AWS Glossary

Amazon Bedrock AgentCore

Bedrock AgentCore is the AWS managed agent runtime — providing memory, tool execution, observability, and identity for autonomous AI agents built on any framework.

Last reviewed: June 2026

Bedrock AgentCore Developer Guide AgentCore Runtime

Definition

Amazon Bedrock AgentCore is AWS’s managed agent runtime and infrastructure layer for production AI agents. It separates agent logic (your code, LangGraph, CrewAI, Strands, or custom frameworks) from agent operations: session-isolated execution, memory, tool gateways, browser automation, sandboxed code interpretation, identity, and observability. AgentCore reached general availability in 2025 and, as of June 2026, is the recommended path when a Bedrock prototype needs scaling, audit trails, and compliance-friendly isolation without building Lambda-plus-DynamoDB plumbing from scratch. You still choose underlying foundation models (Claude Sonnet 4.6, Nova, Llama) for reasoning — AgentCore is not a model.

When to use it

Production deployment of multi-step agents after local prototyping — need concurrency, session isolation, and managed scaling.
Framework portability — keep LangGraph/CrewAI/Strands orchestration but offload memory, tools, and traces to AWS-managed primitives.
Compliance-sensitive agents (HIPAA, SOC 2) requiring auditable tool calls, identity per agent action, and CloudWatch/OpenTelemetry traces.
Long-running sessions with AgentCore Memory — short-term conversation state and long-term semantic recall without custom vector-plus-summary pipelines.
Tool-rich agents exposing existing REST APIs, Lambda functions, and AWS services through AgentCore Gateway with auth and throttling.

When not to use it

Single-turn Bedrock Converse calls — invoke the model API directly; AgentCore adds latency and cost overhead.
Read-only RAG Q&A — Bedrock Knowledge Bases alone is simpler.
Hard sub-second latency SLAs — serverless agent runtime cold starts are measured in seconds; warm pools and design matter.

Tips

Scope AgentCore Identity IAM roles per tool — never attach broad * policies to the agent execution role.
Use AgentCore Gateway to wrap legacy APIs with consistent auth, rate limits, and CloudTrail logging instead of embedding credentials in agent code.
Enable Observability early — trace replays shorten debugging time for non-deterministic agent failures.
Treat Browser and Code Interpreter tools as high-risk — restrict to trusted prompts and sandbox networks.
Keep business logic in your framework; use AgentCore for cross-cutting runtime concerns only.

Gotchas

Serious

Over-privileged agent roles — a compromised agent with wide IAM access becomes an automated lateral movement tool.
Skipping human approval on write tools — agents that mutate production data need confirmation steps or policy gates.

Regular

Building custom memory on DynamoDB when AgentCore Memory fits — reinvents summarization, recall ranking, and retention policies.
Confusing AgentCore with Bedrock Agents (classic) — naming overlap exists; AgentCore is the newer managed runtime layer for custom frameworks.
Ignoring cold start in UX — first message in a session may lag; set user expectations or keep sessions warm where cost allows.

Official references

Related Services

Amazon Bedrock Consulting for Production LLM Applications

Amazon Bedrock implementation consulting — Knowledge Bases, Agents, Guardrails, model routing, and production RAG. Hands-on Bedrock engineering, not GenAI strategy.

Learn more

Generative AI on AWS — Production-Ready LLM Apps in Weeks

Generative AI strategy and delivery on AWS — use-case selection, Bedrock + SageMaker architecture, governance, evaluations, and production rollout across the AWS AI stack.

Learn more