Amazon Bedrock AgentCore (Preview) FAQs

AgentCore enables developers to accelerate AI agents into production with the scale, reliability, and security, critical to real-world deployment. AgentCore provides services and tools to make agents more effective and capable, purpose-built infrastructure to securely scale agents, and controls to operate trustworthy agents. AgentCore services and tools are composable and work with any open-source frameworks and any model, so you don’t have to choose between open-source flexibility and enterprise-grade security and reliability.

AgentCore is designed for organizations who want to move AI agents from proofs of concept built using open source or custom agent frameworks to production. It serves developers and enterprises who need robust infrastructure to support dynamic execution paths at runtime, controls to monitor behavior, powerful tools to enhance agents, and the flexibility to adapt as the landscape evolves.

AgentCore includes services and tools that offer unique capabilities. These include:

Runtime: A secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents and tools.

Memory: Makes it easy for developers to build context-aware agents by eliminating complex memory infrastructure management while providing full control over what the AI agent remembers.

Gateway: Provides an easy and secure way for developers to build, deploy, discover, and connect to tools at scale.

Browser tool: Provides a fast, secure, cloud-based browser runtime to enable AI agents to interact with websites at scale.

Code Interpreter: Enables AI agents to write and execute code securely in sandbox environments, enhancing their accuracy and expanding their ability to solve complex end-to-end tasks.

Identity: Enables AI agents to securely access tools and services with robust access controls, while streamlining agent development and user experience.

Observability: Gives developers complete visibility into agent workflows to trace, debug, and monitor AI agents' performance in production environments.

AgentCore works with custom frameworks and popular open-source frameworks like CrewAI, LangGraph, Strands Agents, LlamaIndex, and custom frameworks.

AgentCore supports Model Context Protocol (MCP) with Agent 2 Agent protocol support coming soon. While MCP has market momentum with OpenAI and Microsoft adoption, offering stateless, stateful, and streaming communications, webhooks, and output schema structure. AgentCore aims to make AWS the preferred platform for hosting AI agents regardless of protocols used.

AgentCore is designed to be model-agnostic, working with any foundation model in or outside of Amazon Bedrock including OpenAI, Google's Gemini, Anthropic's Claude, Amazon's Nova, Meta Llama, and Mistral models.

Strands Agents enables developers to leverage modern models' capabilities for planning, reasoning, and tool use, while seamlessly integrating with AgentCore services through a simple SDK. Developers can connect to AgentCore Gateway, configure memory stores, and deploy agents with just a few lines of code.

The preview of AgentCore is currently available in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Frankfurt).

AgentCore accelerates development by eliminating months of undifferentiated infrastructure work. With just a few lines of code, on average, it integrates with any frameworks including LangChain, Strands Agents, and CrewAI while providing services and tools including Browser tool, Code Interpreter, and Memory. Through quick deployment and automatic infrastructure provisioning, developers can focus on innovation rather than operations. AgentCore supports any opensource framework and foundation model while ensuring compatibility with open-source protocols, reducing development time from months to hours.

If you are using Amazon Bedrock Agents today, you can continue to use it. With that said, AgentCore provides enhanced capabilities that include support for any open-source framework including Strands Agents, LangChain, LangGraph, LlamaIndex, and CrewAI. It also offers flexibility to use any model of your choice, along with fine-grained control over identity, memory, and observability.

AgentCore also provides upgraded tools and infrastructure for running agents at scale including identity, customizable long-term memory, an enhanced code interpreter tool, built-in browser tool, observability, native support for Model Context Protocol for connection to thousands of tools and a runtime with industry-leading execution time, payload size, and complete session isolation.

VPC (Virtual Private Cloud) connectivity allows secure access to resources within a customer's private network environment. AgentCore services plan to integrate with VPC to ensure secure communication between agents and internal resources.

AgentCore Runtime is a secure, serverless runtime purpose- built for deploying and scaling dynamic AI agents and tools using any open-source framework including CrewAI, LangGraph, and Strands Agents, any protocol, and any model. Developers can securely and reliably run any type of agent including multi-modal, real-time, or long-running agents. Runtime is highly reliable with checkpointing and recovery capabilities to ensure graceful recovery in case of unexpected interruptions and failures, and it can scale up to thousands of agent sessions in seconds so developers don’t have to worry about managing infrastructure and only pay for actual usage. Help protect sensitive data with complete session isolation with dedicated execution environments for each user interaction. AgentCore Runtime also seamlessly integrates with the leading identity providers such as Amazon Cognito, Microsoft Entra ID, and Okta, as well as popular OAuth providers such as Google and GitHub. It also supports all authentication methods, from OAuth tokens and API keys to IAM roles, so developers don't have to build custom security infrastructure.

1/Serverless browser infrastructure: Deploy and host any AI agent or tool using your preferred open-source frameworks, models, and tools without needing to manage any infrastructure, speeding up deployment and freeing developers to focus on building innovative agents.

2/Seamlessly scale from real-time to multi-hour agentic workloads: AgentCore Runtime supports both interactive experiences with low latency and complex asynchronous workloads running up to 8 hours along with payloads across any modality. AgentCore Runtime automatically handles scaling from zero to millions of concurrent sessions, eliminating capacity planning and infrastructure maintenance.

3/Secure workloads with enterprise-grade isolation and identity controls: Protect sensitive data with complete session isolation that provides dedicated compute environments for each user interaction. AgentCore Runtime also seamlessly integrates with your existing identity providers (Amazon Cognito, Okta, and Microsoft Entra ID) to limit who can authenticate in your agent, and manages credentials for downstream services like Salesforce, Github, and Stripe—delivering security without development overhead.

AI agents need tools to perform real-world tasks—from querying databases to sending messages to analyzing documents. With Amazon Bedrock AgentCore Gateway, developers can convert APIs, Lambda functions, and existing services into MCP-compatible tools and make them available to agents through Gateway endpoints with just a few lines of code. Gateway supports OpenAPI, Smithy, and AWS Lambda as input types, and is the only solution that provides both comprehensive ingress authentication and egress authentication in a fully-managed service. Gateway also provides 1-click integration with several popular tools such as Salesforce, Slack, Jira, Asana, and Zendesk. Gateway eliminates weeks of custom code development, infrastructure provisioning, and security implementation so developers can focus on building innovative agent applications.

1/Simplify tool development and integration: Transform existing enterprise resources into agent-ready tools in just a few lines of code. Instead of spending months writing custom integration code and managing infrastructure, developers can focus on building differentiated agent capabilities while AgentCore Gateway handles the undifferentiated heavy lifting of tool management and security at enterprise scale.

2/Accelerate agent development through unified access: Enable your agents to discover and use tools through a single, secure endpoint. By combining multiple tool sources—from APIs to Lambda functions—into one unified interface, developers can build and scale agent workflows faster without managing multiple tool connections or reimplementing integrations.

3/Scale with confidence through intelligent tool discovery: As your tool collection grows, help your agents find and use the right tools through contextual search. Built-in semantic search capabilities help agents can effectively utilize available tools based on their task context, improving agent performance and reducing development complexity at scale.

AgentCore Gateway includes built-in semantic search to help agents identify the most relevant tools for their tasks, and supports metadata-based filtering to manage tool access based on criteria like risk levels, improving agent efficiency and security.

AgentCore Gateway enables developers to bring a wide range of tools through a unified interface. These include AWS services (S3, DynamoDB, Aurora, Redshift, Lambda), first-party tools (Browser tool, Code Interpreter), and third-party services. Developers can also integrate custom tools using API specifications, function code, MCP servers, OpenAPI, Smithy, Lambda functions, or containerized solutions via ECR images.

AgentCore Gateway provides multiple authentication methods including IAM-based, OAuth 2.1, and API keys. It offers secure credential exchange mechanisms between different identity providers. Through integration with AgentCore Observability, customers gain detailed visibility into authentication events, tool invocations, and access patterns. The Gateway also supports web application firewall capabilities with configurable web ACLs to filter malicious requests. For more details here is the link to AgentCore Gateway documentation.

AgentCore Gateway works with AgentCore Runtime for secure tool execution, AgentCore Identity for authentication and authorization, and AgentCore Observability for comprehensive metrics and audit logs. The Gateway enables integration with AWS Marketplace for deployment. Through these integrations, developers can access a wide range of tools and services through a unified interface while maintaining enterprise-grade security and monitoring capabilities.

AgentCore Memory makes it easy for developers to build contextually-aware agents. It enables agents to maintain both short-term memory for multi-turn conversations and long-term memory that persists across sessions, with the ability to share memory stores across collaborating agents. The service offers unique flexibility through pre-defined memory manager recipes and memory creation specifications, allowing developers to define exactly what information should be captured and stored. With managed infrastructure that handles vector embeddings and memory consolidation along with enterprise features like observability, AgentCore Memory eliminates infrastructure management.

1/Eliminates infrastructure management: AgentCore Memory eliminates the need for developers to manage complex memory infrastructure. Developers can store and retrieve memories with just a few lines of code while AgentCore automatically handles vector embeddings, storage, and memory consolidation behind the scenes.

2/Enterprise-grade: AgentCore Memory provides developers enterprise-ready capabilities including built-in observability for tracking memory operations, and namespace organization for precise memory isolation and sharing across different application contexts.

3/Deep customization: AgentCore Memory provides developers with the option to use pre- defined policies to maintain user preferences and conversation history across sessions, or create custom extraction logic using their preferred LLM models and prompts to capture exactly what matters for their use case.

AgentCore Code Interpreter tool enables AI agents to write and execute code securely in sandbox environments, enhancing their accuracy and expanding their ability to solve complex end-to-end tasks. Code Interpreter comes with pre-built runtimes for multiple languages and advanced features, including large file support and internet access. Developers can customize session properties to meet security requirements. Code Interpreter reduces manual intervention through automated infrastructure management, pre-built runtimes, and integrated security controls, while enabling sophisticated AI development without compromising security or performance.

1/Execute code securely: Develop agents that can perform complex workflows and data analysis in isolated sandbox environments, while accessing internal data sources without exposing sensitive data or compromising security.

2/Large-scale data processing: When working with large datasets, developers can easily reference files stored in Amazon S3, enabling efficient processing of gigabyte-scale data without API limitations.

3/Ease of use: Provides a fully managed default mode with pre-built execution runtimes that support popular programming languages like JavaScript, TypeScript, and Python with common libraries pre-installed.

AgentCore Browser tool provides a fast, secure, cloud-based browser to enable AI agents to interact with websites at scale. It includes enterprise-grade security features including VM-level isolation. The tool offers built-in observability via live viewing, CloudTrail logging, and session replay to easily troubleshoot, maintain quality, and support compliance. With automatic scaling, AgentCore Browser tool eliminates infrastructure overhead while helping to maintain rigorous security and compliance standards.

1/Serverless Browser Infrastructure: Provides AI agents with a fast, fully-managed browser that automatically scales without infrastructure overhead.

2/Enterprise-grade security: Browser tool provides extensive security through VM-level isolated sandboxes, and robust audit capabilities, complemented by advanced features like session-level isolation.

3/Enterprise observability: Easily troubleshoot issues, maintain quality control, and ensure compliance, with real-time visibility and complete recorded history of all browser interactions, whether performed by agents or humans.

AgentCore Identity is a secure, scalable agent identity and access management service that accelerates AI agent development by lowering custom development efforts typically needed for building security infrastructure. You can use your existing identity providers such as Amazon Cognito, Microsoft Entra ID, or Okta without having to migrate users or rebuild authentication flows. With just-enough access and secure permission delegation supported by AgentCore Identity, you can enable your agents to seamlessly and securely access AWS resources and third-party tools and services including GitHub, Google, Salesforce, and Slack. You can allow agents to perform actions on AWS resources or third-party services, on behalf of users or by themselves with pre-authorized user consent. Furthermore, you can minimize consent fatigue with a secure token vault and build streamlined AI agent experiences.

1/ Secure, delegated access for AI agents
Amazon Bedrock AgentCore Identity allows your AI agents to securely access AWS resources and third-party tools and services such as GitHub, Google, Salesforce, and Slack by providing robust access controls with just-enough access and secure permissions delegation.

2/ Accelerate AI agent development
AgentCore Identity lowers custom development efforts you typically need for building security infrastructure and simplifies your agent identity and access management. With standards-based authentication, you can use your existing identity systems such as Amazon Cognito, Microsoft Entra ID, or Okta without migrating users or rebuilding authentication flows, saving you development time.

3/ Build streamlined AI agent experiences
AgentCore Identity reduces the need for repeated authorization prompts to grant consent per agent and helps to minimize consent fatigue with a secure token vault that stores users' tokens and allows agents to retrieve them securely. It streamlines authentication flows and delivers a simpler user experience for all your agent-powered interactions while maintaining robust access controls.

AgentCore Identity implements a secure token vault that stores users' tokens and allows agents to retrieve them securely. For OAuth 2.0 compatible tools and services, when a user first grants consent for an agent to act on their behalf, AgentCore Identity collects and stores the user's tokens issued by the tool in its vault, along with securely storing the agent's OAuth client credentials. Agents, operating with their own distinct identity and when invoked by the user, can then access these tokens as needed, reducing the need for frequent user consent. When the user token expires, AgentCore Identity triggers a new authorization prompt to the user for the agent to obtain updated user tokens. For tools that use API keys, AgentCore Identity also stores these keys securely and provides agents with controlled access to retrieve them when needed. This secure storage streamlines the user experience while maintaining robust access controls, enabling agents to operate effectively across various tools and services.

AgentCore Observability helps developers trace, debug, and monitor agent performance in production environments. It offers detailed visualizations of each step in the agent workflow, enabling developers to inspect an agent's execution path, audit intermediate outputs, and debug performance bottlenecks and failures. AgentCore Observability gives developers real-time visibility into agent operational performance through dashboards powered by Amazon CloudWatch and telemetry for key metrics such as session count, latency, duration, token usage, and error rates. Rich metadata tagging and filtering simplify issue investigation and quality maintenance at scale. It emits telemetry data in standardized OpenTelemetry (OTEL)-compatible format, enabling customers to easily integrate it with their existing monitoring and observability stack.

1/Maintain quality and trust: Get a comprehensive, end to end view of agent behavior, seeing detailed reasoning, inputs, outputs, and tool usage. Accelerate debugging and quality audits with comprehensive visibility into agent workflows.

2/Accelerate time to market: Dashboards powered by Amazon CloudWatch save developers time with a single-pane-of-glass view into agents' operational health, without the need to manually stitch together data from multiple sources. This helps teams quickly detect issues, assess performance trends, and take timely corrective actions.

3/Integrate with the observability tool of your choice: AgentCore emits telemetry data in standardized OpenTelemetry (OTEL)-compatible format, enabling customers to easily integrate logs, metrics, and traces with their existing monitoring and observability tools such as CloudWatch, Datadog, Arize Phoenix, LangSmith, and Langfuse.

AgentCore SDK enables developers to get access to AgentCore services from your agent framework or IDE. AgentCore SDK is composed of a development toolkit that enables developers to build and manage AI agents with tools for memory management, tool server connections, security configurations, and observability. It can be accessed through an AWS account and supports various authentication methods including IAM-based, OAuth 2.1, and API keys.

AgentCore offers flexible, consumption-based pricing with no upfront commitments or minimum fees. Each service—Runtime, Tools (Browser, Code Interpreter), Gateway, Identity, Memory, and Observability—can be used independently or together, and you pay only for what you use. This modular approach allows you to start small and scale as your AI agent applications grow. You can try the AgentCore services in preview without charge until September 16, 2025. Billing begins September 17, 2025, based on the pricing details specified on this page. Pricing details are subject to change.

We have set up an AgentCore Discord for preview customers. You can join here: https://discord.gg/bedrockagentcore-preview