Amazon Bedrock
is a fully managed service by AWS that makes it easy to build, scale, and deploy generative AI applications using foundation models (FMs) from top AI companies — without managing infrastructure or needing machine learning expertise.
Amazon Bedrock = API access to powerful foundation models + tools to build custom generative AI apps at scale.
AWS KnowledgeBase
KnowledgeBase in Amazon Bedrock is a fully managed Retrieval-Augmented Generation (RAG) service.
On creating a kwledgebase, it by default using the Amazon OpenSearch Serverless as the verctor store.
from src.utils.knowledge_base_helper import KnowledgeBasesForAmazonBedrock
kb = KnowledgeBasesForAmazonBedrock()
kb_id, ds_id = kb.create_or_retrieve_knowledge_base(
knowledge_base_name,
knowledge_base_description,
bucket_name
)
Keep the KB_ID for later use.
AgentCore
AgentCore is the internal orchestration engine that powers Agents for Amazon Bedrock.
When you create an agent in Bedrock , you're essentially configuring:
The agent’s instructions (system prompt) and set of tools:
Functions (APIs the agent can call)
Knowledge Bases (data it can retrieve from using RAG)
Optional memory and user input/output settings
AgentCore by default use Strands agent.
AgentCore Agent
create a supvervisor agent, that utilizes tool_a and tool_b
def create_supervisor_agent():
all_tools = [
tool_a,
tool_b
]
# Create and return the supervisor agent
return Agent(
model=modelID,
tools=all_tools,
system_prompt=supervisor_system_prompt
)
And tool_a and tool_b is like another agent but wrapped as a tool.
It uses a tool decorator and run another agent with system prompt for processing an input query with assistance from another list of tools.
The tools can be other agents or api calls and anything. But the system prompt should guide it to use the right tool for answering the query.
It returns the result of processing the query.
@tool
def tool_a(query):
new_agent = Agent(
model=modelID,
tools=[
tool_1,
tool_2,
],
system_prompt="""You are a mortgage application agent that helps customers with new mortgage applications.
Instructions:
- Greet customers warmly before answering
- First ask for their customer ID, if they don't have one, create a new one
- Ask for name, age, annual income, and annual expense one question at a time
- Once you have all information, create the loan application
- Only discuss mortgage applications, not general mortgage topics
- Never make up information you cannot retrieve from tools"""
)
return str(new_agent(query))
To use a knowledge, set environment variable for the knowledge base id that represent the source.
os.environ['KNOWLEDGE_BASE_ID'] = KB_ID
AgentCore Run Time
The Run Time provides firecracker micro vm for running the agents.
On creating a run time, it generates a dockerfile with the agent entrypoint script for deployment.
from bedrock_agentcore_starter_toolkit import Runtime
agentcore_runtime = Runtime()
response = agentcore_runtime.configure(
entrypoint="your_agent_execution.py",
execution_role='your AWS role Arn',
# auto_create_execution_role=True,
auto_create_ecr=True,
requirements_file="requirements.txt",
region=region,
agent_name='your agent name'
)
launch_result = agentcore_runtime.launch()
invoke_response = agentcore_runtime.invoke({"prompt": "what is my current outstanding balance for customer id 1234??"})
print_response_text(invoke_response)
Note here all the agents and it's tools (subagents) are run from the same docker container.
AgentCore Gateway
AgentCore Gateway provides customers a way to turn their existing AWS Lambda functions into fully-managed MCP servers without needing to manage infra or hosting. Gateway will provide a uniform Model Context Protocol (MCP) interface across all these tools. Gateway employs a dual authentication model to ensure secure access control for both incoming requests and outbound connections to target resources.
Basically, if you need to call an external service, or another service within the organization, Gateway provides an easy way to invoke those services.
Currently Gateway only binds to a Lambda function, where you can run script to do what you need to do, but in the near future it will bind with agent as well.
firstly create a lambda function
secondly create a cognito pool for inbound authorization
finally create a gateway
gateway_client = boto3.client('bedrock-agentcore-control', region_name = 'your region')
auth_config = {
"customJWTAuthorizer": {
"allowedClients": [client_id], # Client MUST match with the ClientId configured in Cognito. Example: 7rfbikfsm51j2fpaggacgng84g
"discoveryUrl": cognito_discovery_url
}
}
try:
create_response = gateway_client.create_gateway(
name='your gateway name',
roleArn='your aws role arn',
protocolType='MCP',
authorizerType='CUSTOM_JWT',
authorizerConfiguration=auth_config,
description='AgentCore Gateway with AWS Lambda target type'
)
# Retrieve the GatewayID used for GatewayTarget creation
gatewayID = create_response["gatewayId"]
gatewayURL = create_response["gatewayUrl"]
print(gatewayID)
utils.put_ssm_parameter("/app/mortgageagent/agentcore/gatewayID", gatewayID)
utils.put_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL", gatewayURL)
except gateway_client.exceptions.ConflictException:
print(f"Gateway '{gateway_name}' already exists. Using existing gateway.")
gatewayID = utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayID")
gatewayURL = utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL")
Create an AWS Lambda target and transform into MCP tools
# Replace the AWS Lambda function ARN below
lambda_target_config = {
"mcp": {
"lambda": {
"lambdaArn": lambda_resp['lambda_function_arn'], # Replace this with your AWS Lambda function ARN
"toolSchema": {
"inlinePayload": [
{
"name": "get_credit_score_tool",
"description": "tool to get the Credit score",
"inputSchema": {
"type": "object",
"properties": {
"customerId": {
"type": "string"
}
},
"required": ["customerId"]
}
}
]
}
}
}
}
credential_config = [
{
"credentialProviderType" : "GATEWAY_IAM_ROLE"
}
]
targetname='GetCreditCheckLambda'
response = gateway_client.create_gateway_target(
gatewayIdentifier=gatewayID,
name=targetname,
description='Lambda Target using SDK',
targetConfiguration=lambda_target_config,
credentialProviderConfigurations=credential_config)
Call the gateway
1.Request the access token from Amazon Cognito for inbound authorization
print("Requesting the access token from Amazon Cognito authorizer...May fail for some time till the domain name propogation completes")
token_response = utils.get_token(user_pool_id, client_id, client_secret,scopeString,region)
print("poolid:", user_pool_id, ":client_id:", client_id, ":client_secret:",client_secret,":scopeString:", scopeString)
token = token_response["access_token"]
print("Token response:", token)
2.Strands agent calling MCP tools of AWS Lambda using Bedrock AgentCore Gateway
from strands.models import BedrockModel
from mcp.client.streamable_http import streamablehttp_client
from strands.tools.mcp.mcp_client import MCPClient
from strands import Agent
def create_streamable_http_transport():
return streamablehttp_client(utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL"),headers={"Authorization": f"Bearer {token}"})
client = MCPClient(create_streamable_http_transport)
## The IAM credentials configured in ~/.aws/credentials should have access to Bedrock model
yourmodel = BedrockModel(
model_id="us.anthropic.claude-3-7-sonnet-20250219-v1:0",
temperature=0.7,
)
with client:
# Call the listTools
tools = client.list_tools_sync()
# Create an Agent with the model and tools
agent = Agent(model=yourmodel,tools=tools) ## you can replace with any model you like
print(f"Tools loaded in the agent are {agent.tool_names}")
#print(f"Tools configuration in the agent are {agent.tool_config}")
# Invoke the agent with the sample prompt. This will only invoke MCP listTools and retrieve the list of tools the LLM has access to. The below does not actually call any tool.
agent("Hi , can you list all tools available to you")
# Invoke the agent with sample prompt, invoke the tool and display the response
agent("Check the credit status for customer id 123 and show me the exact response from the tool")
# Call the MCP tool explicitly. The MCP Tool name and arguments must match with your AWS Lambda function or the OpenAPI/Smithy API
result = client.call_tool_sync(
tool_use_id="get_credit_score_tool_1", # You can replace this with unique identifier.
name=targetname+"___get_credit_score_tool", # This is the tool name based on AWS Lambda target types. This will change based on the target name
arguments={"customerId": "123"}
)
# Print the MCP Tool response
print(f"Tool Call result: {result['content'][0]['text']}")