## Prerequisites

To execute this tutorial you will need:
* Python 3.10+
* AWS credentials configured
* Amazon Bedrock AgentCore SDK
* MCP (Model Context Protocol) library
* Docker running

In [None]:
!pip install --force-reinstall -U -r requirements.txt --quiet

## Understanding MCP (Model Context Protocol)

MCP is a protocol that allows AI models to securely access external data and tools. Key concepts:

* **Tools**: Functions that the AI can call to perform actions
* **Streamable HTTP**: Transport protocol used by AgentCore Runtime
* **Session Isolation**: Each client gets isolated sessions via `Mcp-Session-Id` header
* **Stateless Operation**: Servers must support stateless operation for scalability

AgentCore Runtime expects MCP servers to be hosted on `0.0.0.0:8000/mcp` as the default path.

### Project Structure

Let's set up our project with the proper structure:

```
mcp_server_project/
‚îú‚îÄ‚îÄ mcp_server.py              # Main MCP server code
‚îú‚îÄ‚îÄ my_mcp_client.py          # Local testing client
‚îú‚îÄ‚îÄ my_mcp_client_remote.py   # Remote testing client
‚îú‚îÄ‚îÄ requirements.txt          # Dependencies
‚îî‚îÄ‚îÄ __init__.py              # Python package marker
```

## Creating MCP Server

Now let's create our MCP server with three simple tools. The server uses FastMCP with `stateless_http=True` which is required for AgentCore Runtime compatibility.

In [1]:
%%writefile mcp_server.py
from mcp.server.fastmcp import FastMCP
from starlette.responses import JSONResponse
from typing import Dict, List
import uuid

mcp = FastMCP(host="0.0.0.0", stateless_http=True)

# In-memory storage
rapps_db: Dict[str, dict] = {
    "qos-optimizer": {
        "rappId": "qos-optimizer",
        "name": "QoS Optimizer rApp",
        "state": "PRIMED",
        "reason": "Successfully primed and ready for instantiation",
        "packageLocation": "/packages/qos-optimizer-v1.0.csar",
        "packageName": "qos-optimizer-v1.0.csar",
        "rappInstances": {}
    }
}

@mcp.tool()
def get_rapps() -> List[dict]:
    """Get all rApps"""
    return list(rapps_db.values())

@mcp.tool()
def create_rapp(package_name: str) -> dict:
    """Create a new rApp"""
    rapp_id = f"rapp-{uuid.uuid4().hex[:8]}"
    new_rapp = {
        "rappId": rapp_id,
        "name": f"rApp {rapp_id}",
        "state": "COMMISSIONED",
        "reason": "rApp package uploaded and validated",
        "packageLocation": f"/packages/{package_name}",
        "packageName": package_name,
        "rappInstances": {}
    }
    rapps_db[rapp_id] = new_rapp
    return {"rappId": rapp_id, "message": "rApp created successfully"}

@mcp.tool()
def get_rapp(rapp_id: str) -> dict:
    """Get rApp by ID"""
    if rapp_id not in rapps_db:
        return {"error": "rApp not found"}
    return rapps_db[rapp_id]

@mcp.tool()
def delete_rapp(rapp_id: str) -> dict:
    """Delete rApp"""
    if rapp_id not in rapps_db:
        return {"error": "rApp not found"}
    del rapps_db[rapp_id]
    return {"message": "rApp deleted successfully"}

@mcp.tool()
def prime_rapp(rapp_id: str, prime_order: str) -> dict:
    """Prime or deprime rApp"""
    if rapp_id not in rapps_db:
        return {"error": "rApp not found"}
    
    rapp = rapps_db[rapp_id]
    if prime_order == "PRIME":
        rapp["state"] = "PRIMED"
        rapp["reason"] = "rApp primed successfully"
    else:
        rapp["state"] = "COMMISSIONED"
        rapp["reason"] = "rApp deprimed successfully"
    
    return {"message": f"rApp {prime_order.lower()} operation accepted"}

@mcp.tool()
def get_rapp_instances(rapp_id: str) -> List[dict]:
    """Get rApp instances"""
    if rapp_id not in rapps_db:
        return []
    
    rapp = rapps_db[rapp_id]
    return list(rapp["rappInstances"].values())

@mcp.tool()
def create_rapp_instance(rapp_id: str, instance_id: str = None) -> dict:
    """Create rApp instance"""
    if rapp_id not in rapps_db:
        return {"error": "rApp not found"}
    
    rapp = rapps_db[rapp_id]
    if rapp["state"] != "PRIMED":
        return {"error": "rApp must be primed before creating instances"}
    
    if not instance_id:
        instance_id = f"instance-{uuid.uuid4().hex[:8]}"
    
    new_instance = {
        "rappInstanceId": instance_id,
        "state": "UNDEPLOYED",
        "reason": "Instance created successfully"
    }
    
    rapp["rappInstances"][instance_id] = new_instance
    return {"rappInstanceId": instance_id, "message": "Instance created successfully"}

@mcp.tool()
def get_rapp_instance(rapp_id: str, instance_id: str) -> dict:
    """Get rApp instance"""
    if rapp_id not in rapps_db:
        return {"error": "rApp not found"}
    
    rapp = rapps_db[rapp_id]
    if instance_id not in rapp["rappInstances"]:
        return {"error": "Instance not found"}
    
    return rapp["rappInstances"][instance_id]

@mcp.tool()
def delete_rapp_instance(rapp_id: str, instance_id: str) -> dict:
    """Delete rApp instance"""
    if rapp_id not in rapps_db:
        return {"error": "rApp not found"}
    
    rapp = rapps_db[rapp_id]
    if instance_id not in rapp["rappInstances"]:
        return {"error": "Instance not found"}
    
    del rapp["rappInstances"][instance_id]
    return {"message": "Instance deleted successfully"}

@mcp.tool()
def deploy_rapp_instance(rapp_id: str, instance_id: str, deploy_order: str) -> dict:
    """Deploy or undeploy instance"""
    if rapp_id not in rapps_db:
        return {"error": "rApp not found"}
    
    rapp = rapps_db[rapp_id]
    if instance_id not in rapp["rappInstances"]:
        return {"error": "Instance not found"}
    
    instance = rapp["rappInstances"][instance_id]
    if deploy_order == "DEPLOY":
        instance["state"] = "DEPLOYED"
        instance["reason"] = "Instance deployed successfully"
    else:
        instance["state"] = "UNDEPLOYED"
        instance["reason"] = "Instance undeployed successfully"
    
    return {"message": f"Instance {deploy_order.lower()} operation accepted"}

if __name__ == "__main__":
    mcp.run(transport="streamable-http")


Writing mcp_server.py


### What This Code Does

* **FastMCP**: Creates an MCP server that can host your tools
* **@mcp.tool()**: Decorator that turns your Python functions into MCP tools
* **stateless_http=True**: Required for AgentCore Runtime compatibility
* **Tools**: Three simple tools demonstrating different types of operations

## Creating Local Testing Client

Before deploying to AgentCore Runtime, let's create a client to test our MCP server locally:

In [2]:
%%writefile my_mcp_client.py
import asyncio

from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client

async def main():
    mcp_url = "http://localhost:8000/mcp"
    headers = {}

    async with streamablehttp_client(mcp_url, headers, timeout=120, terminate_on_close=False) as (
        read_stream,
        write_stream,
        _,
    ):
        async with ClientSession(read_stream, write_stream) as session:
            await session.initialize()
            tool_result = await session.list_tools()
            print("Available tools:")
            for tool in tool_result.tools:
                print(f"  - {tool.name}: {tool.description}")

if __name__ == "__main__":
    asyncio.run(main())

Writing my_mcp_client.py


### Testing Locally

To test your MCP server locally:

1. **Terminal 1**: Start the MCP server
   ```bash
   python mcp_server.py
   ```
   
2. **Terminal 2**: Run the test client
   ```bash
   python my_mcp_client.py
   ```

You should see your three tools listed in the output.

## Setting up Amazon Cognito for Authentication

AgentCore Runtime requires authentication. We'll use Amazon Cognito to provide JWT tokens for accessing our deployed MCP server.

In [3]:
import sys
import os

# Get the current notebook's directory
current_dir = os.path.dirname(os.path.abspath('__file__' if '__file__' in globals() else '.'))

utils_dir = os.path.join(current_dir, '..')
utils_dir = os.path.abspath(utils_dir)

# Add to sys.path
sys.path.insert(0, utils_dir)
print("sys.path[0]:", sys.path[0])

from cognito_utils import create_agentcore_role, setup_cognito_user_pool

sys.path[0]: /


In [4]:
print("Setting up Amazon Cognito user pool...")
cognito_config = setup_cognito_user_pool()
print("Cognito setup completed ‚úì")
print(f"User Pool ID: {cognito_config.get('user_pool_id', 'N/A')}")
print(f"Client ID: {cognito_config.get('client_id', 'N/A')}")

Setting up Amazon Cognito user pool...
Pool id: us-east-1_IBFKfzZw7
Discovery URL: https://cognito-idp.us-east-1.amazonaws.com/us-east-1_IBFKfzZw7/.well-known/openid-configuration
Client ID: p9t3cj3fb9fp3hbp5cop2kthm
Bearer Token: eyJraWQiOiJucWhwY1BzRmdtdWxjY2N2U0ViSGZHMzdUa1ByRTNnQlhTdmpySmo4VnNRPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIwNGQ4MzQ2OC1lMDUxLTcwODItNjZmMC1iN2QwZjA3MjBlMDUiLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9JQkZLZnpadzciLCJjbGllbnRfaWQiOiJwOXQzY2ozZmI5ZnAzaGJwNWNvcDJrdGhtIiwib3JpZ2luX2p0aSI6IjY5Nzg1MDk4LTNhYjgtNGI0NS05Y2U5LTFmMGE1ZTljY2IzMSIsImV2ZW50X2lkIjoiNjhlYWM0MDAtYzU0NC00MTQ4LTkzYjUtNThiMDE2Y2U3NWI0IiwidG9rZW5fdXNlIjoiYWNjZXNzIiwic2NvcGUiOiJhd3MuY29nbml0by5zaWduaW4udXNlci5hZG1pbiIsImF1dGhfdGltZSI6MTc2MjAwMTUxOCwiZXhwIjoxNzYyMDA1MTE4LCJpYXQiOjE3NjIwMDE1MTgsImp0aSI6IjkwMTA2MmFkLTk2YjMtNGNlZC05NzkzLTdiOWY4ZmVlZTI2YyIsInVzZXJuYW1lIjoidGVzdHVzZXIifQ.Hn8HoIaJuTio0iyIpIEK74l-95nBkUNKtk7uS50typ7snJzELNEvmxKQ5CjLGg18YNEJ9bLRc2VVVh

## Step 5: Create IAM Execution Role

Before starting, let's create an IAM role for our AgentCore Runtime. This role provides the necessary permissions for the runtime to operate.

In [5]:
tool_name = "mcp_server_r1"
print(f"Creating IAM role for {tool_name}...")
agentcore_iam_role = create_agentcore_role(agent_name=tool_name)
print(f"IAM role created ‚úì")
print(f"Role ARN: {agentcore_iam_role['Role']['Arn']}")

Creating IAM role for mcp_server_r1...
attaching role policy agentcore-mcp_server_r1-role
IAM role created ‚úì
Role ARN: arn:aws:iam::402308100588:role/agentcore-mcp_server_r1-role


## Configuring AgentCore Runtime Deployment

Next we will use our starter toolkit to configure the AgentCore Runtime deployment with an entrypoint, the execution role we just created and a requirements file. We will also configure the starter kit to auto create the Amazon ECR repository on launch.

In [6]:
from bedrock_agentcore_starter_toolkit import Runtime
from boto3.session import Session
import time

boto_session = Session()
region = boto_session.region_name
print(f"Using AWS region: {region}")

required_files = ['mcp_server.py', 'requirements.txt']
for file in required_files:
    if not os.path.exists(file):
        raise FileNotFoundError(f"Required file {file} not found")
print("All required files found ‚úì")

agentcore_runtime = Runtime()


auth_config = {
    "customJWTAuthorizer": {
        "allowedClients": [
            cognito_config['client_id']
        ],
        "discoveryUrl": cognito_config['discovery_url'],
    }
}

print("Configuring AgentCore Runtime...")
response = agentcore_runtime.configure(
    entrypoint="mcp_server.py",
    execution_role=agentcore_iam_role['Role']['Arn'],
    auto_create_ecr=True,
    requirements_file="requirements.txt",
    region=region,
    authorizer_configuration=auth_config,
    protocol="MCP",
    agent_name=tool_name
)
print("Configuration completed ‚úì")

Entrypoint parsed: file=/home/sagemaker-user/mcp_server.py, bedrock_agentcore_name=mcp_server
Configuring BedrockAgentCore agent: mcp_server_r1


Using AWS region: us-east-1
All required files found ‚úì
Configuring AgentCore Runtime...


Generated .dockerignore
Generated Dockerfile: /home/sagemaker-user/Dockerfile
Generated .dockerignore: /home/sagemaker-user/.dockerignore
Setting 'mcp_server_r1' as default agent
Bedrock AgentCore configured: /home/sagemaker-user/.bedrock_agentcore.yaml


Configuration completed ‚úì


In [7]:
agentcore_iam_role['Role']['Arn']

'arn:aws:iam::402308100588:role/agentcore-mcp_server_r1-role'

In [8]:
auth_config

{'customJWTAuthorizer': {'allowedClients': ['p9t3cj3fb9fp3hbp5cop2kthm'],
  'discoveryUrl': 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_IBFKfzZw7/.well-known/openid-configuration'}}

## Launching MCP Server to AgentCore Runtime

Now that we've got a docker file, let's launch the MCP server to the AgentCore Runtime. This will create the Amazon ECR repository and the AgentCore Runtime.

In [9]:
print("Launching MCP server to AgentCore Runtime...")
print("This may take several minutes...")
launch_result = agentcore_runtime.launch(auto_update_on_conflict=True)
print("Launch completed ‚úì")
print(f"Agent ARN: {launch_result.agent_arn}")
print(f"Agent ID: {launch_result.agent_id}")

üöÄ CodeBuild mode: building in cloud (RECOMMENDED - DEFAULT)
   ‚Ä¢ Build ARM64 containers in the cloud with CodeBuild
   ‚Ä¢ No local Docker required
üí° Available deployment modes:
   ‚Ä¢ runtime.launch()                           ‚Üí CodeBuild (current)
   ‚Ä¢ runtime.launch(local=True)                 ‚Üí Local development
   ‚Ä¢ runtime.launch(local_build=True)           ‚Üí Local build + cloud deploy (NEW)
Starting CodeBuild ARM64 deployment for agent 'mcp_server_r1' to account 402308100588 (us-east-1)
Setting up AWS resources (ECR repository, execution roles)...
Getting or creating ECR repository for agent: mcp_server_r1


Launching MCP server to AgentCore Runtime...
This may take several minutes...
Repository doesn't exist, creating new ECR repository: bedrock-agentcore-mcp_server_r1


‚úÖ ECR repository available: 402308100588.dkr.ecr.us-east-1.amazonaws.com/bedrock-agentcore-mcp_server_r1
Using execution role from config: arn:aws:iam::402308100588:role/agentcore-mcp_server_r1-role
Preparing CodeBuild project and uploading source...
Getting or creating CodeBuild execution role for agent: mcp_server_r1
Role name: AmazonBedrockAgentCoreSDKCodeBuild-us-east-1-bdc1944e9e
CodeBuild role doesn't exist, creating new role: AmazonBedrockAgentCoreSDKCodeBuild-us-east-1-bdc1944e9e
Creating IAM role: AmazonBedrockAgentCoreSDKCodeBuild-us-east-1-bdc1944e9e
‚úì Role created: arn:aws:iam::402308100588:role/AmazonBedrockAgentCoreSDKCodeBuild-us-east-1-bdc1944e9e
Attaching inline policy: CodeBuildExecutionPolicy to role: AmazonBedrockAgentCoreSDKCodeBuild-us-east-1-bdc1944e9e
‚úì Policy attached: CodeBuildExecutionPolicy
Waiting for IAM role propagation...
CodeBuild execution role creation complete: arn:aws:iam::402308100588:role/AmazonBedrockAgentCoreSDKCodeBuild-us-east-1-bdc1944e

Launch completed ‚úì
Agent ARN: arn:aws:bedrock-agentcore:us-east-1:402308100588:runtime/mcp_server_r1-pnngrB55a7
Agent ID: mcp_server_r1-pnngrB55a7


## Verify Deployment

To verify your MCP server was successfully deployed:

1. Go to the **AWS Console** search bar
2. Search for **AgentCore**
3. In the left navigation bar, click **AgentCore Runtime**
4. Look for a runtime named **`mcp_server_r1`** in the list
5. The status should show **CREATING** initially, then **READY** when deployment is complete

:::alert{type="info"}
**Note:** Deployment typically takes 3-5 minutes to complete.
:::

Let's also verify the deployment programmatically and wait for it to be ready.

## Checking AgentCore Runtime Status Programmatically

By now, the runtime should be ready. Let's verify the status programmatically:

In [10]:
print("Checking AgentCore Runtime status...")
status_response = agentcore_runtime.status()
status = status_response.endpoint['status']
print(f"Initial status: {status}")

end_status = ['READY', 'CREATE_FAILED', 'DELETE_FAILED', 'UPDATE_FAILED']
while status not in end_status:
    print(f"Status: {status} - waiting...")
    time.sleep(10)
    status_response = agentcore_runtime.status()
    status = status_response.endpoint['status']

if status == 'READY':
    print("‚úì AgentCore Runtime is READY!")
else:
    print(f"‚ö† AgentCore Runtime status: {status}")
    
print(f"Final status: {status}")

Checking AgentCore Runtime status...


Retrieved Bedrock AgentCore status for: mcp_server_r1


Initial status: READY
‚úì AgentCore Runtime is READY!
Final status: READY


## Storing Configuration for Remote Access

Before we can invoke our deployed MCP server, let's store the Agent ARN and Cognito configuration in AWS Systems Manager Parameter Store and AWS Secrets Manager for easy retrieval:

In [11]:
import boto3
import json

ssm_client = boto3.client('ssm', region_name=region)
secrets_client = boto3.client('secretsmanager', region_name=region)

try:
    cognito_credentials_response = secrets_client.create_secret(
        Name='mcp_server/r1/cognito/credentials',
        Description='Cognito credentials for MCP server',
        SecretString=json.dumps(cognito_config)
    )
    print("‚úì Cognito credentials stored in Secrets Manager")
except secrets_client.exceptions.ResourceExistsException:
    secrets_client.update_secret(
        SecretId='mcp_server/r1/cognito/credentials',
        SecretString=json.dumps(cognito_config)
    )
    print("‚úì Cognito credentials updated in Secrets Manager")

agent_arn_response = ssm_client.put_parameter(
    Name='/mcp_server/r1/runtime/agent_arn',
    Value=launch_result.agent_arn,
    Type='String',
    Description='Agent ARN for MCP server',
    Overwrite=True
)
print("‚úì Agent ARN stored in Parameter Store")

client_id_response = ssm_client.put_parameter(
    Name='/mcp_server/r1/runtime/client_id',
    Value=cognito_config["client_id"],
    Type='String',
    Description='Client ID for auth',
    Overwrite=True
)

print("\nConfiguration stored successfully!")
print(f"Agent ARN: {launch_result.agent_arn}")
cognito_config

‚úì Cognito credentials stored in Secrets Manager
‚úì Agent ARN stored in Parameter Store

Configuration stored successfully!
Agent ARN: arn:aws:bedrock-agentcore:us-east-1:402308100588:runtime/mcp_server_r1-pnngrB55a7


{'pool_id': 'us-east-1_IBFKfzZw7',
 'client_id': 'p9t3cj3fb9fp3hbp5cop2kthm',
 'bearer_token': 'eyJraWQiOiJucWhwY1BzRmdtdWxjY2N2U0ViSGZHMzdUa1ByRTNnQlhTdmpySmo4VnNRPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIwNGQ4MzQ2OC1lMDUxLTcwODItNjZmMC1iN2QwZjA3MjBlMDUiLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9JQkZLZnpadzciLCJjbGllbnRfaWQiOiJwOXQzY2ozZmI5ZnAzaGJwNWNvcDJrdGhtIiwib3JpZ2luX2p0aSI6IjY5Nzg1MDk4LTNhYjgtNGI0NS05Y2U5LTFmMGE1ZTljY2IzMSIsImV2ZW50X2lkIjoiNjhlYWM0MDAtYzU0NC00MTQ4LTkzYjUtNThiMDE2Y2U3NWI0IiwidG9rZW5fdXNlIjoiYWNjZXNzIiwic2NvcGUiOiJhd3MuY29nbml0by5zaWduaW4udXNlci5hZG1pbiIsImF1dGhfdGltZSI6MTc2MjAwMTUxOCwiZXhwIjoxNzYyMDA1MTE4LCJpYXQiOjE3NjIwMDE1MTgsImp0aSI6IjkwMTA2MmFkLTk2YjMtNGNlZC05NzkzLTdiOWY4ZmVlZTI2YyIsInVzZXJuYW1lIjoidGVzdHVzZXIifQ.Hn8HoIaJuTio0iyIpIEK74l-95nBkUNKtk7uS50typ7snJzELNEvmxKQ5CjLGg18YNEJ9bLRc2VVVh4y_48P-QVG3G6soUwOJvz-SpemnOuxPlpii6aiyyOHM2R2-2uoMWRnoOttX2OPHevdCGddqN_k24RM9apeMljrF_1eRAUN3zZQHxNPrc8hkJrlZpPxUqG2SVlrOLFqs-6drk6RI

## Creating Remote Testing Client

Now let's create a client to test our deployed MCP server. This client will retrieve the necessary credentials from AWS and connect to the deployed server:

In [12]:
%%writefile my_mcp_client_remote.py
import asyncio
import boto3
import json
import sys
from boto3.session import Session

from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client

async def main():
    boto_session = Session()
    region = boto_session.region_name
    try:
        ssm_client = boto3.client('ssm', region_name=region)
        agent_arn_response = ssm_client.get_parameter(Name='/mcp_server/r1/runtime/agent_arn')
        agent_arn = agent_arn_response['Parameter']['Value']
        print(f"Retrieved Agent ARN: {agent_arn}")

        secrets_client = boto3.client('secretsmanager', region_name=region)
        response = secrets_client.get_secret_value(SecretId='mcp_server/r1/cognito/credentials')
        secret_value = response['SecretString']
        parsed_secret = json.loads(secret_value)

        cognito_client = boto3.client('cognito-idp', region_name=region)   
        auth_response = cognito_client.initiate_auth(
                    ClientId=ssm_client.get_parameter(Name='/mcp_server/r1/runtime/client_id')["Parameter"]["Value"],
                    AuthFlow='USER_PASSWORD_AUTH',
                    AuthParameters={
                        'USERNAME': 'testuser',
                        'PASSWORD': 'MyPassword123!'
                    }
                )
        bearer_token=auth_response['AuthenticationResult']['AccessToken']
        print("‚úì Retrieved bearer token from Secrets Manager")
        
    except Exception as e:
        print(f"Error retrieving credentials: {e}")
        sys.exit(1)
    
    if not agent_arn or not bearer_token:
        print("Error: AGENT_ARN or BEARER_TOKEN not retrieved properly")
        sys.exit(1)
    
    encoded_arn = agent_arn.replace(':', '%3A').replace('/', '%2F')
    mcp_url = f"https://bedrock-agentcore.{region}.amazonaws.com/runtimes/{encoded_arn}/invocations?qualifier=DEFAULT"
    headers = {
        "authorization": f"Bearer {bearer_token}",
        "Content-Type": "application/json"
    }
    print("HEADERS ARE:\n")
    print(headers)
    
    print(f"\nConnecting to: {mcp_url}")
    print("Headers configured ‚úì")

    try:
        async with streamablehttp_client(mcp_url, headers, timeout=120, terminate_on_close=False) as (
            read_stream,
            write_stream,
            _,
        ):
            async with ClientSession(read_stream, write_stream) as session:
                print("\nüîÑ Initializing MCP session...")
                await session.initialize()
                print("‚úì MCP session initialized")
                
                print("\nüîÑ Listing available tools...")
                tool_result = await session.list_tools()
                
                print("\nüìã Available MCP Tools:")
                print("=" * 50)
                for tool in tool_result.tools:
                    print(f"üîß {tool.name}")
                    print(f"   Description: {tool.description}")
                    if hasattr(tool, 'inputSchema') and tool.inputSchema:
                        properties = tool.inputSchema.get('properties', {})
                        if properties:
                            print(f"   Parameters: {list(properties.keys())}")
                    print()
                
                print(f"‚úÖ Successfully connected to MCP server!")
                print(f"Found {len(tool_result.tools)} tools available.")
                
    except Exception as e:
        print(f"‚ùå Error connecting to MCP server: {e}")
        sys.exit(1)

if __name__ == "__main__":
    asyncio.run(main())

Writing my_mcp_client_remote.py


## Testing Your Deployed MCP Server

Let's test our deployed MCP server using the remote client:

In [13]:
print("Testing deployed MCP server...")
print("=" * 50)
!python my_mcp_client_remote.py

Testing deployed MCP server...
Retrieved Agent ARN: arn:aws:bedrock-agentcore:us-east-1:402308100588:runtime/mcp_server_r1-pnngrB55a7
‚úì Retrieved bearer token from Secrets Manager
HEADERS ARE:

{'authorization': 'Bearer eyJraWQiOiJucWhwY1BzRmdtdWxjY2N2U0ViSGZHMzdUa1ByRTNnQlhTdmpySmo4VnNRPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIwNGQ4MzQ2OC1lMDUxLTcwODItNjZmMC1iN2QwZjA3MjBlMDUiLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9JQkZLZnpadzciLCJjbGllbnRfaWQiOiJwOXQzY2ozZmI5ZnAzaGJwNWNvcDJrdGhtIiwib3JpZ2luX2p0aSI6IjAxODU2MmNhLWFjNzYtNGE4Ni05YWVjLWIzYzI4YmQyMWYyYyIsImV2ZW50X2lkIjoiODA2YTRlN2EtOGFkYS00ZWFkLWJhYTktZTFmODJiNmZhMzJiIiwidG9rZW5fdXNlIjoiYWNjZXNzIiwic2NvcGUiOiJhd3MuY29nbml0by5zaWduaW4udXNlci5hZG1pbiIsImF1dGhfdGltZSI6MTc2MjAwMTY3MCwiZXhwIjoxNzYyMDA1MjcwLCJpYXQiOjE3NjIwMDE2NzAsImp0aSI6ImY4ZDU2MGExLWYxZWQtNGQ3MS04ZTQ3LWNiZWM3MmU5MTRlNyIsInVzZXJuYW1lIjoidGVzdHVzZXIifQ.pwLrfolbGOJXs6I_CdHdr8v7QizrfCRGk6kI8X_V4ck1jktCOE-TaAWicjyx0mHURJV7RD5GEG_-1QkPH271Snm

## Invoking MCP Tools Remotely

Now let's create an enhanced client that not only lists tools but also invokes them to demonstrate the full MCP functionality:

In [14]:
%%writefile invoke_mcp_tools.py
import asyncio
import boto3
import json
import sys
from boto3.session import Session

from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client

async def main():
    boto_session = Session()
    region = boto_session.region_name
    
    print(f"Using AWS region: {region}")
    
    try:
        ssm_client = boto3.client('ssm', region_name=region)
        agent_arn_response = ssm_client.get_parameter(Name='/mcp_server/r1/runtime/agent_arn')
        agent_arn = agent_arn_response['Parameter']['Value']
        print(f"Retrieved Agent ARN: {agent_arn}")

        secrets_client = boto3.client('secretsmanager', region_name=region)
        response = secrets_client.get_secret_value(SecretId='mcp_server/r1/cognito/credentials')
        secret_value = response['SecretString']
        parsed_secret = json.loads(secret_value)

        cognito_client = boto3.client('cognito-idp', region_name=region)   
        auth_response = cognito_client.initiate_auth(
                    ClientId=ssm_client.get_parameter(Name='/mcp_server/r1/runtime/client_id')["Parameter"]["Value"],
                    AuthFlow='USER_PASSWORD_AUTH',
                    AuthParameters={
                        'USERNAME': 'testuser',
                        'PASSWORD': 'MyPassword123!'
                    }
                )
        bearer_token=auth_response['AuthenticationResult']['AccessToken']
        print("‚úì Retrieved bearer token from Secrets Manager")
        
    except Exception as e:
        print(f"Error retrieving credentials: {e}")
        sys.exit(1)
    
    encoded_arn = agent_arn.replace(':', '%3A').replace('/', '%2F')
    mcp_url = f"https://bedrock-agentcore.{region}.amazonaws.com/runtimes/{encoded_arn}/invocations?qualifier=DEFAULT"
    headers = {
        "authorization": f"Bearer {bearer_token}",
        "Content-Type": "application/json"
    }
    
    print(f"\nConnecting to: {mcp_url}")

    try:
        async with streamablehttp_client(mcp_url, headers, timeout=120, terminate_on_close=False) as (
            read_stream,
            write_stream,
            _,
        ):
            async with ClientSession(read_stream, write_stream) as session:
                print("\nüîÑ Initializing MCP session...")
                await session.initialize()
                print("‚úì MCP session initialized")
                
                print("\nüîÑ Listing available tools...")
                tool_result = await session.list_tools()
                
                print("\nüìã Available MCP Tools:")
                print("=" * 50)
                for tool in tool_result.tools:
                    print(f"üîß {tool.name}: {tool.description}")
                
                print("\nüß™ Testing MCP Tools:")
                print("=" * 50)
                    
                try:
                    print("\nüëã Testing R1 tool...")
                    search_result = await session.call_tool(
                        name="get_rapps",
                        arguments={"question": "Tell me about the rApps that you see"}
                    )
                    print(f"   Result: {search_result.content[0].text}")
                except Exception as e:
                    print(f"   Error: {e}")

                print("\n‚úÖ MCP tool testing completed!")

                
    except Exception as e:
        print(f"‚ùå Error connecting to MCP server: {e}")
        sys.exit(1)

if __name__ == "__main__":
    asyncio.run(main())

Writing invoke_mcp_tools.py


## Test Tool Invocation

Let's test our MCP tools by actually invoking them:

In [15]:
print("Testing MCP tool invocation...")
print("=" * 50)
!python invoke_mcp_tools.py

Testing MCP tool invocation...
Using AWS region: us-east-1
Retrieved Agent ARN: arn:aws:bedrock-agentcore:us-east-1:402308100588:runtime/mcp_server_r1-pnngrB55a7
‚úì Retrieved bearer token from Secrets Manager

Connecting to: https://bedrock-agentcore.us-east-1.amazonaws.com/runtimes/arn%3Aaws%3Abedrock-agentcore%3Aus-east-1%3A402308100588%3Aruntime%2Fmcp_server_r1-pnngrB55a7/invocations?qualifier=DEFAULT

üîÑ Initializing MCP session...
‚úì MCP session initialized

üîÑ Listing available tools...

üìã Available MCP Tools:
üîß get_rapps: Get all rApps
üîß create_rapp: Create a new rApp
üîß get_rapp: Get rApp by ID
üîß delete_rapp: Delete rApp
üîß prime_rapp: Prime or deprime rApp
üîß get_rapp_instances: Get rApp instances
üîß create_rapp_instance: Create rApp instance
üîß get_rapp_instance: Get rApp instance
üîß delete_rapp_instance: Delete rApp instance
üîß deploy_rapp_instance: Deploy or undeploy instance

üß™ Testing MCP Tools:

üëã Testing R1 tool...
   Result: {
  "r

## Next Steps

Now that you have successfully deployed the **R1 MCP server** to AgentCore Runtime, you will:

1. **Deploy the O2 MCP Server**: In the next module, you'll deploy `mcp_server_o2` following a similar process
2. **Create an AgentCore Gateway**: Combine both MCP servers into a unified gateway
3. **Build AI Agents**: Use these MCP servers to create intelligent agents that can manage O-RAN infrastructure

Continue to the next notebook to deploy the O2 MCP server!

# üéâ Congratulations!

You have successfully:

‚úÖ **Created an MCP server** with custom tools  
‚úÖ **Tested locally** using MCP client  
‚úÖ **Set up authentication** with Amazon Cognito  
‚úÖ **Deployed to AWS** using AgentCore Runtime  
‚úÖ **Invoked remotely** with proper authentication  
‚úÖ **Learned MCP concepts** and best practices  

Your MCP server is now running on Amazon Bedrock AgentCore Runtime and ready for production use!

## Summary

In this tutorial, you learned how to:
- Build MCP servers using FastMCP
- Configure stateless HTTP transport for AgentCore compatibility
- Set up JWT authentication with Amazon Cognito
- Deploy and manage MCP servers on AWS
- Test both locally and remotely
- Use MCP clients for tool invocation

The deployed MCP server can now be integrated into larger AI applications and workflows!