with no upfront commitments or minimum fees. Each service—Runtime, Gateway, Identity, Memory, Observability, Browser Tool, and Code Interpreter—can be used independently or together, and you pay only for what you use. This modular approach allows you to start small and scale as your agent applications grow. For more information visit the AgentCore pricing page.

The SLA for Amazon Bedrock applies to AgentCore. For more information, visit the Amazon Bedrock Service Level Agreement.