Amazon Bedrock AgentCore is an agentic platform to build, deploy and operate highly capable agents securely at scale. AgentCore lets you build agents faster, enable agents to take actions across tools and data, run agents securely with low-latency and extended runtimes, and monitor agents in production - all without any infrastructure management. AgentCore helps developers to accelerate agents into production with the scale, reliability, and security critical to real-world deployment. Its services are composable and work with any open-source framework and any model, so you don’t have to choose between open-source flexibility and enterprise-grade security and reliability.

AgentCore is designed for organizations who want to move agents from proofs of concept built using open-source or custom agent frameworks to production. It serves developers and enterprises who need robust infrastructure to support dynamic execution paths at runtime, controls to monitor behavior, powerful tools to enhance agents, and the flexibility to adapt as the landscape evolves.

AgentCore consists of 9 services and capabilities:

Runtime: Provides a secure, serverless environment purpose-built for deploying and scaling dynamic agents and tools.

Memory: Enables developers to build context-aware agents by eliminating complex memory infrastructure management while providing full control over agent memory.

Gateway: Offers an easy and secure way for agents to access tools by transforming APIs and Lambda functions into agent-compatible tools and connecting to existing MCP servers.

Browser: Provides a fast, secure, cloud-based browser runtime to enable agents to interact with websites.

Code Interpreter: Enables agents to write and execute code securely in sandbox environments, enhancing their accuracy and expanding their ability to solve complex end-to-end tasks.

Identity: Allows agents to securely access and operate across AWS resources or third-party tools and services, on behalf of users or by themselves.

Observability: Gives developers complete visibility into agent workflows to trace, debug, and monitor agents' performance.

Evaluations (Preview): Helps teams improve agent quality through continuous performance monitoring and real-time quality scoring

Policy (Preview): Gives you comprehensive control over actions agents take, helping agents to stay within defined boundaries without slowing down

AgentCore works with custom frameworks and any open-source framework, including CrewAI, LangGraph, LlamaIndex, Google ADK, OpenAI Agents SDK, and Strands Agents.

AgentCore supports Model Context Protocol (MCP) and Agent to Agent Protocol (A2A). A2A support is currently available in AgentCore Runtime, with broader A2A support across other AgentCore services coming soon. By supporting these emerging standards, AgentCore aims to be the preferred choice for hosting agents regardless of the protocols used.

AgentCore is designed to be model-agnostic, working with any foundation model in or outside of Amazon Bedrock including OpenAI, Google's Gemini, Anthropic's Claude, Amazon Nova, Meta Llama, and Mistral models.

Strands Agents enables developers to leverage modern models' capabilities for planning, reasoning, and tool use, while seamlessly integrating with AgentCore services through a simple SDK. Developers can connect to AgentCore Gateway, configure memory stores, and deploy agents with just a few lines of code.

AgentCore is available in nine AWS Regions: Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Dublin), Europe (Frankfurt), US East (N. Virginia), US East (Ohio), and US West (Oregon). This expanded regional coverage allows customers to deploy closer to their users and data, improving performance and helping to meet data residency requirements across geographical locations.

AgentCore accelerates development by eliminating months of infrastructure work. With just a few lines of code, it integrates with any framework - including LangChain, Strands Agents, and CrewAI - and model, while providing numerous services and capabilities (Runtime, Memory, Gateway, Browser, Code Interpreter, Identity, Observability, Evaluations and Policy) that help you build, deploy, and operate your agents in production. AgentCore is fully managed and scales automatically as you go, so developers can focus on innovation while AgentCore handles all the underlying infrastructure, reducing development time from months to hours.

If you are using Amazon Bedrock Agents today, you can continue to do so. With that said, AgentCore is an agentic platform that provides enhanced capabilities including support for any open-source framework including Strands Agents, LangChain, LangGraph, LlamaIndex, and CrewAI and the flexibility to use any foundation model of your choice, whether in or outside of Amazon Bedrock. AgentCore delivers enterprise-grade capabilities with Model Context Protocol (MCP) support for standardized tool access, Virtual Private Cloud (VPC) connectivity for secure network access, and Agent-to-Agent (A2A) support for inter-agent communication.

AgentCore services and capabilities consist of Runtime for secure serverless deployment, Memory for customizable context retention, Gateway for seamless tool integration, Browser and Code Interpreter for enhanced agent capabilities, Identity for access control, Policy for comprehensive control over agent actions, Observability for comprehensive monitoring, and Evaluations for continuous quality monitoring. These services work together to help you move agents from prototype to production with the scale, reliability, and security critical for real-world deployment.

Yes, AgentCore offers VPC connectivity across all its services - Runtime, Memory, Gateway, Browser tool, Code Interpreter, Identity, and Observability. This allows secure access to resources within your private network environment. You can configure each AgentCore service to integrate with your VPC to ensure secure communication between agents and your internal resources.

AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents using any open-source framework (such as CrewAI, LangGraph, LlamaIndex, Google ADK, OpenAI Agents SDK, or Strands Agents), any protocol (such as MCP or A2A), and any model (such as Amazon Nova, OpenAI, or Gemini). Deploy your agents in seconds with direct code upload or choose container deployment for advanced configurations and maximum flexibility.

Runtime supports different agent use cases including multimodal and multi-agent workflows through A2A protocol support, enabling sophisticated agent-to-agent interactions. The bi-directional streaming feature enables natural conversations where agents listen and respond simultaneously while handling interruptions and context changes mid-conversation—particularly powerful for voice agents, while also improving text-based interactions.

AgentCore Runtime automatically scales from zero to thousands of concurrent sessions without any infrastructure management. It provides enterprise-grade security with complete session isolation that creates dedicated compute environments for each user interaction, helping to data leaks between different agent sessions and to protect sensitive information across concurrent agent operations. It also offers VPC connectivity that enables secure access to your internal resources within your private network environment, allowing agents to interact with enterprise systems while helping to maintain network security boundaries. 

1/Accelerate time to market: Deploy and host any AI agent or tool using your preferred open-source frameworks, models, and tools without infrastructure overhead. Choose between container-based deployment for advanced use cases or direct code-zip upload for deployment in seconds. Build sophisticated agent-to-agent and agent-to-tool interactions with native MCP and A2A protocol support, speeding up deployment and freeing you to focus on building innovative agents.

2/Seamlessly scale real-time to multi-hour agentic workloads: AgentCore Runtime supports both interactive experiences with low latency and bi-directional streaming for real-time, two-way conversations, and complex asynchronous workloads running up to 8 hours along across any modality. Bi-directional streaming enables natural conversations where agents listen and respond simultaneously while handling interruptions and context changes mid-conversation—particularly powerful for voice agent use cases that deliver conversational experiences customers want to engage with, while also improving text-based interactions through more responsive, adaptive conversations. AgentCore Runtime automatically handles scaling from zero to thousands of concurrent sessions, eliminating capacity planning and infrastructure maintenance.

3/ Deploy with enterprise-grade security and compliance: Help protect sensitive data with true session isolation that provides dedicated compute environments for each user interaction along with VPC and PrivateLink support. AgentCore Runtime also seamlessly integrates with your existing identity providers such as Amazon Cognito, Microsoft Entra ID, and Okta to limit who can authenticate in your agent, and manages credentials for downstream services like Salesforce, Github and Stripe—delivering security without development overhead.

4/ Pay only for active resource consumption: Unlike traditional compute services that charge for pre-allocated resources, AgentCore Runtime uses consumption-based pricing where you only pay for active CPU and memory usage. This can deliver substantial cost savings for agentic workloads, which typically spend 30-70% of time in I/O (input/output) wait periods for LLM responses, tool calls, or database queries. With AgentCore Runtime, I/O wait and idle time is free—you're only charged for actual resource consumption calculated at per-second increments, with CPU charges based on actual usage and memory charges based on peak consumption.

Amazon Bedrock AgentCore Gateway enables agents to easily discover and securely connect with tools through a unified endpoint. It transforms APIs and Lambda functions into agent-compatible tools and connects to existing MCP servers, secured by native IAM enforcement and OAuth integration. Gateway eliminates weeks of custom integration work, accelerating innovative agent application development. It provides 1-click integration with popular tools like Salesforce, Slack, Jira, Asana, and Zendesk. By handling complex tool management and security at enterprise scale, Gateway eliminates weeks of custom integration work so developers can focus on building innovative agent applications.

1/Accelerate agent development through unified access: Combine multiple tool sources—from APIs to Lambda functions to MCP servers—into one unified endpoint. This single, secure endpoint with native IAM enforcement and OAuth integration enables your agents to discover and use tools effortlessly so developers can build and scale agent workflows faster without managing multiple tool connections or reimplementing integrations.

2/Simplify tool development and integration: Transform existing enterprise resources into agent-ready tools in just a few lines of code and seamlessly connect to existing MCP servers and popular tools like Salesforce, Slack, Jira, Asana, and Zendesk. AgentCore Gateway handles the complex tasks of tool management and security at enterprise scale, freeing developers to focus on building differentiated agent capabilities.

3/Scale with confidence through intelligent tool discovery: As your tool collection grows, help your agents find and use the right tools through contextual search. Built-in semantic search capabilities help agents effectively utilize available tools based on their task context, improving agent performance and reducing development complexity at scale.

AgentCore Gateway includes built-in semantic search to help agents identify the most relevant tools for their tasks, and supports metadata-based filtering to manage tool access based on criteria like risk levels, improving agent efficiency and security. 

AgentCore Gateway enables developers to bring a wide range of tools through a unified interface. These include AWS services (S3, DynamoDB, Aurora, Redshift, Lambda), and third-party services. Developers can also integrate custom tools using API specifications, function code, MCP servers, OpenAPI, Smithy, Lambda functions, or containerized solutions via ECR images.

AgentCore Gateway provides multiple authentication methods including IAM-based, OAuth 2.1, and API keys. It offers secure credential exchange mechanisms between different identity providers. Through integration with AgentCore Observability, customers gain detailed visibility into authentication events, tool invocations, and access patterns. AgentCore Gateway also supports web application firewall capabilities with configurable web ACLs to filter malicious requests. For more details see AgentCore Gateway documentation.

AgentCore Gateway works with AgentCore Runtime for secure tool execution, AgentCore Identity for authentication and authorization, and AgentCore Observability for comprehensive metrics and audit logs. AWS Partner tools procured through AWS Marketplace can be automatically imported into AgentCore Gateway. Through these integrations, developers can access a wide range of tools and services through a unified interface while maintaining enterprise-grade security and monitoring capabilities.

Policy in Amazon Bedrock AgentCore helps you keep agents in bounds. Policy integrates with AgentCore Gateway to intercept every tool call in real time, helping ensure agents stay within defined boundaries without slowing them down. Teams can define which tools and data agents can access—whether they're APIs, Lambda functions, MCP servers, or popular third-party services like Salesforce and Slack—what actions they can perform, and under what conditions.

Traditional fine-grained authorization approaches place the burden on developers to remember every call site, reason about complex agent flows, and trust that unexpected behavior won't bypass critical checks. Policy removes that burden by enforcing rules outside the agent's execution boundary, rather than relying on developers to embed authorization logic inside prompts, wrappers, or orchestration code. Every tool call is evaluated at the Gateway and enforced consistently regardless of how the agent is implemented, providing stronger enforcement because policies continue to apply even if prompts change, wrapper code drifts, or the agent behaves unpredictably. You can easily create policies using natural language that converts to Cedar—AWS's open-source policy language for fine-grained permissions— or author rules directly in Cedar, making it simple for development, security, and compliance teams to set-up, understand, and audit rules without writing custom code. Teams define clear policies once and apply them automatically across all tools, actions, and sessions, delivering a level of consistency and safety that code-embedded authorization cannot match while working at the speed agents need to act. 

1/ Keep agents within defined boundaries: Policy integrates with AgentCore Gateway to intercept every tool call before execution, making sure it adheres to policies around what tools and data agents can access, what actions they perform, and under what conditions.

2/ Enforce policies without slowing down your agents: Policy evaluation occurs in real-time without adding friction, processing thousands of requests per second while maintaining the operational speed agents need to act effectively.

3/ Simplify policy creation and management: Easily create policies using natural language that automatically converts to Cedar's (AWS's open-source policy language for fine-grained permissions) structured format, making it simple for development, security, and compliance teams to set-up, understand, and audit rules without writing custom code. Teams can define clear boundaries once and apply them consistently across their organization.

Natural language-based policy authoring provides a more accessible and user-friendly way for customers to create fine-grained policies by allowing them to describe rules in plain English instead of writing formal policy code. The system interprets what the user intends, generates candidate policies, validates them against the tool schema, and uses automated reasoning to check safety conditions—such as identifying policies that are overly permissive, overly restrictive, or contain conditions that can never be satisfied. This ensures customers catch these issues before enforcing policies.

Unlike generic LLM translations, this feature understands the structure of your tools and generates policies that are both syntactically correct and semantically aligned with your intent, while flagging rules that cannot be enforced. It's also available as an MCP server, enabling developers to author and validate policies directly in their preferred IDE or coding assistant as part of their normal development workflow. This lets teams move from "I know the rule I want" to production-ready policy code in minutes, reducing onboarding time and helping non-experts write high-quality authorization rules without needing Cedar expertise.

Policy in AgentCore integrates with AgentCore Gateway to provide real-time policy enforcement across all agent interactions. It works alongside AgentCore Identity for authentication and authorization, and AgentCore Observability for comprehensive audit logs and monitoring. Policy operates independently of the agent framework or model being used, providing consistent controls across your agent ecosystem.

Amazon Bedrock Guardrails operates at the model level, filtering what models and agents say to ensure safe, compliant communication—such as preventing inappropriate responses or guiding tone. Policy, by contrast, governs what agents do. It evaluates and authorizes every action an agent attempts—whether calling a tool, accessing a data source, or interacting with another agent—before execution. Guardrails manage expression; Policy manages action. Together, they form a layered approach that gives organizations confidence their agents behave safely, predictably, and in alignment with organizational standards.

AgentCore Memory makes it easy for developers to build context-aware agents using any open-source framework. Memory provides industry-leading accuracy along with support for both short-term memory for multi-turn conversations and long-term memory that persists across sessions, with the ability to not only share memory stores across agents but also learn from experiences. The service offers unique flexibility, allowing developers to create custom extraction logic using their preferred models and prompts to capture exactly what matters for their use case. With managed infrastructure that handles vector embeddings, memory consolidation, and reflection, along with enterprise features like observability, developers can focus on building intelligent agents rather than managing memory systems.

1/ Eliminates infrastructure management: Developers can store and retrieve memories with just a few lines of code while AgentCore automatically handles vector embeddings, storage, memory consolidation, and reflection behind the scenes, enabling agents to share knowledge and learn from experiences over time.

2/ Enterprise-grade security: AgentCore Memory provides encrypted, namespaces-based storage to allow the developer to segment memory based on their preferred taxonomy such as by user, project, or business unit, keeping data isolated and easy to retrieve within secure VPC environments.

3/Deep customization: AgentCore Memory provides industry-leading accuracy with support for both short-term memory and long-term memory. Developers have the option to use pre-defined strategies to extract user preferences, facts, and experiences across sessions, or create custom extraction logic using their preferred large language models and prompts to capture exactly what matters for their use case. 

AgentCore Code Interpreter enables agents to write and execute code securely in sandbox environments, enhancing their accuracy and expanding their ability to solve complex end-to-end tasks. Code Interpreter comes with pre-built runtimes for multiple languages and advanced features, including large file support and internet access. Developers can customize environments with specific instance types and session properties to meet security requirements. Code Interpreter reduces manual intervention while enabling sophisticated AI development without compromising security or performance.

1/Execute code securely: Develop agents that can perform complex workflows and data analysis in isolated sandbox environments with VPC support, while accessing internal data sources without exposing sensitive data or compromising security.

2/Large-scale data processing: When working with large datasets, developers can easily reference files stored in Amazon S3, enabling efficient processing of gigabyte-scale data without API limitations.

3/Ease of use: Provides a fully managed default mode with pre-built execution runtimes that support popular programming languages like JavaScript, TypeScript, and Python with common libraries pre-installed.

AgentCore Browser provides a fast, secure, cloud-based browser runtime that enables agents to interact with websites and carry out web-based workflows at scale with reduced CAPTCHA interruptions. It includes enterprise-grade security features including VM-level isolation and federated identity integration. It offers observability via live viewing, AWS CloudTrail logging, session replay to easily troubleshoot, maintained quality, and compliance support. With automatic scaling, AgentCore Browser eliminates infrastructure overhead while helping to maintain rigorous security and compliance standards.

1/Serverless browser infrastructure: Provides agents with a fast, fully-managed browser that automatically scales without infrastructure overhead.

2/Enterprise-grade security: Browser provides extensive security through VM-level isolated sandboxes with VPC support and robust audit capabilities. Browser is also complemented by advanced features like session-level isolation and automated CAPTCHA handling.

3/Enterprise observability: Easily troubleshoot issues, maintain quality control, and ensure compliance, with real-time visibility and complete recorded history of all browser interactions, whether performed by agents or humans.

Amazon Bedrock AgentCore Identity enables your agents to seamlessly and securely operate across OAuth-enabled services (such as Slack, Salesforce, and GitHub), API key protected resources, and AWS resources on behalf of the users or by themselves, with scoped access controls, secure permissions delegation, and identity-aware authorization. The AgentCore Identity authorizer accelerates agent development with the ability to use your existing identity providers such as Amazon Cognito, Microsoft Entra ID, or Okta eliminating the need for migrating users or rebuilding authentication flows. AgentCore Identity provides a secure token vault that stores your resource provider credentials and access tokens, simplifying how your agent obtains and uses credentials while accessing non-AWS resources. AgentCore Identity supports common OAuth permission grants such as 2LO (client credentials grant) and 3LO (authorization code grant) across Runtime and Gateway helping with seamless authentication flows and reducing repeated authorization prompts for end-users across all agent-powered interactions.

1/ Secure, delegated access for agents

AgentCore Identity allows your agents to securely access AWS resources and third-party tools and services with scoped access controls and secure permissions delegation. Identity-aware authorization ensures agents get only the right access through dynamic decisions based on the user’s identity context, delivering enhanced security controls.

2/ Accelerate agent development

AgentCore Identity accelerates secure enterprise-ready agent development by lowering the development efforts you typically need for building custom identity infrastructure. It provides the ability to use your existing identity providers such as Amazon Cognito, Microsoft Entra ID, or Okta. This eliminates the need for migrating or duplicating identities to use AgentCore. AgentCore Identity provides managed OAuth workflow grants such as client credential, authorization code, or refresh token to reduce development time building authentication flows.


3/ Simplify authentication across enterprise services

AgentCore Identity offers native support for OAuth-enabled services such as Slack, Salesforce, and GitHub, simplifying implementation of custom OAuth flows or token handling. Your agents can seamlessly and securely operate across enterprise applications and AWS resources, on behalf of users or by themselves with pre-authorized user consent. Custom claims support enables you to implement precise authentication rules across multi-tenant environments while maintaining seamless integration with your chosen identity providers.


4/ Build streamlined agent authentication experience

AgentCore Identity offers streamlined end-user and agent builder experiences across all agent-powered interactions. The 3LO auth workflow handles tokens securely in the backend while the token vault minimizes consent fatigue, creating a frictionless experience for accessing downstream resources. This unified approach simplifies authentication flows, while maintaining robust security.

AgentCore Identity implements a secure token vault that stores users' resource provider credentials and tokens, allowing agents to retrieve them securely. For OAuth 2.0 compatible tools and services, when a user first grants consent for an agent to act on their behalf, AgentCore Identity collects and stores the user's tokens issued by the tool in its vault, along with securely storing the agent's OAuth client credentials. Agents, operating with their own distinct identity and when invoked by the user, can then access these tokens as needed, reducing the need for frequent user consent. When the user token expires, AgentCore Identity uses the refresh token to obtain a new access token, or triggers a new authorization prompt to the user to obtain updated user tokens. For tools that use API keys, AgentCore Identity also stores these keys securely and provides agents with controlled access to retrieve them when needed. This secure storage streamlines the user experience while maintaining robust access controls, enabling agents to operate effectively across various tools and services.

Amazon Bedrock AgentCore Observability is a managed service that helps developers trace, debug, and monitor agent performance in production environments with any framework or model. Available across all AgentCore services, it offers detailed visualizations of each step in the agent workflow, enabling developers to inspect execution paths, audit intermediate outputs, and debug performance bottlenecks. Powered by Amazon CloudWatch, AgentCore Observability provides real-time visibility into operational performance through Amazon CloudWatch dashboards and telemetry for key metrics such as traces, session count, latency, duration, token usage, and error rates. Rich metadata tagging and filtering simplify issue investigation, while OpenTelemetry (OTEL)-compatible telemetry enables integration with existing monitoring tools including Arize Phoenix, Amazon CloudWatch, Braintrust, Dynatrace, Datadog, Langfuse, LangSmith, and many more. You can easily add custom attributes and business metadata to your agent traces, making observability directly relevant to business outcomes and decision-making.

1/Maintain quality and trust: Get a comprehensive, end to end view of agent behavior, seeing detailed reasoning, inputs, outputs, and tool usage. Accelerate debugging and quality audits with comprehensive visibility into agent workflows, applications, and infrastructure. Enable swift issue detection and root cause identification to aid in agentic application debugging, helping teams maintain the quality and trustworthiness of their AI-powered systems.

2/Accelerate time to market: Real-time dashboards powered by Amazon CloudWatch save developers time with a single-pane-of-glass view into agents' operational health, without the need to manually stitch together data from multiple sources. This helps teams quickly detect issues, assess performance trends, and take timely corrective actions. Minimal observability infrastructure setup enables faster time to market into production environments. Easily add custom attributes and business metadata to your agent traces, making observability directly relevant to business outcomes and decision-making.

3/Integrate with the observability tool of your choice: While AgentCore Observability natively works with Amazon CloudWatch, it offers OpenTelemetry (OTEL)-compatibility enables integration your existing monitoring tools such as , enabling developers to easily integrate logs, metrics, and traces with their existing monitoring and observability tools such as Arize Phoenix, Datadog, Dynatrace, LangSmith, and Langfuse. Service-vended spans help support enhanced scrutiny and deep dive analysis, providing comprehensive observability data.

AgentCore Evaluations empowers teams to deploy reliable AI agents with confidence through continuous, real-time quality monitoring. The service automatically samples and scores live interactions using 13 built-in evaluators for critical dimensions like correctness, helpfulness, and relevance, plus custom evaluators for business-specific requirements. This fully-managed service helps eliminate months of infrastructure development, making quality assessment accessible to any developer. Teams gain actionable insights to understand performance patterns and can proactively optimize based on real-world user behavior for consistent agent performance at scale.

1/Continuous, real-time quality intelligence: Sample and score live interactions across 13 built-in evaluators for correctness, helpfulness, goal success rate, and more, to provide actionable insights that help teams understand performance patterns and continuously improve agent quality based on real-world user behavior.

2/Fully-managed with no infrastructure management: Built-in evaluators for 13 common quality dimensions designed to eliminate the months of effort required to build evaluation infrastructure and remove the operational complexity of managing large language model systems, making quality assessment accessible to any developer.

3/Custom business-tailored scoring: Create tailored quality assessments for your specific business requirements using custom evaluators configured with your choice of prompts and model.

AgentCore Evaluations offers 13 built-in evaluators (shown below) to help track quality metrics. Apart from that, you can also create custom evaluators for your specific business requirements with your choice of prompts and model.

1. Correctness: Evaluates whether the information in the agent's response is factually accurate
2. Faithfulness : Evaluates whether information in the response is supported by provided context/sources
3. Helpfulness: Evaluates from user's perspective how useful and valuable the agent's response is
4. Response Relevance: Evaluates whether the response appropriately addresses the user's query
5. Conciseness: Evaluates whether the response is appropriately brief without missing key information
6. Coherence: Evaluates whether the response is logically structured and coherent
7. Instruction Following: Measures how well the agent follows the provided system instructions
8. Refusal: Detects when agent evades questions or directly refuses to answer
9. Goal Success Rate: Evaluates whether the conversation successfully meets the user's goals
10. Tool Selection Accuracy: Evaluates whether the agent selected the appropriate tool for the task
11. Tool Parameter Accuracy: Evaluates how accurately the agent extracts parameters from user queries
12. Harmfulness: Evaluates whether the response contains harmful content
13. Stereotyping: Detects content that makes generalizations about individuals or groups

The AgentCore SDK is a developer toolkit that allows you to build, configure, and deploy agents using Amazon Bedrock AgentCore services with your preferred agent framework (e.g. Strands, LangGraph, CrewAI, or custom). It supports defining agent behavior, memory (both short-term per session and long-term shared memory), built-in tools like code interpreter and browser, tool server connections via the AgentCore Gateway, observability, and full identity/authentication controls. You access the SDK via your AWS account (installing the Python SDK or using the AgentCore starter toolkit), and use AWS IAM / AgentCore Identity for inbound auth, standard protocols / API access for outbound auth and tool integrations.

The open-source AgentCore MCP Server enables natural language development workflows between Agentic IDEs like Kiro and AI coding assistants (Claude Code, GitHub Copilot, and Q Developer CLI) and AgentCore services. It converts your natural language instructions and existing code to work seamlessly with AgentCore services, enabling you to get started faster with AgentCore. You can install the MCP Server with a single command and use it through your preferred AI coding assistant to perform tasks from code transformation to agent deployment, while the MCP Server automatically manages AgentCore configurations and dependencies in the background.    

AgentCore offers flexible, consumption-based pricing with no upfront commitments or minimum fees. Each service—Runtime, Gateway, Identity, Memory, Observability, Browser Tool, and Code Interpreter—can be used independently or together, and you pay only for what you use. This modular approach allows you to start small and scale as your agent applications grow. For more information visit the AgentCore pricing page.

The SLA for Amazon Bedrock applies to AgentCore. For more information, visit the Amazon Bedrock Service Level Agreement.

AWS has completed its internal assessment to validate that Amazon Bedrock AgentCore aligns with the following AWS compliance programs: BIO, C5, CISPE, CPSTIC, ENS High, FINMA, GNS, GSMA, HITRUST, IRAP, ISMAP, ISO (ISO/IEC 27001, 27017, 27018, 27701, 22301, 20000, 9001), CSA STAR, MTCS, OSPAR, PCI, Pinakes, PiTuKri, and SOC. In addition, Amazon Bedrock AgentCore is HIPAA eligible and is pursuing FedRAMP compliance. Our third-party auditors will review and test Amazon Bedrock AgentCore during the next audit cycles for these compliance programs.