ECR repository creation required even with CodeZip build type

[xinghaohuang91]

Problem

When deploying an agent with "build": "CodeZip", the deployment process still attempts to create an ECR repository, causing failures when ECR permissions are restricted by SCPs or IAM policies.

Expected Behavior

CodeZip builds should only:

• Package Python source code as a zip file
• Upload to S3 or AgentCore's managed storage
• Deploy directly to AgentCore Runtime

ECR should not be required for CodeZip builds. ECR is only needed for Container builds.

Actual Behavior

Running agentcore deploy with CodeZip build type triggers:

Error: ECR Permission Denied - ecr:CreateRepository

This occurs even though the configuration explicitly uses CodeZip:

agentcore.json:

{
  "runtimes": [
    {
      "name": "agent",
      "build": "CodeZip",
      "entrypoint": "main.py",
      "codeLocation": "app/agent/",
      "runtimeVersion": "PYTHON_3_14"
    }
  ]
}

Impact

• Blocks deployment in AWS accounts with restrictive SCPs that deny ECR operations
• Requires unnecessary ECR permissions even when not using containers
• Forces users to either:
  • Grant ECR permissions unnecessarily (security concern)
  • Switch to accounts without SCP restrictions (not always possible)

Workaround

Deploy to AWS accounts without ECR permission restrictions.

Environment

• AgentCore CLI version: latest as of 2026-05-26
• Build type: CodeZip
• Runtime: Python 3.14
• Deployment target: AWS account with SCP blocking ecr:CreateRepository

Expected Fix

CodeZip builds should not require any ECR operations or permissions.