# Hosting MCP Server on Amazon Bedrock AgentCore Runtime - AWS IAM Inbound Authentication

## Overview

In this tutorial we will learn how to host MCP (Model Context Protocol) servers on Amazon Bedrock AgentCore Runtime. We will use the Amazon Bedrock AgentCore Python SDK to wrap MCP tools as an MCP server compatible with Amazon Bedrock AgentCore.

The Amazon Bedrock AgentCore Python SDK handles the MCP server implementation details so you can focus on your tools' core functionality. It transforms your code into the AgentCore standardized MCP protocol contracts for direct communication.

While the [MCP protocol](https://modelcontextprotocol.io/docs/getting-started/intro) specification traditionally requires OAuth tokens for authentication, AgentCore runtime allows the ability to configure AWS IAM credentials for inbound requests to their MCP servers, addressing a crucial enterprise requirement.

### Tutorial Details

| Information         | Details                                                   |
|:--------------------|:----------------------------------------------------------|
| Tutorial type       | Hosting Tools                                             |
| Tool type           | MCP server                                                |
| Tutorial components | Hosting MCP server on AgentCore Runtime                  |
| Tutorial vertical   | Cross-vertical                                            |
| Example complexity  | Easy                                                      |
| SDK used            | Amazon BedrockAgentCore Python SDK and MCP               |

### Tutorial Architecture

In this tutorial we will describe how to deploy an MCP server to AgentCore runtime.

For demonstration purposes, we will use a simple MCP server with 3 tools: `add_numbers`, `multiply_numbers` and `greet_user`

<div style="text-align:left">
    <img src="images/hosting_mcp_server.png" width="60%"/>
</div>

### Tutorial Key Features

* Creating MCP servers with custom tools
* Testing MCP servers locally
* Hosting MCP servers on Amazon Bedrock AgentCore Runtime
* Invoking deployed MCP servers with authentication


## Prerequisites

To execute this tutorial you will need:
* Python 3.10+
* AWS credentials configured
* Amazon Bedrock AgentCore SDK
* MCP (Model Context Protocol) library
* Running Docker daemon

In [None]:
!pip install --force-reinstall -U -r requirements.txt --quiet

In [2]:
from bedrock_agentcore_starter_toolkit import Runtime
from bedrock_agentcore_starter_toolkit.operations.runtime import destroy_bedrock_agentcore
from boto3.session import Session
from pathlib import Path
import os

In [3]:
boto_session = Session()
region = boto_session.region_name

agentcore_control_client = boto_session.client("bedrock-agentcore-control", region_name=region)
ssm_client = boto_session.client('ssm', region_name=region)

tool_name = "mcp_server_iam"

## Understanding MCP (Model Context Protocol)

MCP is a protocol that allows AI models to securely access external data and tools. Key concepts:

* **Tools**: Functions that the AI can call to perform actions
* **Streamable HTTP**: Transport protocol used by AgentCore Runtime
* **Session Isolation**: Each client gets isolated sessions via `Mcp-Session-Id` header
* **Stateless Operation**: Servers must support stateless operation for scalability

AgentCore Runtime expects MCP servers to be hosted on `0.0.0.0:8000/mcp` as the default path.

### Project Structure

Let's set up our project with the proper structure:

```
mcp_server_project/
‚îú‚îÄ‚îÄ mcp_server.py              # Main MCP server code
‚îú‚îÄ‚îÄ mcp_client.py          # Local testing client
‚îú‚îÄ‚îÄ mcp_client_remote.py   # Remote testing client
‚îú‚îÄ‚îÄ requirements.txt          # Dependencies
‚îî‚îÄ‚îÄ __init__.py              # Python package marker
```

## Creating MCP Server

Now let's create our MCP server with three simple tools. The server uses FastMCP with `stateless_http=True` which is required for AgentCore Runtime compatibility.

In [4]:
%%writefile mcp_server.py
from mcp.server.fastmcp import FastMCP
from starlette.responses import JSONResponse

mcp = FastMCP(host="0.0.0.0", stateless_http=True)

@mcp.tool()
def add_numbers(a: int, b: int) -> int:
    """Add two numbers together"""
    return a + b

@mcp.tool()
def multiply_numbers(a: int, b: int) -> int:
    """Multiply two numbers together"""
    return a * b

@mcp.tool()
def greet_user(name: str) -> str:
    """Greet a user by name"""
    return f"Hello, {name}! Nice to meet you."

if __name__ == "__main__":
    mcp.run(transport="streamable-http")

Overwriting mcp_server.py


### What This Code Does

* **FastMCP**: Creates an MCP server that can host your tools
* **@mcp.tool()**: Decorator that turns your Python functions into MCP tools
* **stateless_http=True**: Required for AgentCore Runtime compatibility
* **Tools**: Three simple tools demonstrating different types of operations

## Creating Local Testing Client

Before deploying to AgentCore Runtime, let's create a client to test our MCP server locally:

In [5]:
%%writefile mcp_client.py
import asyncio

from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client

async def main():
    mcp_url = "http://localhost:8000/mcp"
    headers = {}

    async with streamablehttp_client(mcp_url, headers, timeout=120, terminate_on_close=False) as (
        read_stream,
        write_stream,
        _,
    ):
        async with ClientSession(read_stream, write_stream) as session:
            await session.initialize()
            tool_result = await session.list_tools()
            print("Available tools:")
            for tool in tool_result.tools:
                print(f"  - {tool.name}: {tool.description}")

if __name__ == "__main__":
    asyncio.run(main())

Overwriting mcp_client.py


 ### Testing Locally

To test your MCP server locally:

1. **Terminal 1**: Start the MCP server
   ```bash
   python mcp_server.py
   ```
   
2. **Terminal 2**: Run the test client
   ```bash
   python mcp_client.py
   ```

You should see your three tools listed in the output.

## Configuring AgentCore Runtime Deployment

Next we will use our starter toolkit to configure the AgentCore Runtime deployment with an entrypoint, the execution role we just created and a requirements file. We will also configure the starter kit to auto create the Amazon ECR repository on launch.

During the configure step, your docker file will be generated based on your application code

<div style="text-align:left">
    <img src="images/configure.png" width="60%"/>
</div>

In [9]:
print(f"Using AWS region: {region}")

# Deploy the AgentCore Runtime into your existing VPC
VPC_ID = "vpc-0fee0411bd15a610c"
VPC_SUBNET_IDS = [
    "subnet-0dff4845b461e14cd",
    "subnet-019320fdd46cde00a"
]
VPC_SECURITY_GROUP_IDS = ["sg-0f40ce05eff09274d"]

required_files = ["mcp_server.py", "requirements.txt"]
for file in required_files:
    if not os.path.exists(file):
        raise FileNotFoundError(f"Required file {file} not found")
print("All required files found ‚úì")

agentcore_runtime = Runtime()

print("Configuring AgentCore Runtime...")
response = agentcore_runtime.configure(
    entrypoint="mcp_server.py",
    auto_create_execution_role=True,
    auto_create_ecr=True,
    requirements_file="requirements.txt",
    region=region,
    protocol="MCP",
    agent_name=tool_name,
    vpc_enabled=True,
    vpc_subnets=VPC_SUBNET_IDS,
    vpc_security_groups=VPC_SECURITY_GROUP_IDS,
)
print("Configuration completed ‚úì")
print(
    "VPC config: "
    f"{VPC_ID} / subnets={VPC_SUBNET_IDS} / security_groups={VPC_SECURITY_GROUP_IDS}"
)

VPC mode enabled with 2 subnets and 1 security groups
Entrypoint parsed: file=/workspaces/agent_core_deep_research/MultiServerMCPClient/mcp_server.py, bedrock_agentcore_name=mcp_server
Memory disabled - agent will be stateless
Configuring BedrockAgentCore agent: mcp_server_iam
Memory disabled
Network mode: VPC with 2 subnets and 1 security groups
Generated Dockerfile: Dockerfile
Generated .dockerignore: /workspaces/agent_core_deep_research/MultiServerMCPClient/.dockerignore
Setting 'mcp_server_iam' as default agent


Using AWS region: us-west-2
All required files found ‚úì
Configuring AgentCore Runtime...


Bedrock AgentCore configured: /workspaces/agent_core_deep_research/MultiServerMCPClient/.bedrock_agentcore.yaml


Configuration completed ‚úì
VPC config: vpc-0fee0411bd15a610c / subnets=['subnet-0dff4845b461e14cd', 'subnet-019320fdd46cde00a'] / security_groups=['sg-0f40ce05eff09274d']


## Launching MCP Server to AgentCore Runtime

Now that we've got a docker file, let's launch the MCP server to the AgentCore Runtime. This will create the Amazon ECR repository and the AgentCore Runtime

<div style="text-align:left">
    <img src="images/launch.png" width="85%"/>
</div>

In [11]:
print("Launching MCP server to AgentCore Runtime...")
print("This may take several minutes...")
launch_result = agentcore_runtime.launch()
print("Launch completed ‚úì")
print(f"Agent ARN: {launch_result.agent_arn}")
print(f"Agent ID: {launch_result.agent_id}")

üöÄ Launching Bedrock AgentCore (cloud mode - RECOMMENDED)...
   ‚Ä¢ Deploy Python code directly to runtime
   ‚Ä¢ No Docker required (DEFAULT behavior)
   ‚Ä¢ Production-ready deployment

üí° Deployment options:
   ‚Ä¢ runtime.launch()                ‚Üí Cloud (current)
   ‚Ä¢ runtime.launch(local=True)      ‚Üí Local development
Validating VPC resources...


Launching MCP server to AgentCore Runtime...
This may take several minutes...


‚úì All 2 subnets are in VPC: vpc-0fee0411bd15a610c
‚úì All 1 security groups are in VPC: vpc-0fee0411bd15a610c
‚úì VPC configuration validated successfully
‚úì VPC service-linked role verified: AWSServiceRoleForBedrockAgentCoreNetwork
Memory disabled - skipping memory creation
Starting CodeBuild ARM64 deployment for agent 'mcp_server_iam' to account 482387069690 (us-west-2)
Setting up AWS resources (ECR repository, execution roles)...
Using ECR repository from config: 482387069690.dkr.ecr.us-west-2.amazonaws.com/bedrock-agentcore-mcp_server_iam
Using execution role from config: arn:aws:iam::482387069690:role/AmazonBedrockAgentCoreSDKRuntime-us-west-2-22e9392f39
Preparing CodeBuild project and uploading source...
Using CodeBuild role from config: arn:aws:iam::482387069690:role/AmazonBedrockAgentCoreSDKCodeBuild-us-west-2-22e9392f39
Using dockerignore.template with 43 patterns for zip filtering
Uploaded source to S3: mcp_server_iam/source.zip
Using CodeBuild project from config: bedrock

Launch completed ‚úì
Agent ARN: arn:aws:bedrock-agentcore:us-west-2:482387069690:runtime/mcp_server_iam-rgCYhOFeIC
Agent ID: mcp_server_iam-rgCYhOFeIC


In [12]:

agent_arn_response = ssm_client.put_parameter(
    Name='/mcp_server/runtime_iam/agent_arn',
    Value=launch_result.agent_arn,
    Type='String',
    Description='Agent ARN for MCP server with inbound auth',
    Overwrite=True
)
print("‚úì Agent ARN stored in Parameter Store")

print("\nConfiguration stored successfully!")
print(f"Agent ARN: {launch_result.agent_arn}")

‚úì Agent ARN stored in Parameter Store

Configuration stored successfully!
Agent ARN: arn:aws:bedrock-agentcore:us-west-2:482387069690:runtime/mcp_server_iam-rgCYhOFeIC


## Creating Remote Testing Client

Now let's create a client to test our deployed MCP server. This client will retrieve the necessary credentials from AWS and connect to the deployed server:

In [13]:
%%writefile mcp_client_remote.py       
import asyncio
import sys
import logging
import boto3
from boto3.session import Session
from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client
from streamable_http_sigv4 import streamablehttp_client_with_sigv4


logging.basicConfig(
    level=logging.INFO, format="%(asctime)s - %(name)s - %(levelname)s - %(message)s"
)
logger = logging.getLogger(__name__)


def create_streamable_http_transport_sigv4(
    mcp_url: str, service_name: str, region: str
):
    """
    Create a streamable HTTP transport with AWS SigV4 authentication.

    This function creates an MCP client transport that uses AWS Signature Version 4 (SigV4)
    to authenticate requests. This is necessary because standard MCP clients don't natively
    support AWS IAM authentication, and this bridges that gap.

    Args:
        mcp_url (str): The URL of the MCP gateway endpoint
        service_name (str): The AWS service name for SigV4 signing (typically "bedrock-agentcore")
        region (str): The AWS region where the gateway is deployed

    Returns:
        StreamableHTTPTransportWithSigV4: A transport instance configured for SigV4 auth

    Example:
        >>> transport = create_streamable_http_transport_sigv4(
        ...     mcp_url=".../mcp",
        ...     service_name="bedrock-agentcore",
        ...     region="us-west-2"
        ... )
    """
    # Get AWS credentials from the current boto3 session
    # These credentials will be used to sign requests with SigV4
    session = boto3.Session()
    credentials = session.get_credentials()

    # Create and return the custom transport with SigV4 signing capability
    return streamablehttp_client_with_sigv4(
        url=mcp_url,
        credentials=credentials,
        service=service_name,
        region=region,
    )


def get_full_tools_list(client):
    """
    Retrieve the complete list of tools from an MCP client, handling pagination.

    MCP servers may return tools in paginated responses. This function handles the
    pagination automatically and returns all available tools in a single list.

    Args:
        client: An MCP client instance (from strands.tools.mcp.mcp_client.MCPClient)

    Returns:
        list: A complete list of all tools available from the MCP server

    Example:
        >>> mcp_client = MCPClient(lambda: create_transport())
        >>> all_tools = get_full_tools_list(mcp_client)
        >>> print(f"Found {len(all_tools)} tools")
    """
    more_tools = True
    tools = []
    pagination_token = None

    # Loop until we've fetched all pages
    while more_tools:
        tmp_tools = client.list_tools_sync(pagination_token=pagination_token)

        tools.extend(tmp_tools)

        # Check if there are more pages to fetch
        if tmp_tools.pagination_token is None:
            # No more pages - we're done
            more_tools = False
        else:
            # More pages exist - prepare to fetch the next one
            more_tools = True
            pagination_token = tmp_tools.pagination_token

    return tools


async def main():
    boto_session = Session()
    region = boto_session.region_name
    print(f"Using AWS region: {region}")

    ssm_client = boto3.client("ssm", region_name=region)

    agent_arn_response = ssm_client.get_parameter(
        Name="/mcp_server/runtime_iam/agent_arn"
    )
    agent_arn = agent_arn_response["Parameter"]["Value"]
    print(f"Retrieved Agent ARN: {agent_arn}")

    if not agent_arn:
        print("‚ùå Error: AGENT_ARN not found")
        sys.exit(1)

    encoded_arn = agent_arn.replace(":", "%3A").replace("/", "%2F")
    mcp_url = f"https://bedrock-agentcore.{region}.amazonaws.com/runtimes/{encoded_arn}/invocations?qualifier=DEFAULT"

    try:
        async with create_streamable_http_transport_sigv4(
            mcp_url=mcp_url, service_name="bedrock-agentcore", region=region
        ) as (
            read_stream,
            write_stream,
            _,
        ):
            async with ClientSession(read_stream, write_stream) as session:
                print("\nüîÑ Initializing MCP session...")
                await session.initialize()
                print("‚úì MCP session initialized")

                print("\nüîÑ Listing available tools...")
                tool_result = await session.list_tools()

                print("\nüìã Available MCP Tools:")
                print("=" * 50)
                for tool in tool_result.tools:
                    print(f"üîß {tool.name}")
                    print(f"   Description: {tool.description}")
                    if hasattr(tool, "inputSchema") and tool.inputSchema:
                        properties = tool.inputSchema.get("properties", {})
                        if properties:
                            print(f"   Parameters: {list(properties.keys())}")
                    print()

                print(f"‚úÖ Successfully connected to MCP server!")
                print(f"Found {len(tool_result.tools)} tools available.")

    except Exception as e:
        print(f"‚ùå Error connecting to MCP server: {e}")
        import traceback

        print("\nüîç Full error traceback:")
        traceback.print_exc()
        sys.exit(1)


if __name__ == "__main__":
    asyncio.run(main())


Overwriting mcp_client_remote.py


## Testing Your Deployed MCP Server

Let's test our deployed MCP server using the remote client:

In [14]:
print("Testing deployed MCP server...")
print("=" * 50)
!python mcp_client_remote.py

Testing deployed MCP server...
Using AWS region: us-west-2
2025-12-27 06:59:50,401 - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
Retrieved Agent ARN: arn:aws:bedrock-agentcore:us-west-2:482387069690:runtime/mcp_server_iam-rgCYhOFeIC
2025-12-27 06:59:50,926 - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials

üîÑ Initializing MCP session...
2025-12-27 06:59:58,695 - httpx - INFO - HTTP Request: POST https://bedrock-agentcore.us-west-2.amazonaws.com/runtimes/arn%3Aaws%3Abedrock-agentcore%3Aus-west-2%3A482387069690%3Aruntime%2Fmcp_server_iam-rgCYhOFeIC/invocations?qualifier=DEFAULT "HTTP/1.1 200 OK"
2025-12-27 06:59:58,696 - mcp.client.streamable_http - INFO - Received session ID: d84679ab-da1f-4a49-90d8-981df1ed470f
2025-12-27 06:59:58,697 - mcp.client.streamable_http - INFO - Negotiated protocol version: 2025-06-18
‚úì MCP session initialized

üîÑ Listing available tools...
2025-12-27 06:59

### Invoking MCP Tools Remotely

Now let's create an enhanced client that not only lists tools but also invokes them to demonstrate the full MCP functionality:

In [15]:
%%writefile invoke_mcp_tools.py
import asyncio
import sys
import os
import logging
import boto3
from boto3.session import Session
from mcp import ClientSession
from mcp.client.streamable_http import streamablehttp_client
from streamable_http_sigv4 import streamablehttp_client_with_sigv4

logging.basicConfig(
    level=logging.INFO, format="%(asctime)s - %(name)s - %(levelname)s - %(message)s"
)
logger = logging.getLogger(__name__)


def create_streamable_http_transport_sigv4(
    mcp_url: str, service_name: str, region: str
):
    """
    Create a streamable HTTP transport with AWS SigV4 authentication.

    This function creates an MCP client transport that uses AWS Signature Version 4 (SigV4)
    to authenticate requests. This is necessary because standard MCP clients don't natively
    support AWS IAM authentication, and this bridges that gap.

    Args:
        mcp_url (str): The URL of the MCP gateway endpoint
        service_name (str): The AWS service name for SigV4 signing (typically "bedrock-agentcore")
        region (str): The AWS region where the gateway is deployed

    Returns:
        StreamableHTTPTransportWithSigV4: A transport instance configured for SigV4 auth

    Example:
        >>> transport = create_streamable_http_transport_sigv4(
        ...     mcp_url=".../mcp",
        ...     service_name="bedrock-agentcore",
        ...     region="us-west-2"
        ... )
    """
    # Get AWS credentials from the current boto3 session
    # These credentials will be used to sign requests with SigV4
    session = boto3.Session()
    credentials = session.get_credentials()

    # Create and return the custom transport with SigV4 signing capability
    return streamablehttp_client_with_sigv4(
        url=mcp_url,
        credentials=credentials,
        service=service_name,
        region=region,
    )


def get_full_tools_list(client):
    """
    Retrieve the complete list of tools from an MCP client, handling pagination.

    MCP servers may return tools in paginated responses. This function handles the
    pagination automatically and returns all available tools in a single list.

    Args:
        client: An MCP client instance (from strands.tools.mcp.mcp_client.MCPClient)

    Returns:
        list: A complete list of all tools available from the MCP server

    Example:
        >>> mcp_client = MCPClient(lambda: create_transport())
        >>> all_tools = get_full_tools_list(mcp_client)
        >>> print(f"Found {len(all_tools)} tools")
    """
    more_tools = True
    tools = []
    pagination_token = None

    # Loop until we've fetched all pages
    while more_tools:
        tmp_tools = client.list_tools_sync(pagination_token=pagination_token)

        tools.extend(tmp_tools)

        # Check if there are more pages to fetch
        if tmp_tools.pagination_token is None:
            # No more pages - we're done
            more_tools = False
        else:
            # More pages exist - prepare to fetch the next one
            more_tools = True
            pagination_token = tmp_tools.pagination_token

    return tools


async def main():
    boto_session = Session()
    region = boto_session.region_name
    print(f"Using AWS region: {region}")

    ssm_client = boto3.client("ssm", region_name=region)

    agent_arn_response = ssm_client.get_parameter(
        Name="/mcp_server/runtime_iam/agent_arn"
    )
    agent_arn = agent_arn_response["Parameter"]["Value"]
    print(f"Retrieved Agent ARN: {agent_arn}")

    if not agent_arn:
        print("‚ùå Error: AGENT_ARN not found")
        sys.exit(1)

    encoded_arn = agent_arn.replace(":", "%3A").replace("/", "%2F")
    mcp_url = f"https://bedrock-agentcore.{region}.amazonaws.com/runtimes/{encoded_arn}/invocations?qualifier=DEFAULT"

    try:
        async with create_streamable_http_transport_sigv4(
                mcp_url=mcp_url, service_name="bedrock-agentcore", region=region
        ) as (
            read_stream,
            write_stream,
            _,
        ):
            async with ClientSession(read_stream, write_stream) as session:
                print("\nüîÑ Initializing MCP session...")
                await session.initialize()
                print("‚úì MCP session initialized")

                print("\nüîÑ Listing available tools...")
                tool_result = await session.list_tools()

                print("\nüìã Available MCP Tools:")
                print("=" * 50)
                for tool in tool_result.tools:
                    print(f"üîß {tool.name}: {tool.description}")

                print("\nüß™ Testing MCP Tools:")
                print("=" * 50)

                try:
                    print("\n‚ûï Testing add_numbers(5, 3)...")
                    add_result = await session.call_tool(
                        name="add_numbers", arguments={"a": 5, "b": 3}
                    )
                    print(f"   Result: {add_result.content[0].text}")
                except Exception as e:
                    print(f"   Error: {e}")

                try:
                    print("\n‚úñÔ∏è  Testing multiply_numbers(4, 7)...")
                    multiply_result = await session.call_tool(
                        name="multiply_numbers", arguments={"a": 4, "b": 7}
                    )
                    print(f"   Result: {multiply_result.content[0].text}")
                except Exception as e:
                    print(f"   Error: {e}")

                try:
                    print("\nüëã Testing greet_user('Alice')...")
                    greet_result = await session.call_tool(
                        name="greet_user", arguments={"name": "Alice"}
                    )
                    print(f"   Result: {greet_result.content[0].text}")
                except Exception as e:
                    print(f"   Error: {e}")

                print("\n‚úÖ MCP tool testing completed!")

    except Exception as e:
        print(f"‚ùå Error connecting to MCP server: {e}")
        import traceback

        print("\nüîç Full error traceback:")
        traceback.print_exc()
        sys.exit(1)


if __name__ == "__main__":
    asyncio.run(main())


Overwriting invoke_mcp_tools.py


## Test Tool Invocation

Let's test our MCP tools by actually invoking them:

In [16]:
print("Testing MCP tool invocation...")
print("=" * 50)
!python invoke_mcp_tools.py

Testing MCP tool invocation...
Using AWS region: us-west-2
2025-12-27 07:00:33,311 - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
Retrieved Agent ARN: arn:aws:bedrock-agentcore:us-west-2:482387069690:runtime/mcp_server_iam-rgCYhOFeIC
2025-12-27 07:00:33,749 - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials

üîÑ Initializing MCP session...
2025-12-27 07:00:34,285 - httpx - INFO - HTTP Request: POST https://bedrock-agentcore.us-west-2.amazonaws.com/runtimes/arn%3Aaws%3Abedrock-agentcore%3Aus-west-2%3A482387069690%3Aruntime%2Fmcp_server_iam-rgCYhOFeIC/invocations?qualifier=DEFAULT "HTTP/1.1 200 OK"
2025-12-27 07:00:34,286 - mcp.client.streamable_http - INFO - Received session ID: 540c871b-32ef-4afd-b153-b54fd19651fe
2025-12-27 07:00:34,286 - mcp.client.streamable_http - INFO - Negotiated protocol version: 2025-06-18
‚úì MCP session initialized

üîÑ Listing available tools...
2025-12-27 07:00

## Next Steps

Now that you have successfully deployed an MCP server to AgentCore Runtime, you can:

1. **Add More Tools**: Extend your MCP server with additional tools
2. **Custom Authentication**: Implement AWS IAM inbound authentication
3. **Integration**: Integrate with other AgentCore services

## Cleanup (Optional)

If you want to clean up the resources created during this tutorial, run the following cells:

In [7]:
try:
    ssm_client.delete_parameter(Name='/mcp_server/runtime_iam/agent_arn')
    print("‚úì Parameter Store parameter deleted")
except ssm_client.exceptions.ParameterNotFound:
    print("‚ÑπÔ∏è  Parameter Store parameter not found")

‚úì Parameter Store parameter deleted


In [8]:
destroy_bedrock_agentcore(
    config_path=Path(".bedrock_agentcore.yaml"),
    agent_name=tool_name,
    delete_ecr_repo=True
)

Starting destroy operation for agent: mcp_server_iam (dry_run=False, delete_ecr_repo=True)
DEFAULT endpoint will be automatically deleted with agent
Deleted AgentCore agent: arn:aws:bedrock-agentcore:us-west-2:482387069690:runtime/mcp_server_iam-1zXwwRH7mv
Checking ECR repository: bedrock-agentcore-mcp_server_iam in region: us-west-2
Deleted 1 ECR images from bedrock-agentcore-mcp_server_iam
Deleted ECR repository: bedrock-agentcore-mcp_server_iam
Deleted CodeBuild project: bedrock-agentcore-mcp_server_iam-builder
Deleted S3 artifact: mcp_server_iam/deployment.zip
Deleted S3 artifact: mcp_server_iam/source.zip
Deleted inline policy CodeBuildExecutionPolicy from role AmazonBedrockAgentCoreSDKCodeBuild-us-west-2-22e9392f39
Deleted CodeBuild IAM role: AmazonBedrockAgentCoreSDKCodeBuild-us-west-2-22e9392f39
Deleted IAM role: AmazonBedrockAgentCoreSDKRuntime-us-west-2-22e9392f39
Removed agent configuration: mcp_server_iam
Cleared default agent (no agents remaining)
Removed configuration fil



# üéâ Congratulations!

You have successfully:

‚úÖ **Created an MCP server** with custom tools  
‚úÖ **Tested locally** using MCP client  
‚úÖ **Set up authentication** with Amazon Cognito  
‚úÖ **Deployed to AWS** using AgentCore Runtime  
‚úÖ **Invoked remotely** with proper authentication  
‚úÖ **Learned MCP concepts** and best practices  

Your MCP server is now running on Amazon Bedrock AgentCore Runtime and ready for production use!

## Summary

In this tutorial, you learned how to:
- Build MCP servers using FastMCP
- Configure stateless HTTP transport for AgentCore compatibility
- Set up AWS IAM inbound authentication
- Deploy and manage MCP servers on AWS
- Test both locally and remotely
- Use MCP clients for tool invocation

The deployed MCP server can now be integrated into larger AI applications and workflows!