Introduction: The Agent Infrastructure Problem Nobody Talks About
Building an AI agent that works on your laptop is, frankly, not that hard anymore. The proliferation of open-source frameworks — LangGraph, CrewAI, LlamaIndex, Strands Agents — has made it possible for any competent engineer to wire together a working prototype within an afternoon. The real challenge, the one that separates demos from production systems, is everything else: session management, identity controls, memory systems, observability, scaling, compliance, and security — all built before you've even started on the actual business logic.
That infrastructure tax is exactly what Amazon Bedrock AgentCore is designed to eliminate. Announced in preview at AWS Summit New York in July 2025 and reaching general availability in October 2025, AgentCore represents AWS's most comprehensive answer yet to the operational complexity of running AI agents at enterprise scale. In just five months after its preview release, the AgentCore SDK was downloaded over two million times — a figure that speaks to the demand for exactly this kind of opinionated, production-grade agent infrastructure. This post is a deep dive into what AgentCore is, why it matters, and how to use it.
What Is Amazon Bedrock AgentCore?
Amazon Bedrock AgentCore is a fully managed, modular platform for building, deploying, and operating AI agents at scale — without managing infrastructure. It is not a new AI model, nor a new agent framework. It is the production layer that sits beneath your agent code, handling the hard problems that come after the prototype.
The platform launched with seven composable services: Runtime, Gateway, Memory, Identity, Observability, Code Interpreter, and Browser. These services can be used independently or together, and they work with any open-source agent framework — CrewAI, LangGraph, LlamaIndex, Google ADK, OpenAI Agents SDK — and with any foundation model, whether hosted in Amazon Bedrock or elsewhere. That framework and model agnosticism is a deliberate design choice. As Swami Sivasubramanian, AWS VP of Agentic AI, put it at AWS Summit 2025: "It upends the way software is built. It also introduces a host of new challenges to deploying and operating it." AgentCore's job is to absorb those challenges so development teams don't have to.
The Seven Core Services: A Deep Dive
AgentCore Runtime
AgentCore Runtime is the serverless execution environment for your agents. It provides low-latency cold starts, complete session isolation between users, and — critically — support for long-running workloads of up to eight hours. Most serverless compute platforms time out after a few minutes; agents working through multi-step workflows, executing code, browsing the web, or waiting on human-in-the-loop approvals simply cannot operate in that window. The eight-hour execution window is one of Runtime's most practically significant differentiators.
With general availability in October 2025, Runtime added support for the Agent-to-Agent (A2A) protocol, enabling multi-agent architectures where orchestrator agents can delegate sub-tasks to specialist agents — all with proper identity and session management throughout the chain. The December 2025 update added bidirectional streaming, which unlocks natural voice agent experiences where both the user and the agent can speak simultaneously, with the agent adapting mid-sentence to interruptions and context changes. Runtime also supports VPC, AWS PrivateLink, and CloudFormation — a critical requirement for enterprises that cannot route agent traffic over the public internet.
AgentCore Gateway
Most agents need tools to be useful: they need to query databases, call internal APIs, send Slack messages, update Salesforce records. Wiring up each of those integrations manually is tedious, error-prone, and brittle. AgentCore Gateway solves this by acting as a managed Model Context Protocol (MCP) server that automatically converts APIs, AWS Lambda functions, and existing services into agent-ready tools with minimal code.
Gateway also handles OAuth ingress authorization and secure credential exchange for outbound calls, which means agents can authenticate to third-party services on behalf of users without developers having to build token-management infrastructure from scratch. As of December 2025, Gateway integrates with the new Policy feature, which intercepts every tool call in real time before execution, enforcing boundaries defined in Cedar — the AWS open-source policy language. Policies can be written in plain English and automatically converted to Cedar, making governance accessible to compliance and security teams who don't write code.
# Example: Deploying a Lambda function as an MCP tool via AgentCore Gateway
import boto3
client = boto3.client('bedrock-agentcore', region_name='us-east-1')
response = client.create_gateway_target(
gatewayIdentifier='my-gateway',
name='customer-lookup-tool',
description='Looks up customer records from internal CRM',
lambdaArn='arn:aws:lambda:us-east-1:123456789012:function:CustomerLookup',
authorizationConfiguration={
'type': 'IAM'
}
)
print(f"Target ARN: {response['targetArn']}")
AgentCore Memory
Stateless agents are limited agents. Without memory, every conversation starts from zero — no user preferences, no prior context, no ability to learn from past interactions. AgentCore Memory provides a fully managed memory layer that supports both short-term memory (conversation context within a session) and long-term memory (facts, preferences, and summaries that persist across sessions and can be shared between multiple agents).
The December 2025 release added episodic memory, which goes further than simple fact storage. Episodic memory captures structured episodes — context, reasoning, actions, outcomes — and a built-in reflection agent then extracts patterns from those episodes. The result is an agent that improves with experience. A travel booking agent, for example, might learn over time that a particular user frequently reschedules flights for client meetings, and start proactively suggesting flexible return options without being explicitly prompted. That kind of emergent personalization, emerging from experience rather than from hand-coded rules, is what episodic memory enables.
AgentCore Identity
As agents act on behalf of users — scheduling meetings, making purchases, accessing internal data — identity and authorization management becomes a first-class concern. AgentCore Identity provides workload identity for agents, with native integration to AWS IAM, Amazon Cognito, and third-party OAuth-enabled identity providers. It handles secure vault storage for refresh tokens and offers identity-aware authorization, so an agent's permissions can be scoped precisely to what it needs.
The December 2025 update added support for custom claims in JWT tokens, which is critical for multi-tenant environments where different users have different permission scopes. AgentCore Identity also integrates with AgentCore Gateway's Policy enforcement, creating a layered security model: first, identity verifies who is making a request; then Policy determines what they're allowed to do. This two-layer approach treats agents as autonomous actors whose decisions require verification before they can reach tools, systems, or data.
AgentCore Observability
You cannot improve what you cannot measure, and in production, AI agents fail in ways that are fundamentally different from traditional software. A bug in a CRUD API throws a deterministic error; a poorly-behaved agent may produce subtly incorrect answers, call the wrong tool, or hallucinate an action — with no stack trace to debug.
AgentCore Observability provides end-to-end tracing of agent execution, operational metrics (token usage, latency, session duration, error rates) through Amazon CloudWatch dashboards, and quality evaluations across dimensions including correctness, helpfulness, and goal success rate. Critically, it is OpenTelemetry (OTEL) compatible, which means it integrates out of the box with existing enterprise observability stacks — Datadog, Dynatrace, Arize Phoenix, LangSmith, and Langfuse. AgentCore Evaluations, launched in preview in December 2025, goes further by providing 13 built-in evaluators that continuously score live agent interactions, with support for custom model-based scoring systems for business-specific quality criteria.
AgentCore Code Interpreter and Browser
These two built-in tools extend what agents can actually do in the world. Code Interpreter provides a secure, sandboxed execution environment where agents can run Python code — useful for financial analysis, data visualization, complex calculations, or any task that benefits from programmatic execution rather than language model inference alone. Browser provides a cloud-based, headless browser runtime that lets agents interact with websites: filling forms, extracting information, navigating multi-step web workflows — all at scale, with enterprise security, and without any browser infrastructure to manage.
Getting Started: From Zero to Deployed Agent
The fastest path to a running agent on AgentCore is the Starter Toolkit, a CLI tool that handles provisioning, configuration, and deployment. Here is a minimal example using Strands Agents:
# Install the toolkit (Python 3.10+ required)
pip install bedrock-agentcore-starter-toolkit strands-agents
# my_agent.py — your agent code, any framework
from strands import Agent
from bedrock_agentcore import BedrockAgentCoreApp
app = BedrockAgentCoreApp()
agent = Agent()
@app.entrypoint
def invoke(payload):
prompt = payload.get("prompt", "")
return agent(prompt)
app.run()
# Configure and deploy — creates IAM roles, ECR repo, S3, Runtime endpoint
agentcore configure -e my_agent.py
agentcore launch
# Test your deployed agent
agentcore invoke '{"prompt": "What is the capital of France?"}'
The toolkit handles container builds via AWS CodeBuild (no local Docker required), creates all necessary IAM roles and resources, and provisions short-term and long-term memory based on your configuration choices. Deployment typically takes a few minutes.
For teams managing infrastructure as code, the toolkit also generates Terraform and CDK templates, making it straightforward to incorporate AgentCore into existing CI/CD pipelines.
Real-World Impact: What Organizations Are Building
The proof of a platform is not in its feature list but in what people build with it — and the early AgentCore production deployments are genuinely impressive.
PGA TOUR built a multi-agent content generation system on AgentCore that increases content writing speed by 1,000 percent while achieving a 95 percent reduction in costs — providing comprehensive tournament coverage for every player in the field where that would previously have been impossible to staff. Epsilon, a marketing services company, used AgentCore to automate campaign setup, reducing setup time by 30 percent, increasing personalization by 20 percent, and saving teams eight hours per week. Grupo Elfa, a Brazilian distributor, deployed AgentCore Observability for complete audit traceability of their sales agents' daily price quotes, achieving 100 percent decision traceability and reducing problem resolution time by 50 percent.
These are not pilot programs. They are production deployments, at scale, with measurable business outcomes. Workday integrated AgentCore Code Interpreter into its Planning Agent, enabling users to analyze financial data through natural language, reducing time spent on routine planning analysis by 30 percent and saving approximately 100 hours per month. S&P Global Market Intelligence deployed AgentCore Memory across their internal multi-agent orchestration platform, reporting that what previously took weeks to deploy now takes minutes.
Policy and Governance: The Enterprise Safety Layer
One of the most practically important features in the December 2025 release is Policy in AgentCore. It addresses a fundamental tension in agentic AI: you want agents to act autonomously, but you also need hard guarantees that they won't exceed their authority — accessing data they shouldn't, making purchases beyond their approved limit, or calling APIs they have no business touching.
Policy operates outside the agent's reasoning loop entirely. It integrates with AgentCore Gateway to intercept every tool call before execution and evaluates it against Cedar policies. Cedar is AWS's open-source policy language, and AgentCore can generate valid Cedar policies from plain English descriptions — meaning compliance and security teams can write and audit rules without learning a new language. A policy like "This agent can process refunds only for amounts under $200 USD and only when the requester has the refund-agent role" is enforced deterministically, at the infrastructure level — even if the model hallucinates an action or a malicious prompt tries to override it. That is defense-in-depth for agent systems, and it is arguably one of the most important features for enterprise adoption.
# Example: Creating a Cedar-based policy in AgentCore
import boto3
client = boto3.client('bedrock-agentcore', region_name='us-east-1')
# AgentCore converts natural language to Cedar automatically
response = client.create_policy(
gatewayIdentifier='my-gateway',
name='refund-limits',
description='Restrict agent refund actions to under $200',
naturalLanguagePolicy=(
"This agent can process refunds only for amounts under $200 USD "
"and only when the requester has the refund-agent role."
)
)
print(f"Policy ARN: {response['policyArn']}")
print(f"Generated Cedar:\n{response['cedarPolicy']}")
The 80/20 of AgentCore: What Actually Moves the Needle
If you're evaluating AgentCore for your organization, most of the value concentrates in a small number of capabilities. Understanding the 20 percent of the platform that delivers 80 percent of the impact helps you prioritize where to start.
Runtime + Starter Toolkit eliminates the single largest time sink in agent deployment: infrastructure provisioning. Getting from prototype Python code to a scalable, session-isolated, production endpoint is reduced from weeks of DevOps work to a single CLI command. If you're running any kind of agent workload today, this alone is worth evaluating.
Gateway removes the integration tax. Every new tool an agent needs is normally a new OAuth implementation, a new token-management solution, a new error-handling wrapper. Gateway's automatic conversion of Lambda functions and APIs to MCP tools, combined with built-in credential management, means adding a new capability to an agent becomes a configuration step rather than an engineering sprint.
Policy is the unlock for enterprise adoption. Many organizations have agents that work in staging but cannot go to production because there is no enforceable audit trail and no hard guarantee on what the agent can do. Policy provides that guarantee at the infrastructure level, outside the model's reasoning loop, with Cedar policies that compliance teams can read and sign off on.
Observability + Evaluations closes the feedback loop that makes agent improvement possible. Without continuous quality scoring of live interactions, you are flying blind on whether your agents are actually working as intended. The 13 built-in evaluators and CloudWatch dashboards give you the instrumentation you need to iterate with confidence.
Memory Boost: Thinking About AgentCore With Analogies
For those who find analogies useful when learning new systems, here are three that capture AgentCore's essential character.
Think of AgentCore Runtime as the equivalent of AWS Lambda for your agent — serverless, session-isolated compute that scales to zero when idle and scales out automatically under load, but designed for tasks that take hours rather than seconds. Just as Lambda removed the need to manage web servers for stateless API functions, Runtime removes the need to manage containers, clusters, or orchestration for stateful agent workloads.
Think of AgentCore Gateway as the equivalent of an API Gateway for the MCP protocol era. API Gateway takes Lambda functions and exposes them as REST endpoints; AgentCore Gateway takes Lambda functions and existing APIs and exposes them as MCP tools that AI agents can discover and use. The mental model is the same: you write the business logic, the gateway handles the protocol, authentication, and routing.
Think of AgentCore Memory as the equivalent of Redis for agents — a managed, fast, contextual storage layer — but one that understands the semantic structure of agent interactions, not just key-value pairs. Where Redis stores raw data, AgentCore Memory stores conversation context, user preferences, extracted facts, and episodic experiences that agents can query in natural language.
Key Takeaways: 5 Steps to Start With AgentCore Today
For teams actively building agentic AI systems, here is a concrete action plan to evaluate and adopt AgentCore:
Step 1 — Install the Starter Toolkit and deploy a test agent. Run pip install bedrock-agentcore-starter-toolkit strands-agents, wrap an existing agent with BedrockAgentCoreApp, run agentcore configure and agentcore launch. Measure how long it takes versus your current deployment process.
Step 2 — Migrate one internal tool to AgentCore Gateway. Choose a Lambda function or REST API that your agents currently call and register it as a Gateway target. Evaluate whether the automatic MCP conversion and built-in auth management simplify your integration layer.
Step 3 — Enable short-term and long-term memory. Use the --memory flag during configuration to provision AgentCore Memory for an agent that currently handles multi-turn conversations. Observe whether session continuity improves and whether long-term preferences are correctly extracted and recalled.
Step 4 — Set up Observability and run an evaluation baseline. Enable AgentCore Observability for a production agent and configure at least three of the 13 built-in evaluators — start with correctness, helpfulness, and tool selection accuracy. Establish a baseline quality score before making any model or prompt changes.
Step 5 — Write your first Policy. Identify one agent that performs actions with real-world consequences — sending messages, making purchases, modifying records — and write a natural-language policy for it. Review the generated Cedar, have your security team audit it, and deploy it to the Gateway interceptor.
Conclusion: The Infrastructure Layer Agents Have Been Missing
Amazon Bedrock AgentCore is not the most glamorous announcement in the AI space. It doesn't introduce a new frontier model or a new capability that makes headlines at consumer events. What it does is more quietly important: it provides the production infrastructure layer that makes the difference between agents that work in a demo and agents that work in the real world, at scale, with the security and audit controls that enterprises require.
The two million SDK downloads in five months since preview, the production deployments at organizations like PGA TOUR, Workday, Ericsson, and S&P Global, and the ongoing rapid pace of new capabilities — Policy, episodic memory, bidirectional streaming, evaluations — all point to a platform that is being stress-tested in demanding environments and continuing to evolve in response. The framework-agnostic, model-agnostic design philosophy means organizations do not have to bet on a single AI vendor's stack; they get enterprise infrastructure without giving up the flexibility to use the best available model or framework for each use case.
If you're building agents in production today, or planning to, AgentCore is worth serious evaluation. The infrastructure problems it solves are real, they are time-consuming, and they are not the problems you should be spending your engineering cycles on.
References
- Amazon Web Services. "Amazon Bedrock AgentCore." AWS Product Page. https://aws.amazon.com/bedrock/agentcore/. Accessed March 2026.
- Amazon Web Services. "Introducing Amazon Bedrock AgentCore: Securely deploy and operate AI agents at any scale (preview)." AWS Blog, September 3, 2025. https://aws.amazon.com/blogs/aws/introducing-amazon-bedrock-agentcore-securely-deploy-and-operate-ai-agents-at-any-scale/
- Amazon Web Services. "Amazon Bedrock AgentCore is now generally available." AWS What's New, October 13, 2025. https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-bedrock-agentcore-available/
- Amazon Web Services. "Amazon Bedrock AgentCore now includes Policy (preview), Evaluations (preview) and more." AWS What's New, December 2, 2025. https://aws.amazon.com/about-aws/whats-new/2025/12/amazon-bedrock-agentcore-policy-evaluations-preview/
- Amazon Web Services. "Amazon Bedrock AgentCore adds quality evaluations and policy controls for deploying trusted AI agents." AWS Blog, December 2, 2025. https://aws.amazon.com/blogs/aws/amazon-bedrock-agentcore-adds-quality-evaluations-and-policy-controls-for-deploying-trusted-ai-agents/
- About Amazon. "New Amazon Bedrock AgentCore capabilities power the next era of intelligent agents." About Amazon News, December 2, 2025. https://www.aboutamazon.com/news/aws/aws-amazon-bedrock-agent-core-ai-agents
- About Amazon. "AWS Summit: Agentic AI innovations 2025." About Amazon News, July 16, 2025. https://www.aboutamazon.com/news/aws/aws-summit-agentic-ai-innovations-2025
- TechCrunch. "AWS announces new capabilities for its AI agent builder." TechCrunch, December 4, 2025. https://techcrunch.com/2025/12/02/aws-announces-new-capabilities-for-its-ai-agent-builder/
- Caylent. "AWS re:Invent 2025: Every AI Announcement, Including Amazon Nova 2 and Kiro." Caylent Blog. https://caylent.com/blog/aws-reinvent-2025-every-ai-announcement-including-amazon-nova-2-and-kiro
- Amazon Web Services. "Amazon Bedrock AgentCore Starter Toolkit." GitHub. https://github.com/aws/bedrock-agentcore-starter-toolkit
- Amazon Web Services. "Amazon Bedrock AgentCore SDK Python." GitHub. https://github.com/aws/bedrock-agentcore-sdk-python
- Amazon Web Services. "Amazon Bedrock AgentCore Samples." GitHub. https://github.com/awslabs/amazon-bedrock-agentcore-samples
- Amazon Web Services. "Runtime Quickstart — Amazon Bedrock AgentCore." Developer Guide. https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/runtime/quickstart.html
- Amazon Web Services. "Understand the available interfaces for using Amazon Bedrock AgentCore." Developer Guide. https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/develop-agents.html
- DEV Community. "Amazon Bedrock AgentCore Runtime — Part 1 Introduction." August 22, 2025. https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-1-introduction-e5i
- DEV Community. "Amazon Bedrock AgentCore Identity — Part 1 Introduction and overview." October 20, 2025. https://dev.to/aws-heroes/amazon-bedrock-agentcore-identity-part-1-introduction-and-overview-di1