AgentCore delivers an enterprise-grade infrastructure and operations layer for deploying and managing AI agents at scale, with a few wrinkles. Credit: Jeff Holcombe / Shutterstock While Amazon Bedrock helps you build and scale generative AI applications, Amazon Bedrock AgentCore provides an enterprise-grade infrastructure and operations layer for deploying and managing AI agents at scale. AgentCore itself is completely agnostic about models, frameworks, and integrations, although its starter kit CLI only supports the most prominent of these. That CLI can generate agents using Amazon Bedrock, Anthropic, Google Gemini, and OpenAI models, using Strands, LangGraph, Microsoft Autogen, OpenAI Agents SDK, Google Agent Development Kit, and CrewAI frameworks, and using Amazon AgentCore Memory, AgentCore Observability, and AgentCore Gateway integrations. Note that many of these are produced by competitors to AWS. AgentCore’s core services include a runtime, memory (both short-term and long-term), a gateway, identity management, a sandboxed code interpreter, a cloud-based browser, observability, an evaluation service, and a policy capability that runs outside the agent. We’ll discuss these in more detail below. Direct cloud platform competitors to AgentCore provide similar enterprise-level hosting, security, and governance for agents within their respective ecosystems. They include: Google Cloud Agent SDK (ADK): Built on Vertex AI, the ADK offers deep integration with Gemini models. Azure AI Foundry Agents: Best for those heavily invested in the Microsoft ecosystem and Azure OpenAI Service. Databricks Agent Bricks: A data-centric alternative that uses the Unity Catalog to build agents directly from enterprise data. Additional competitors (and sometimes collaborators) to AgentCore include the OpenAI Agents SDK, LangChain/LangGraph, CrewAI, and SmythOS. Amazon Bedrock AgentCore overview chart. Amazon Web Services AgentCore quick start CLI workflow. The three steps are agent creation, agent deployment, and agent invocation. Amazon Web Services AgentCore Core Services AgentCore Core Services include runtime, memory (both short-term and long-term), a gateway, identity management, a sandboxed code interpreter, a cloud-based browser, observability, an evaluation service, and a policy capability that runs outside the agent. You can use whichever of these services that are useful to support your agent development. AgentCore Runtime is a secure, serverless runtime environment for deploying and scaling dynamic AI agents and tools. It provides fast cold starts for real-time interactions, extended runtime support for asynchronous agents, true session isolation, built-in identity, and support for multi-modal and multi-agent agentic workloads. The runtime integrates with custom frameworks and any open-source framework as well as any foundation model in or outside of Amazon Bedrock. AgentCore Memory lets you build context-aware agents with control over what the agent remembers and learns. It has support for both short-term memory for multi-turn conversations, and long-term memory that persists across sessions. It can share memory stores across agents, and it can learn from experiences. It works with LangGraph, LangChain, Strands, and LlamaIndex. AgentCore Gateway is a secure way to convert any APIs, Lambda functions, and existing services into Model Context Protocol (MCP)-compatible tools. It can also connect to pre-existing MCP servers, making them available to AI agents through gateway endpoints with a few lines of code. AgentCore Identity is a secure, scalable agent identity, access, and authentication management service. It is compatible with identity and credential providers, eliminating the need for user migration or rebuilding authentication flows. AgentCore Code Interpreter is an isolated sandbox environment for agents to execute code, enhancing their accuracy and scope. It supports Python, JavaScript, and TypeScript. It provides support for a default execution time of 15 minutes, which can be extended to up to eight hours. A best practice is to keep code snippets concise and focused on specific tasks. You can use the Strands Agents SDK with Python or TypeScript, or either the bedrock_agentcore SDK or Boto3 with Python. The session isolation architecture for the code interpreter and the browser uses Firecracker microVMs. AgentCore Browser is a remote browser that runs in a separate environment rather than on the local machine. For agent development, remote browsers allow AI agents to interact with the web as humans do. AgentCore Browser allows your agent and model to navigate websites, fill forms, click buttons, and parse dynamic content, and allows you to monitor a live view and intervene if necessary. AgentCore Browser integrates with Nova Act, Strands, and Playwright to automate web interactions. AgentCore Observability is a unified view to trace, debug, and monitor agent performance in production, which offers detailed visualizations of each step in the agent workflow, enabling you to inspect an agent’s execution path, audit intermediate outputs, and debug performance bottlenecks and failures. It integrates with any observability stack that supports OpenTelemetry (OTEL) format. AgentCore Evaluations is a service for automated, consistent, and data-driven agent assessment. AgentCore Evaluations measures how well your agents and tools execute tasks, handle edge cases, and maintain output reliability across diverse inputs and contexts. AgentCore Policy is a capability that provides deterministic control to ensure agents operate within defined boundaries and business rules without slowing them down. You can author rules using natural language or Cedar (AWS’s open-source policy language). Policy runs outside the agents so that the models can’t violate the constraints. AgentCore use cases Amazon Bedrock AgentCore lets you deploy AI agents with scale, reliability, and security. There are three major categories of use cases for AgentCore: agents, MCP servers, and agent platforms. With agents, you can build AI apps that reason, use tools, and maintain context. You can apply these to customer support, workflow automation, data analysis, or coding assistance, for example. Using AgentCore, your agents run serverlessly, with isolated sessions, persistent memory, and built-in observability. AgentCore helps you convert APIs, databases, and services into tools that MCP-compatible agents can use. You can deploy a gateway that wraps your Lambda functions or OpenAPI specs and makes your back end accessible to agents, without rewriting code. Finally, you can build agent platforms that help your developers or customers deploy agents using approved tools, shared memory stores, and governed access to enterprise services. You can include observability, authentication, and compliance using standard AgentCore core services. Customer support agent example The AgentCore team suggested that I try the Customer Support Agent demo (see architecture diagram below). While it looked like a typical AWS architecture with multiple services involved, I’ve seen much worse. What the heck, I thought. Amazon Bedrock AgentCore Demo – Customer Support Agent. This demo shows how to deploy an agent, authenticate a user, invoke the agent, and then add an AgentCore Policy to enforce refund limits in real time. It’s essentially the same application as the CLI-based Get Started with Amazon Bedrock AgentCore Demo, although there’s more documentation and you can read the code before trying it. Amazon Web Services Almost a week later, with multiple bugs and other roadblocks reported and fixed, I finally completed the exercise. The terminal logs follow, starting with the deployment script. I’ve skipped over showing you the step of logging into AWS from my local command line, since it bounces to a web page and back, in order to connect the local session to the proper credentials. martinheller@Mac customer-support-agent-with-agentcore % scripts/deploy.sh ==> Pre-flight checks Verifying Bedrock model access (global.anthropic.claude-sonnet-4-5-20250929-v1:0)... WARNING: Could not invoke Bedrock model (global.anthropic.claude-sonnet-4-5-20250929-v1:0). Possible reasons: 1. Anthropic first-time usage form not completed. Complete it in the Bedrock console Playground by selecting any Anthropic Claude model. Details: https://aws.amazon.com/blogs/security/simplified-amazon-bedrock-model-access/ 2. Your current IAM identity lacks bedrock:InvokeModel permission. Note: the deployed agent uses its own execution role, so this may not be a problem. Verify after deployment with: uv run agentcore invoke The deploy will continue. All checks passed. ==> Installing Python dependencies (uv sync) Resolved 110 packages in 14ms Audited 103 packages in 11ms ==> Installing CDK dependencies (npm install) up to date, audited 337 packages in 901ms 37 packages are looking for funding run `npm fund` for details 3 vulnerabilities (1 moderate, 2 high) To address all issues, run: npm audit fix Run `npm audit` for details. ==> Bootstrapping CDK (if needed) > cdk@0.1.0 cdk > cdk bootstrap ⏳ Bootstrapping environment aws://577405208411/us-east-2... Trusted accounts for deployment: (none) Trusted accounts for lookup: (none) Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize. ✅ Environment aws://577405208411/us-east-2 bootstrapped (no changes). NOTICES (What's this? https://github.com/aws/aws-cdk/wiki/CLI-Notices) 37013 (cli) cdk watch triggers deployment unexpectedly or not at all Overview: Do not use 'cdk watch' with this version of the cdk cli. Upgrade to ^2.1106.0. Affected versions: cli: >=2.1103.0 <2.1106.0 More information at: https://github.com/aws/aws-cdk/issues/37013 34892 CDK CLI collects telemetry data on command usage starting at version 2.1100.0 (unless opted out) Overview: We do not collect customer content and we anonymize the telemetry we do collect. See the attached issue for more information on what data is collected, why, and how to opt-out. Telemetry will NOT be collected for any CDK CLI version prior to version 2.1100.0 - regardless of opt-in/out. You can also view the telemetry we collect by logging it to a local file, by adding `--telemetry-file=my/local/file` to any `cdk` command. Affected versions: cli: >=2.1100.0 <2.1106.1 More information at: https://github.com/aws/aws-cdk/issues/34892 If you don’t want to see a notice anymore, use "cdk acknowledge <id>". For example, "cdk acknowledge 37013". ==> Deploying all stacks > cdk@0.1.0 cdk:deploy:ci > cdk deploy --all --require-approval never --outputs-file /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/cdk-outputs.json ✨ Synthesis time: 2.29s supportAgentDemo-DockerImageStack: start: Building supportAgentDemo-DockerImageStack Template supportAgentDemo-DockerImageStack: success: Built supportAgentDemo-DockerImageStack Template supportAgentDemo-DockerImageStack: start: Building supportAgentDemo-AppImage supportAgentDemo-DockerImageStack: start: Publishing supportAgentDemo-DockerImageStack Template (current_account-current_region-f5e9391a) supportAgentDemo-DockerImageStack: success: Published supportAgentDemo-DockerImageStack Template (current_account-current_region-f5e9391a) #0 building with "desktop-linux" instance using docker driver #1 [internal] load build definition from Dockerfile #1 transferring dockerfile: 795B done #1 DONE 0.0s #2 [internal] load metadata for ghcr.io/astral-sh/uv:python3.13-bookworm-slim #2 DONE 3.6s #3 [internal] load .dockerignore #3 transferring context: 814B done #3 DONE 0.0s #4 [1/7] FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim@sha256:531f855bda2c73cd6ef67d56b733b357cea384185b3022bd09f05e002cd144ca #4 DONE 0.0s #5 [internal] load build context #5 transferring context: 1.87MB 0.0s done #5 DONE 0.0s #6 [5/7] RUN uv pip install aws-opentelemetry-distro==0.12.2 #6 CACHED #7 [4/7] RUN uv pip install -r pyproject.toml #7 CACHED #8 [2/7] WORKDIR /app #8 CACHED #9 [3/7] COPY pyproject.toml pyproject.toml #9 CACHED #10 [6/7] RUN useradd -m -u 1000 bedrock_agentcore #10 CACHED #11 [7/7] COPY . . #11 DONE 0.0s #12 exporting to image #12 exporting layers done #12 writing image sha256:103477e07cdce77a6d41dc7f875d781cb408dc59556cdf205c5dddeed5cc50d0 done #12 naming to docker.io/library/cdkasset-9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462 done #12 DONE 0.0s View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/jogcv8dnbz67ymx5fi5dnrfbt supportAgentDemo-DockerImageStack: success: Built supportAgentDemo-AppImage supportAgentDemo-DockerImageStack: start: Publishing supportAgentDemo-AppImage (current_account-current_region-eadbec27) supportAgentDemo-AgentCoreStack: start: Building supportAgentDemo-AgentCoreStack Template supportAgentDemo-AgentCoreStack: success: Built supportAgentDemo-AgentCoreStack Template The push refers to repository [577405208411.dkr.ecr.us-east-2.amazonaws.com/cdk-hnb659fds-container-assets-577405208411-us-east-2] f75c8a00d29b: Preparing e9cefea56108: Preparing 6ad1a9eaa547: Preparing 2c4f33ca63a0: Preparing bd07e5776977: Preparing 65d80ab29699: Preparing d700e87997ad: Preparing b27347ec89d2: Preparing 733eb94a487b: Preparing dac1af1d7cd9: Preparing bd390c400455: Preparing d700e87997ad: Waiting b27347ec89d2: Waiting 733eb94a487b: Waiting dac1af1d7cd9: Waiting bd390c400455: Waiting 65d80ab29699: Waiting e9cefea56108: Layer already exists 6ad1a9eaa547: Layer already exists 2c4f33ca63a0: Layer already exists bd07e5776977: Layer already exists 65d80ab29699: Layer already exists d700e87997ad: Layer already exists 733eb94a487b: Layer already exists b27347ec89d2: Layer already exists dac1af1d7cd9: Layer already exists bd390c400455: Layer already exists f75c8a00d29b: Pushed 9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462: digest: sha256:455ae21c8896a1df8558466d99b87e0f038e79b5baaf00514f810f95183562d0 size: 2627 supportAgentDemo-DockerImageStack: success: Published supportAgentDemo-AppImage (current_account-current_region-eadbec27) supportAgentDemo-DockerImageStack supportAgentDemo-DockerImageStack: deploying... [1/2] supportAgentDemo-DockerImageStack: creating CloudFormation changeset... ✅ supportAgentDemo-DockerImageStack ✨ Deployment time: 13.06s Outputs: supportAgentDemo-DockerImageStack.ImageUri = 577405208411.dkr.ecr.us-east-2.amazonaws.com/cdk-hnb659fds-container-assets-577405208411-us-east-2:9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462 Stack ARN: arn:aws:cloudformation:us-east-2:577405208411:stack/supportAgentDemo-DockerImageStack/6d08ccf0-1664-11f1-8de3-0a00ca3e2d9f ✨ Total time: 15.35s supportAgentDemo-AgentCoreStack: start: Publishing supportAgentDemo-AgentCoreStack Template (current_account-current_region-8aa3c459) supportAgentDemo-AgentCoreStack: success: Published supportAgentDemo-AgentCoreStack Template (current_account-current_region-8aa3c459) ✅ supportAgentDemo-AgentCoreStack ✨ Deployment time: 39.12s Outputs: supportAgentDemo-AgentCoreStack.AccountId = 577405208411 supportAgentDemo-AgentCoreStack.AuthorizerDiscoveryUrl = https://cognito-idp.us-east-2.amazonaws.com/us-east-2_NaZm7AOfz/.well-known/openid-configuration supportAgentDemo-AgentCoreStack.ClientId = 7nvmhkv45gh933mircjoji1gfe supportAgentDemo-AgentCoreStack.CognitoDomain = supportagentdemo-577405208411-us-east-2.auth.us-east-2.amazoncognito.com supportAgentDemo-AgentCoreStack.GatewayId = supportagentdemo-gateway-7d3m0sdfzy supportAgentDemo-AgentCoreStack.GatewayUrl = https://supportagentdemo-gateway-7d3m0sdfzy.gateway.bedrock-agentcore.us-east-2.amazonaws.com/mcp supportAgentDemo-AgentCoreStack.MemoryArn = arn:aws:bedrock-agentcore:us-east-2:577405208411:memory/supportAgentDemo_Memory_v2-bLfMFAGQmp supportAgentDemo-AgentCoreStack.MemoryId = supportAgentDemo_Memory_v2-bLfMFAGQmp supportAgentDemo-AgentCoreStack.Region = us-east-2 supportAgentDemo-AgentCoreStack.RuntimeArn = arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf supportAgentDemo-AgentCoreStack.RuntimeId = supportAgentDemo_Agent-U90VrdH6Rf supportAgentDemo-AgentCoreStack.RuntimeName = supportAgentDemo_Agent supportAgentDemo-AgentCoreStack.UserPoolId = us-east-2_NaZm7AOfz Stack ARN: arn:aws:cloudformation:us-east-2:577405208411:stack/supportAgentDemo-AgentCoreStack/74e9b510-1664-11f1-8ec7-0606ac99759d ✨ Total time: 41.4s NOTICES (What's this? https://github.com/aws/aws-cdk/wiki/CLI-Notices) 37013 (cli) cdk watch triggers deployment unexpectedly or not at all Overview: Do not use 'cdk watch' with this version of the cdk cli. Upgrade to ^2.1106.0. Affected versions: cli: >=2.1103.0 <2.1106.0 More information at: https://github.com/aws/aws-cdk/issues/37013 34892 CDK CLI collects telemetry data on command usage starting at version 2.1100.0 (unless opted out) Overview: We do not collect customer content and we anonymize the telemetry we do collect. See the attached issue for more information on what data is collected, why, and how to opt-out. Telemetry will NOT be collected for any CDK CLI version prior to version 2.1100.0 - regardless of opt-in/out. You can also view the telemetry we collect by logging it to a local file, by adding `--telemetry-file=my/local/file` to any `cdk` command. Affected versions: cli: >=2.1100.0 <2.1106.1 More information at: https://github.com/aws/aws-cdk/issues/34892 If you don’t want to see a notice anymore, use "cdk acknowledge <id>". For example, "cdk acknowledge 37013". CDK outputs written to /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/cdk-outputs.json ==> Generating .bedrock_agentcore.yaml Generated /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/.bedrock_agentcore.yaml ============================================================ Deployment complete! ============================================================ Next steps: 1. Check agent status: uv run agentcore status 2. Create a Cognito user: uv run scripts/cognito-user.py --create 3. Log in and set your bearer token: eval $(uv run scripts/cognito-user.py --login --export) 4. Invoke the agent: uv run agentcore invoke '{"prompt": "Who am I?"}' To tear down all resources later: scripts/teardown.sh The deployment threw some warnings. It turned out that some of the checks weren’t quite reliable. I would fix a problem called out by the script, and it would still be called out the next time I ran it. Note that part of what the setup script did was to create a Docker pod on my machine and register it with AWS’s directory. When I re-ran the script, it would build new Docker images, so I’d have to delete the old ones manually. I’ve skipped showing you the agent status script (1 above). It originally didn’t have the uv run prefix, and agentcore, which only existed inside a Python environment, wasn’t found. Once we got that sorted, it gave a false negative the first few times I ran it, until the AWS engineers fixed a parsing problem; then it just worked. In the user creation script, you also need the uv run prefix: martinheller@Mac customer-support-agent-with-agentcore % uv run scripts/cognito-user.py --create Choose a demo user: 1) john@example.com (John Doe) 2) jane@example.com (Jane Smith) Enter 1 or 2: 1 Password requirements: - At least 8 characters - At least one uppercase letter (A-Z) - At least one lowercase letter (a-z) - At least one number (0-9) - At least one special character (e.g. !@#$%^&*) Password: User already exists: john@example.com Password set for: john@example.com Added to group: standard User ready. Login with: eval $(uv run scripts/cognito-user.py --login --export) The Cognito user has to match a pre-populated database of demo users, which is why there are only two choices. martinheller@Mac customer-support-agent-with-agentcore % eval $(uv run scripts/cognito-user.py --login --export) Opening browser for authentication... Waiting for callback... Login successful. BEDROCK_AGENTCORE_BEARER_TOKEN is now set. That Cognito login step retrieves the OAuth bearer token to be used for the rest of the session. It expires after an hour. Don’t ask me how I know. Yes, you have to log into AWS as well as logging into Cognito. As AWS explains, the dual login is by design to maintain integrity of the agents developers are building. Cognito identifies who the user is (OAuth bearer token, one-hour expiry), and AWS identifies which service boundary you’re in. martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "Who am I?"}' Using bearer token for OAuth authentication Using JWT authentication I'll look up your account information using your email address.Hello! You are **John Doe** (Customer ID: CUST-001). Your account is registered with the email john@example.com, and you've been a member since June 1, 2023. How can I help you today? ╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮ │ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │ │ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │ │ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --follow │ │ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --since 1h │ │ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │ ╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ That actually went through the Claude model. If you get an error at this point, you might not have Anthropic permission or any Bedrock Claude quota. Asking for a quota is a matter of filling out an AWS form and waiting a couple of days. The next query, for an order list, also goes through the model. martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "Show me my recent orders"}' Using bearer token for OAuth authentication Using JWT authentication I'll look up your recent orders for you.Now let me get the full details for each of these orders to show you what items were in them.Here are your recent orders: **1. Order ORD-12430** - Ordered Feb 5, 2025 | Delivered Feb 10, 2025 - 4K Monitor (1x) - $399.00 - **Total: $399.00** | Status: ✓ Delivered **2. Order ORD-12420** - Ordered Feb 1, 2025 | Delivered Feb 4, 2025 - Phone Case (1x) - $29.99 - **Total: $29.99** | Status: ✓ Delivered **3. Order ORD-12410** - Ordered Jan 25, 2025 | Delivered Jan 29, 2025 - Mechanical Keyboard (1x) - $149.99 - **Total: $149.99** | Status: ✓ Delivered **4. Order ORD-12400** - Ordered Jan 20, 2025 | Delivered Jan 23, 2025 - USB-C Charging Cable (2x) - $12.99 each - **Total: $25.98** | Status: ✓ Delivered **5. Order ORD-12345** - Ordered Jan 15, 2025 | Delivered Jan 20, 2025 - Wireless Headphones (1x) - $79.99 - **Total: $79.99** | Status: ✓ Delivered **6. Order ORD-12300** - Ordered Jan 2, 2025 | Delivered Jan 8, 2025 - Running Shoes (1x) - $249.00 - **Total: $249.00** | Status: ✓ Delivered All of your recent orders have been delivered successfully! Is there anything specific you'd like to know about any of these orders? ╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮ │ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │ │ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │ │ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --follow │ │ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --since 1h │ │ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │ ╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ The next query demonstrates that we can ask the customer support agent for refund. This is a small item, so it’s supposed to go through without an issue. martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a refund for order ORD-12420. The phone case was damaged."}' Using bearer token for OAuth authentication Using JWT authentication I'll process a refund for your damaged phone case from order ORD-12420.Perfect! Your refund has been processed successfully. **Refund Details:** - Refund ID: REF-DC32B - Order: ORD-12420 (Phone Case) - Amount: $29.99 - Reason: Damaged item - Status: Processed You should receive the refund in your original payment method within **3-5 business days**. I'm sorry to hear the phone case arrived damaged. Is there anything else I can help you with today? ╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮ │ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │ │ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │ │ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --follow │ │ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --since 1h │ │ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │ ╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ This next refund request really should be rejected or bumped up to a human customer support agent for approval. martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a refund of $399 for order ORD-12430. The monitor has dead pixels."}' Using bearer token for OAuth authentication Using JWT authentication I'll process a refund for your 4K Monitor from order ORD-12430 due to the dead pixels.Your refund has been successfully processed! **Refund Details:** - Refund ID: REF-5DEA4 - Order: ORD-12430 (4K Monitor) - Amount: $399.00 - Reason: Damaged item (dead pixels) - Status: Processed You should receive the refund to your original payment method within **3-5 business days**. I'm sorry the monitor had dead pixels. If you'd like to order a replacement, please let me know and I can assist you with that. Is there anything else I can help you with? ╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮ │ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │ │ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │ │ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --follow │ │ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --since 1h │ │ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │ ╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ It went through, however. The fix for that (part of the demo, not a bug) is to add some policies. This is the policy that keeps the model from processing refunds >$100. I entered the English prompt at the left; Bedrock generated the Cedar policy at the right. Amazon Web Services With the policy in place, I tried again, and the request was denied. martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a full refund for order ORD-12300. The shoes dont fit."}' Using bearer token for OAuth authentication Using JWT authentication I'll process a refund for your Running Shoes from order ORD-12300.I'm unable to process this refund request. The system has denied the refund with the following message: **"Tool call not allowed due to policy enforcement [No policy applies to the request (denied by default).]"** This appears to be a policy restriction. Given that order ORD-12300 was delivered on January 8, 2025 (over a month ago), it may be outside the refund window for non-defective items or there may be specific policies regarding fit-related returns. I recommend: 1. Checking our return policy for the timeframe allowed for returns 2. Contacting our returns department directly for assistance with this older order 3. Inquiring about exchange options if available I apologize for the inconvenience. Is there anything else I can help you with today? ╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮ │ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │ │ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │ │ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --follow │ │ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │ │ "2026/03/02/[runtime-logs]" --since 1h │ │ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │ ╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ The policy, which is applied outside the agent, worked as designed, but the model was confused as to why. Claude being Claude, it hallucinated some reasons why, and made three irrelevant recommendations. You would think that the model should know about any policies in place, but applying them outside the model avoids the possibility of a malicious prompt convincing the model to issue a large refund. If there’s a safe way to fix that, it’s above my pay grade. By the way, even with all my retries, running this demo cost me a whopping $0.35 in AWS charges. A solid foundation for agents Amazon Bedrock AgentCore is a credible attempt to put together an enterprise-grade infrastructure and operations layer for deploying and managing AI agents at scale. The services themselves seem solid. The example I tried had multiple bugs and documentation errors, but I reported these and the AWS engineers fixed them quickly. I still question the design of the policy module with respect to how it interacts with the model. There should be a way to pass the reason why an action is denied back to the model so that it doesn’t hallucinate its own reason. I just don’t know how that would work in this architecture. Cost Depends on consumption. See https://aws.amazon.com/bedrock/agentcore/pricing/; scroll down to the pricing table and pricing examples. Platform Server: AWS. Client: macOS, Linux, or Windows. Pros Strong collection of relevant service modules Extensive samples Cons Documentation can be disorienting with multiple options The samples seem to be on their “shakedown cruise” at this point Generative AIArtificial IntelligenceCloud ComputingAmazon Web ServicesIaaSSoftware Development