feat: Add tutorial — AgentCore Browser with Chrome Enterprise Policies and Custom Root CAs#1220
Merged
sundargthb merged 1 commit intomainfrom Mar 30, 2026
Merged
Conversation
…AgentCore Browser Add tutorial notebook demonstrating two new AgentCore Browser features: - Chrome enterprise policies (managed/recommended) for URL filtering, download restrictions, and browser feature controls - Custom root CA certificates via AWS Secrets Manager for connecting to internal services and SSL-intercepting proxies Includes badssl.com demo for root CA using Code Interpreter.
|
Check out this pull request on See visual diffs & provide feedback on Jupyter Notebooks. Powered by ReviewNB |
github-actions
bot
added
01-tutorials
|
Latest scan for commit: Security Scan ResultsScan Metadata
SummaryScanner ResultsThe table below shows findings by scanner, with status based on severity thresholds and dependencies: Column Explanations: Severity Levels (S/C/H/M/L/I):
Other Columns:
Scanner Results:
Severity Thresholds (Thresh Column):
Threshold Source: Values in parentheses indicate where the threshold is configured:
Statistics calculation:
|
aws-bviswa
approved these changes
Mar 30, 2026
Collaborator
Author
|
Merging this PR as the SDK changes are merged and released. |
GaneshThiyagarajan
pushed a commit
to GaneshThiyagarajan/amazon-bedrock-agentcore-samples
that referenced
this pull request
Apr 10, 2026
…AgentCore Browser (awslabs#1220) Add tutorial notebook demonstrating two new AgentCore Browser features: - Chrome enterprise policies (managed/recommended) for URL filtering, download restrictions, and browser feature controls - Custom root CA certificates via AWS Secrets Manager for connecting to internal services and SSL-intercepting proxies Includes badssl.com demo for root CA using Code Interpreter. Co-authored-by: Sundar Raghavan <sdraghav@amazon.com>
dhawalkp
pushed a commit
that referenced
this pull request
Apr 10, 2026
* fix(notebooks): minor changes in the instructions
* Adding browser new features (profile, extensions and proxy) (#966)
* adding browser profile and firewall examples
* Fix browser samples and add domain filtering notebook
- Rename test_firewall.py to verify_domain_filtering.py
- Add verify_domain_filtering.ipynb notebook version
- Fix hhtp typo in SigV4 signing (both samples)
- Remove debug prints and unused imports
- Add BROWSER_ID env var validation with CFN export hint
- Replace httpbin.org with github.com (matches CFN AllowedDomains)
- Fix hardcoded S3 bucket name, add LocationConstraint
- Translate Portuguese comments/strings to English
- Remove unused strands-agents-tools from requirements.txt
- Remove commented-out code
- Add samples 09/10 to parent README
* Add sample 11: Browser with Squid proxy and S3 logging
- CFN template: VPC, Squid EC2 with basic auth, AgentCore Browser (VPC mode)
- Proxy credentials auto-generated in Secrets Manager
- Squid access logs synced to S3 every 5 minutes
- Browser security group locked to Squid:3128 only (no NAT)
- verify_proxy.py and .ipynb: start proxied session, verify IP matches Squid
- Parent README updated with sample 11 link
* adding / fixing features
* Fix browser execution role trust policy for CFN deployment
Add SourceAccount and SourceArn conditions to the browser execution
role trust policy in both CFN templates. Without these conditions,
the BrowserCustom CFN handler fails with HandlerInternalFailure.
Uses AWS::AccountId and wildcard region so it works in any account.
* adding extension / refactoring
* adding extension / refactoring
* finishing samples
* Clean up browser tool samples: remove local playwright install, fix lint and docs
- Remove 'playwright install chromium' from READMEs (remote browser, not local)
- Remove unnecessary f-string prefix in verify_domain_filtering.py
- Fix ASCII diagram alignment in proxy README
- Remove secret ARN from verify_proxy.py stdout
- Replace 'jupyter notebook' command with IDE-agnostic guidance
* fix: proxy auth bug + ruff lint/format across browser tutorials
11-browser-with-proxy:
- Fix htpasswd parsing passwords starting with '-' as flags (use stdin)
- Use ExcludePunctuation for secret generation instead of partial char list
- Use session.client() consistently, remove secret ARN printing
- Clear notebook outputs
09/10/12 + helpers:
- Fix ruff lint errors (unused import re, f-string without placeholders)
- Apply ruff formatting (line wrapping, quote consistency)
- Clear notebook outputs (12 had leaked AWS credentials)
- Update kernel metadata
* fix: install cronie on AL2023 for squid log sync cron job
* fix: browser tutorials cross-region bucket naming, deploy.sh region, and boto3 version pin
- Profiles & Extensions notebooks: bucket name now includes region to prevent
cross-region S3 collisions when running demos in different regions
- deploy.sh: use AWS_DEFAULT_REGION/aws configure instead of hardcoded us-east-1
- Proxy requirements.txt: pin boto3>=1.42.47 (proxyConfiguration support)
---------
Co-authored-by: Joshua Samuel <sauhsoj@amazon.com>
* chore(deps): bump jsonpath (#972)
Bumps [jsonpath](https://github.com/dchester/jsonpath) from 1.1.1 to 1.2.1.
- [Commits](https://github.com/dchester/jsonpath/commits/1.2.1)
---
updated-dependencies:
- dependency-name: jsonpath
dependency-version: 1.2.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Adding tutorial example for Gateway integration with IDE and tool - VS Code - Agentcore Gateway - Confluence (#790)
* Updating Policy tutorial for FGAC
* Updating Policy tutorial for FGAC
* Updating Policy tutorial for FGAC
* Updating Policy turorial for FGAC
* Adding IDE Gateway integration example
* Fixing python-lint issues
* Fixing python-lint issues
* Fixing python-lint issues
* Adjusting proxy Lambda with commented lines
* Updated readme
* Updating README
* fix: include account ID in Cognito domain prefix to ensure global uniqueness (#979)
The Cognito domain prefix previously used only appName and region,
which could cause collisions across AWS accounts deploying the same
stack. Adding the account ID guarantees uniqueness.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* feat: add auto-register Bedrock Knowledge Bases on AgentCore Gateway tutorial (#980)
* added full example of enterprise mcp platform with policy engine mcp … (#982)
* added full example of enterprise mcp platform with policy engine mcp server filtering based on user_tag, guardrail for PII data
* fixed linting
* fixed linting
* fixing lint
* fixing lint
* fixinf ruff
* FIXING RUFF
* fixing ruff
---------
Co-authored-by: brnaba-aws <brnaba@amazon.com>
* update evals package name (#985)
* update evals package name
* update evals package name
* Fix/add missing infrastructure files due to .gitignore (#942)
* feat: add missing CDK infrastructure files for knowledge-base-rag-agent
- Add all CDK stack files (api, cognito, storage, web-console, etc.)
- Add CDK constructs and utilities
- Fix web console S3 content-type bug with single BucketDeployment
- Add @aws-lambda-powertools/logger dependency for Lambda bundling
- Enable esbuild-based Lambda bundling (no Docker required)
This completes the knowledge-base-rag-agent infrastructure that was missing from the original PR.
* fix: add missing infrastructure files for knowledge-base-rag-agent
- Add exception to root .gitignore for knowledge-base-rag-agent/infrastructure/lib/
- This allows the critical CDK stack definitions and constructs to be tracked
- Without these files, developers cannot deploy the infrastructure
- Fixes the incomplete PR #923 that was missing the entire lib/ directory
The missing files include:
- 6 CDK constructs (API proxy, CORS config, Lambda utilities, etc.)
- 12 CDK stacks (API, Cognito, Database, Memory, Runtime, etc.)
- 1 utility file (NAG suppressions)
These are essential TypeScript source files, not build artifacts.
---------
Co-authored-by: Jerad Engebreth <awsjerad@amazon.com>
* AgentCore gateway - SQL injection prevention (#989)
* Add prompt injection prevention tutorial
* Updated Lambda
* SQL changes
* Lambda changes
* SQL naming changes
* fixes
* Added read me and minor changes
* Update service names
* fixes
* remove outputs
* fixes-1
* lambda lint
---------
Co-authored-by: jsbeardaws <jsbeard@amazon.com>
* docs: improve prerequisites for customer-support-agent-with-agentcore (#1008)
Expand the Prerequisites section with inline guidance for AWS CLI version
requirements, IAM permissions, and Bedrock model access — addressing
common first-time setup failures.
README.md:
- Add tip that deploy.sh runs pre-flight checks for all prerequisites
- Specify AWS CLI v2.32.0+ requirement (needed for `aws login`)
- Add step-by-step AWS credentials and permissions guidance
- Recommend AdministratorAccess + SignInLocalDevelopmentAccess policies
- Add Anthropic model access section (one-time usage form, not the
retired Model Access page — Bedrock auto-enables since Oct 2025)
- Note CDK and AgentCore CLI are auto-installed by deploy.sh
- Add troubleshooting entry for `aws login` version error
scripts/deploy.sh:
- Add AWS CLI version check (warns if below v2.32.0)
- Add Bedrock model access check for Claude Sonnet 4.5
- Improve credential error message to reference `aws login`
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* adding session lifecycle info (#1014)
* fix: add npm cache preflight check and fix agentcore CLI commands in deploy.sh and README (#1015)
- Add npm cache ownership check to deploy.sh pre-flight section. A previous
`sudo npm install` leaves root-owned files that cause EACCES errors.
- Fix deploy.sh and README.md to use `uv run agentcore` instead of bare
`agentcore`, since the CLI is installed in the project venv via uv sync.
- Update troubleshooting table with `uv run` guidance.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* fix: add botocore[crt] dependency for aws login credential provider (#1016)
The README instructs users to authenticate via `aws login`, which uses
the CRT-based credential provider. Without `awscrt` in the project venv,
any boto3 call (e.g., cognito-user.py) fails with MissingDependencyException.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* fix: improve cognito-user.py UX for email and password handling (#1018)
* fix: improve cognito-user.py UX for email selection and password errors
- Replace free-text email input with numbered menu (1/2) to prevent
users from entering emails that don't match backend mock data
- Show password requirements upfront before the password prompt
- Catch InvalidPasswordException and display friendly error message
instead of a raw stacktrace
* style: apply ruff formatting
* fix: detect port 3000 collision before starting OAuth callback server
Check if port 3000 is available before attempting to bind. If in use,
exit with a clear error message and the command to free the port.
* fix: check port availability before opening browser in login flow
Move the port check to the start of do_login so it exits before
opening the browser or starting the callback server.
---------
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* docs: simplify console navigation for Policy Engine setup (#1020)
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* Replace Anthropic Claude references with Amazon Nova 2 Lite model (#1023)
* Replace Anthropic Claude references with Amazon Nova 2 Lite model
---------
Co-authored-by: nehatb <nehatb@amazon.com>
* Lifecycle Session Demos for Bedrock Agentcore runtime (#1026)
* feat(tutorials): Add inline session lifecycle demos to MCP server tutorials
Add inline session stop demonstrations and best practices sections to both
MCP server hosting tutorials. Updates include:
- Add inline session lifecycle demo after runtime launch
- Add Session Lifecycle Best Practices section before cleanup
- Update cleanup with security-validated ordering (credentials first)
- Make cleanup code active with proper try/except error handling
hosting_mcp_server.ipynb (OAuth):
- Inline demo is commented (OAuth doesn't support boto3 invoke)
- Cleanup order: Secrets → SSM → Runtime → ECR
hosting_mcp_server_iam_auth.ipynb (IAM):
- Inline demo is ACTIVE (IAM supports boto3 invoke)
- Demonstrates capturing runtimeSessionId and calling stop_runtime_session
- Cleanup order: SSM → Runtime → ECR
All changes follow security best practices to minimize credential exposure
windows during cleanup.
Requirements: 9.1, 9.2, 9.3, 9.4, 9.5, 6.2
* feat(tutorials): Add inline session lifecycle demos to MCP server tutorials
Add strategic session stop demonstrations throughout both MCP server tutorials
to teach proper session lifecycle management in context.
Changes:
- Add stop_runtime_session_oauth() helper function for OAuth bearer token auth
- Add Demo 1: Session stop immediately after runtime deployment
- Add Demo 2: Session stop between different test approaches
- Add Demo 3: Session stop after Boto3 testing (IAM notebook only)
- Update invoke_mcp_tools.py to include session stop with HTTP 200 response
- Add explanatory notes about expected 404 warning from MCP client cleanup
- Demonstrate mcpSessionId can be passed as header and used with stop_runtime_session
- Print HTTP status codes and Request IDs for all session stops
Verified:
- IAM auth: All session stops return HTTP 200 with Request IDs
- OAuth auth: Session stops work with bearer token via HTTP POST
- Single runtime successfully handles multiple sessions
- Runtime remains alive after stopping individual sessions
Requirements: 9.1, 9.2, 9.3, 9.4, 9.5
* feat(tutorials): Add inline session lifecycle demos to hosting-agent tutorials
Add strategic session stop demonstrations and lifecycle configuration to all
hosting-agent tutorials to teach proper session management in context.
Changes:
- Update billing language from 'GBHours' to 'vCPU and Memory based' costs
- Add inline session stop demos after agent invocations
- Add active lifecycle configuration demo with second runtime (300s timeout)
- Demonstrate stop_runtime_session with captured runtimeSessionId
- Update cleanup sections with try/except error handling
- Add Session Lifecycle Best Practices sections
Tutorials updated:
- 01-strands-with-bedrock-model/runtime_with_strands_and_bedrock_models.ipynb
- 02-langgraph-with-bedrock-model/runtime_with_langgraph_and_bedrock_models.ipynb
- 03-strands-with-openai-model/runtime_with_strands_and_openai_models.ipynb
- 04-crewai-with-bedrock-model/runtime-with-crewai-and-bedrock-models.ipynb
Verified:
- All notebooks demonstrate session stopping with boto3 invoke_agent_runtime
- Lifecycle configuration demos show shorter idle timeout (300s)
- Cleanup sections properly handle multiple runtimes
- Error-safe cleanup with individual try/except blocks
Requirements: 1.2, 6.1, 9.1, 9.2, 9.3, 9.4, 9.5
* refactor(tutorials): Simplify session lifecycle sections per reviewer feedback
Address reviewer feedback to remove confusing lifecycle configuration
references and simplify Best Practices sections.
Changes:
- Remove 'and show how to use a smaller lifecycle configuration' from inline demos
- Remove lifecycle configuration demo cells from hosting-agent notebooks
- Simplify Best Practices section to only 2 bullets (configure timeout, stop sessions)
- Remove confusing bullets about cleanup, deletion order, and minimum timeout
Updated notebooks:
- All 4 hosting-agent notebooks (strands-bedrock, langgraph, strands-openai, crewai)
- Both MCP server notebooks (OAuth and IAM)
- understanding-runtime-context notebook
Reviewer: @evandrofranco
PR: awslabs/amazon-bedrock-agentcore-samples#1026
* fix(tutorials): Restore lifecycle config demos with cleaned comments
Restore lifecycle configuration demo cells that were incorrectly removed.
The reviewer only asked to remove confusing comments, not the entire demo.
Changes:
- Restore lifecycle-config-demo markdown and code cells
- Keep the demo functionality (second runtime with 300s timeout)
- Remove only the confusing comments:
- 'Using a shorter idle timeout for demonstration purposes'
- 'A shorter idle timeout helps avoid undesired costs...'
- Keep all the actual demo code
This preserves the SPECIAL CASE requirement from tasks.md that these
notebooks should demonstrate active lifecycle configuration.
Updated: 4 hosting-agent notebooks
* fix(tutorials): Restore lifecycle demos and update Best Practices per reviewer
Complete implementation of reviewer feedback:
1. Removed confusing sentence from inline demo titles:
- Changed 'Below we demonstrate stop_runtime_session and show how to use
a smaller lifecycle configuration'
- To: 'Below we demonstrate stop_runtime_session'
2. Removed confusing comments from lifecycle config demo code:
- Removed 'Using a shorter idle timeout for demonstration purposes'
- Removed 'A shorter idle timeout helps avoid undesired costs...'
- Kept all actual demo code (second runtime with 300s timeout)
3. Simplified Best Practices section (all notebooks):
- Reduced to 2 bullets: Configure idle timeout, Stop sessions when done
- Removed 3 bullets about cleanup, deletion order, minimum timeout
Updated 6 notebooks:
- 4 hosting-agent notebooks (with lifecycle demos restored)
- 2 MCP server notebooks (Best Practices simplified)
Reviewer: @evandrofranco
PR: awslabs/amazon-bedrock-agentcore-samples#1026
* 03-integrations - Add Claude Agent SDK agentic patterns: subagents and hooks (#994)
* feat: add Claude Agent SDK orchestrator-workers pattern with subagents
Add new example demonstrating the Orchestrator-Workers agentic pattern
using Claude Agent SDK's native subagent support (AgentDefinition + Task tool)
deployed on Bedrock AgentCore Runtime.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Claude Agent SDK hooks pattern for tool governance and audit
Add new example demonstrating PreToolUse and PostToolUse hooks for
blocking dangerous operations and audit logging. README covers
defense-in-depth story with AgentCore Policy for external tools.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add contributor name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: upgrade to Sonnet 4.6 and fix cognito-user.py commands (#1027)
* fix: use uv run instead of python in cognito-user.py
The project uses uv for dependency management, so the script
should reference uv run consistently in its docstring and
user-facing output.
* feat: upgrade to Claude Sonnet 4.6 and improve deploy model check
- Update model ID from Sonnet 4.5 to Sonnet 4.6 global inference profile
- Replace passive model lifecycle check with actual invoke-model test in deploy.sh
- Show both possible failure reasons: Anthropic FTU form and IAM permissions
* fix: harden deploy.sh model check for edge cases
- Add timeout (10s) to prevent hanging on network issues
- Add cli-connect-timeout and cli-read-timeout for AWS CLI
- Chain mktemp into the if-condition to handle failures gracefully
- Clarify that the check tests deployer credentials, not the agent's
execution role — a failure here may not affect the deployed agent
- Safe cleanup of temp file in all code paths
* fix: remove timeout command for macOS compatibility
timeout is a GNU coreutils command not available on macOS by default.
The AWS CLI's --cli-connect-timeout and --cli-read-timeout flags
provide sufficient timeout protection.
* docs: restructure prerequisites for clarity
- Move Clone the Repository to first step with git install instructions
- Separate auto-installed tools (CDK, AgentCore CLI) from manual prereqs
- Move IAM policies to a note after verify credentials
- Move aws login version requirement to AWS Credentials section
- Move deploy.sh tip to after tools table
* docs: add guidance on changing the model ID
* docs: remove redundant API form note
---------
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* docs: improve prerequisites clarity and deploy.sh error messages (#1029)
* docs: improve prerequisites clarity and deploy.sh error messages
- Restructure Clone the Repository into numbered steps
- Clarify Node.js install: install nvm first, then run command
- Improve deploy.sh node error message with nvm install link
- Remove auto-installed tools section (CDK, AgentCore CLI)
- Specify Sonnet 4.6 in model access steps
- Simplify tools table and credentials section
* docs: revert to Sonnet 4.5 default, add alternative model table
- Revert default model to Claude Sonnet 4.5 in load.py and deploy.sh
- Add alternative models table (Haiku 4.5, Sonnet 4.6) to README
- Update all Sonnet 4.6 references back to 4.5
* docs: soften git install wording
---------
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* updated notebook to reflect header propagation feature instead of interceptor (#971)
* updated notebook to reflect header propagation feature instead of interceptor
* Add README.md documentation
* docs: add Transaction Search prerequisite to observability section (#1031)
The observability section implied traces work out of the box, but
CloudWatch Transaction Search must be enabled first for span ingestion.
Add the one-time setup step before the trace inspection instructions.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* feat(02-usecase): A2A Agent usecase (#1025)
* Add A2A Real Estate Multi-Agent Use Case
This contribution adds a complete A2A (Agent-to-Agent) real estate multi-agent system demonstrating:
- Multi-agent coordination using A2A protocol with OAuth authentication
- Property Search Agent (Strands-based) for searching properties
- Property Booking Agent (Strands-based) for managing bookings
- Coordinator Agent that orchestrates sub-agents via A2A protocol
- Automated Cognito setup for OAuth 2.0 authentication
- React-based UI with direct AgentCore integration
- Comprehensive deployment automation scripts
- End-to-end testing utilities
Key Features:
- OAuth bearer token management with Cognito
- Request header allowlist configuration for Authorization
- Automated agent deployment with agentcore CLI
- Token generation and refresh utilities
- Real-time chat interface for property search and booking
Architecture:
- Coordinator generates OAuth tokens from Cognito to call sub-agents
- Sub-agents validate tokens independently
- All agents deployed on Amazon Bedrock AgentCore Runtime
- UI connects directly to coordinator via A2A protocol
Documentation includes:
- Deployment guide with step-by-step instructions
- Project structure overview
- Demo instructions
- Quickstart guide
- Contributing guidelines
* Security improvements and bug fixes
- Added comprehensive .gitignore for sensitive files and scan results
- Fixed security issues from GitHub Advanced Security scan
- Implemented short-term memory (STM_ONLY) for conversation context
- Fixed session ID bug in UI for persistent conversations
- Removed unused fix_iam_permissions.py with hardcoded ARNs
- Deleted sensitive files (bearer_token.json, cognito_config.json)
- Updated welcome message to 'Amazon Bedrock AgentCore'
- Fixed ESLint warnings in directApi.ts
- Improved security in deployment and server scripts
- All security scan findings addressed or documented as false positives
* Update documentation to sample application
* review comment fixes, cleanup unused files, update documentation
* Delete unused test_a2a_simple.py
* Fix ruff lint errors
* Remove clear-text logging of env vars and working directory
* ASH fixes
* Fix TypeScript hast type error from npm overrides
* Replace ASCII architecture diagram with architecture.png
* Migrate UI from CRA to Vite, redesign with light theme
---------
Co-authored-by: ramprasaths <rampsee@amazon.com>
* Added Tagging and CMK examples for PolicyEngine (#1039)
* Updated to include CMK and Tags
* Fixed issues
* Added required packages
* Added and fully tested ability to add tags and CMK to PolicyEngine
---------
Co-authored-by: Andy Hall <hllaah@amazon.com>
* fix(02-usecases): memory role and dependency changes (#1040)
* A2a (#1041)
* code changes
* changes
* fix(02-usecases): monitor agent fix (#1042)
* code changes
* changes
* error
* Fixing cdk stack with missing cdk lib folder and interceptor's lambda (#1036)
* added full example of enterprise mcp platform with policy engine mcp server filtering based on user_tag, guardrail for PII data
* fixed linting
* fixed linting
* fixing lint
* fixing lint
* fixinf ruff
* FIXING RUFF
* fixing ruff
* fixed stack
added missing lib files
* fixing ruff
* fixing ruff
---------
Co-authored-by: brnaba-aws <brnaba@amazon.com>
* Bump starter toolkit to 0.3.2 in customer support agent (#1048)
* Bump starter toolkit to 0.3.2 in customer support agent blueprint
Picks up improved error messages for auth failures during agent
invocation (friendly re-login guidance instead of raw tracebacks).
* Update uv.lock after uv sync with starter toolkit 0.3.2
---------
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* feat: Add AgentCore Gateway with EntraID 3LO authentication example (#1044)
* feat: Add AgentCore Gateway with EntraID 3LO authentication example
CDK-based example demonstrating AgentCore MCP Gateway with:
- EntraID inbound JWT authentication (CIAM and standard tenants)
- Outbound 3LO (three-legged OAuth) for user-delegated API access
- Browser-based auth onboarding SPA for pre-authorizing access
- Response interceptor for VS Code MCP client compatibility
- Automated setup script for EntraID app registrations + AWS deployment
* fix: Address security scanner findings from PR #1044
- Fix ruff F541: remove extraneous f-prefix from strings without placeholders
- Fix bandit B310 / semgrep dynamic-urllib: validate URL scheme is https://
before calling urlopen, add nosec comments for audited calls
- Fix detect-secrets: add pragma allowlist comments for false positives on
password generation and secret extraction (no actual secrets in code)
- Fix checkov CKV_OPENAPI_4: add global security field to OpenAPI spec
---------
Co-authored-by: Robert Hoffmann <rho@amazon.de>
* Async agent tutorial (#1009)
* adding async example
* uploading to s3 properly
* fixed chart formatting
* adding Dockerfile to gitignore and cleaning up ECR delete
* adding name to contributors list
* addressing git comments
* addressing comments
* moving files to folder
---------
Signed-off-by: Nadhya Polanco <65464569+nadhya-p@users.noreply.github.com>
Co-authored-by: nadhyap <nadhyap@amazon.com>
* fix(02-usecases): The MCP server must bind to 0.0.0.0 to allow the gateway to connect (#1022)
The MCP server must bind to 0.0.0.0 to allow the gateway to connect
Signed-off-by: Joachim Aumann <aumannjoachim@gmail.com>
* fix(02-usecases): Update FastMCP host address to 0.0.0.0 (#1024)
* Update FastMCP host address to 0.0.0.0
Change the host address for FastMCP from 127.0.0.1 to 0.0.0.0 to allow external connections.
Signed-off-by: Joachim Aumann <aumannjoachim@gmail.com>
* fixed deployment bug of hello world containter
---------
Signed-off-by: Joachim Aumann <aumannjoachim@gmail.com>
* fix(05-blueprints): Pin chardet < 6.0.0 in customer support agent (#1051)
chardet 6.x introduced breaking changes. Pin to >= 3.0.2, < 6.0.0
to ensure compatibility. Also adds missing src/__init__.py.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* Multitenant platform demo (#859)
* Multitenant platform demo
* linting fixes
* fix(multitenant-agentic-platform): Improve security and configuration flexibility
- Fix typo in README ("cusotm" → "custom")
- Replace hardcoded AWS region with environment variable support in main.py
- Refactor calculator tool to use AST-based safe evaluation instead of regex validation
- Add support for unary operators and improve operator/function/constant whitelisting
- Update database-query tool to use environment variables for RDS configuration
- Add AWS_REGION environment variable support to email-sender tool
- Update deploy.sh with improved deployment configuration handling
- Enhance frontend index.html with better error handling and user feedback
- Improves security posture by eliminating eval() usage and hardcoded credentials
- Enables flexible multi-region deployments through environment configuration
* fix(multitenant-agentic-platform): Remove redundant agent runtime ID validation
- Remove unnecessary validation check for agent_runtime_id in delete_agent handler
- Simplify error handling flow by eliminating duplicate validation logic
- Agent runtime ID is already validated in prior steps, making this check redundant
* docs(multitenant-agentic-platform): Add security considerations and warnings
- Add comprehensive Security Considerations section to README documenting API key exposure risks
- Document suitable use cases (demos, development, internal tools) and production recommendations
- Add security warnings to config_injector Lambda handler with alternative authentication approaches
- Update deployment documentation with security notes about client-side API key embedding
- Pass account_id and region parameters to DatabaseConstruct and MessagingConstruct for improved configuration
- Add security reminders in frontend development section referencing production deployment guidance
- Clarify that current implementation is suitable for demos and internal use only, not production
* fix(multitenant-agentic-platform): Add API key headers to frontend requests and improve security documentation
- Add 'x-api-key' header to all axios requests in frontend (delete, post, get operations)
- Update README security note to emphasize not embedding long-lived credentials in public files
- Recommend authenticated callers (Cognito/IAM/JWT) or backend proxy/BFF for production
- Clarify config.js generation to exclude API Gateway keys from public configuration
- Fix deploy.sh region comment from us-west-2 to us-east-1
- Remove emoji from deploy.sh output for better compatibility
- Refactor query parameter and body parsing in async_deploy_agent handler for clarity
- Add environment variable definitions for DynamoDB table names in build_deploy_agent handler
- Ensure consistent API authentication across all frontend API calls for improved security
* docs(multitenant-agentic-platform): Remove security limitations section from README
- Remove detailed API key exposure warnings and limitations documentation
- Remove suitable use cases section for demonstration deployments
- Remove production recommendations for authentication mechanisms
- Simplify README by consolidating security guidance into main documentation
* fix(multitenant-agentic-platform): Enforce required environment variables and optimize DynamoDB queries
- Replace optional environment variable defaults with required configuration in build_deploy_agent handler
- Add validation to fail fast if AGENT_CONFIG_TABLE_NAME or AGENT_DETAILS_TABLE_NAME are not set
- Add AGGREGATION_TABLE_NAME validation in infrastructure_costs handler with clear error messaging
- Optimize DynamoDB scan operations to use server-side FilterExpression instead of client-side filtering
- Add ProjectionExpression to reduce data transfer and improve query performance in token_usage handler
- Use ExpressionAttributeNames to handle reserved words (timestamp) in DynamoDB queries
- Improve configuration reliability by ensuring all Lambda functions have required environment variables set before execution
* fix(multitenant-agentic-platform): Remove unused import from token usage handler
- Remove unused boto3.dynamodb.conditions Attr import
- Simplify handler.py by eliminating unnecessary dependency
- Reduce code clutter and improve maintainability
* fix(multitenant-agentic-platform): Update agent template naming and enhance token limit validation
- Rename base-agent.py to main.py in agent-tools-repo templates for consistency
- Update documentation references to reflect new template filename
- Add Attr import from boto3.dynamodb.conditions for improved query filtering
- Enhance check_token_limit function with configurable fail-closed behavior via FAIL_CLOSED environment variable
- Add get_tenant_id_from_agent function to look up tenant ID from agent details table, preventing token limit bypass
- Improve error handling in token limit checks with detailed logging for fail-closed vs fail-open modes
- Add documentation notes explaining fail-open default behavior and fail-closed option
* Update guardrails memory sample notebook (#995)
* feat: Update guardrails memory sample notebook
* chore: Clear execution counts and outputs from notebook
* sample update(memory): Simplify memory integration using AgentCoreMemorySessionManager
Replace custom MemoryHookProvider implementation with built-in
AgentCoreMemorySessionManager. Key changes:
- Use AgentCoreMemoryConfig with AgentCoreMemorySessionManager
- Remove custom hook implementation (on_agent_initialized, on_message_added)
- Update documentation based on model usage in code from Claude 3.7 Sonnet to Claude Haiku 4.5
- Simplify session handling with automatic reinitialization
- Update documentation to reflect recommended approach
* fix(notebook): Configure memory mode and inject memory_id to prevent runtime failures
configure() defaults to memory_mode="NO_MEMORY", so the auto-created
execution role has no memory IAM permissions — causing ListMemoryEvents
failures at runtime. Additionally, the toolkit doesn't know about the
manually-created memory resource, so it provisions a duplicate on launch.
Fix: Set memory_mode="STM_ONLY" in configure() and inject the existing
memory_id into .bedrock_agentcore.yaml before launch(). Both issues only
exist because the tutorial manually creates resources that the toolkit
normally manages end-to-end.
* cleaned execution count
* Cleared cell outputs
---------
Co-authored-by: subhakl <subhakl@amazon.com>
* Correct role and content retrieval in message processing (#499)
Signed-off-by: fllaneza <44783676+fllaneza@users.noreply.github.com>
* Add Episodic Memory Strategy Tutorial (#855)
* feat: add episodic memory tutorial README
* feat: add code debugging assistant implementation
* feat: add architecture diagram
* docs: add episodic strategy to overview
* docs: add contributor
* fix: update episodic memory API for reflectionConfiguration
- Change reflectionNamespaces to reflectionConfiguration.namespaces
(API structure changed in bedrock-agentcore SDK)
- Fix namespace validation: reflection namespace must be same as
or prefix of episodic namespace
- Update get_namespaces() to read from new nested structure
- Add code-assistant.py standalone script version
* fix: move imports to top of file for linting compliance
- Consolidate all imports at module top (E402 fix)
- Remove unused List import from typing (F401 fix)
- Maintain alphabetical ordering of imports
* style: apply ruff formatting
* feat: Replace debugging use case with Meeting Notes Assistant
Changes based on reviewer feedback that debugging examples already exist
in the repository (debugging-agent and healthcare-assistant).
New implementation:
- Meeting Notes Assistant with episodic memory
- Tools: capture_action_item, identify_decision, summarize_discussion, track_followup
- Tracks decisions, action items, and participant preferences across meetings
- 6 test scenarios demonstrating meeting management patterns
- End-to-end tested with AWS Bedrock (all tools working)
- Security audit passed, linting verified
Files changed:
- Renamed: code-assistant.py → meeting-notes-assistant.py
- Renamed: code-assistant.ipynb → meeting-notes-assistant.ipynb
- Updated: README.md with meeting-specific documentation
This use case is unique and not duplicated in existing samples.
Addresses feedback from @akshseh in PR comment.
* refactor: move episodic tutorial to long-term-memory/strands-hooks folder
Address reviewer feedback:
- Move from 06-episodic-strategy/ to 02-long-term-memory/01-single-agent/using-strands-agent-hooks/meeting-notes-assistant-using-episodic/
- Update architecture diagram to match repo template style
- Update parent README table reference
* fix: update architecture diagram
* fix: address reviewer feedback from @akshseh
- Remove .gitignore (*.pptx entry not needed)
- Pin versions in requirements.txt (bedrock-agentcore>1.4, strands-agents>=0.1.0, boto3>=1.42.1)
- Convert cell_0 from code cell with docstring to markdown cell
- Add blank line after H2 heading in cell_5 to fix bullet formatting
- Fix event_expiry_days comment: clarify it is STM TTL, not for long-term episodic strategy
- Add reflection extraction timing note (~10-15 mins) in seed cell
- Format meeting-notes-assistant.py with black
* Update AgentCore Memory tutorials with new SDK patterns (#1003)
* feat(memory-tutorials): Enhance AgentCore Memory tutorials with SDK migration and advanced features
- Migrate from MemoryClient to MemorySessionManager and MemorySession
- Update from tuple-based messages to ConversationalMessage objects
- Add session-based operations eliminating repetitive parameters
- Implement conversation branching with fork_conversation()
- Add metadata tracking with StringValue and EventMetadataFilter
- Update all three notebooks: math-assistant, customer-support, customer-support-memory-manager
- Add comprehensive ENHANCEMENT_SUMMARY.md documenting all changes
This update showcases the full capabilities of AgentCore Memory including:
- Session management with MemorySessionManager
- Memory hooks for automatic storage/retrieval
- Conversation branching for alternative paths
- Metadata tagging for analytics and filtering
- Practical use cases for math tutoring and customer support
All notebooks tested and validated with syntax checks and feature verification.
* docs: Add arunskum to CONTRIBUTORS.md
* docs: Remove ENHANCEMENT_SUMMARY.md file
* feat(memory): Update AgentCore Memory tutorials with latest SDK patterns
- Migrate from MemoryClient to MemorySessionManager and MemorySession
- Replace tuple-based messages with ConversationalMessage objects
- Implement session-based operations (add_turns, search_long_term_memories)
- Add conversation branching with fork_conversation and list_branches
- Add metadata tracking with StringValue and EventMetadataFilter
- Update all three notebooks: math-assistant, customer-support, customer-support-memory-manager
- Fix imports: StringValue and EventMetadataFilter now from bedrock_agentcore.memory.models
These changes showcase the enhanced AgentCore Memory capabilities including:
- Session-based memory management for cleaner API
- Advanced retrieval with RetrievalConfig
- Conversation branching for alternative paths
- Metadata tagging and filtering for event tracking
* refactor(memory): Split customer support tutorial into built-in vs custom strategies
Deleted legacy MemoryClient notebook, renamed memory-manager to override-strategy, created new inbuilt-strategy notebook, added comparison sections to both
* fix(memory): Correct StringValue and Event attribute usage in notebooks
Fixed 3 issues identified by reviewer:
1. Changed StringValue() to StringValue.build() (30 occurrences)
- Correct usage: StringValue.build('value')
- Fixed in all metadata creation sections
2. Changed .event_id to .eventId (3 occurrences)
- Correct attribute: event.eventId
- Fixed in all branching sections
3. Validated changes with syntactic tests
Changes span 3 notebooks:
- customer-support-inbuilt-strategy.ipynb
- customer-support-override-strategy.ipynb
- math-assistant.ipynb
All fixes follow the pattern demonstrated in reviewer's successful test output.
* fix: Fix metadata_filter bug, migrate math-assistant to MemoryManager, remove test scripts
- Fix list_events() calls to use eventMetadata parameter instead of
invalid metadata_filter in all 3 notebooks
- Migrate math-assistant from legacy MemoryClient to MemoryManager
- Switch math-assistant from CustomSemanticStrategy to built-in
SemanticStrategy (no IAM execution role required)
- Remove CUSTOM_PROMPT cell and ROLE_ARN placeholder from math-assistant
- Remove test scripts, migration scripts, and cleanup utilities
* fix: Update config and runtime MCP agent code for SRE workshop lab 04 (#1055)
* Update config and runtime MCP agent code for SRE workshop lab 04
* Fix ruff lint errors: remove unused imports and f-string prefixes
---------
Co-authored-by: name <alias@amazon.com>
* Feat/databricks per user delegation (#1058)
* feat: Agent & Gateway Registry blueprint
A platform for managing AI agents and MCP tools across an organization.
- Registry: CRUD for agents (A2A, MCP, Agent-as-Tool protocols)
- Gateway management: overview, tools, clients & access, Cedar policies
- Tool composition via Cedar permit-only policies
- Agent discovery API for agent-to-agent communication
- Multi-IdP support (Cognito/EntraID auto-detected)
- AgentCore Identity for agent workload auth
- One-click deploy: CloudFormation + App Runner + DynamoDB
* feat: Databricks per-user delegation via Gateway interceptor + RFC 8693
* feat(memory): add memory streaming tutorial (#1064)
* Add ECS Fargate 3LO tutorial (#1005)
* Add ECS Fargate 3LO tutorial
Fixes #<issue-number>
Co-authored-by: tnickl <tnickl@users.noreply.github.com>
Co-authored-by: satveerkhurpa <satveerkhurpa@users.noreply.github.com>
* fix: scanning results
* feat: WAF integration
Co-authored-by: tnickl <tnickl@users.noreply.github.com>
* docs: inbound & outbound auth
Co-authored-by: tnickl <tnickl@users.noreply.github.com>
---------
Co-authored-by: tnickl <tnickl@users.noreply.github.com>
Co-authored-by: satveerkhurpa <satveerkhurpa@users.noreply.github.com>
* Add async data analysis agent tutorial (#1059)
- Move async data analysis files to 02_async_data_analysis subfolder
- Fix semgrep issue: add __name__ guard to app.run()
- Add contributors from original PR #857
Co-authored-by: Gan Luan <ganluannj@users.noreply.github.com>
* feat: add Auth0 multi-agent RFC 8693 token exchange sample (#1071)
Adds a production-grade reference implementation demonstrating RFC 8693
Token Exchange in a multi-agent system on AWS Bedrock AgentCore Runtime.
The coordinator agent exchanges the user's Auth0 JWT for attenuated,
least-privilege tokens before invoking each sub-agent — implementing
scope attenuation across a 3-agent financial services system.
Key features:
- OAuth 2.0 PKCE login flow via Auth0
- RFC 8693 Token Exchange with per-agent scope policies
- 3 agents: coordinator, customer_profile, accounts
- Streamlit web UI with JWT viewer and API call log
- AWS Secrets Manager integration
- OpenTelemetry observability
- Shell script and CDK deployment options
- Unit test suite
* Add AgentCore Policy integration for healthcare appointment agent (#1028)
* Updated reference code to match Policy for AgentCore blog sample
* fix: address scan findings, lint, and security improvements
Scan findings (HIGH):
- README.md: Add Introduction, Prerequisites, Cost Warning, Conclusion,
Complete Cleanup sections; fix multi-action step; use full AWS service names
- setup_cognito_claims.py: Use full AWS service names; remove possessive form
- setup_policy.py: Fix incorrect docstring hours (8-17 → 9 AM-9 PM UTC)
- test_policy.py: Replace forbidden term 'execute' with 'run'
- patient.json: Rename 'Richard Doe' to approved fictitious name 'Jane Doe'
Security:
- Use HTTP Basic Auth for OAuth token requests (RFC 6749)
- Implement AWS Secrets Manager for client secret retrieval with
auto-caching fallback to Amazon Cognito API
- Validate subprocess script path before execution
Code quality:
- Remove fragile DENIAL_PHRASES list; use deterministic tool visibility
checks and gateway policy denial detection instead
- Fix all ruff check errors (F401, F541, F841)
- Apply ruff format to all changed Python files
- Updated test_output.txt with clean end-to-end run
---------
Co-authored-by: Anil Nadiminti <anilnadi@amazon.com>
* Usecase/lakehouse agent enhance (#1006)
* temp
* Token exchange
* README.md
* Adding column-level access control
* Fixed S3 bucket creation outside us-east-1
* After dry-run testing
* Cleanup
* Rollback unnecessary change
* Rollback unnecessary change
* Rollback unnecessary change
* Added Architecture diagram and tested / fixed notebooks 01-03
* Fix aws path and invalid notebook for 06
* Securing the code
* Fixed the error - Error executing secure Athena query: Query failed: COLUMN_NOT_FOUND: Column 'adjuster_user_id' cannot be resolved or requester is not authorized
* Added scenarios, updated README and enhanced Architecture diagram to show latest changes
* Clarify deletion of Dynamodb table in the cleanup step
* Updated readme with scenario screenshots, added masking for PII for adjuster with wildcard exclude list
* Completed end to end testing for all scenarios
* Updated README and added Dockerfile to gitignore
* Updated README to remove Production Ready clause
* Fixed Pylint issues - f-string with no placeholders and empty except
---------
Co-authored-by: Gi Kim <giryoong@amazon.com>
Co-authored-by: Sunita Koppar <skoppar@amazon.com>
* fix(02-usecases): delete site reliability workshop (#1081)
* fix(tutorials): Fix missing imports, update_agent_runtime params, and asyncio.run in notebooks (#1086)
- Fix UpdateAgentRuntime calls to include required params (agentRuntimeArtifact,
roleArn, networkConfiguration) using get_agent_runtime read-modify-write pattern
- Fix wrong entrypoint filenames in lifecycle demo cells (langgraph, openai, crewai)
- Fix wrong requirements_file path in crewai lifecycle demo cell
- Add missing imports (Session, os, Runtime, json, Markdown) in notebook cells
- Replace asyncio.run() with await in notebook cells (Jupyter compatibility)
- Add missing setup_cognito_user_pool import in hosting_mcp_server notebook
- Add ResourceNotFoundException comment in cleanup cells
- Add Test-Downloads/ to .gitignore
* chore: remove agent-gateway-registry blueprint (#1092)
* Add WebRTC voice agent sample with KVS TURN servers (#1096)
Minimal example demonstrating WebRTC audio streaming with AWS Nova Sonic
via KVS TURN servers, deployable to AgentCore Runtime.
- FastAPI agent with aiortc for WebRTC peer connections
- Nova Sonic bidirectional streaming for speech-to-speech
- Browser client supporting both local and AgentCore Runtime modes
- KVS signaling channel for TURN/STUN server credentials
- Audio resampling (16kHz input, 24kHz output) via PyAV
* Consolidating IDP examples under tutorials for better organization (#1112)
* Fix wording typo in notebook about user consent flow
cosmetic update
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add pyyaml to requirements.txt
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add HardikThakkar94 to CONTRIBUTORS.md
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Updates to fix the Streamlit app access when running in sagemaker
Modified
- Requirements.txt (added dependencies)
- chatbot_app_cognito.py (added get_streamlit_url, for sagemaker access)
- runtime_with_strands_and_egress_3lo.ipynb (streamlit piece for access url, cosmetic updates)
* Fixing Ruff errors reported by python-lint
* removing Ruff errors from python-lint
* passing 3.7 as the model for workshop
* Docs: add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook
* Revert "Docs: add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook"
This reverts commit 5dded4c38ab700ef3abfe7764a4697215db97171.
* Add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook
* cosmetic fix
* Updating OpenAI URL
* Added instructions on the OAuth flow session binding and Streamlit functionality
* All imports are now properly organized at the top of the file, following Python best practices (PEP 8). The linting errors should now be resolved:
- ✅ runtime.py:18:1: E402 - Fixed
- ✅ runtime.py:19:1: E402 - Fixed
- ✅ runtime.py:19:20: F811 - Fixed
- ✅ runtime.py:25:1: E402 - Fixed
* formatting fixed
* Update Identity Outbound tutorial notebooks with corrections and improvements:
1. 05-Outbound_Auth_3lo notebook: Fixed credential provider name typo
2. 06-Outbound_Auth_Github notebook: Multiple improvements including:
- Updated description text for GitHub-specific use case
- Reorganized imports (moved to top of cell)
- Added boto session and region setup
- Reordered OAuth flow description
- Restructured notebook sections (removed redundant policy section, added clearer status check and invoke sections)
- Fixed credential provider name reference
* Fixed Identity Sections based on SageMaker (Workshop) to handle oauth2_callback_server and other cosmetic updates.
* Remove unused import and added permissions for 1st time model access for workshops
* formatting fixed.
* parameterize provider, update github image.
* added import boto3 and updated image for GitHub Session Binding
* Update Model and Remove Global Var
* Travel and Shopping concierge agents blueprints
* add missing contributors for the blueprint
* fix python-lint errors
* CodeQL fixes and config
* fix python-lint unused imports
* fix python-lint
* fix linter and cql issues
* run linter
* update codeql suppressions
* suppress codeql
* Revert accidental changes to 01-tutorials and 03-integrations
Remove files accidentally added to 01-tutorials and 03-integrations in previous commits.
These changes were not intended to be part of the blueprint additions.
Reverted files:
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/.dockerignore
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/Dockerfile
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/github_agent.py
- 03-integrations/IDP-examples/EntraID/.agentcore.json
- 03-integrations/IDP-examples/EntraID/.dockerignore
- 03-integrations/IDP-examples/EntraID/Dockerfile
- 03-integrations/IDP-examples/EntraID/strands_entraid_onenote.py
* fix formatting
* Update 05-blueprints/shopping-concierge-agent/tests/utils.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* removed tests folders.
* remove info logging
* remove logging
* codeql suppressions
* Update server.py
# codeql[py/clear-text-logging-sensitive-data] Debug logging for certificate verification - logs metadata only, not private key content
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Updating .gitignore and adding lib folder required for the shopping and travel concierge agents
* Add Demo video for agents
* Update demo section in README.md
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add Demo's as Gif, update LFS and add note in ReadMe
* remove the .mp4 files as they are not supported
* change to google products and remove travel specific
* update product link
* fix url in shopping list and purchases
* remove amazon
* Add Visa B2B Use Case
* fix pylint
* CodeQL Fixes
* Consolidating IDP examples under tutorials for better organization
---------
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
Co-authored-by: HT <hardikvt@amazon.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* adding/changing mcp samples - server and client (#1089)
* adding/changing mcp samples - server and client
* adding/changing mcp samples - server and client
* adding exec command
* chore(e2e-workshop): refactor workshop to add framework subfolders (#1120)
* chore(e2e-workshop): refactor workshop
* docs: update readme
* fix(05-entraid-3lo-gateway): rename lib/ to infra/ to avoid root .gitignore exclusion (#1057)
The root .gitignore has a blanket `lib/` rule for Python packaging that
was preventing lib/cdk-stack.ts from being tracked by git. Renamed the
directory to infra/ which is not caught by any ignore rule.
Also fixes README.md references from `cd cdk-entraid` to the actual
directory name `05-entraid-3lo-gateway`.
Changes:
- Rename lib/ -> infra/ for the CDK stack source
- Update import path in bin/cdk.ts
- Fix cd path in README.md Quick Start instructions
Co-authored-by: Robert Hoffmann <rho@amazon.de>
* Add barge-in support, user transcription, and VPC setup docs (#1117)
- Implement barge-in per Nova Sonic spec (mute flag + FIFO clear in OutputTrack)
- Detect interruption from textOutput for reliable barge-in in deployed environments
- Add user speech transcription via contentStart role tracking
- Add VPC setup console instructions to README
* fix(05-entraid-3lo-gateway): remove securitySchemes from OpenAPI spec to fix CDK deploy (#1137)
* fix(05-entraid-3lo-gateway): rename lib/ to infra/ to avoid root .gitignore exclusion
The root .gitignore has a blanket `lib/` rule for Python packaging that
was preventing lib/cdk-stack.ts from being tracked by git. Renamed the
directory to infra/ which is not caught by any ignore rule.
Also fixes README.md references from `cd cdk-entraid` to the actual
directory name `05-entraid-3lo-gateway`.
Changes:
- Rename lib/ -> infra/ for the CDK stack source
- Update import path in bin/cdk.ts
- Fix cd path in README.md Quick Start instructions
* fix(05-entraid-3lo-gateway): remove securitySchemes from OpenAPI spec to fix CDK deploy
---------
Co-authored-by: Robert Hoffmann <rho@amazon.de>
* docs(01-tutorials): update readmes (#1121)
* docs(01-tutorials): update readmes
* docs: update readmes
* docs: update readme links & resources
* feat(memory): Add AgentCore Memory cross-region replication tutorial (#1138)
* Add AgentCore Memory cross-region replication tutorial
Add tutorial 06-memory-cross-region-replication under advanced patterns.
Demonstrates active-passive cross-region replication for AgentCore Memory
using the memory record streaming feature with near real-time failover.
Includes:
- Jupyter notebook with step-by-step walkthrough
- CloudFormation templates for regional and global infrastructure
- Lambda consumer for Kinesis-based replication
- Failover/failback toggle scripts
- Loop prevention via namespace prefixing
* Address PR review: add arch diagram, fix memory ID lookup
- Replace ASCII architecture diagram with proper AWS diagram (images/architecture.png)
- Fix notebook Step 2: memory IDs are now stored in DynamoDB config table by
deploy.sh and read back by the notebook, replacing the broken list_memories
scan that searched for 'replication_memory' in the opaque memory ID
- deploy.sh Step 6 now seeds MEMORY_ID_PRIMARY and MEMORY_ID_SECONDARY
alongside ACTIVE_REGION
Note: AgentCore Memory is intentionally created via CLI in deploy.sh (not CFN)
because the streaming config is toggled at runtime during failover/failback —
CFN would drift-correct it back.
* Rename folder, fix ruff formatting on handler.py
* fix(e2e-workshop): fix gateway race condition and model_id typo in lab-03 (#1146)
- Add time.sleep(3) after gateway creation in Step 5 to prevent Step 6
from failing with CREATING status when cells run in quick succession
- Remove extra trailing quote from model_id that caused SyntaxError
Fixes #1145
* fix(e2e-workshop): make zip install portable and conditional in prereq.sh (#1144)
Replace hardcoded `sudo apt install zip` with cross-platform detection:
- Check if zip is already installed before attempting install
- Detect package manager (apt-get, yum, dnf, brew)
- Use sudo only when not running as root
- Fail with clear message if no supported package manager is found
Closes #604
* chore: fix iam policy path (#1153)
* docs(01-tutorials): update readmes
* docs: update readmes
* docs: update readme links & resources
* fix: fix the IAM policy path
* fix(05-entraid-3lo-gateway): fix OpenAPI schema security validation for CDK deploy (#1141)
Co-authored-by: Robert Hoffmann <rho@amazon.de>
* feat: sample that shows how to deploy agentcore runtime in VPC (#683)
* feat(runtime_in_vpc): initial
* fix: moved to advanced concepts
* AgentCore runtime bidi agent sample update - refined folder structure and more samples (#1160)
* agentcore runtime bidi streaming add strands sample
* agentcore runtime bidistream sample update for Nova Sonic 2
* agentcore bidi streaming sonic 2 update cleanup python file
* update IMDS comments
* reformat the python file using ruff
* sonic sample update to use default port 8080
* agentcore runtime bidi streaming update to sonic2 with text input update
* remove unused reference
* remove spaces
* update agentcore bid streaming UIs to include text input, event filter and barge-in
* agentcore voice agent sample with more samples and refined folder structure
* update diagram
* update reference links
* resolve github warnings
* remove temp json
* resolve github warnings
* resolve github warnings
* resolve github warnings
* resolve github warnings
---------
Signed-off-by: Lana Zhang <lanaz@amazon.com>
* Spring ai agentcore samples (#1119)
Added sample Spring and Embabel based agents
* fix:add missing agents/ directory and requirements.txt (#1165)
* adding managed session storage (#1169)
* adding managed session storage
* adding managed session storage/ fix lynt
* Adding End-to-End Customer Support Agent with AgentCore using Google ADK (#1164)
* feat(e2e): Add Google ADK end-to-end tutorial with AgentCore
Add 6-lab workshop covering agent creation, memory, gateway,
runtime deployment, frontend, and cleanup using Google ADK
with Amazon Bedrock AgentCore services.
* docs(e2e): Update Google ADK README and remove duplicate
Replace placeholder README with full tutorial content and remove
the 'README copy.md' duplicate file.
* docs(e2e): Add Google ADK to README title
* style(e2e): Capitalize README title consistently
* docs: Add Diego Brasil to CONTRIBUTORS
* chore(e2e): Remove images-og_do_not_commit directory
Remove original source images that were not intended for version control.
* fix: Use importlib for dynamic import and clean up linting issues
* feat(e2e): Set Cognito MFA to OPTIONAL and clean up inline comment
---------
Signed-off-by: Akarsha Sehwag <akshseh@amazon.de>
Co-authored-by: Akarsha Sehwag <akshseh@amazon.de>
* feat(runtime): Add AG-UI examples with SSE and WebSocket demos (#1139)
* feat(runtime): Add AG-UI examples with SSE and WebSocket demos
Add tutorial 09-ag-ui-examples demonstrating the AG-UI protocol on
AgentCore Runtime with both Cognito/JWT and IAM/SigV4 authentication.
Includes:
- Document co-authoring agent (FastAPI + Strands + ag-ui-strands)
- Cognito notebook with SSE and WebSocket Bearer token demos
- IAM notebook with SSE (SigV4 headers) and WebSocket (pre-signed URL) demos
- Multi-turn interactive document co-authoring demo
- Architecture diagrams for both auth flows and transports
- README with AG-UI event reference and troubleshooting
* feat(runtime): Add AG-UI protocol examples as tutorial 10
- Rename 09-ag-ui-examples to 10-ag-ui-examples (09 slot taken by execute-command)
- Remove hardcoded region_name=us-west-2 from BedrockModel, inherit from env
- Use DP variable for both SSE_URL and WS_URL consistently
- Regenerate architecture diagrams: single agent with tool boxes, proper auth flow
- Improved event flow as full flowchart with color-coded event categories
* fix(runtime): Fix diagram edge labels overlapping with lines
Use ortho splines and increased node spacing to prevent edges
cutting through label text in architecture diagrams.
* fix(runtime): Remove duplicate task label on Tool 2 edge to prevent overlap
* fix(runtime): Place single 'tasks' label between tool boxes in diagrams
* fix(runtime): Suppress bandit B104 for container bind to 0.0.0.0
* feat(runtime): Switch to direct_code_deploy, remove Docker/ECR dependency
- Use deployment_type=direct_code_deploy with runtime_type=PYTHON_3_13
- Remove auto_create_ecr from configure()
- Remove ECR cleanup from both notebooks
- Remove Docker from prerequisites
* refactor(runtime): Switch to direct_code_deploy, trim requirements, remove review cell
- Use direct_code_deploy with PYTHON_3_13 runtime type
- Trim requirements.txt to 5 essential packages
- Remove Review Agent Code section from both notebooks
- Install zip via sudo apt-get for SageMaker Studio compatibility
- Renumber notebook sections
* chore(runtime): Rename AG-UI examples from 10 to 11
* fix(ag-ui): Address PR #1139 review comments
- Simplify status check block to single status query
- Add markdown cell explaining utils.py helper (cognito notebook)
- Remove authorizer print line from verify cells
* docs: add migration guide from Starter Toolkit to AgentCore CLI (#1195)
* feat(tutorials): #1128 Add Strands agent with AgentSkills plugin tutorial (#1131)
* feat(tutorials): Add Strands agent with AgentSkills plugin tutorial
* docs(contributors): Update contributors list
* lint fix
* docs(tutorials): Add architecture diagram to Strands agent skills tutorial
* chore(tutorials): Reorganize strands-with-skills tutorial to 06-strands-with-skills
---------
Signed-off-by: Rajesh Sitaraman <rajesh.sitaraman@outlook.com>
Co-authored-by: Rajesh Sitaraman <rajeshrd@amazon.com>
* Fix/session binding url (#1190)
* fix: session binding url
* fix: architecture
* fix: remove oauth callback service
* fix: docstrings
* fix: remove requirements.txt
* fix: remove cdk context
* fix: flow outbound auth flow diagram
* fix:session binding url
* style: format python files with ruff
* Replace Starter Toolkit with AgentCore CLI in README (#1196)
* feat: add Chrome enterprise policies and custom root CA tutorial for AgentCore Browser (#1220)
Add tutorial notebook demonstrating two new AgentCore Browser features:
- Chrome enterprise policies (managed/recommended) for URL filtering,
download restrictions, and browser feature controls
- Custom root CA certificates via AWS Secrets Manager for connecting
to internal services and SSL-intercepting proxies
Includes badssl.com demo for root CA using Code Interpreter.
Co-authored-by: Sundar Raghavan <sdraghav@amazon.com>
* Add use case: Integrate Claude Code with AgentCore Gateway MCP Server (#1225)
* Initial push of claude-code-with-mcp-server sample code
* Added tavily MCP Server
* Update 01-claude-code-with-mcp-server.ipynb
* Added details on how to list MCP Tools
* Update 01-claude-code-with-mcp-server.ipynb
* Semantic updates in wording
* Cosmetic Fixes
* Update 01-claude-code-with-mcp-server.ipynb
* Added Calude Code screenshots to show AgentCore Gateway connection
* Improved documentation of the notebook
* Added Solution Architecture
* Fixed post Gili code review
* Fixes after Gili Code Review Comments
* Code fixes after gili code Review Comments
* Fixes after Gili code review comments
* Update CONTRIBUTORS.md
* Create README.md
* Fixes in the code after ruff check run
* Fixes in the notebook code after ruff check run
* Fixed Security Scan Results bugs
* Update README.md
* Adding Getting Started sample (#1228)
* Adding getting started with AgentCore CLI example
* Adding getting started with AgentCore CLI example
* Adding getting started with AgentCore CLI example
* Groundtruth evaluations (#1229)
* Add groundtruth-based evaluations tutorial
* updating README
* drop .py script, agent script is created at notebook runtime
* custom code based evaluators (#1231)
* custom code based evaluators
* feat: token exchange example with real setup with different client ids to authenticate calls to AgentCore Gateway and API Gateway (#1234)
* Feature/datadog llm observability tutorial (#1097)
* feat: Add Datadog observability integration for AgentCore Runtime
Original Datadog partner observability integration by jasonmimick-aws.
Includes notebook, requirements, .gitignore, and README updates.
Co-authored-by: jasonmimick-aws <jasonmimick@users.noreply.github.com>
* feat: Add Datadog LLM Observability notebook with OTLP export
Replace initial notebook with LLM Observability-focused tutorial.
Uses OpenTelemetry OTLP export directly to Datadog (no Agent required).
Add llm-obs-example.png screenshot to shared images folder.
* chore: Flatten Datadog structure, fix paths, add kolaak to CONTRIBUTORS
- Remove llm-observability/ subfolder, move contents to Datadog/ root
- Fix notebook image paths for flattened directory structure
- Replace Datadog APM link with LLM Observability docs link
- Add kolaak to CONTRIBUTORS.md
---------
Signed-off-by: kolaak <kolaak@amazon.com>
Co-authored-by: jasonmimick-aws <jasonmimick@users.noreply.github.com>
* feat(01-tutorials): auth code flow examples agentcore gateway (#1250)
* Add memory for process tracking and analytics advanced pattern (#1094)
* Add memory for process tracking and analytics advanced pattern
* Update notebook: shows dynamic namespace querying, and dynamic code analysis
* Update notebook: add architecture diagram
* Move to 07-memory-for-hyper-personalisation, add cross-customer analytics notebook (Part 2)
* Rename notebooks with 01/02 prefix, add arch diagram to NB2, clear outputs
* Rename folder to 07-memory-for-personalisation-and-analytics
---------
Signed-off-by: Akarsha Sehwag <akshseh@amazon.de>
Co-authored-by: smathalikunnel <smathali@amazon.co.uk>
Co-authored-by: Akarsha Sehwag <akshseh@amazon.de>
* feat(01-tutorials): Adding Amazon Bedrock AgentCore Gateway - Amazon VPC Lattice egress samples (#1247)
* egress
* coming soon labs
* coming soon labs
* cleanup
* advanced
* changes
* removing hard coded regions - user prompted instead (#1251)
* removing hard coded regions - user prompted instead
* unicode
* ruff formating
* feat(02-usecases): Add Okta three-tier auth end-to-end demo with BedrockAgentCore Agent+AgentCore Gateway Interceptor+ Agent Runtime MCP Server (#1158)
* Add Okta three-tier auth end-to-end demo with Gateway + Agent Runtime
* Add Authorization Code grant flow for user auth and group-based RBAC enforcement to MCP Server
---------
Co-authored-by: Mallik Panchumarthy <mpanchum@amazon.com>
Co-authored-by: Velamuri <kvelamu@amazon.com>
* feat(02-usecases): Add Database Read-Only User and Update to Next.js (#1206)
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Fix front-end model call IAM permissions for charts
* Add Database Read-Only User and Update to Next.js
* Add Database Read-Only User and Update to Next.js
* Update pnpm
* Update pnpm
---------
Co-authored-by: Uriel Ramirez <beralfon@amazon.com>
* Using AgentCore Identity for OAuth token management for a self-hosted agent. (…
dhawalkp
pushed a commit
that referenced
this pull request
Apr 12, 2026
* fix(notebooks): minor changes in the instructions
* Adding browser new features (profile, extensions and proxy) (#966)
* adding browser profile and firewall examples
* Fix browser samples and add domain filtering notebook
- Rename test_firewall.py to verify_domain_filtering.py
- Add verify_domain_filtering.ipynb notebook version
- Fix hhtp typo in SigV4 signing (both samples)
- Remove debug prints and unused imports
- Add BROWSER_ID env var validation with CFN export hint
- Replace httpbin.org with github.com (matches CFN AllowedDomains)
- Fix hardcoded S3 bucket name, add LocationConstraint
- Translate Portuguese comments/strings to English
- Remove unused strands-agents-tools from requirements.txt
- Remove commented-out code
- Add samples 09/10 to parent README
* Add sample 11: Browser with Squid proxy and S3 logging
- CFN template: VPC, Squid EC2 with basic auth, AgentCore Browser (VPC mode)
- Proxy credentials auto-generated in Secrets Manager
- Squid access logs synced to S3 every 5 minutes
- Browser security group locked to Squid:3128 only (no NAT)
- verify_proxy.py and .ipynb: start proxied session, verify IP matches Squid
- Parent README updated with sample 11 link
* adding / fixing features
* Fix browser execution role trust policy for CFN deployment
Add SourceAccount and SourceArn conditions to the browser execution
role trust policy in both CFN templates. Without these conditions,
the BrowserCustom CFN handler fails with HandlerInternalFailure.
Uses AWS::AccountId and wildcard region so it works in any account.
* adding extension / refactoring
* adding extension / refactoring
* finishing samples
* Clean up browser tool samples: remove local playwright install, fix lint and docs
- Remove 'playwright install chromium' from READMEs (remote browser, not local)
- Remove unnecessary f-string prefix in verify_domain_filtering.py
- Fix ASCII diagram alignment in proxy README
- Remove secret ARN from verify_proxy.py stdout
- Replace 'jupyter notebook' command with IDE-agnostic guidance
* fix: proxy auth bug + ruff lint/format across browser tutorials
11-browser-with-proxy:
- Fix htpasswd parsing passwords starting with '-' as flags (use stdin)
- Use ExcludePunctuation for secret generation instead of partial char list
- Use session.client() consistently, remove secret ARN printing
- Clear notebook outputs
09/10/12 + helpers:
- Fix ruff lint errors (unused import re, f-string without placeholders)
- Apply ruff formatting (line wrapping, quote consistency)
- Clear notebook outputs (12 had leaked AWS credentials)
- Update kernel metadata
* fix: install cronie on AL2023 for squid log sync cron job
* fix: browser tutorials cross-region bucket naming, deploy.sh region, and boto3 version pin
- Profiles & Extensions notebooks: bucket name now includes region to prevent
cross-region S3 collisions when running demos in different regions
- deploy.sh: use AWS_DEFAULT_REGION/aws configure instead of hardcoded us-east-1
- Proxy requirements.txt: pin boto3>=1.42.47 (proxyConfiguration support)
---------
Co-authored-by: Joshua Samuel <sauhsoj@amazon.com>
* chore(deps): bump jsonpath (#972)
Bumps [jsonpath](https://github.com/dchester/jsonpath) from 1.1.1 to 1.2.1.
- [Commits](https://github.com/dchester/jsonpath/commits/1.2.1)
---
updated-dependencies:
- dependency-name: jsonpath
dependency-version: 1.2.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Adding tutorial example for Gateway integration with IDE and tool - VS Code - Agentcore Gateway - Confluence (#790)
* Updating Policy tutorial for FGAC
* Updating Policy tutorial for FGAC
* Updating Policy tutorial for FGAC
* Updating Policy turorial for FGAC
* Adding IDE Gateway integration example
* Fixing python-lint issues
* Fixing python-lint issues
* Fixing python-lint issues
* Adjusting proxy Lambda with commented lines
* Updated readme
* Updating README
* fix: include account ID in Cognito domain prefix to ensure global uniqueness (#979)
The Cognito domain prefix previously used only appName and region,
which could cause collisions across AWS accounts deploying the same
stack. Adding the account ID guarantees uniqueness.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* feat: add auto-register Bedrock Knowledge Bases on AgentCore Gateway tutorial (#980)
* added full example of enterprise mcp platform with policy engine mcp … (#982)
* added full example of enterprise mcp platform with policy engine mcp server filtering based on user_tag, guardrail for PII data
* fixed linting
* fixed linting
* fixing lint
* fixing lint
* fixinf ruff
* FIXING RUFF
* fixing ruff
---------
Co-authored-by: brnaba-aws <brnaba@amazon.com>
* update evals package name (#985)
* update evals package name
* update evals package name
* Fix/add missing infrastructure files due to .gitignore (#942)
* feat: add missing CDK infrastructure files for knowledge-base-rag-agent
- Add all CDK stack files (api, cognito, storage, web-console, etc.)
- Add CDK constructs and utilities
- Fix web console S3 content-type bug with single BucketDeployment
- Add @aws-lambda-powertools/logger dependency for Lambda bundling
- Enable esbuild-based Lambda bundling (no Docker required)
This completes the knowledge-base-rag-agent infrastructure that was missing from the original PR.
* fix: add missing infrastructure files for knowledge-base-rag-agent
- Add exception to root .gitignore for knowledge-base-rag-agent/infrastructure/lib/
- This allows the critical CDK stack definitions and constructs to be tracked
- Without these files, developers cannot deploy the infrastructure
- Fixes the incomplete PR #923 that was missing the entire lib/ directory
The missing files include:
- 6 CDK constructs (API proxy, CORS config, Lambda utilities, etc.)
- 12 CDK stacks (API, Cognito, Database, Memory, Runtime, etc.)
- 1 utility file (NAG suppressions)
These are essential TypeScript source files, not build artifacts.
---------
Co-authored-by: Jerad Engebreth <awsjerad@amazon.com>
* AgentCore gateway - SQL injection prevention (#989)
* Add prompt injection prevention tutorial
* Updated Lambda
* SQL changes
* Lambda changes
* SQL naming changes
* fixes
* Added read me and minor changes
* Update service names
* fixes
* remove outputs
* fixes-1
* lambda lint
---------
Co-authored-by: jsbeardaws <jsbeard@amazon.com>
* docs: improve prerequisites for customer-support-agent-with-agentcore (#1008)
Expand the Prerequisites section with inline guidance for AWS CLI version
requirements, IAM permissions, and Bedrock model access — addressing
common first-time setup failures.
README.md:
- Add tip that deploy.sh runs pre-flight checks for all prerequisites
- Specify AWS CLI v2.32.0+ requirement (needed for `aws login`)
- Add step-by-step AWS credentials and permissions guidance
- Recommend AdministratorAccess + SignInLocalDevelopmentAccess policies
- Add Anthropic model access section (one-time usage form, not the
retired Model Access page — Bedrock auto-enables since Oct 2025)
- Note CDK and AgentCore CLI are auto-installed by deploy.sh
- Add troubleshooting entry for `aws login` version error
scripts/deploy.sh:
- Add AWS CLI version check (warns if below v2.32.0)
- Add Bedrock model access check for Claude Sonnet 4.5
- Improve credential error message to reference `aws login`
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* adding session lifecycle info (#1014)
* fix: add npm cache preflight check and fix agentcore CLI commands in deploy.sh and README (#1015)
- Add npm cache ownership check to deploy.sh pre-flight section. A previous
`sudo npm install` leaves root-owned files that cause EACCES errors.
- Fix deploy.sh and README.md to use `uv run agentcore` instead of bare
`agentcore`, since the CLI is installed in the project venv via uv sync.
- Update troubleshooting table with `uv run` guidance.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* fix: add botocore[crt] dependency for aws login credential provider (#1016)
The README instructs users to authenticate via `aws login`, which uses
the CRT-based credential provider. Without `awscrt` in the project venv,
any boto3 call (e.g., cognito-user.py) fails with MissingDependencyException.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* fix: improve cognito-user.py UX for email and password handling (#1018)
* fix: improve cognito-user.py UX for email selection and password errors
- Replace free-text email input with numbered menu (1/2) to prevent
users from entering emails that don't match backend mock data
- Show password requirements upfront before the password prompt
- Catch InvalidPasswordException and display friendly error message
instead of a raw stacktrace
* style: apply ruff formatting
* fix: detect port 3000 collision before starting OAuth callback server
Check if port 3000 is available before attempting to bind. If in use,
exit with a clear error message and the command to free the port.
* fix: check port availability before opening browser in login flow
Move the port check to the start of do_login so it exits before
opening the browser or starting the callback server.
---------
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* docs: simplify console navigation for Policy Engine setup (#1020)
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* Replace Anthropic Claude references with Amazon Nova 2 Lite model (#1023)
* Replace Anthropic Claude references with Amazon Nova 2 Lite model
---------
Co-authored-by: nehatb <nehatb@amazon.com>
* Lifecycle Session Demos for Bedrock Agentcore runtime (#1026)
* feat(tutorials): Add inline session lifecycle demos to MCP server tutorials
Add inline session stop demonstrations and best practices sections to both
MCP server hosting tutorials. Updates include:
- Add inline session lifecycle demo after runtime launch
- Add Session Lifecycle Best Practices section before cleanup
- Update cleanup with security-validated ordering (credentials first)
- Make cleanup code active with proper try/except error handling
hosting_mcp_server.ipynb (OAuth):
- Inline demo is commented (OAuth doesn't support boto3 invoke)
- Cleanup order: Secrets → SSM → Runtime → ECR
hosting_mcp_server_iam_auth.ipynb (IAM):
- Inline demo is ACTIVE (IAM supports boto3 invoke)
- Demonstrates capturing runtimeSessionId and calling stop_runtime_session
- Cleanup order: SSM → Runtime → ECR
All changes follow security best practices to minimize credential exposure
windows during cleanup.
Requirements: 9.1, 9.2, 9.3, 9.4, 9.5, 6.2
* feat(tutorials): Add inline session lifecycle demos to MCP server tutorials
Add strategic session stop demonstrations throughout both MCP server tutorials
to teach proper session lifecycle management in context.
Changes:
- Add stop_runtime_session_oauth() helper function for OAuth bearer token auth
- Add Demo 1: Session stop immediately after runtime deployment
- Add Demo 2: Session stop between different test approaches
- Add Demo 3: Session stop after Boto3 testing (IAM notebook only)
- Update invoke_mcp_tools.py to include session stop with HTTP 200 response
- Add explanatory notes about expected 404 warning from MCP client cleanup
- Demonstrate mcpSessionId can be passed as header and used with stop_runtime_session
- Print HTTP status codes and Request IDs for all session stops
Verified:
- IAM auth: All session stops return HTTP 200 with Request IDs
- OAuth auth: Session stops work with bearer token via HTTP POST
- Single runtime successfully handles multiple sessions
- Runtime remains alive after stopping individual sessions
Requirements: 9.1, 9.2, 9.3, 9.4, 9.5
* feat(tutorials): Add inline session lifecycle demos to hosting-agent tutorials
Add strategic session stop demonstrations and lifecycle configuration to all
hosting-agent tutorials to teach proper session management in context.
Changes:
- Update billing language from 'GBHours' to 'vCPU and Memory based' costs
- Add inline session stop demos after agent invocations
- Add active lifecycle configuration demo with second runtime (300s timeout)
- Demonstrate stop_runtime_session with captured runtimeSessionId
- Update cleanup sections with try/except error handling
- Add Session Lifecycle Best Practices sections
Tutorials updated:
- 01-strands-with-bedrock-model/runtime_with_strands_and_bedrock_models.ipynb
- 02-langgraph-with-bedrock-model/runtime_with_langgraph_and_bedrock_models.ipynb
- 03-strands-with-openai-model/runtime_with_strands_and_openai_models.ipynb
- 04-crewai-with-bedrock-model/runtime-with-crewai-and-bedrock-models.ipynb
Verified:
- All notebooks demonstrate session stopping with boto3 invoke_agent_runtime
- Lifecycle configuration demos show shorter idle timeout (300s)
- Cleanup sections properly handle multiple runtimes
- Error-safe cleanup with individual try/except blocks
Requirements: 1.2, 6.1, 9.1, 9.2, 9.3, 9.4, 9.5
* refactor(tutorials): Simplify session lifecycle sections per reviewer feedback
Address reviewer feedback to remove confusing lifecycle configuration
references and simplify Best Practices sections.
Changes:
- Remove 'and show how to use a smaller lifecycle configuration' from inline demos
- Remove lifecycle configuration demo cells from hosting-agent notebooks
- Simplify Best Practices section to only 2 bullets (configure timeout, stop sessions)
- Remove confusing bullets about cleanup, deletion order, and minimum timeout
Updated notebooks:
- All 4 hosting-agent notebooks (strands-bedrock, langgraph, strands-openai, crewai)
- Both MCP server notebooks (OAuth and IAM)
- understanding-runtime-context notebook
Reviewer: @evandrofranco
PR: awslabs/amazon-bedrock-agentcore-samples#1026
* fix(tutorials): Restore lifecycle config demos with cleaned comments
Restore lifecycle configuration demo cells that were incorrectly removed.
The reviewer only asked to remove confusing comments, not the entire demo.
Changes:
- Restore lifecycle-config-demo markdown and code cells
- Keep the demo functionality (second runtime with 300s timeout)
- Remove only the confusing comments:
- 'Using a shorter idle timeout for demonstration purposes'
- 'A shorter idle timeout helps avoid undesired costs...'
- Keep all the actual demo code
This preserves the SPECIAL CASE requirement from tasks.md that these
notebooks should demonstrate active lifecycle configuration.
Updated: 4 hosting-agent notebooks
* fix(tutorials): Restore lifecycle demos and update Best Practices per reviewer
Complete implementation of reviewer feedback:
1. Removed confusing sentence from inline demo titles:
- Changed 'Below we demonstrate stop_runtime_session and show how to use
a smaller lifecycle configuration'
- To: 'Below we demonstrate stop_runtime_session'
2. Removed confusing comments from lifecycle config demo code:
- Removed 'Using a shorter idle timeout for demonstration purposes'
- Removed 'A shorter idle timeout helps avoid undesired costs...'
- Kept all actual demo code (second runtime with 300s timeout)
3. Simplified Best Practices section (all notebooks):
- Reduced to 2 bullets: Configure idle timeout, Stop sessions when done
- Removed 3 bullets about cleanup, deletion order, minimum timeout
Updated 6 notebooks:
- 4 hosting-agent notebooks (with lifecycle demos restored)
- 2 MCP server notebooks (Best Practices simplified)
Reviewer: @evandrofranco
PR: awslabs/amazon-bedrock-agentcore-samples#1026
* 03-integrations - Add Claude Agent SDK agentic patterns: subagents and hooks (#994)
* feat: add Claude Agent SDK orchestrator-workers pattern with subagents
Add new example demonstrating the Orchestrator-Workers agentic pattern
using Claude Agent SDK's native subagent support (AgentDefinition + Task tool)
deployed on Bedrock AgentCore Runtime.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Claude Agent SDK hooks pattern for tool governance and audit
Add new example demonstrating PreToolUse and PostToolUse hooks for
blocking dangerous operations and audit logging. README covers
defense-in-depth story with AgentCore Policy for external tools.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add contributor name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: upgrade to Sonnet 4.6 and fix cognito-user.py commands (#1027)
* fix: use uv run instead of python in cognito-user.py
The project uses uv for dependency management, so the script
should reference uv run consistently in its docstring and
user-facing output.
* feat: upgrade to Claude Sonnet 4.6 and improve deploy model check
- Update model ID from Sonnet 4.5 to Sonnet 4.6 global inference profile
- Replace passive model lifecycle check with actual invoke-model test in deploy.sh
- Show both possible failure reasons: Anthropic FTU form and IAM permissions
* fix: harden deploy.sh model check for edge cases
- Add timeout (10s) to prevent hanging on network issues
- Add cli-connect-timeout and cli-read-timeout for AWS CLI
- Chain mktemp into the if-condition to handle failures gracefully
- Clarify that the check tests deployer credentials, not the agent's
execution role — a failure here may not affect the deployed agent
- Safe cleanup of temp file in all code paths
* fix: remove timeout command for macOS compatibility
timeout is a GNU coreutils command not available on macOS by default.
The AWS CLI's --cli-connect-timeout and --cli-read-timeout flags
provide sufficient timeout protection.
* docs: restructure prerequisites for clarity
- Move Clone the Repository to first step with git install instructions
- Separate auto-installed tools (CDK, AgentCore CLI) from manual prereqs
- Move IAM policies to a note after verify credentials
- Move aws login version requirement to AWS Credentials section
- Move deploy.sh tip to after tools table
* docs: add guidance on changing the model ID
* docs: remove redundant API form note
---------
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* docs: improve prerequisites clarity and deploy.sh error messages (#1029)
* docs: improve prerequisites clarity and deploy.sh error messages
- Restructure Clone the Repository into numbered steps
- Clarify Node.js install: install nvm first, then run command
- Improve deploy.sh node error message with nvm install link
- Remove auto-installed tools section (CDK, AgentCore CLI)
- Specify Sonnet 4.6 in model access steps
- Simplify tools table and credentials section
* docs: revert to Sonnet 4.5 default, add alternative model table
- Revert default model to Claude Sonnet 4.5 in load.py and deploy.sh
- Add alternative models table (Haiku 4.5, Sonnet 4.6) to README
- Update all Sonnet 4.6 references back to 4.5
* docs: soften git install wording
---------
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* updated notebook to reflect header propagation feature instead of interceptor (#971)
* updated notebook to reflect header propagation feature instead of interceptor
* Add README.md documentation
* docs: add Transaction Search prerequisite to observability section (#1031)
The observability section implied traces work out of the box, but
CloudWatch Transaction Search must be enabled first for span ingestion.
Add the one-time setup step before the trace inspection instructions.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* feat(02-usecase): A2A Agent usecase (#1025)
* Add A2A Real Estate Multi-Agent Use Case
This contribution adds a complete A2A (Agent-to-Agent) real estate multi-agent system demonstrating:
- Multi-agent coordination using A2A protocol with OAuth authentication
- Property Search Agent (Strands-based) for searching properties
- Property Booking Agent (Strands-based) for managing bookings
- Coordinator Agent that orchestrates sub-agents via A2A protocol
- Automated Cognito setup for OAuth 2.0 authentication
- React-based UI with direct AgentCore integration
- Comprehensive deployment automation scripts
- End-to-end testing utilities
Key Features:
- OAuth bearer token management with Cognito
- Request header allowlist configuration for Authorization
- Automated agent deployment with agentcore CLI
- Token generation and refresh utilities
- Real-time chat interface for property search and booking
Architecture:
- Coordinator generates OAuth tokens from Cognito to call sub-agents
- Sub-agents validate tokens independently
- All agents deployed on Amazon Bedrock AgentCore Runtime
- UI connects directly to coordinator via A2A protocol
Documentation includes:
- Deployment guide with step-by-step instructions
- Project structure overview
- Demo instructions
- Quickstart guide
- Contributing guidelines
* Security improvements and bug fixes
- Added comprehensive .gitignore for sensitive files and scan results
- Fixed security issues from GitHub Advanced Security scan
- Implemented short-term memory (STM_ONLY) for conversation context
- Fixed session ID bug in UI for persistent conversations
- Removed unused fix_iam_permissions.py with hardcoded ARNs
- Deleted sensitive files (bearer_token.json, cognito_config.json)
- Updated welcome message to 'Amazon Bedrock AgentCore'
- Fixed ESLint warnings in directApi.ts
- Improved security in deployment and server scripts
- All security scan findings addressed or documented as false positives
* Update documentation to sample application
* review comment fixes, cleanup unused files, update documentation
* Delete unused test_a2a_simple.py
* Fix ruff lint errors
* Remove clear-text logging of env vars and working directory
* ASH fixes
* Fix TypeScript hast type error from npm overrides
* Replace ASCII architecture diagram with architecture.png
* Migrate UI from CRA to Vite, redesign with light theme
---------
Co-authored-by: ramprasaths <rampsee@amazon.com>
* Added Tagging and CMK examples for PolicyEngine (#1039)
* Updated to include CMK and Tags
* Fixed issues
* Added required packages
* Added and fully tested ability to add tags and CMK to PolicyEngine
---------
Co-authored-by: Andy Hall <hllaah@amazon.com>
* fix(02-usecases): memory role and dependency changes (#1040)
* A2a (#1041)
* code changes
* changes
* fix(02-usecases): monitor agent fix (#1042)
* code changes
* changes
* error
* Fixing cdk stack with missing cdk lib folder and interceptor's lambda (#1036)
* added full example of enterprise mcp platform with policy engine mcp server filtering based on user_tag, guardrail for PII data
* fixed linting
* fixed linting
* fixing lint
* fixing lint
* fixinf ruff
* FIXING RUFF
* fixing ruff
* fixed stack
added missing lib files
* fixing ruff
* fixing ruff
---------
Co-authored-by: brnaba-aws <brnaba@amazon.com>
* Bump starter toolkit to 0.3.2 in customer support agent (#1048)
* Bump starter toolkit to 0.3.2 in customer support agent blueprint
Picks up improved error messages for auth failures during agent
invocation (friendly re-login guidance instead of raw tracebacks).
* Update uv.lock after uv sync with starter toolkit 0.3.2
---------
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* feat: Add AgentCore Gateway with EntraID 3LO authentication example (#1044)
* feat: Add AgentCore Gateway with EntraID 3LO authentication example
CDK-based example demonstrating AgentCore MCP Gateway with:
- EntraID inbound JWT authentication (CIAM and standard tenants)
- Outbound 3LO (three-legged OAuth) for user-delegated API access
- Browser-based auth onboarding SPA for pre-authorizing access
- Response interceptor for VS Code MCP client compatibility
- Automated setup script for EntraID app registrations + AWS deployment
* fix: Address security scanner findings from PR #1044
- Fix ruff F541: remove extraneous f-prefix from strings without placeholders
- Fix bandit B310 / semgrep dynamic-urllib: validate URL scheme is https://
before calling urlopen, add nosec comments for audited calls
- Fix detect-secrets: add pragma allowlist comments for false positives on
password generation and secret extraction (no actual secrets in code)
- Fix checkov CKV_OPENAPI_4: add global security field to OpenAPI spec
---------
Co-authored-by: Robert Hoffmann <rho@amazon.de>
* Async agent tutorial (#1009)
* adding async example
* uploading to s3 properly
* fixed chart formatting
* adding Dockerfile to gitignore and cleaning up ECR delete
* adding name to contributors list
* addressing git comments
* addressing comments
* moving files to folder
---------
Signed-off-by: Nadhya Polanco <65464569+nadhya-p@users.noreply.github.com>
Co-authored-by: nadhyap <nadhyap@amazon.com>
* fix(02-usecases): The MCP server must bind to 0.0.0.0 to allow the gateway to connect (#1022)
The MCP server must bind to 0.0.0.0 to allow the gateway to connect
Signed-off-by: Joachim Aumann <aumannjoachim@gmail.com>
* fix(02-usecases): Update FastMCP host address to 0.0.0.0 (#1024)
* Update FastMCP host address to 0.0.0.0
Change the host address for FastMCP from 127.0.0.1 to 0.0.0.0 to allow external connections.
Signed-off-by: Joachim Aumann <aumannjoachim@gmail.com>
* fixed deployment bug of hello world containter
---------
Signed-off-by: Joachim Aumann <aumannjoachim@gmail.com>
* fix(05-blueprints): Pin chardet < 6.0.0 in customer support agent (#1051)
chardet 6.x introduced breaking changes. Pin to >= 3.0.2, < 6.0.0
to ensure compatibility. Also adds missing src/__init__.py.
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* Multitenant platform demo (#859)
* Multitenant platform demo
* linting fixes
* fix(multitenant-agentic-platform): Improve security and configuration flexibility
- Fix typo in README ("cusotm" → "custom")
- Replace hardcoded AWS region with environment variable support in main.py
- Refactor calculator tool to use AST-based safe evaluation instead of regex validation
- Add support for unary operators and improve operator/function/constant whitelisting
- Update database-query tool to use environment variables for RDS configuration
- Add AWS_REGION environment variable support to email-sender tool
- Update deploy.sh with improved deployment configuration handling
- Enhance frontend index.html with better error handling and user feedback
- Improves security posture by eliminating eval() usage and hardcoded credentials
- Enables flexible multi-region deployments through environment configuration
* fix(multitenant-agentic-platform): Remove redundant agent runtime ID validation
- Remove unnecessary validation check for agent_runtime_id in delete_agent handler
- Simplify error handling flow by eliminating duplicate validation logic
- Agent runtime ID is already validated in prior steps, making this check redundant
* docs(multitenant-agentic-platform): Add security considerations and warnings
- Add comprehensive Security Considerations section to README documenting API key exposure risks
- Document suitable use cases (demos, development, internal tools) and production recommendations
- Add security warnings to config_injector Lambda handler with alternative authentication approaches
- Update deployment documentation with security notes about client-side API key embedding
- Pass account_id and region parameters to DatabaseConstruct and MessagingConstruct for improved configuration
- Add security reminders in frontend development section referencing production deployment guidance
- Clarify that current implementation is suitable for demos and internal use only, not production
* fix(multitenant-agentic-platform): Add API key headers to frontend requests and improve security documentation
- Add 'x-api-key' header to all axios requests in frontend (delete, post, get operations)
- Update README security note to emphasize not embedding long-lived credentials in public files
- Recommend authenticated callers (Cognito/IAM/JWT) or backend proxy/BFF for production
- Clarify config.js generation to exclude API Gateway keys from public configuration
- Fix deploy.sh region comment from us-west-2 to us-east-1
- Remove emoji from deploy.sh output for better compatibility
- Refactor query parameter and body parsing in async_deploy_agent handler for clarity
- Add environment variable definitions for DynamoDB table names in build_deploy_agent handler
- Ensure consistent API authentication across all frontend API calls for improved security
* docs(multitenant-agentic-platform): Remove security limitations section from README
- Remove detailed API key exposure warnings and limitations documentation
- Remove suitable use cases section for demonstration deployments
- Remove production recommendations for authentication mechanisms
- Simplify README by consolidating security guidance into main documentation
* fix(multitenant-agentic-platform): Enforce required environment variables and optimize DynamoDB queries
- Replace optional environment variable defaults with required configuration in build_deploy_agent handler
- Add validation to fail fast if AGENT_CONFIG_TABLE_NAME or AGENT_DETAILS_TABLE_NAME are not set
- Add AGGREGATION_TABLE_NAME validation in infrastructure_costs handler with clear error messaging
- Optimize DynamoDB scan operations to use server-side FilterExpression instead of client-side filtering
- Add ProjectionExpression to reduce data transfer and improve query performance in token_usage handler
- Use ExpressionAttributeNames to handle reserved words (timestamp) in DynamoDB queries
- Improve configuration reliability by ensuring all Lambda functions have required environment variables set before execution
* fix(multitenant-agentic-platform): Remove unused import from token usage handler
- Remove unused boto3.dynamodb.conditions Attr import
- Simplify handler.py by eliminating unnecessary dependency
- Reduce code clutter and improve maintainability
* fix(multitenant-agentic-platform): Update agent template naming and enhance token limit validation
- Rename base-agent.py to main.py in agent-tools-repo templates for consistency
- Update documentation references to reflect new template filename
- Add Attr import from boto3.dynamodb.conditions for improved query filtering
- Enhance check_token_limit function with configurable fail-closed behavior via FAIL_CLOSED environment variable
- Add get_tenant_id_from_agent function to look up tenant ID from agent details table, preventing token limit bypass
- Improve error handling in token limit checks with detailed logging for fail-closed vs fail-open modes
- Add documentation notes explaining fail-open default behavior and fail-closed option
* Update guardrails memory sample notebook (#995)
* feat: Update guardrails memory sample notebook
* chore: Clear execution counts and outputs from notebook
* sample update(memory): Simplify memory integration using AgentCoreMemorySessionManager
Replace custom MemoryHookProvider implementation with built-in
AgentCoreMemorySessionManager. Key changes:
- Use AgentCoreMemoryConfig with AgentCoreMemorySessionManager
- Remove custom hook implementation (on_agent_initialized, on_message_added)
- Update documentation based on model usage in code from Claude 3.7 Sonnet to Claude Haiku 4.5
- Simplify session handling with automatic reinitialization
- Update documentation to reflect recommended approach
* fix(notebook): Configure memory mode and inject memory_id to prevent runtime failures
configure() defaults to memory_mode="NO_MEMORY", so the auto-created
execution role has no memory IAM permissions — causing ListMemoryEvents
failures at runtime. Additionally, the toolkit doesn't know about the
manually-created memory resource, so it provisions a duplicate on launch.
Fix: Set memory_mode="STM_ONLY" in configure() and inject the existing
memory_id into .bedrock_agentcore.yaml before launch(). Both issues only
exist because the tutorial manually creates resources that the toolkit
normally manages end-to-end.
* cleaned execution count
* Cleared cell outputs
---------
Co-authored-by: subhakl <subhakl@amazon.com>
* Correct role and content retrieval in message processing (#499)
Signed-off-by: fllaneza <44783676+fllaneza@users.noreply.github.com>
* Add Episodic Memory Strategy Tutorial (#855)
* feat: add episodic memory tutorial README
* feat: add code debugging assistant implementation
* feat: add architecture diagram
* docs: add episodic strategy to overview
* docs: add contributor
* fix: update episodic memory API for reflectionConfiguration
- Change reflectionNamespaces to reflectionConfiguration.namespaces
(API structure changed in bedrock-agentcore SDK)
- Fix namespace validation: reflection namespace must be same as
or prefix of episodic namespace
- Update get_namespaces() to read from new nested structure
- Add code-assistant.py standalone script version
* fix: move imports to top of file for linting compliance
- Consolidate all imports at module top (E402 fix)
- Remove unused List import from typing (F401 fix)
- Maintain alphabetical ordering of imports
* style: apply ruff formatting
* feat: Replace debugging use case with Meeting Notes Assistant
Changes based on reviewer feedback that debugging examples already exist
in the repository (debugging-agent and healthcare-assistant).
New implementation:
- Meeting Notes Assistant with episodic memory
- Tools: capture_action_item, identify_decision, summarize_discussion, track_followup
- Tracks decisions, action items, and participant preferences across meetings
- 6 test scenarios demonstrating meeting management patterns
- End-to-end tested with AWS Bedrock (all tools working)
- Security audit passed, linting verified
Files changed:
- Renamed: code-assistant.py → meeting-notes-assistant.py
- Renamed: code-assistant.ipynb → meeting-notes-assistant.ipynb
- Updated: README.md with meeting-specific documentation
This use case is unique and not duplicated in existing samples.
Addresses feedback from @akshseh in PR comment.
* refactor: move episodic tutorial to long-term-memory/strands-hooks folder
Address reviewer feedback:
- Move from 06-episodic-strategy/ to 02-long-term-memory/01-single-agent/using-strands-agent-hooks/meeting-notes-assistant-using-episodic/
- Update architecture diagram to match repo template style
- Update parent README table reference
* fix: update architecture diagram
* fix: address reviewer feedback from @akshseh
- Remove .gitignore (*.pptx entry not needed)
- Pin versions in requirements.txt (bedrock-agentcore>1.4, strands-agents>=0.1.0, boto3>=1.42.1)
- Convert cell_0 from code cell with docstring to markdown cell
- Add blank line after H2 heading in cell_5 to fix bullet formatting
- Fix event_expiry_days comment: clarify it is STM TTL, not for long-term episodic strategy
- Add reflection extraction timing note (~10-15 mins) in seed cell
- Format meeting-notes-assistant.py with black
* Update AgentCore Memory tutorials with new SDK patterns (#1003)
* feat(memory-tutorials): Enhance AgentCore Memory tutorials with SDK migration and advanced features
- Migrate from MemoryClient to MemorySessionManager and MemorySession
- Update from tuple-based messages to ConversationalMessage objects
- Add session-based operations eliminating repetitive parameters
- Implement conversation branching with fork_conversation()
- Add metadata tracking with StringValue and EventMetadataFilter
- Update all three notebooks: math-assistant, customer-support, customer-support-memory-manager
- Add comprehensive ENHANCEMENT_SUMMARY.md documenting all changes
This update showcases the full capabilities of AgentCore Memory including:
- Session management with MemorySessionManager
- Memory hooks for automatic storage/retrieval
- Conversation branching for alternative paths
- Metadata tagging for analytics and filtering
- Practical use cases for math tutoring and customer support
All notebooks tested and validated with syntax checks and feature verification.
* docs: Add arunskum to CONTRIBUTORS.md
* docs: Remove ENHANCEMENT_SUMMARY.md file
* feat(memory): Update AgentCore Memory tutorials with latest SDK patterns
- Migrate from MemoryClient to MemorySessionManager and MemorySession
- Replace tuple-based messages with ConversationalMessage objects
- Implement session-based operations (add_turns, search_long_term_memories)
- Add conversation branching with fork_conversation and list_branches
- Add metadata tracking with StringValue and EventMetadataFilter
- Update all three notebooks: math-assistant, customer-support, customer-support-memory-manager
- Fix imports: StringValue and EventMetadataFilter now from bedrock_agentcore.memory.models
These changes showcase the enhanced AgentCore Memory capabilities including:
- Session-based memory management for cleaner API
- Advanced retrieval with RetrievalConfig
- Conversation branching for alternative paths
- Metadata tagging and filtering for event tracking
* refactor(memory): Split customer support tutorial into built-in vs custom strategies
Deleted legacy MemoryClient notebook, renamed memory-manager to override-strategy, created new inbuilt-strategy notebook, added comparison sections to both
* fix(memory): Correct StringValue and Event attribute usage in notebooks
Fixed 3 issues identified by reviewer:
1. Changed StringValue() to StringValue.build() (30 occurrences)
- Correct usage: StringValue.build('value')
- Fixed in all metadata creation sections
2. Changed .event_id to .eventId (3 occurrences)
- Correct attribute: event.eventId
- Fixed in all branching sections
3. Validated changes with syntactic tests
Changes span 3 notebooks:
- customer-support-inbuilt-strategy.ipynb
- customer-support-override-strategy.ipynb
- math-assistant.ipynb
All fixes follow the pattern demonstrated in reviewer's successful test output.
* fix: Fix metadata_filter bug, migrate math-assistant to MemoryManager, remove test scripts
- Fix list_events() calls to use eventMetadata parameter instead of
invalid metadata_filter in all 3 notebooks
- Migrate math-assistant from legacy MemoryClient to MemoryManager
- Switch math-assistant from CustomSemanticStrategy to built-in
SemanticStrategy (no IAM execution role required)
- Remove CUSTOM_PROMPT cell and ROLE_ARN placeholder from math-assistant
- Remove test scripts, migration scripts, and cleanup utilities
* fix: Update config and runtime MCP agent code for SRE workshop lab 04 (#1055)
* Update config and runtime MCP agent code for SRE workshop lab 04
* Fix ruff lint errors: remove unused imports and f-string prefixes
---------
Co-authored-by: name <alias@amazon.com>
* Feat/databricks per user delegation (#1058)
* feat: Agent & Gateway Registry blueprint
A platform for managing AI agents and MCP tools across an organization.
- Registry: CRUD for agents (A2A, MCP, Agent-as-Tool protocols)
- Gateway management: overview, tools, clients & access, Cedar policies
- Tool composition via Cedar permit-only policies
- Agent discovery API for agent-to-agent communication
- Multi-IdP support (Cognito/EntraID auto-detected)
- AgentCore Identity for agent workload auth
- One-click deploy: CloudFormation + App Runner + DynamoDB
* feat: Databricks per-user delegation via Gateway interceptor + RFC 8693
* feat(memory): add memory streaming tutorial (#1064)
* Add ECS Fargate 3LO tutorial (#1005)
* Add ECS Fargate 3LO tutorial
Fixes #<issue-number>
Co-authored-by: tnickl <tnickl@users.noreply.github.com>
Co-authored-by: satveerkhurpa <satveerkhurpa@users.noreply.github.com>
* fix: scanning results
* feat: WAF integration
Co-authored-by: tnickl <tnickl@users.noreply.github.com>
* docs: inbound & outbound auth
Co-authored-by: tnickl <tnickl@users.noreply.github.com>
---------
Co-authored-by: tnickl <tnickl@users.noreply.github.com>
Co-authored-by: satveerkhurpa <satveerkhurpa@users.noreply.github.com>
* Add async data analysis agent tutorial (#1059)
- Move async data analysis files to 02_async_data_analysis subfolder
- Fix semgrep issue: add __name__ guard to app.run()
- Add contributors from original PR #857
Co-authored-by: Gan Luan <ganluannj@users.noreply.github.com>
* feat: add Auth0 multi-agent RFC 8693 token exchange sample (#1071)
Adds a production-grade reference implementation demonstrating RFC 8693
Token Exchange in a multi-agent system on AWS Bedrock AgentCore Runtime.
The coordinator agent exchanges the user's Auth0 JWT for attenuated,
least-privilege tokens before invoking each sub-agent — implementing
scope attenuation across a 3-agent financial services system.
Key features:
- OAuth 2.0 PKCE login flow via Auth0
- RFC 8693 Token Exchange with per-agent scope policies
- 3 agents: coordinator, customer_profile, accounts
- Streamlit web UI with JWT viewer and API call log
- AWS Secrets Manager integration
- OpenTelemetry observability
- Shell script and CDK deployment options
- Unit test suite
* Add AgentCore Policy integration for healthcare appointment agent (#1028)
* Updated reference code to match Policy for AgentCore blog sample
* fix: address scan findings, lint, and security improvements
Scan findings (HIGH):
- README.md: Add Introduction, Prerequisites, Cost Warning, Conclusion,
Complete Cleanup sections; fix multi-action step; use full AWS service names
- setup_cognito_claims.py: Use full AWS service names; remove possessive form
- setup_policy.py: Fix incorrect docstring hours (8-17 → 9 AM-9 PM UTC)
- test_policy.py: Replace forbidden term 'execute' with 'run'
- patient.json: Rename 'Richard Doe' to approved fictitious name 'Jane Doe'
Security:
- Use HTTP Basic Auth for OAuth token requests (RFC 6749)
- Implement AWS Secrets Manager for client secret retrieval with
auto-caching fallback to Amazon Cognito API
- Validate subprocess script path before execution
Code quality:
- Remove fragile DENIAL_PHRASES list; use deterministic tool visibility
checks and gateway policy denial detection instead
- Fix all ruff check errors (F401, F541, F841)
- Apply ruff format to all changed Python files
- Updated test_output.txt with clean end-to-end run
---------
Co-authored-by: Anil Nadiminti <anilnadi@amazon.com>
* Usecase/lakehouse agent enhance (#1006)
* temp
* Token exchange
* README.md
* Adding column-level access control
* Fixed S3 bucket creation outside us-east-1
* After dry-run testing
* Cleanup
* Rollback unnecessary change
* Rollback unnecessary change
* Rollback unnecessary change
* Added Architecture diagram and tested / fixed notebooks 01-03
* Fix aws path and invalid notebook for 06
* Securing the code
* Fixed the error - Error executing secure Athena query: Query failed: COLUMN_NOT_FOUND: Column 'adjuster_user_id' cannot be resolved or requester is not authorized
* Added scenarios, updated README and enhanced Architecture diagram to show latest changes
* Clarify deletion of Dynamodb table in the cleanup step
* Updated readme with scenario screenshots, added masking for PII for adjuster with wildcard exclude list
* Completed end to end testing for all scenarios
* Updated README and added Dockerfile to gitignore
* Updated README to remove Production Ready clause
* Fixed Pylint issues - f-string with no placeholders and empty except
---------
Co-authored-by: Gi Kim <giryoong@amazon.com>
Co-authored-by: Sunita Koppar <skoppar@amazon.com>
* fix(02-usecases): delete site reliability workshop (#1081)
* fix(tutorials): Fix missing imports, update_agent_runtime params, and asyncio.run in notebooks (#1086)
- Fix UpdateAgentRuntime calls to include required params (agentRuntimeArtifact,
roleArn, networkConfiguration) using get_agent_runtime read-modify-write pattern
- Fix wrong entrypoint filenames in lifecycle demo cells (langgraph, openai, crewai)
- Fix wrong requirements_file path in crewai lifecycle demo cell
- Add missing imports (Session, os, Runtime, json, Markdown) in notebook cells
- Replace asyncio.run() with await in notebook cells (Jupyter compatibility)
- Add missing setup_cognito_user_pool import in hosting_mcp_server notebook
- Add ResourceNotFoundException comment in cleanup cells
- Add Test-Downloads/ to .gitignore
* chore: remove agent-gateway-registry blueprint (#1092)
* Add WebRTC voice agent sample with KVS TURN servers (#1096)
Minimal example demonstrating WebRTC audio streaming with AWS Nova Sonic
via KVS TURN servers, deployable to AgentCore Runtime.
- FastAPI agent with aiortc for WebRTC peer connections
- Nova Sonic bidirectional streaming for speech-to-speech
- Browser client supporting both local and AgentCore Runtime modes
- KVS signaling channel for TURN/STUN server credentials
- Audio resampling (16kHz input, 24kHz output) via PyAV
* Consolidating IDP examples under tutorials for better organization (#1112)
* Fix wording typo in notebook about user consent flow
cosmetic update
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add pyyaml to requirements.txt
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add HardikThakkar94 to CONTRIBUTORS.md
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Updates to fix the Streamlit app access when running in sagemaker
Modified
- Requirements.txt (added dependencies)
- chatbot_app_cognito.py (added get_streamlit_url, for sagemaker access)
- runtime_with_strands_and_egress_3lo.ipynb (streamlit piece for access url, cosmetic updates)
* Fixing Ruff errors reported by python-lint
* removing Ruff errors from python-lint
* passing 3.7 as the model for workshop
* Docs: add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook
* Revert "Docs: add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook"
This reverts commit 5dded4c38ab700ef3abfe7764a4697215db97171.
* Add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook
* cosmetic fix
* Updating OpenAI URL
* Added instructions on the OAuth flow session binding and Streamlit functionality
* All imports are now properly organized at the top of the file, following Python best practices (PEP 8). The linting errors should now be resolved:
- ✅ runtime.py:18:1: E402 - Fixed
- ✅ runtime.py:19:1: E402 - Fixed
- ✅ runtime.py:19:20: F811 - Fixed
- ✅ runtime.py:25:1: E402 - Fixed
* formatting fixed
* Update Identity Outbound tutorial notebooks with corrections and improvements:
1. 05-Outbound_Auth_3lo notebook: Fixed credential provider name typo
2. 06-Outbound_Auth_Github notebook: Multiple improvements including:
- Updated description text for GitHub-specific use case
- Reorganized imports (moved to top of cell)
- Added boto session and region setup
- Reordered OAuth flow description
- Restructured notebook sections (removed redundant policy section, added clearer status check and invoke sections)
- Fixed credential provider name reference
* Fixed Identity Sections based on SageMaker (Workshop) to handle oauth2_callback_server and other cosmetic updates.
* Remove unused import and added permissions for 1st time model access for workshops
* formatting fixed.
* parameterize provider, update github image.
* added import boto3 and updated image for GitHub Session Binding
* Update Model and Remove Global Var
* Travel and Shopping concierge agents blueprints
* add missing contributors for the blueprint
* fix python-lint errors
* CodeQL fixes and config
* fix python-lint unused imports
* fix python-lint
* fix linter and cql issues
* run linter
* update codeql suppressions
* suppress codeql
* Revert accidental changes to 01-tutorials and 03-integrations
Remove files accidentally added to 01-tutorials and 03-integrations in previous commits.
These changes were not intended to be part of the blueprint additions.
Reverted files:
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/.dockerignore
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/Dockerfile
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/github_agent.py
- 03-integrations/IDP-examples/EntraID/.agentcore.json
- 03-integrations/IDP-examples/EntraID/.dockerignore
- 03-integrations/IDP-examples/EntraID/Dockerfile
- 03-integrations/IDP-examples/EntraID/strands_entraid_onenote.py
* fix formatting
* Update 05-blueprints/shopping-concierge-agent/tests/utils.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* removed tests folders.
* remove info logging
* remove logging
* codeql suppressions
* Update server.py
# codeql[py/clear-text-logging-sensitive-data] Debug logging for certificate verification - logs metadata only, not private key content
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Updating .gitignore and adding lib folder required for the shopping and travel concierge agents
* Add Demo video for agents
* Update demo section in README.md
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add Demo's as Gif, update LFS and add note in ReadMe
* remove the .mp4 files as they are not supported
* change to google products and remove travel specific
* update product link
* fix url in shopping list and purchases
* remove amazon
* Add Visa B2B Use Case
* fix pylint
* CodeQL Fixes
* Consolidating IDP examples under tutorials for better organization
---------
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
Co-authored-by: HT <hardikvt@amazon.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* adding/changing mcp samples - server and client (#1089)
* adding/changing mcp samples - server and client
* adding/changing mcp samples - server and client
* adding exec command
* chore(e2e-workshop): refactor workshop to add framework subfolders (#1120)
* chore(e2e-workshop): refactor workshop
* docs: update readme
* fix(05-entraid-3lo-gateway): rename lib/ to infra/ to avoid root .gitignore exclusion (#1057)
The root .gitignore has a blanket `lib/` rule for Python packaging that
was preventing lib/cdk-stack.ts from being tracked by git. Renamed the
directory to infra/ which is not caught by any ignore rule.
Also fixes README.md references from `cd cdk-entraid` to the actual
directory name `05-entraid-3lo-gateway`.
Changes:
- Rename lib/ -> infra/ for the CDK stack source
- Update import path in bin/cdk.ts
- Fix cd path in README.md Quick Start instructions
Co-authored-by: Robert Hoffmann <rho@amazon.de>
* Add barge-in support, user transcription, and VPC setup docs (#1117)
- Implement barge-in per Nova Sonic spec (mute flag + FIFO clear in OutputTrack)
- Detect interruption from textOutput for reliable barge-in in deployed environments
- Add user speech transcription via contentStart role tracking
- Add VPC setup console instructions to README
* fix(05-entraid-3lo-gateway): remove securitySchemes from OpenAPI spec to fix CDK deploy (#1137)
* fix(05-entraid-3lo-gateway): rename lib/ to infra/ to avoid root .gitignore exclusion
The root .gitignore has a blanket `lib/` rule for Python packaging that
was preventing lib/cdk-stack.ts from being tracked by git. Renamed the
directory to infra/ which is not caught by any ignore rule.
Also fixes README.md references from `cd cdk-entraid` to the actual
directory name `05-entraid-3lo-gateway`.
Changes:
- Rename lib/ -> infra/ for the CDK stack source
- Update import path in bin/cdk.ts
- Fix cd path in README.md Quick Start instructions
* fix(05-entraid-3lo-gateway): remove securitySchemes from OpenAPI spec to fix CDK deploy
---------
Co-authored-by: Robert Hoffmann <rho@amazon.de>
* docs(01-tutorials): update readmes (#1121)
* docs(01-tutorials): update readmes
* docs: update readmes
* docs: update readme links & resources
* feat(memory): Add AgentCore Memory cross-region replication tutorial (#1138)
* Add AgentCore Memory cross-region replication tutorial
Add tutorial 06-memory-cross-region-replication under advanced patterns.
Demonstrates active-passive cross-region replication for AgentCore Memory
using the memory record streaming feature with near real-time failover.
Includes:
- Jupyter notebook with step-by-step walkthrough
- CloudFormation templates for regional and global infrastructure
- Lambda consumer for Kinesis-based replication
- Failover/failback toggle scripts
- Loop prevention via namespace prefixing
* Address PR review: add arch diagram, fix memory ID lookup
- Replace ASCII architecture diagram with proper AWS diagram (images/architecture.png)
- Fix notebook Step 2: memory IDs are now stored in DynamoDB config table by
deploy.sh and read back by the notebook, replacing the broken list_memories
scan that searched for 'replication_memory' in the opaque memory ID
- deploy.sh Step 6 now seeds MEMORY_ID_PRIMARY and MEMORY_ID_SECONDARY
alongside ACTIVE_REGION
Note: AgentCore Memory is intentionally created via CLI in deploy.sh (not CFN)
because the streaming config is toggled at runtime during failover/failback —
CFN would drift-correct it back.
* Rename folder, fix ruff formatting on handler.py
* fix(e2e-workshop): fix gateway race condition and model_id typo in lab-03 (#1146)
- Add time.sleep(3) after gateway creation in Step 5 to prevent Step 6
from failing with CREATING status when cells run in quick succession
- Remove extra trailing quote from model_id that caused SyntaxError
Fixes #1145
* fix(e2e-workshop): make zip install portable and conditional in prereq.sh (#1144)
Replace hardcoded `sudo apt install zip` with cross-platform detection:
- Check if zip is already installed before attempting install
- Detect package manager (apt-get, yum, dnf, brew)
- Use sudo only when not running as root
- Fail with clear message if no supported package manager is found
Closes #604
* chore: fix iam policy path (#1153)
* docs(01-tutorials): update readmes
* docs: update readmes
* docs: update readme links & resources
* fix: fix the IAM policy path
* fix(05-entraid-3lo-gateway): fix OpenAPI schema security validation for CDK deploy (#1141)
Co-authored-by: Robert Hoffmann <rho@amazon.de>
* feat: sample that shows how to deploy agentcore runtime in VPC (#683)
* feat(runtime_in_vpc): initial
* fix: moved to advanced concepts
* AgentCore runtime bidi agent sample update - refined folder structure and more samples (#1160)
* agentcore runtime bidi streaming add strands sample
* agentcore runtime bidistream sample update for Nova Sonic 2
* agentcore bidi streaming sonic 2 update cleanup python file
* update IMDS comments
* reformat the python file using ruff
* sonic sample update to use default port 8080
* agentcore runtime bidi streaming update to sonic2 with text input update
* remove unused reference
* remove spaces
* update agentcore bid streaming UIs to include text input, event filter and barge-in
* agentcore voice agent sample with more samples and refined folder structure
* update diagram
* update reference links
* resolve github warnings
* remove temp json
* resolve github warnings
* resolve github warnings
* resolve github warnings
* resolve github warnings
---------
Signed-off-by: Lana Zhang <lanaz@amazon.com>
* Spring ai agentcore samples (#1119)
Added sample Spring and Embabel based agents
* fix:add missing agents/ directory and requirements.txt (#1165)
* adding managed session storage (#1169)
* adding managed session storage
* adding managed session storage/ fix lynt
* Adding End-to-End Customer Support Agent with AgentCore using Google ADK (#1164)
* feat(e2e): Add Google ADK end-to-end tutorial with AgentCore
Add 6-lab workshop covering agent creation, memory, gateway,
runtime deployment, frontend, and cleanup using Google ADK
with Amazon Bedrock AgentCore services.
* docs(e2e): Update Google ADK README and remove duplicate
Replace placeholder README with full tutorial content and remove
the 'README copy.md' duplicate file.
* docs(e2e): Add Google ADK to README title
* style(e2e): Capitalize README title consistently
* docs: Add Diego Brasil to CONTRIBUTORS
* chore(e2e): Remove images-og_do_not_commit directory
Remove original source images that were not intended for version control.
* fix: Use importlib for dynamic import and clean up linting issues
* feat(e2e): Set Cognito MFA to OPTIONAL and clean up inline comment
---------
Signed-off-by: Akarsha Sehwag <akshseh@amazon.de>
Co-authored-by: Akarsha Sehwag <akshseh@amazon.de>
* feat(runtime): Add AG-UI examples with SSE and WebSocket demos (#1139)
* feat(runtime): Add AG-UI examples with SSE and WebSocket demos
Add tutorial 09-ag-ui-examples demonstrating the AG-UI protocol on
AgentCore Runtime with both Cognito/JWT and IAM/SigV4 authentication.
Includes:
- Document co-authoring agent (FastAPI + Strands + ag-ui-strands)
- Cognito notebook with SSE and WebSocket Bearer token demos
- IAM notebook with SSE (SigV4 headers) and WebSocket (pre-signed URL) demos
- Multi-turn interactive document co-authoring demo
- Architecture diagrams for both auth flows and transports
- README with AG-UI event reference and troubleshooting
* feat(runtime): Add AG-UI protocol examples as tutorial 10
- Rename 09-ag-ui-examples to 10-ag-ui-examples (09 slot taken by execute-command)
- Remove hardcoded region_name=us-west-2 from BedrockModel, inherit from env
- Use DP variable for both SSE_URL and WS_URL consistently
- Regenerate architecture diagrams: single agent with tool boxes, proper auth flow
- Improved event flow as full flowchart with color-coded event categories
* fix(runtime): Fix diagram edge labels overlapping with lines
Use ortho splines and increased node spacing to prevent edges
cutting through label text in architecture diagrams.
* fix(runtime): Remove duplicate task label on Tool 2 edge to prevent overlap
* fix(runtime): Place single 'tasks' label between tool boxes in diagrams
* fix(runtime): Suppress bandit B104 for container bind to 0.0.0.0
* feat(runtime): Switch to direct_code_deploy, remove Docker/ECR dependency
- Use deployment_type=direct_code_deploy with runtime_type=PYTHON_3_13
- Remove auto_create_ecr from configure()
- Remove ECR cleanup from both notebooks
- Remove Docker from prerequisites
* refactor(runtime): Switch to direct_code_deploy, trim requirements, remove review cell
- Use direct_code_deploy with PYTHON_3_13 runtime type
- Trim requirements.txt to 5 essential packages
- Remove Review Agent Code section from both notebooks
- Install zip via sudo apt-get for SageMaker Studio compatibility
- Renumber notebook sections
* chore(runtime): Rename AG-UI examples from 10 to 11
* fix(ag-ui): Address PR #1139 review comments
- Simplify status check block to single status query
- Add markdown cell explaining utils.py helper (cognito notebook)
- Remove authorizer print line from verify cells
* docs: add migration guide from Starter Toolkit to AgentCore CLI (#1195)
* feat(tutorials): #1128 Add Strands agent with AgentSkills plugin tutorial (#1131)
* feat(tutorials): Add Strands agent with AgentSkills plugin tutorial
* docs(contributors): Update contributors list
* lint fix
* docs(tutorials): Add architecture diagram to Strands agent skills tutorial
* chore(tutorials): Reorganize strands-with-skills tutorial to 06-strands-with-skills
---------
Signed-off-by: Rajesh Sitaraman <rajesh.sitaraman@outlook.com>
Co-authored-by: Rajesh Sitaraman <rajeshrd@amazon.com>
* Fix/session binding url (#1190)
* fix: session binding url
* fix: architecture
* fix: remove oauth callback service
* fix: docstrings
* fix: remove requirements.txt
* fix: remove cdk context
* fix: flow outbound auth flow diagram
* fix:session binding url
* style: format python files with ruff
* Replace Starter Toolkit with AgentCore CLI in README (#1196)
* feat: add Chrome enterprise policies and custom root CA tutorial for AgentCore Browser (#1220)
Add tutorial notebook demonstrating two new AgentCore Browser features:
- Chrome enterprise policies (managed/recommended) for URL filtering,
download restrictions, and browser feature controls
- Custom root CA certificates via AWS Secrets Manager for connecting
to internal services and SSL-intercepting proxies
Includes badssl.com demo for root CA using Code Interpreter.
Co-authored-by: Sundar Raghavan <sdraghav@amazon.com>
* Add use case: Integrate Claude Code with AgentCore Gateway MCP Server (#1225)
* Initial push of claude-code-with-mcp-server sample code
* Added tavily MCP Server
* Update 01-claude-code-with-mcp-server.ipynb
* Added details on how to list MCP Tools
* Update 01-claude-code-with-mcp-server.ipynb
* Semantic updates in wording
* Cosmetic Fixes
* Update 01-claude-code-with-mcp-server.ipynb
* Added Calude Code screenshots to show AgentCore Gateway connection
* Improved documentation of the notebook
* Added Solution Architecture
* Fixed post Gili code review
* Fixes after Gili Code Review Comments
* Code fixes after gili code Review Comments
* Fixes after Gili code review comments
* Update CONTRIBUTORS.md
* Create README.md
* Fixes in the code after ruff check run
* Fixes in the notebook code after ruff check run
* Fixed Security Scan Results bugs
* Update README.md
* Adding Getting Started sample (#1228)
* Adding getting started with AgentCore CLI example
* Adding getting started with AgentCore CLI example
* Adding getting started with AgentCore CLI example
* Groundtruth evaluations (#1229)
* Add groundtruth-based evaluations tutorial
* updating README
* drop .py script, agent script is created at notebook runtime
* custom code based evaluators (#1231)
* custom code based evaluators
* feat: token exchange example with real setup with different client ids to authenticate calls to AgentCore Gateway and API Gateway (#1234)
* Feature/datadog llm observability tutorial (#1097)
* feat: Add Datadog observability integration for AgentCore Runtime
Original Datadog partner observability integration by jasonmimick-aws.
Includes notebook, requirements, .gitignore, and README updates.
Co-authored-by: jasonmimick-aws <jasonmimick@users.noreply.github.com>
* feat: Add Datadog LLM Observability notebook with OTLP export
Replace initial notebook with LLM Observability-focused tutorial.
Uses OpenTelemetry OTLP export directly to Datadog (no Agent required).
Add llm-obs-example.png screenshot to shared images folder.
* chore: Flatten Datadog structure, fix paths, add kolaak to CONTRIBUTORS
- Remove llm-observability/ subfolder, move contents to Datadog/ root
- Fix notebook image paths for flattened directory structure
- Replace Datadog APM link with LLM Observability docs link
- Add kolaak to CONTRIBUTORS.md
---------
Signed-off-by: kolaak <kolaak@amazon.com>
Co-authored-by: jasonmimick-aws <jasonmimick@users.noreply.github.com>
* feat(01-tutorials): auth code flow examples agentcore gateway (#1250)
* Add memory for process tracking and analytics advanced pattern (#1094)
* Add memory for process tracking and analytics advanced pattern
* Update notebook: shows dynamic namespace querying, and dynamic code analysis
* Update notebook: add architecture diagram
* Move to 07-memory-for-hyper-personalisation, add cross-customer analytics notebook (Part 2)
* Rename notebooks with 01/02 prefix, add arch diagram to NB2, clear outputs
* Rename folder to 07-memory-for-personalisation-and-analytics
---------
Signed-off-by: Akarsha Sehwag <akshseh@amazon.de>
Co-authored-by: smathalikunnel <smathali@amazon.co.uk>
Co-authored-by: Akarsha Sehwag <akshseh@amazon.de>
* feat(01-tutorials): Adding Amazon Bedrock AgentCore Gateway - Amazon VPC Lattice egress samples (#1247)
* egress
* coming soon labs
* coming soon labs
* cleanup
* advanced
* changes
* removing hard coded regions - user prompted instead (#1251)
* removing hard coded regions - user prompted instead
* unicode
* ruff formating
* feat(02-usecases): Add Okta three-tier auth end-to-end demo with BedrockAgentCore Agent+AgentCore Gateway Interceptor+ Agent Runtime MCP Server (#1158)
* Add Okta three-tier auth end-to-end demo with Gateway + Agent Runtime
* Add Authorization Code grant flow for user auth and group-based RBAC enforcement to MCP Server
---------
Co-authored-by: Mallik Panchumarthy <mpanchum@amazon.com>
Co-authored-by: Velamuri <kvelamu@amazon.com>
* feat(02-usecases): Add Database Read-Only User and Update to Next.js (#1206)
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Amazon Bedrock AgentCore Deployment with CDK
* Fix front-end model call IAM permissions for charts
* Add Database Read-Only User and Update to Next.js
* Add Database Read-Only User and Update to Next.js
* Update pnpm
* Update pnpm
---------
Co-authored-by: Uriel Ramirez <beralfon@amazon.com>
* Using AgentCore Identity for OAuth token management for a s…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a new tutorial at 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/13-browser-chrome-policies/ demonstrating Chrome enterprise policies and custom root CA certificates for Amazon Bedrock AgentCore Browser and Code Interpreter.
Why
Amazon Bedrock AgentCore announced support for Chrome Enterprise policies and custom root CA certificates on March 25, 2026. This tutorial gives customers a hands-on walkthrough of both features with a working notebook they can run end-to-end.
What’s included
browser-chrome-policies.ipynbREADME.mdrequirements.txtbedrock-agentcore>=1.4.7,strands-agents,strands-agents-tools,playwrightNotebook structure
Setup (cells 0-11)
∙ Prerequisites listing required AWS credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_REGION)
∙ Creates S3 bucket for policy files and session recordings
∙ Creates IAM execution role with bedrock-agentcore.amazonaws.com trust policy and S3 permissions
∙ All resource names derived from account ID and region. No manual placeholder replacement needed
Chrome Enterprise Policies (cells 12-24)
∙ Uploads a Chrome policy JSON to S3 using Chrome’s URL filter pattern format (docs.aws.amazon.com, .aws.amazon.com, .amazonaws.com)
∙ Creates a custom browser with enterprise_policies (type: MANAGED) and session recording
∙ Uses Playwright directly to demonstrate policy enforcement: navigates to an allowed URL (page loads) and a blocked URL (Chrome error page)
∙ Includes an optional cell to run a Strands agent with the restricted browser
∙ Guides the user to review session recording in the AgentCore console
Custom Root CA Certificates (cells 25-34)
∙ Stores the BadSSL untrusted root CA in Secrets Manager
∙ Shows SSLCertVerificationError on a default Code Interpreter session
∙ Creates a custom Code Interpreter with the certificates parameter via boto3 control plane client (the CodeInterpreter SDK wrapper does not yet support certificates in create_code_interpreter()) and shows HTTP 200 success
Cleanup (cells 35-40)
∙ Stops all active browser sessions before deleting the browser
∙ Deletes Code Interpreter, Secrets Manager secret, S3 policy file, and IAM role
Playwright over Strands agent for the primary demo. The AgentCoreBrowser tool in strands-agents-tools creates sessions on demand and can experience first-session latency. Using Playwright directly provides a reliable, deterministic demonstration of Chrome policy enforcement. The Strands agent is included as an optional cell.
DeveloperToolsAvailability must be 0. Setting this Chrome policy to 2 (disabled) breaks all CDP-based automation, which is the only way Playwright and AgentCore Browser integrations control the browser. The notebook sets it to 0 and includes a warning callout explaining why.
SDK update needed
The CodeInterpreter.create_code_interpreter() method in bedrock-agentcore SDK needs a certificates parameter added, matching the pattern already implemented in BrowserClient.create_browser(). aws/bedrock-agentcore-sdk-python#373
Testing
∙ Ran the full notebook end-to-end in us-west-2
∙ Verified allowed URL loads successfully and blocked URL shows Chrome error page
∙ Verified Code Interpreter SSL error without root CA and HTTP 200 with root CA
∙ Verified cleanup stops active sessions before deleting browser
∙ Verified re-run behavior reuses existing browser without error
∙ Confirmed no deprecated SDK patterns (policies=, root_cas=, DeveloperToolsAvailability: 2)
∙ Follows conventions of existing tutorials (10-browser-with-profile, 11-browser-with-proxy, 12-browser-extensions)
SDK changes needed: certificates parameter in CodeInterpreter.create_code_interpreter() (bedrock-agentcore SDK)
aws/bedrock-agentcore-sdk-python#373