What AgentCore Actually Solves
Amazon Bedrock AgentCore is not the older Bedrock Agents service. It’s a separate, purpose-built platform that GA’d incrementally through early 2026, designed to handle the hardest part of agent deployment: session isolation, persistent memory, authorized tool access, and cost predictability — all at scale, without managing infrastructure.
The headline numbers matter: up to 5,000 concurrent active sessions per account in US East and US West regions, 200 requests per second per agent on InvokeAgentRuntime (up from 25 TPS at launch), and SOC 1, 2, and 3 compliance as of Q1 2026. It also aligns with HITRUST, PCI, ISO/IEC 27001, IRAP, and a growing list of other programs — making it one of the few agent runtimes suitable for regulated workloads out of the box.
AgentCore has 12 modular services, but for most teams deploying to production, five dominate: Runtime (serverless containers with true session isolation on ARM64/Graviton), Memory (persists context across turns and sessions), Gateway (wraps APIs and Lambda functions into MCP-compatible tools), Observability (OpenTelemetry traces into CloudWatch), and Policy (deterministic guard rails on tool calls, GA’d March 3, 2026). The others — Payments, Registry, Browser, Code Interpreter — add real capability but are optional day one.
Prerequisites: What You Need Before You Start
You need an AWS account with CDK bootstrapped (cdk bootstrap), Node.js 20+ (the CLI is an npm package), and Python 3.10+. If you’re using Amazon Bedrock as your model provider, enable Claude Sonnet 4.0 in the Bedrock console in your target region — us-west-2 is the default. For other providers (Anthropic direct, OpenAI, Gemini), you’ll add the API key to a local env file before testing.
IAM permissions are the most common early blocker. You need CloudFormation, ECR, S3 (for CodeZip packaging), and bedrock-agentcore:* access. Run aws sts get-caller-identity first to confirm your credentials are wired correctly. For regulated workloads on HIPAA or PCI-adjacent infrastructure, check the AgentCore compliance page before starting — the scope updates faster than most teams expect.
Step 1: Install the CLI and Scaffold Your First Agent
The AgentCore CLI (package name @aws/agentcore) handles project scaffolding, local testing, deployment, and invocation — all from one tool.
Install and create a project:
npm install -g @aws/agentcore
agentcore create --name MyAgent --framework Strands --model-provider Bedrock --memory longAndShortTerm
The create command scaffolds an agentcore/agentcore.json config file, a Python entrypoint, and deployment targets in under 30 seconds. Framework options include LangGraph, Google ADK, OpenAI Agents SDK, and Strands Agents — you’re not locked to any one. The build type defaults to CodeZip (no Docker required); switch to Container if you need custom system-level dependencies.
Test locally before deploying:
cd MyAgent
agentcore dev
# In a second terminal:
agentcore dev "What's the weather in Zurich?"
What you should see: the agent inspector opens at http://localhost:8080, showing the agent’s reasoning trace, tool calls, and response in real time. If the response is empty or the trace is missing, check that your model credentials are in agentcore/.env.local. Fix issues locally — it’s much faster than debugging a deployed Runtime.
Step 2: Add Persistent Memory and Knowledge Bases
Any agent that needs to remember the previous turn requires memory. The CLI makes this a single command:
agentcore add memory --name MyMemory --strategies SEMANTIC
AgentCore Memory supports four strategies you can combine. Semantic stores vectorized facts the agent retrieves on subsequent turns. Summary compresses conversation history into rolling summaries to stay within context limits. User Preference persists explicit user preferences across sessions — useful for personalization. Custom lets you bring your own extraction logic when none of the built-ins fit.
For RAG over enterprise data, Managed Knowledge Bases connects via six native connectors: Amazon S3, SharePoint, Confluence, Google Drive, OneDrive, and Web Crawler. The full pipeline — chunking, embedding, indexing, and sync — is managed for you. If you’ve assembled this stack manually before, compare it to the manual RAG approach; AgentCore removes most of the infrastructure work but also removes the flexibility to tune each stage.
Memory and Knowledge Bases are configured in agentcore.json and provisioned at deploy time. You don’t need to call a separate service or wire them in code — the Runtime injects them into the agent loop automatically.
Step 3: Deploy to Production and Enable Observability
Once the local tests pass, deployment is a single command:
agentcore deploy
The first run provisions CDK stacks, IAM roles, and the Runtime environment — expect about 3 minutes. Subsequent deploys are faster since the stack already exists. After it completes, verify your agent is responding:
agentcore invoke "Summarize last quarter's expenses" --stream
agentcore status
What you should see: streaming output from the agent and a status dashboard showing the Runtime ARN, active session count, and service health. Logs land in CloudWatch at /aws/bedrock-agentcore/runtimes/{agent-id}-DEFAULT. Stream them in real time with agentcore logs or view traces with agentcore traces list.
Observability in AgentCore emits OpenTelemetry-compatible data, so it integrates with any monitoring stack that consumes OTEL — not just CloudWatch. For each session, you can inspect the full execution path: which tools were called, what intermediate outputs looked like, and where latency concentrated. This is the gap that kills most agent projects in production; having it built-in rather than bolted on after the fact changes the debugging loop significantly.
Step 4: A/B Test Agent Versions Before Full Rollout
AgentCore’s Evaluations service (GA March 31, 2026) closes the observe-evaluate-optimize-deploy loop. The most immediately useful feature: built-in A/B testing that splits live traffic between two agent variants and evaluates both with real sessions.
The workflow: deploy a new variant, configure a traffic split via the CLI, and let Evaluations score both variants on accuracy, safety, and task completion using LLM-backed judges. The Gateway handles routing — your agent code doesn’t change between variants.
# Deploy a v2 variant
agentcore deploy --variant v2
# Route 20% of live traffic to v2
agentcore update --traffic-split v1=80,v2=20
# Run on-demand evaluation against curated sessions
agentcore run
Evaluations also supports batch replay — running historical or curated sessions against a new variant to catch regressions before they reach users. And user simulation generates realistic multi-turn conversations using LLM-backed actors, so you don’t need a pool of testers to stress-test edge cases. Together, these features are a meaningful step up from the “deploy and monitor” approach most teams rely on today.
Policy (GA March 3, 2026) adds a separate, deterministic layer: it intercepts every tool call before execution and checks it against rules you write in natural language or Cedar. This isn’t the agent’s reasoning — it’s an external gate that can block or transform requests regardless of what the model decided. For agents with write access to production systems, this is not optional.
When AgentCore Makes Sense — and When It Doesn’t
AgentCore fits when you need session isolation for multi-tenant workloads, when you’re already on AWS and want unified IAM and compliance posture, or when you need memory and observability without assembling the stack yourself. The SOC and HITRUST coverage alone make it the default choice for healthcare and financial services teams on AWS.
It’s overkill for prototyping — local LangGraph or Strands iterates faster. It’s also AWS-specific in ways that matter: the compliance posture, IAM integration, and pricing model are tightly coupled to the AWS ecosystem. If your team is already on GCP or Azure, the switching cost is real. And for simple stateless tool calls, the Runtime overhead — cold starts, CDK provisioning, IAM surface area — isn’t worth the benefit.
For a broader comparison of AgentCore against LangGraph Cloud, Cloudflare Workers AI, and other deployment targets, see our 2026 agentic frameworks comparison, which benchmarks each on cold-start latency, state management, and compliance posture. AgentCore performs well on compliance and observability; it’s not the winner on developer iteration speed.
Further Reading
- Amazon Bedrock AgentCore Developer Guide — the canonical reference; the Memory and Gateway sections in particular are worth reading before writing production code
- AgentCore adds Evaluations and Policy controls (AWS Blog, March 2026) — explains the A/B testing and Policy GA in detail with architecture diagrams
- AgentCore Samples on GitHub — working examples for Strands, LangGraph, and Google ADK integrations; a faster starting point than reading the full docs

