# MCPify your AWS Lambda
## Transform AWS Lambda functions into secure MCP tools with Bedrock AgentCore Gateway

## Overview
Bedrock AgentCore Gateway provides customers a way to turn their existing AWS Lambda functions into fully-managed MCP servers without needing to manage infra or hosting. Gateway will provide a uniform Model Context Protocol (MCP) interface across all these tools. Gateway employs a dual authentication model to ensure secure access control for both incoming requests and outbound connections to target resources. The framework consists of two key components: Inbound Auth, which validates and authorizes users attempting to access gateway targets, and Outbound Auth, which enables the gateway to securely connect to backend resources on behalf of authenticated users. Gateways uses IAM role to authorize the calls to AWS Lambda functions for outb ound authorization.

![How does it work](images/lambda-iam-gateway.png)

### Tutorial Details


| Information          | Details                                                   |
|:---------------------|:----------------------------------------------------------|
| Tutorial type        | Interactive                                               |
| AgentCore components | AgentCore Gateway, AgentCore Identity                     |
| Agentic Framework    | Strands Agents                                            |
| Gateway Target type  | AWS Lambda                                                |
| Inbound Auth IdP     | Amazon Cognito                                            |
| Outbound Auth        | AWS IAM                                                   |
| LLM model            | Anthropic Claude Sonnet 3.7, Amazon Nova Pro              |
| Tutorial components  | Creating AgentCore Gateway and Invoking AgentCore Gateway |
| Tutorial vertical    | Cross-vertical                                            |
| Example complexity   | Easy                                                      |
| SDK used             | boto3                                                     |

In the first part of the tutorial we will create some AmazonCore Gateway targets

### Tutorial Architecture
In this tutorial we will transform operations defined in AWS lambda function into MCP tools and host it in Bedrock AgentCore Gateway.
For demonstration purposes, we will use a Strands Agent using Amazon Bedrock models
In our example we will use a very simple agent with two tools: get_order and update_order.

## Prerequisites

To execute this tutorial you will need:
* Jupyter notebook (Python kernel)
* uv
* AWS credentials
* Amazon Cognito

## Configuring Authentication for Incoming AgentCore Gateway Requests
AgentCore Gateway provides secure connections via inbound and outbound authentication. For the inbound authentication, the AgentCore Gateway analyzes the OAuth token passed during invocation to decide allow or deny the access to a tool in the gateway. If a tool needs access to external resources, the AgentCore Gateway can use outbound authentication via API Key, IAM or OAuth Token to allow or deny the access to the external resource.



During the inbound authorization flow, an agent or the MCP client calls an MCP tool in the AgentCore Gateway adding an OAuth access token (generated from the user’s IdP). AgentCore Gateway then validates the OAuth access token and performs inbound authorization.

If the tool running in AgentCore Gateway needs to access external resources, OAuth will retrieve credentials of downstream resources using the resource credential provider for the Gateway target. AgentCore Gateway pass the authorization credentials to the caller to get access to the downstream API. 

### Prerequisites
* Dependencies are managed by uv via pyproject.toml
* Run 'uv sync' in terminal to install all dependencies
* Update the Kernel to point to the new uv that's created as part of prerequisite


![How does it work](images/UVKernel.png)

In [None]:
import os
import boto3
boto_session = boto3.Session()
region = boto_session.region_name

In [None]:
import utils
#### Create a sample AWS Lambda function that you want to convert into MCP tools
lambda_resp = utils.create_gateway_lambda("lambda_function_code.zip")

if lambda_resp is not None:
    if lambda_resp['exit_code'] == 0:
        print("Lambda function created with ARN: ", lambda_resp['lambda_function_arn'])
    else:
        print("Lambda function creation failed with message: ", lambda_resp['lambda_function_arn'])

In [None]:
#### Create an IAM role for the Gateway to assume
agentcore_gateway_iam_role = utils.create_agentcore_gateway_role("agentcore-lambdagateway")
print("Agentcore gateway role ARN: ", agentcore_gateway_iam_role['Role']['Arn'])

# Create Amazon Cognito Pool for Inbound authorization to Gateway

In [None]:
# Creating Cognito User Pool 
import os
import boto3
import requests
import time
from botocore.exceptions import ClientError

USER_POOL_NAME = "mortgageagent-gateway-pool"
RESOURCE_SERVER_ID = "mortgageagent-gateway-id"
RESOURCE_SERVER_NAME = "mortgageagent-gateway-name"
CLIENT_NAME = "mortgageagent-gateway-client"
SCOPES = [
    {"ScopeName": "gateway:read", "ScopeDescription": "Read access"},
    {"ScopeName": "gateway:write", "ScopeDescription": "Write access"}
]
scopeString = f"{RESOURCE_SERVER_ID}/gateway:read {RESOURCE_SERVER_ID}/gateway:write"
utils.put_ssm_parameter("/app/mortgageagent/agentcore/scope", scopeString)

cognito = boto3.client("cognito-idp", region_name=region)

print("Creating or retrieving Cognito resources...")
user_pool_id = utils.get_or_create_user_pool(cognito, USER_POOL_NAME)
print(f"User Pool ID: {user_pool_id}")
utils.put_ssm_parameter("/app/mortgageagent/agentcore/user_pool_id", user_pool_id)

utils.get_or_create_resource_server(cognito, user_pool_id, RESOURCE_SERVER_ID, RESOURCE_SERVER_NAME, SCOPES)
print("Resource server ensured.")

client_id, client_secret  = utils.get_or_create_m2m_client(cognito, user_pool_id, CLIENT_NAME, RESOURCE_SERVER_ID)
print(f"Client ID: {client_id}")
utils.put_ssm_parameter("/app/mortgageagent/agentcore/client_id", client_id)
utils.put_ssm_parameter("/app/mortgageagent/agentcore/client_secret", client_secret)

# Get discovery URL  
cognito_discovery_url = f'https://cognito-idp.{region}.amazonaws.com/{user_pool_id}/.well-known/openid-configuration'
print(cognito_discovery_url)

# Create the Gateway with Amazon Cognito Authorizer for inbound authorization

In [None]:
# CreateGateway with Cognito authorizer without CMK. Use the Cognito user pool created in the previous step
gateway_client = boto3.client('bedrock-agentcore-control', region_name = region)
auth_config = {
    "customJWTAuthorizer": { 
        "allowedClients": [client_id],  # Client MUST match with the ClientId configured in Cognito. Example: 7rfbikfsm51j2fpaggacgng84g
        "discoveryUrl": cognito_discovery_url
    }
}

gateway_name = 'MortgageAgentforLambda'
try:
    create_response = gateway_client.create_gateway(
        name=gateway_name,
        roleArn=agentcore_gateway_iam_role['Role']['Arn'],
        protocolType='MCP',
        authorizerType='CUSTOM_JWT',
        authorizerConfiguration=auth_config,
        description='AgentCore Gateway with AWS Lambda target type'
    )
    print(create_response)
    # Retrieve the GatewayID used for GatewayTarget creation
    gatewayID = create_response["gatewayId"]
    gatewayURL = create_response["gatewayUrl"]
    print(gatewayID)
    utils.put_ssm_parameter("/app/mortgageagent/agentcore/gatewayID", gatewayID)
    utils.put_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL", gatewayURL)
except gateway_client.exceptions.ConflictException:
    print(f"Gateway '{gateway_name}' already exists. Using existing gateway.")
    gatewayID = utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayID")
    gatewayURL = utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL")


# Create an AWS Lambda target and transform into MCP tools

In [None]:
# Replace the AWS Lambda function ARN below
lambda_target_config = {
    "mcp": {
        "lambda": {
            "lambdaArn": lambda_resp['lambda_function_arn'], # Replace this with your AWS Lambda function ARN
            "toolSchema": {
                "inlinePayload": [
                    {
                        "name": "get_credit_score_tool",
                        "description": "tool to get the Credit score",
                        "inputSchema": {
                            "type": "object",
                            "properties": {
                                "customerId": {
                                    "type": "string"
                                }
                            },
                            "required": ["customerId"]
                        }
                    }
                ]
            }
        }
    }
}

credential_config = [ 
    {
        "credentialProviderType" : "GATEWAY_IAM_ROLE"
    }
]
targetname='GetCreditCheckLambda'
response = gateway_client.create_gateway_target(
    gatewayIdentifier=gatewayID,
    name=targetname,
    description='Lambda Target using SDK',
    targetConfiguration=lambda_target_config,
    credentialProviderConfigurations=credential_config)

# Calling Bedrock AgentCore Gateway from a Strands Agent

The Strands agent seamlessly integrates with AWS tools through the Bedrock AgentCore Gateway, which implements the Model Context Protocol (MCP) specification. This integration enables secure, standardized communication between AI agents and AWS services.

At its core, the Bedrock AgentCore Gateway serves as a protocol-compliant Gateway that exposes fundamental MCP APIs: ListTools and InvokeTools. These APIs allow any MCP-compliant client or SDK to discover and interact with available tools in a secure, standardized way. When the Strands agent needs to access AWS services, it communicates with the Gateway using these MCP-standardized endpoints.

The Gateway's implementation adheres strictly to the (MCP Authorization specification)[https://modelcontextprotocol.org/specification/draft/basic/authorization], ensuring robust security and access control. This means that every tool invocation by the Strands agent goes through authorization step, maintaining security while enabling powerful functionality.

For example, when the Strands agent needs to access MCP tools, it first calls ListTools to discover available tools, then uses InvokeTools to execute specific actions. The Gateway handles all the necessary security validations, protocol translations, and service interactions, making the entire process seamless and secure.

This architectural approach means that any client or SDK that implements the MCP specification can interact with AWS services through the Gateway, making it a versatile and future-proof solution for AI agent integrations.

![Strands agent calling Gateway](images/strands-lambda-gateway.png)

# Request the access token from Amazon Cognito for inbound authorization

In [None]:
print("Requesting the access token from Amazon Cognito authorizer...May fail for some time till the domain name propogation completes")
token_response = utils.get_token(user_pool_id, client_id, client_secret,scopeString,region)
print("poolid:", user_pool_id, ":client_id:", client_id, ":client_secret:",client_secret,":scopeString:", scopeString)
token = token_response["access_token"]
print("Token response:", token)

# Strands agent calling MCP tools of AWS Lambda using Bedrock AgentCore Gateway

In [None]:
from strands.models import BedrockModel
from mcp.client.streamable_http import streamablehttp_client 
from strands.tools.mcp.mcp_client import MCPClient
from strands import Agent

def create_streamable_http_transport():
    return streamablehttp_client(utils.get_ssm_parameter("/app/mortgageagent/agentcore/gatewayURL"),headers={"Authorization": f"Bearer {token}"})

client = MCPClient(create_streamable_http_transport)

## The IAM credentials configured in ~/.aws/credentials should have access to Bedrock model
yourmodel = BedrockModel(
    model_id="us.anthropic.claude-3-7-sonnet-20250219-v1:0",
    temperature=0.7,
)

In [None]:
from strands import Agent
import logging


# Configure the root strands logger. Change it to DEBUG if you are debugging the issue.
logging.getLogger("strands").setLevel(logging.INFO)

# Add a handler to see the logs
logging.basicConfig(
    format="%(levelname)s | %(name)s | %(message)s", 
    handlers=[logging.StreamHandler()]
)

with client:
    # Call the listTools 
    tools = client.list_tools_sync()
    # Create an Agent with the model and tools
    agent = Agent(model=yourmodel,tools=tools) ## you can replace with any model you like
    print(f"Tools loaded in the agent are {agent.tool_names}")
    #print(f"Tools configuration in the agent are {agent.tool_config}")
    # Invoke the agent with the sample prompt. This will only invoke  MCP listTools and retrieve the list of tools the LLM has access to. The below does not actually call any tool.
    agent("Hi , can you list all tools available to you")
    # Invoke the agent with sample prompt, invoke the tool and display the response
    agent("Check the credit status for customer id 123 and show me the exact response from the tool")
    # Call the MCP tool explicitly. The MCP Tool name and arguments must match with your AWS Lambda function or the OpenAPI/Smithy API
    result = client.call_tool_sync(
    tool_use_id="get_credit_score_tool_1", # You can replace this with unique identifier. 
    name=targetname+"___get_credit_score_tool", # This is the tool name based on AWS Lambda target types. This will change based on the target name
    arguments={"customerId": "123"}
    )
    # Print the MCP Tool response
    print(f"Tool Call result: {result['content'][0]['text']}")


## Deploying the agent to AgentCore Runtime

In [None]:
from bedrock_agentcore_starter_toolkit import Runtime
from boto3.session import Session
import utils
boto_session = Session()
region = boto_session.region_name
agentcore_gateway_iam_role = utils.create_agentcore_role("lambdagateway")

agentcore_runtime = Runtime()
agent_name = "mortgage_assistant"
response = agentcore_runtime.configure(
    entrypoint="mortgage_agent_runtime_gw.py",
    execution_role=agentcore_gateway_iam_role['Role']['Arn'],
    auto_create_ecr=True,
    requirements_file="requirements.txt",
    region=region,
    agent_name=agent_name
)
response

### Launch Agentcore Runtime

In [None]:
launch_result = agentcore_runtime.launch(auto_update_on_conflict=True)

### Lets check the status of the agentcore runtime

In [None]:
import time
status_response = agentcore_runtime.status()
status = status_response.endpoint['status']
end_status = ['READY', 'CREATE_FAILED', 'DELETE_FAILED', 'UPDATE_FAILED']
while status not in end_status:
    time.sleep(10)
    status_response = agentcore_runtime.status()
    status = status_response.endpoint['status']
    print(status)
print(status)

### Time to invoke the agent

In [None]:
import json
try:
    invoke_response = agentcore_runtime.invoke({"prompt": "what is the credit score for customerid 1234"})
    response_bytes = invoke_response["response"]
    response_str = response_bytes[0].decode('utf-8')  # Convert bytes to string
    response_json = json.loads(response_str)  # Parse JSON
    text_value = response_json["result"]["content"][0]["text"]  # Extract text
    print(text_value)
except Exception as e:
     print(invoke_response["response"])