AgentCore

Amazon Bedrock

is a fully managed service by AWS that makes it easy to build, scale, and deploy generative AI applications using foundation models (FMs) from top AI companies — without managing infrastructure or needing machine learning expertise.

Amazon Bedrock = API access to powerful foundation models + tools to build custom generative AI apps at scale.

AWS KnowledgeBase

KnowledgeBase in Amazon Bedrock is a fully managed Retrieval-Augmented Generation (RAG) service.

On creating a kwledgebase, it by default using the Amazon OpenSearch Serverless as the verctor store.

from src.utils.knowledge_base_helper import KnowledgeBasesForAmazonBedrock

kb = KnowledgeBasesForAmazonBedrock()

kb_id, ds_id = kb.create_or_retrieve_knowledge_base(

knowledge_base_name,

knowledge_base_description,

bucket_name

)

Keep the KB_ID for later use.

AgentCore

AgentCore is the internal orchestration engine that powers Agents for Amazon Bedrock.

When you create an agent in Bedrock , you're essentially configuring:

The agent’s instructions (system prompt) and set of tools:

  Functions (APIs the agent can call)

  Knowledge Bases (data it can retrieve from using RAG)

  Optional memory and user input/output settings

AgentCore by default use Strands agent.

AgentCore Agent

create a supvervisor agent, that utilizes tool_a and tool_b

def create_supervisor_agent():

all_tools = [

     tool_a,

     tool_b

]

# Create and return the supervisor agent

return Agent(

     model=modelID,

     tools=all_tools,

     system_prompt=supervisor_system_prompt

)

And tool_a and tool_b is like another agent but wrapped as a tool.

It uses a tool decorator and run another agent with system prompt for processing an input query with assistance from another list of tools.

The tools can be other agents or api calls and anything. But the system prompt should guide it to use the right tool for answering the query.

It returns the result of processing the query.

@tool

def tool_a(query):

new_agent = Agent(

     model=modelID,

     tools=[

         tool_1,

            tool_2,

     ],

     system_prompt="""You are a mortgage application agent that helps customers with new mortgage applications.

     Instructions:

     - Greet customers warmly before answering

     - First ask for their customer ID, if they don't have one, create a new one

     - Ask for name, age, annual income, and annual expense one question at a time

     - Once you have all information, create the loan application

     - Only discuss mortgage applications, not general mortgage topics

     - Never make up information you cannot retrieve from tools"""

)

return str(new_agent(query))

To use a knowledge, set environment variable for the knowledge base id that represent the source.

os.environ['KNOWLEDGE_BASE_ID'] = KB_ID

AgentCore Run Time

The Run Time provides firecracker micro vm for running the agents.

On creating a run time, it generates a dockerfile with the agent entrypoint script for deployment.

from bedrock_agentcore_starter_toolkit import Runtime

agentcore_runtime = Runtime()

response = agentcore_runtime.configure(

entrypoint="your_agent_execution.py",

execution_role='your AWS role Arn',

# auto_create_execution_role=True,

auto_create_ecr=True,

requirements_file="requirements.txt",

region=region,

agent_name='your agent name'

)

launch_result = agentcore_runtime.launch()

invoke_response = agentcore_runtime.invoke({"prompt": "what is my current outstanding balance for customer id 1234??"})

print_response_text(invoke_response)

Note here all the agents and it's tools (subagents) are run from the same docker container.

AgentCore Gateway

AgentCore Gateway provides customers a way to turn their existing AWS Lambda functions into fully-managed MCP servers without needing to manage infra or hosting. Gateway will provide a uniform Model Context Protocol (MCP) interface across all these tools. Gateway employs a dual authentication model to ensure secure access control for both incoming requests and outbound connections to target resources.

Basically, if you need to call an external service, or another service within the organization, Gateway provides an easy way to invoke those services.

Currently Gateway only binds to a Lambda function, where you can run script to do what you need to do, but in the near future it will bind with agent as well.

firstly create a lambda function

secondly create a cognito pool for inbound authorization

finally create a gateway

gateway_client = boto3.client('bedrock-agentcore-control', region_name = 'your region')

auth_config = {

"customJWTAuthorizer": {

        "allowedClients": [client_id],  # Client MUST match with the ClientId configured in Cognito. Example: 7rfbikfsm51j2fpaggacgng84g

     "discoveryUrl": cognito_discovery_url

}

}

try:

create_response = gateway_client.create_gateway(

     name='your gateway name',

     roleArn='your aws role arn',

     protocolType='MCP',

     authorizerType='CUSTOM_JWT',

     authorizerConfiguration=auth_config,

     description='AgentCore Gateway with AWS Lambda target type'

)

# Retrieve the GatewayID used for GatewayTarget creation

gatewayID = create_response["gatewayId"]

gatewayURL = create_response["gatewayUrl"]

print(gatewayID)

utils.put_ssm_parameter("/app/mortgageagent/agentcore/gatewayID", gatewayID)

utils.put_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL", gatewayURL)

except gateway_client.exceptions.ConflictException:

print(f"Gateway '{gateway_name}' already exists. Using existing gateway.")

gatewayID = utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayID")

gatewayURL = utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL")

Create an AWS Lambda target and transform into MCP tools

# Replace the AWS Lambda function ARN below

lambda_target_config = {

"mcp": {

     "lambda": {

         "lambdaArn": lambda_resp['lambda_function_arn'], # Replace this with your AWS Lambda function ARN

         "toolSchema": {

             "inlinePayload": [

                 {

                     "name": "get_credit_score_tool",

                     "description": "tool to get the Credit score",

                     "inputSchema": {

                         "type": "object",

                         "properties": {

                                "customerId": {

                                 "type": "string"

                                }

                         },

                         "required": ["customerId"]

                     }

                 }

             ]

         }

     }

}

}

credential_config = [

    {

     "credentialProviderType" : "GATEWAY_IAM_ROLE"

}

]

targetname='GetCreditCheckLambda'

response = gateway_client.create_gateway_target(

gatewayIdentifier=gatewayID,

name=targetname,

description='Lambda Target using SDK',

targetConfiguration=lambda_target_config,

credentialProviderConfigurations=credential_config)

Call the gateway

1.Request the access token from Amazon Cognito for inbound authorization

print("Requesting the access token from Amazon Cognito authorizer...May fail for some time till the domain name propogation completes")

token_response = utils.get_token(user_pool_id, client_id, client_secret,scopeString,region)

print("poolid:", user_pool_id, ":client_id:", client_id, ":client_secret:",client_secret,":scopeString:", scopeString)

token = token_response["access_token"]

print("Token response:", token)

2.Strands agent calling MCP tools of AWS Lambda using Bedrock AgentCore Gateway

from strands.models import BedrockModel

from mcp.client.streamable_http import streamablehttp_client

from strands.tools.mcp.mcp_client import MCPClient

from strands import Agent

def create_streamable_http_transport():

return streamablehttp_client(utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL"),headers={"Authorization": f"Bearer {token}"})

client = MCPClient(create_streamable_http_transport)

## The IAM credentials configured in ~/.aws/credentials should have access to Bedrock model

yourmodel = BedrockModel(

model_id="us.anthropic.claude-3-7-sonnet-20250219-v1:0",

temperature=0.7,

)

with client:

# Call the listTools

    tools = client.list_tools_sync()

# Create an Agent with the model and tools

agent = Agent(model=yourmodel,tools=tools) ## you can replace with any model you like

print(f"Tools loaded in the agent are {agent.tool_names}")

#print(f"Tools configuration in the agent are {agent.tool_config}")

# Invoke the agent with the sample prompt. This will only invoke  MCP listTools and retrieve the list of tools the LLM has access to. The below does not actually call any tool.

agent("Hi , can you list all tools available to you")

# Invoke the agent with sample prompt, invoke the tool and display the response

agent("Check the credit status for customer id 123 and show me the exact response from the tool")

# Call the MCP tool explicitly. The MCP Tool name and arguments must match with your AWS Lambda function or the OpenAPI/Smithy API

result = client.call_tool_sync(

tool_use_id="get_credit_score_tool_1", # You can replace this with unique identifier.

    name=targetname+"___get_credit_score_tool", # This is the tool name based on AWS Lambda target types. This will change based on the target name

arguments={"customerId": "123"}

)

# Print the MCP Tool response

print(f"Tool Call result: {result['content'][0]['text']}")