The enterprise platform for your AI agents - Part 00

AI application development is changing direction. After the foundation model era, we’re entering the age of AI agent, intelligent systems capable of reasoning, planning, and acting independently to fulfill user goals.

This transformation is driven by the emergence of open-source frameworks like CrewAI, LangGraph, LlamaIndex, and Strands Agents, as well as standardized protocols like Model Context Protocol (MCP) and Agent2Agent (A2A) that radically simplify how agents interact with tools and external systems.

But here’s the problem: building an agent prototype has become easy. Putting it into production securely and at scale is a completely different story.

This is exactly where AWS Bedrock AgentCore comes in, announced by AWS in July 2025. And believe me, after spending weeks exploring this platform, I can tell you it completely changes the game for AI agent developers.

The problem: from prototype to production

Let me tell you a story that many of you will recognize.

You build an intelligent agent in a few days with LangGraph or CrewAI. The demo works perfectly. Management is excited and gives the green light to move to production. And that’s when the nightmare begins.

You now need to:

• 🔐 Manage identity and permissions - How does the agent access internal systems? With what rights?
• 💾 Implement memory - How does the agent remember previous conversations?
• 📊 Ensure observability - How do you track what the agent is actually doing in production?
• 🔄 Manage sessions - How do you isolate users from each other?
• 🚀 Scale the infrastructure - How do you handle 1000 concurrent users?
• 🔒 Satisfy security and compliance - How do you prove to security teams that everything is under control?

Months of infrastructure work before you can even think about improving the agent’s features.

The solution: AWS Bedrock AgentCore

AWS Bedrock AgentCore is a complete platform of enterprise services that eliminates all this tedious infrastructure work. And what makes this solution particularly interesting is that it doesn’t replace the tools you already use, it enhances them.

Why AgentCore changes the game

1. Framework agnostic

Unlike the old Bedrock Agents which imposed a specific approach, AgentCore lets you use any agent framework:

• ✅ LangGraph
• ✅ CrewAI
• ✅ LlamaIndex
• ✅ Strands Agents
• ✅ Your custom framework

You keep your existing code. You just add a few lines to benefit from all the AWS infrastructure.

2. Free model choice

AgentCore is not limited to Amazon Bedrock models. You can use:

• Bedrock models (Claude, Nova, Llama, Mistral, etc.)
• Models hosted elsewhere (OpenAI, Anthropic direct, etc.)
• Your custom models deployed on SageMaker

3. A complete ecosystem for AI builders

AgentCore isn’t just a deployment platform. It’s a complete ecosystem that solves all the problems you’ll encounter in production:

┌─────────────────────────────────────────────────────────────┐
│                  AWS Bedrock AgentCore                      │
│                                                             │
│  ┌───────────────┐  ┌──────────────┐  ┌─────────────────┐   │
│  │   Runtime     │  │   Memory     │  │   Identity      │   │
│  │  Serverless   │  │  Short/Long  │  │  OAuth/RBAC     │   │
│  │  Deployment   │  │   Term       │  │  Token Vault    │   │
│  └───────────────┘  └──────────────┘  └─────────────────┘   │
│                                                             │
│  ┌───────────────┐  ┌──────────────┐  ┌─────────────────┐   │
│  │   Gateway     │  │ Observability│  │  Code Interp.   │   │
│  │  MCP/API      │  │  Traces/Logs │  │   & Browser     │   │
│  │  Integration  │  │  Metrics     │  │                 │   │
│  └───────────────┘  └──────────────┘  └─────────────────┘   │
└─────────────────────────────────────────────────────────────┘

The 7 AgentCore services explained

1. AgentCore Runtime - serverless deployment

The Runtime is the equivalent of Lambda for agents. You deploy your Python code, AWS handles everything else:

• Session isolation: Each user in their protected environment
• Multi-framework: Native support for all popular frameworks
• Multimodal workloads: Text, images, audio, video
• Long-running agents: For tasks that take time
• Network configurations: Public or VPC-only for private resources

2. AgentCore Memory - your agents’ memory

Memory is crucial for agents. AgentCore Memory handles two types:

Short-term memory:

• Current session context
• Conversation history
• Ongoing task state

Long-term memory:

• User preferences
• Automatically extracted facts
• Cross-session learning

The system automatically extracts important information and makes it accessible during future interactions.

3. AgentCore Identity - security first

This is probably the most critical feature of AgentCore. In a world where agents act autonomously or on behalf of users, identity management is not optional.

The problem:

• How does an agent access Slack, GitHub, Salesforce for a specific user?
• How do you ensure it only accesses authorized resources?
• How do you manage OAuth tokens without exposing them?

What AgentCore Identity does:

• 🔐 Secure Token Vault: Encrypted storage of user tokens
• 🔄 Automatic refresh: Transparent token expiration management
• 👤 Identity brokering: Support for Cognito, Okta, Microsoft Entra ID, etc.
• 🎫 Consent management: User grants permissions once
• 📊 Audit trail: Complete access traceability

This is infrastructure you would have had to build yourself, and it would have taken months.

4. AgentCore Gateway - the universal integration hub

The Gateway transforms any API into a tool usable by your agent, with native support for the MCP protocol.

What it supports:

• 🔧 AWS Lambda functions: Your existing functions become tools
• 📡 REST APIs with OpenAPI: Automatic specification import
• ⚡ AWS Services via Smithy: Native access to AWS services
• 🔌 MCP Protocol: Unified interface for all your tools
• 🛒 AWS Marketplace: Discovery and purchase of pre-built agents

Cross-cutting features:

• Authentication/Authorization
• Rate limiting and throttling
• Request/response transformation
• Multi-tenancy
• Tool selection: Helps the agent find the right tools for its task

# Your existing Lambda becomes automatically a tool
# via AgentCore Gateway - no code to change!

The Gateway provides an OAuth interface to AWS services that don’t natively support it, unifying the developer experience.

5. AgentCore Observability - see what your agents are doing

In production, you must know what’s happening. AgentCore Observability gives you complete visibility:

Integrated dashboards:

• 📊 Number of sessions
• ⏱️ Latency and duration
• 🎯 Token usage
• ❌ Error rate
• 🔍 Latency per component

Detailed traces:

• Each agent step visualized
• Tool calls with parameters and results
• Memory access
• Execution time per span

OpenTelemetry integration:

• CloudWatch (native)
• Datadog
• LangSmith
• Langfuse
• Your preferred observability platform

6. AgentCore Code Interpreter - secure code execution

Your agent needs to analyze data, perform complex calculations, manipulate files? The Code Interpreter provides an isolated and secure environment to execute Python code generated by the agent.

Use cases:

• CSV/Excel data analysis
• Complex financial calculations
• Image manipulation
• Chart generation
• Automation scripts

Security:

• Sandboxed environment
• Automatic timeout
• Per-session isolation
• No network access by default

7. AgentCore Browser - web automation

Some integrations don’t have an API. AgentCore Browser provides managed browser instances so your agents can:

• Navigate websites
• Fill forms
• Extract information
• Capture screenshots
• Interact with legacy web applications

Managed by AWS:

• No Selenium servers to manage
• Automatic scaling
• Isolated sessions

Why you should care now

1. Evolution from Bedrock Agents

If you’ve used the old Bedrock Agents, you know it was limited to a specific AWS approach. AgentCore is a complete redesign that:

• ❌ Forces an AWS framework → ✅ Support for all frameworks
• ❌ Bedrock models only → ✅ Any model
• ❌ Fixed architecture → ✅ Modular à la carte services
• ❌ Basic observability → ✅ Complete traces and advanced metrics

2. The MCP ecosystem

Support for Model Context Protocol (MCP) is a game-changer. This protocol standardized by Anthropic is becoming the de facto standard for connecting agents to tools.

With AgentCore Gateway + MCP, you instantly access:

• Hundreds of open-source MCP integrations
• Your own MCP servers
• Agents and tools from AWS Marketplace
• Any REST API transformed into MCP

It’s the equivalent of npm/pip for agent tools.

3. Multitenancy and enterprise by default

AgentCore is designed from the start for enterprise needs:

• Tenant isolation
• VPC support (coming soon)
• Encryption at rest and in transit
• Complete audit logs
• Native IAM integration
• Compliance (SOC2, HIPAA, etc.)

No need to redesign your architecture when you go from 10 to 10,000 customers.

What we’re going to build: a complete series from zero to production

In this article series, I’m not going to show you toy examples. We’re going to build a complete ambient support agent system from A to Z, using all of AgentCore’s features.

🎯 The project: AI-powered ServiceDesk

An agent capable of:

• Automatically analyzing incoming support tickets
• Searching a knowledge base
• Consulting a CMDB for user information
• Deciding to respond directly, ask for more info, or escalate
• Remembering user preferences across sessions
• Accessing third-party systems with proper permissions
• Generating analyses and reports

A real use case that you can adapt to your domain.

📚 Series plan

Part 1: the foundations

• Deploying a first agent with AgentCore Runtime
• Payload management and parsing
• Local testing and cloud deployment
• Debugging with CloudWatch logs

Part 2: adding memory

• AgentCore Memory integration
• Session memory (short-term)
• Fact extraction (long-term)
• Interaction personalization

Part 3: connecting to a knowledge base

• Bedrock Knowledge Base integration
• Semantic search in documents
• Response enrichment with context
• RAG (Retrieval Augmented Generation) in practice

Part 4: external API integration via Gateway

• AgentCore Gateway configuration
• REST API exposure in MCP
• Connection to a simulated CMDB
• Lambda → Agent tool transformation

Part 5: observability and production

• Complete AgentCore Observability configuration
• Custom CloudWatch dashboards
• OpenTelemetry integration
• Production alerting and monitoring
• Performance tuning

Part 6: production deployment and best practices

• Multi-environment architecture (dev/staging/prod)
• CI/CD for agents
• Agent testing and validation
• Cost management and optimization
• Rollback and versioning strategies

How to follow the series

I’ll publish one article per month. Don’t miss anything:

• 🔔 Follow me on my blog or my LinkedIn profile
• ⭐ Star the GitHub repo (link in the next article)
• 🐦 Share with your network if you find it useful

Get started now

You don’t need to wait for the next article to start exploring:

1. Read the official docs: AWS AgentCore Documentation
2. Clone the samples: AgentCore Samples GitHub
3. Join Discord: AgentCore Preview Discord

Your questions and feedback

I’m building this series to help you succeed with AgentCore. If you have:

• Specific questions
• Particular use cases
• Challenges you’re facing with your agents

---

See you in the next article where we deploy our first agent in production!