While Amazon Bedrock facilitates the development and scaling of generative AI applications, Amazon Bedrock AgentCore provides an enterprise-grade layer for the infrastructure and operations needed to deploy and manage AI agents on a large scale. AgentCore itself maintains neutrality regarding models, frameworks, and integrations; however, its initial CLI toolkit predominantly supports the most widely recognized options.

The CLI is capable of generating agents using models from Amazon Bedrock, Anthropic, Google Gemini, and OpenAI. It supports frameworks such as Strands, LangGraph, Microsoft Autogen, OpenAI Agents SDK, Google Agent Development Kit, and CrewAI, and integrates with Amazon AgentCore Memory, AgentCore Observability, and AgentCore Gateway. It’s worth noting that several of these are offerings from AWS competitors.

AgentCore’s primary offerings encompass a runtime environment, memory solutions (both for short-term and long-term data retention), a gateway, identity management, a secure sandboxed code interpreter, a cloud-based browser, observability tools, an evaluation service, and a policy enforcement mechanism that operates independently of the agent. We will delve into these features in greater detail below.

Direct rivals to AgentCore in the cloud platform space offer comparable enterprise-level hosting, security, and governance for agents within their respective ecosystems. These include:

1. Google Cloud Agent SDK (ADK): This SDK is built upon Vertex AI and provides tight integration with Gemini models.
2. Azure AI Foundry Agents: An optimal choice for organizations deeply invested in the Microsoft ecosystem and the Azure OpenAI Service.
3. Databricks Agent Bricks: A data-centric alternative that leverages the Unity Catalog for constructing agents directly from corporate data.

Additional contenders (and sometimes collaborators) to AgentCore include the OpenAI Agents SDK, LangChain/LangGraph, CrewAI, and SmythOS.

Amazon Web Services

Amazon Web Services

AgentCore’s Primary Services

The essential services of AgentCore comprise a runtime, memory management (for both short-term and long-term data), a gateway, identity controls, a sandboxed code interpreter, a cloud-based web browser, observability features, an evaluation module, and a policy enforcement capability that operates externally to the agent. You have the flexibility to utilize any of these services to support your agent development efforts.

AgentCore Runtime offers a secure, serverless execution environment designed for deploying and scaling dynamic AI agents and their tools. It facilitates rapid cold starts for real-time interactions, supports extended runtimes for asynchronous agents, ensures true session isolation, includes built-in identity features, and handles multi-modal and multi-agent workloads. This runtime integrates seamlessly with custom and open-source frameworks, as well as any foundation model, whether it resides within or outside Amazon Bedrock.

AgentCore Memory enables the creation of context-aware agents, giving you granular control over what information an agent retains and learns. It supports both short-term memory for ongoing conversations and long-term memory that persists across different sessions. This feature allows memory stores to be shared among agents and facilitates learning from past experiences. It is compatible with LangGraph, LangChain, Strands, and LlamaIndex.

AgentCore Gateway offers a secure method for transforming any APIs, Lambda functions, and existing services into tools that are compatible with the Model Context Protocol (MCP). It can also establish connections to pre-existing MCP servers, making them accessible to AI agents through gateway endpoints with minimal code.

AgentCore Identity is a robust and scalable service for managing agent identities, access, and authentication. It works with various identity and credential providers, removing the need for user migration or the recreation of authentication flows.

AgentCore Code Interpreter provides an isolated sandbox environment where agents can execute code, thereby improving their precision and operational scope. It supports Python, JavaScript, and TypeScript. By default, it allows for an execution time of 15 minutes, which can be extended up to eight hours. It’s best practice to keep code snippets brief and focused on specific tasks. You can use the Strands Agents SDK with Python or TypeScript, or alternatively the bedrock_agentcore SDK or Boto3 with Python. The architecture for session isolation in both the code interpreter and the browser relies on Firecracker microVMs.

AgentCore Browser is a remote browser that operates in a separate environment rather than on the local machine. For agent development, remote browsers enable AI agents to interact with the web much like humans do. AgentCore Browser allows your agent and model to navigate websites, complete forms, click buttons, and parse dynamic content. It also offers a live view for monitoring and intervention if required. AgentCore Browser integrates with Nova Act, Strands, and Playwright to automate web interactions.

AgentCore Observability offers a centralized view for tracing, debugging, and monitoring agent performance in production. It provides detailed visual representations of each step in the agent’s workflow, allowing you to examine the execution path, audit intermediate outputs, and pinpoint performance bottlenecks and failures. This feature integrates with any observability stack that supports the OpenTelemetry (OTEL) format.

AgentCore Evaluations is a service designed for automated, consistent, and data-driven assessment of agents. AgentCore Evaluations measures the effectiveness of your agents and tools in executing tasks, handling edge cases, and maintaining reliable output across various inputs and contexts.

AgentCore Policy is a feature that provides deterministic control to ensure agents operate within defined boundaries and business rules without hindering their speed. You can create rules using natural language or Cedar (AWS’s open-source policy language). Policies are enforced externally to the agents, preventing models from violating specified constraints.

AgentCore Applications

Amazon Bedrock AgentCore enables the deployment of AI agents with high scalability, reliability, and security. AgentCore supports three main categories of use cases: agents, MCP servers, and agent platforms.

With agents, you can develop AI applications capable of reasoning, utilizing tools, and maintaining context. These can be applied to diverse areas such as customer support, workflow automation, data analysis, or coding assistance. By using AgentCore, your agents benefit from serverless execution, isolated sessions, persistent memory, and integrated observability.

AgentCore facilitates the conversion of APIs, databases, and services into functional tools for MCP-compatible agents. You can deploy a gateway that encapsulates your Lambda functions or OpenAPI specifications, making your backend systems accessible to agents without requiring code rewrites.

Lastly, you can construct agent platforms that empower your developers or customers to deploy agents using approved tools, shared memory stores, and governed access to enterprise services. These platforms can incorporate observability, authentication, and compliance by utilizing standard AgentCore core services.

Customer Support Agent Demonstration

The AgentCore team suggested I try the Customer Support Agent demo (refer to the architecture diagram below). Although it presented as a typical AWS architecture involving multiple services, I’ve encountered much more complex setups. So, I decided to proceed.

Amazon Web Services

Almost a week later, and after numerous reported and resolved bugs and obstacles, I successfully finished the exercise. The terminal logs are presented below, beginning with the deployment script. I’ve omitted the step of logging into AWS from my local command line, as it involves a browser redirect to establish the local session with the appropriate credentials.

martinheller@Mac customer-support-agent-with-agentcore % scripts/deploy.sh
==> Pre-flight checks
    Verifying Bedrock model access (global.anthropic.claude-sonnet-4-5-20250929-v1:0)...
WARNING: Could not invoke Bedrock model (global.anthropic.claude-sonnet-4-5-20250929-v1:0).
         Possible reasons:
     1. Anthropic first-time usage form not completed.
        Complete it in the Bedrock console Playground by selecting any Anthropic Claude model.
        Details: https://aws.amazon.com/blogs/security/simplified-amazon-bedrock-model-access/

     2. Your current IAM identity lacks bedrock:InvokeModel permission.
        Note: the deployed agent uses its own execution role, so this may not
        be a problem. Verify after deployment with: uv run agentcore invoke

     The deploy will continue.
All checks passed.
==> Installing Python dependencies (uv sync)

Resolved 110 packages in 14ms

Audited 103 packages in 11ms
==> Installing CDK dependencies (npm install)
up to date, audited 337 packages in 901ms
37 packages are looking for funding

run npm fund for details
3 vulnerabilities (1 moderate, 2 high)
To address all issues, run:

npm audit fix
Run npm audit for details.
==> Bootstrapping CDK (if needed)
> cdk@0.1.0 cdk

> cdk bootstrap
⏳  Bootstrapping environment aws://577405208411/us-east-2...

Trusted accounts for deployment: (none)

Trusted accounts for lookup: (none)

Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.

✅  Environment aws://577405208411/us-east-2 bootstrapped (no changes).
NOTICES         (What's this? https://github.com/aws/aws-cdk/wiki/CLI-Notices)
37013   (cli) cdk watch triggers deployment unexpectedly or not at all
Overview: Do not use 'cdk watch' with this version of the cdk cli.
          Upgrade to ^2.1106.0.

Affected versions: cli: >=2.1103.0 <2.1106.0

More information at: https://github.com/aws/aws-cdk/issues/37013
34892   CDK CLI collects telemetry data on command usage starting at version 2.1100.0 (unless opted out)
Overview: We do not collect customer content and we anonymize the
          telemetry we do collect. See the attached issue for more
          information on what data is collected, why, and how to
          opt-out. Telemetry will NOT be collected for any CDK CLI
          version prior to version 2.1100.0 - regardless of
          opt-in/out. You can also view the telemetry we collect by
          logging it to a local file, by adding
          `--telemetry-file=my/local/file` to any `cdk` command.

Affected versions: cli: >=2.1100.0 <2.1106.1

More information at: https://github.com/aws/aws-cdk/issues/34892
If you don’t want to see a notice anymore, use "cdk acknowledge <id>". For example, "cdk acknowledge 37013".
==> Deploying all stacks
> cdk@0.1.0 cdk:deploy:ci

> cdk deploy --all --require-approval never --outputs-file /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/cdk-outputs.json
✨  Synthesis time: 2.29s
supportAgentDemo-DockerImageStack: start: Building supportAgentDemo-DockerImageStack Template

supportAgentDemo-DockerImageStack: success: Built supportAgentDemo-DockerImageStack Template

supportAgentDemo-DockerImageStack: start: Building supportAgentDemo-AppImage

supportAgentDemo-DockerImageStack: start: Publishing supportAgentDemo-DockerImageStack Template (current_account-current_region-f5e9391a)

supportAgentDemo-DockerImageStack: success: Published supportAgentDemo-DockerImageStack Template (current_account-current_region-f5e9391a)
0 building with "desktop-linux" instance using docker driver
1 [internal] load build definition from Dockerfile
1 transferring dockerfile: 795B done
1 DONE 0.0s
2 [internal] load metadata for ghcr.io/astral-sh/uv:python3.13-bookworm-slim
2 DONE 3.6s
3 [internal] load .dockerignore
3 transferring context: 814B done
3 DONE 0.0s
4 [1/7] FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim@sha256:531f855bda2c73cd6ef67d56b733b357cea384185b3022bd09f05e002cd144ca
4 DONE 0.0s
5 [internal] load build context
5 transferring context: 1.87MB 0.0s done
5 DONE 0.0s
6 [5/7] RUN uv pip install aws-opentelemetry-distro==0.12.2
6 CACHED
7 [4/7] RUN uv pip install -r pyproject.toml
7 CACHED
8 [2/7] WORKDIR /app
8 CACHED
9 [3/7] COPY pyproject.toml pyproject.toml
9 CACHED
10 [6/7] RUN useradd -m -u 1000 bedrock_agentcore
10 CACHED
11 [7/7] COPY . .
11 DONE 0.0s
12 exporting to image
12 exporting layers done
12 writing image sha256:103477e07cdce77a6d41dc7f875d781cb408dc59556cdf205c5dddeed5cc50d0 done
12 naming to docker.io/library/cdkasset-9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462 done
12 DONE 0.0s
View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/jogcv8dnbz67ymx5fi5dnrfbt

supportAgentDemo-DockerImageStack: success: Built supportAgentDemo-AppImage

supportAgentDemo-DockerImageStack: start: Publishing supportAgentDemo-AppImage (current_account-current_region-eadbec27)

supportAgentDemo-AgentCoreStack: start: Building supportAgentDemo-AgentCoreStack Template

supportAgentDemo-AgentCoreStack: success: Built supportAgentDemo-AgentCoreStack Template

The push refers to repository [577405208411.dkr.ecr.us-east-2.amazonaws.com/cdk-hnb659fds-container-assets-577405208411-us-east-2]

f75c8a00d29b: Preparing

e9cefea56108: Preparing

6ad1a9eaa547: Preparing

2c4f33ca63a0: Preparing

bd07e5776977: Preparing

65d80ab29699: Preparing

d700e87997ad: Preparing

b27347ec89d2: Preparing

733eb94a487b: Preparing

dac1af1d7cd9: Preparing

bd390c400455: Preparing

d700e87997ad: Waiting

b27347ec89d2: Waiting

733eb94a487b: Waiting

dac1af1d7cd9: Waiting

bd390c400455: Waiting

65d80ab29699: Waiting

e9cefea56108: Layer already exists

6ad1a9eaa547: Layer already exists

2c4f33ca63a0: Layer already exists

bd07e5776977: Layer already exists

65d80ab29699: Layer already exists

d700e87997ad: Layer already exists

733eb94a487b: Layer already exists

b27347ec89d2: Layer already exists

dac1af1d7cd9: Layer already exists

bd390c400455: Layer already exists

f75c8a00d29b: Pushed

9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462: digest: sha256:455ae21c8896a1df8558466d99b87e0f038e79b5baaf00514f810f95183562d0 size: 2627

supportAgentDemo-DockerImageStack: success: Published supportAgentDemo-AppImage (current_account-current_region-eadbec27)

supportAgentDemo-DockerImageStack

supportAgentDemo-DockerImageStack: deploying... [1/2]

supportAgentDemo-DockerImageStack: creating CloudFormation changeset...
✅  supportAgentDemo-DockerImageStack
✨  Deployment time: 13.06s
Outputs:

supportAgentDemo-DockerImageStack.ImageUri = 577405208411.dkr.ecr.us-east-2.amazonaws.com/cdk-hnb659fds-container-assets-577405208411-us-east-2:9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462

Stack ARN:

arn:aws:cloudformation:us-east-2:577405208411:stack/supportAgentDemo-DockerImageStack/6d08ccf0-1664-11f1-8de3-0a00ca3e2d9f
✨  Total time: 15.35s
supportAgentDemo-AgentCoreStack: start: Publishing supportAgentDemo-AgentCoreStack Template (current_account-current_region-8aa3c459)

supportAgentDemo-AgentCoreStack: success: Published supportAgentDemo-AgentCoreStack Template (current_account-current_region-8aa3c459)
✅  supportAgentDemo-AgentCoreStack
✨  Deployment time: 39.12s
Outputs:

supportAgentDemo-AgentCoreStack.AccountId = 577405208411

supportAgentDemo-AgentCoreStack.AuthorizerDiscoveryUrl = https://cognito-idp.us-east-2.amazonaws.com/us-east-2_NaZm7AOfz/.well-known/openid-configuration

supportAgentDemo-AgentCoreStack.ClientId = 7nvmhkv45gh933mircjoji1gfe

supportAgentDemo-AgentCoreStack.CognitoDomain = supportagentdemo-577405208411-us-east-2.auth.us-east-2.amazoncognito.com

supportAgentDemo-AgentCoreStack.GatewayId = supportagentdemo-gateway-7d3m0sdfzy

supportAgentDemo-AgentCoreStack.GatewayUrl = https://supportagentdemo-gateway-7d3m0sdfzy.gateway.bedrock-agentcore.us-east-2.amazonaws.com/mcp

supportAgentDemo-AgentCoreStack.MemoryArn = arn:aws:bedrock-agentcore:us-east-2:577405208411:memory/supportAgentDemo_Memory_v2-bLfMFAGQmp

supportAgentDemo-AgentCoreStack.MemoryId = supportAgentDemo_Memory_v2-bLfMFAGQmp

supportAgentDemo-AgentCoreStack.Region = us-east-2

supportAgentDemo-AgentCoreStack.RuntimeArn = arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf

supportAgentDemo-AgentCoreStack.RuntimeId = supportAgentDemo_Agent-U90VrdH6Rf

supportAgentDemo-AgentCoreStack.RuntimeName = supportAgentDemo_Agent

supportAgentDemo-AgentCoreStack.UserPoolId = us-east-2_NaZm7AOfz

Stack ARN:

arn:aws:cloudformation:us-east-2:577405208411:stack/supportAgentDemo-AgentCoreStack/74e9b510-1664-11f1-8ec7-0606ac99759d
✨  Total time: 41.4s
NOTICES         (What's this? https://github.com/aws/aws-cdk/wiki/CLI-Notices)
37013   (cli) cdk watch triggers deployment unexpectedly or not at all
Overview: Do not use 'cdk watch' with this version of the cdk cli.
          Upgrade to ^2.1106.0.

Affected versions: cli: &gt;=2.1103.0 &lt;2.1106.0

More information at: https://github.com/aws/aws-cdk/issues/37013
34892   CDK CLI collects telemetry data on command usage starting at version 2.1100.0 (unless opted out)
Overview: We do not collect customer content and we anonymize the
          telemetry we do collect. See the attached issue for more
          information on what data is collected, why, and how to
          opt-out. Telemetry will NOT be collected for any CDK CLI
          version prior to version 2.1100.0 - regardless of
          opt-in/out. You can also view the telemetry we collect by
          logging it to a local file, by adding
          `--telemetry-file=my/local/file` to any `cdk` command.

Affected versions: cli: &gt;=2.1100.0 &lt;2.1106.1

More information at: https://github.com/aws/aws-cdk/issues/34892
If you don’t want to see a notice anymore, use "cdk acknowledge <id>". For example, "cdk acknowledge 37013".

CDK outputs written to /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/cdk-outputs.json
==> Generating .bedrock_agentcore.yaml

Generated /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/.bedrock_agentcore.yaml
============================================================

Deployment complete!
Next steps:


Check agent status:

uv run agentcore status


Create a Cognito user:

uv run scripts/cognito-user.py --create


Log in and set your bearer token:

eval $(uv run scripts/cognito-user.py --login --export)


Invoke the agent:

uv run agentcore invoke '{"prompt": "Who am I?"}'


To tear down all resources later:

scripts/teardown.sh


The deployment process generated several warnings. It became apparent that some of these checks were not entirely reliable. Even after addressing a reported issue, it would still appear in subsequent script runs.

Notably, a part of the setup script involved creating a Docker pod on my machine and registering it with AWS’s directory. When I re-executed the script, it would create new Docker images, necessitating manual deletion of the older ones.
I have excluded the agent status script (step 1 above) from this display. Initially, it lacked the uv run prefix, preventing the agentcore command, which resides within a Python environment, from being found. Once that was resolved, it initially produced false negatives until AWS engineers rectified a parsing error; after which, it functioned correctly.

For the user creation script, you also need to include the uv run prefix:

martinheller@Mac customer-support-agent-with-agentcore % uv run scripts/cognito-user.py --create
Choose a demo user:

john@example.com  (John Doe)
jane@example.com  (Jane Smith)

Enter 1 or 2: 1
Password requirements:

At least 8 characters
At least one uppercase letter (A-Z)
At least one lowercase letter (a-z)
At least one number (0-9)
At least one special character (e.g. !@#$%^&*)

Password:
User already exists: john@example.com
Password set for: john@example.com
Added to group: standard
User ready. Login with:
eval $(uv run scripts/cognito-user.py --login --export)

The Cognito user must correspond to an entry in a pre-populated database of demonstration users, which explains the limited choice of only two options.

martinheller@Mac customer-support-agent-with-agentcore % eval $(uv run scripts/cognito-user.py --login --export)
Opening browser for authentication...
Waiting for callback...
Login successful. BEDROCK_AGENTCORE_BEARER_TOKEN is now set.

This Cognito login step obtains the OAuth bearer token, which will be utilized for the remainder of the session. It expires after one hour—a detail I learned from experience. Yes, it’s necessary to log into AWS in addition to logging into Cognito.

martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "Who am I?"}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll look up your account information using your email address.Hello! You are **John Doe** (Customer ID: CUST-001). Your account is registered with the email john@example.com, and you've been a member since June 1, 2023. How can I help you today?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d                                                                                          │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf                                        │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix                 │
│ "2026/03/02/[runtime-logs]" --follow                                                                                                   │
│       aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix                 │
│ "2026/03/02/[runtime-logs]" --since 1h                                                                                                 │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core                       │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

That interaction successfully utilized the Claude model. If you encounter an error at this stage, it might indicate a lack of Anthropic permission or insufficient Bedrock Claude quota. Requesting a quota involves completing an AWS form and waiting a couple of days. The subsequent query, requesting an order list, also processed through the model.

martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "Show me my recent orders"}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll look up your recent orders for you.Now let me get the full details for each of these orders to show you what items were in them.Here are your recent orders:
1. Order ORD-12430 - Ordered Feb 5, 2025 | Delivered Feb 10, 2025

4K Monitor (1x) - $399.00
Total: $399.00 | Status: ✓ Delivered

2. Order ORD-12420 - Ordered Feb 1, 2025 | Delivered Feb 4, 2025

Phone Case (1x) - $29.99
Total: $29.99 | Status: ✓ Delivered

3. Order ORD-12410 - Ordered Jan 25, 2025 | Delivered Jan 29, 2025

Mechanical Keyboard (1x) - $149.99
Total: $149.99 | Status: ✓ Delivered

4. Order ORD-12400 - Ordered Jan 20, 2025 | Delivered Jan 23, 2025

USB-C Charging Cable (2x) - $12.99 each
Total: $25.98 | Status: ✓ Delivered

5. Order ORD-12345 - Ordered Jan 15, 2025 | Delivered Jan 20, 2025

Wireless Headphones (1x) - $79.99
Total: $79.99 | Status: ✓ Delivered

6. Order ORD-12300 - Ordered Jan 2, 2025 | Delivered Jan 8, 2025

Running Shoes (1x) - $249.00
Total: $249.00 | Status: ✓ Delivered

All of your recent orders have been delivered successfully! Is there anything specific you'd like to know about any of these orders?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d                                                                                          │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf                                        │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix                 │
│ "2026/03/02/[runtime-logs]" --follow                                                                                                   │
│       aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --since 1h                                                                                                 │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core                       │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

The subsequent query illustrates that we can request a refund from the customer support agent. Since this is for a small item, it’s expected to proceed without any complications.

martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a refund for order ORD-12420. The phone case was damaged."}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll process a refund for your damaged phone case from order ORD-12420.Perfect! Your refund has been processed successfully.
Refund Details:

Refund ID: REF-DC32B
Order: ORD-12420 (Phone Case)
Amount: $29.99
Reason: Damaged item
Status: Processed

You should receive the refund in your original payment method within 3-5 business days.
I'm sorry to hear the phone case arrived damaged. Is there anything else I can help you with today?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d                                                                                          │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf                                        │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix                 │
│ "2026/03/02/[runtime-logs]" --follow                                                                                                   │
│       aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --since 1h                                                                                                 │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core                       │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

This upcoming refund request, however, should ideally be declined or escalated to a human customer support agent for approval.

martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a refund of $399 for order ORD-12430. The monitor has dead pixels."}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll process a refund for your 4K Monitor from order ORD-12430 due to the dead pixels.Your refund has been successfully processed!
Refund Details:

Refund ID: REF-5DEA4
Order: ORD-12430 (4K Monitor)
Amount: $399.00
Reason: Damaged item (dead pixels)
Status: Processed

You should receive the refund to your original payment method within 3-5 business days.
I'm sorry the monitor had dead pixels. If you'd like to order a replacement, please let me know and I can assist you with that. Is there anything else I can help you with?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d                                                                                          │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf                                        │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix                 │
│ "2026/03/02/[runtime-logs]" --follow                                                                                                   │
│       aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --since 1h                                                                                                 │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core                       │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

However, it was processed. The solution for this (part of the demo, not a bug) involves implementing certain policies.

Amazon Web Services

With the policy implemented, I retried the request, and it was subsequently denied.

martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a full refund for order ORD-12300. The shoes dont fit."}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll process a refund for your Running Shoes from order ORD-12300.I'm unable to process this refund request. The system has denied the refund with the following message:
"Tool call not allowed due to policy enforcement [No policy applies to the request (denied by default).]"
This appears to be a policy restriction. Given that order ORD-12300 was delivered on January 8, 2025 (over a month ago), it may be outside the refund window for non-defective items or there may be specific policies regarding fit-related returns.
I recommend:

Checking our return policy for the timeframe allowed for returns
Contacting our returns department directly for assistance with this older order
Inquiring about exchange options if available

I apologize for the inconvenience. Is there anything else I can help you with today?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d                                                                                          │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf                                        │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix                 │
│ "2026/03/02/[runtime-logs]" --follow                                                                                                   │
│       aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --since 1h                                                                                                 │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core                       │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

The policy, which operates independently of the agent, functioned as intended, yet the model seemed confused about the reason for the denial. True to its nature, Claude fabricated some explanations and offered three irrelevant suggestions. One might expect the model to be aware of any active policies, but applying them externally prevents a malicious prompt from coaxing the model into issuing a substantial refund. If there’s a secure way to address this, it’s beyond my expertise.

Incidentally, even with all my repeated attempts, running this demonstration incurred a mere $0.35 in AWS charges.

A Robust Base for Agents

Amazon Bedrock AgentCore represents a commendable effort to establish an enterprise-grade infrastructure and operational framework for deploying and managing AI agents at scale. The services themselves appear robust. The example I tested had several bugs and documentation inaccuracies, but I reported these, and the AWS engineers promptly resolved them.

I still have reservations about the design of the policy module concerning its interaction with the model. There should be a mechanism to communicate the reason for an action’s denial back to the model, preventing it from generating its own, potentially incorrect, explanations. I am unsure how such a mechanism would be implemented within this architectural framework.

Pricing

Costs vary depending on usage. Refer to https://aws.amazon.com/bedrock/agentcore/pricing/; scroll down to view the pricing table and examples.

Platform Compatibility

Server-side: AWS. Client-side: macOS, Linux, or Windows.

Advantages

1. A robust set of relevant service modules.
2. Extensive sample resources.

Disadvantages

1. The documentation can sometimes be confusing due to multiple options.
2. The provided samples currently appear to be in an early “shakedown” phase.