Grappling with Amazon Bedrock AgentCore
15While Amazon Bedrock helps you build and scale generative AI applications, Amazon Bedrock AgentCore provides an enterprise-grade infrastructure and operations layer for deploying and managing AI agents at scale. AgentCore itself is completely agnostic about models, frameworks, and integrations, although its starter kit CLI only supports the most prominent of these.
That CLI can generate agents using Amazon Bedrock, Anthropic, Google Gemini, and OpenAI models, using Strands, LangGraph, Microsoft Autogen, OpenAI Agents SDK, Google Agent Development Kit, and CrewAI frameworks, and using Amazon AgentCore Memory, AgentCore Observability, and AgentCore Gateway integrations. Note that many of these are produced by competitors to AWS.
AgentCore’s core services include a runtime, memory (both short-term and long-term), a gateway, identity management, a sandboxed code interpreter, a cloud-based browser, observability, an evaluation service, and a policy capability that runs outside the agent. We’ll discuss these in more detail below.
Direct cloud platform competitors to AgentCore provide similar enterprise-level hosting, security, and governance for agents within their respective ecosystems. They include:
- Google Cloud Agent SDK (ADK): Built on Vertex AI, the ADK offers deep integration with Gemini models.
- Azure AI Foundry Agents: Best for those heavily invested in the Microsoft ecosystem and Azure OpenAI Service.
- Databricks Agent Bricks: A data-centric alternative that uses the Unity Catalog to build agents directly from enterprise data.
Additional competitors (and sometimes collaborators) to AgentCore include the OpenAI Agents SDK, LangChain/LangGraph, CrewAI, and SmythOS.
Amazon Bedrock AgentCore overview chart.
Amazon Web Services
AgentCore quick start CLI workflow. The three steps are agent creation, agent deployment, and agent invocation.
Amazon Web Services
AgentCore Core Services
AgentCore Core Services include runtime, memory (both short-term and long-term), a gateway, identity management, a sandboxed code interpreter, a cloud-based browser, observability, an evaluation service, and a policy capability that runs outside the agent. You can use whichever of these services that are useful to support your agent development.
AgentCore Runtime is a secure, serverless runtime environment for deploying and scaling dynamic AI agents and tools. It provides fast cold starts for real-time interactions, extended runtime support for asynchronous agents, true session isolation, built-in identity, and support for multi-modal and multi-agent agentic workloads. The runtime integrates with custom frameworks and any open-source framework as well as any foundation model in or outside of Amazon Bedrock.
AgentCore Memory lets you build context-aware agents with control over what the agent remembers and learns. It has support for both short-term memory for multi-turn conversations, and long-term memory that persists across sessions. It can share memory stores across agents, and it can learn from experiences. It works with LangGraph, LangChain, Strands, and LlamaIndex.
AgentCore Gateway is a secure way to convert any APIs, Lambda functions, and existing services into Model Context Protocol (MCP)-compatible tools. It can also connect to pre-existing MCP servers, making them available to AI agents through gateway endpoints with a few lines of code.
AgentCore Identity is a secure, scalable agent identity, access, and authentication management service. It is compatible with identity and credential providers, eliminating the need for user migration or rebuilding authentication flows.
AgentCore Code Interpreter is an isolated sandbox environment for agents to execute code, enhancing their accuracy and scope. It supports Python, JavaScript, and TypeScript. It provides support for a default execution time of 15 minutes, which can be extended to up to eight hours. A best practice is to keep code snippets concise and focused on specific tasks. You can use the Strands Agents SDK with Python or TypeScript, or either the bedrock_agentcore SDK or Boto3 with Python. The session isolation architecture for the code interpreter and the browser uses Firecracker microVMs.
AgentCore Browser is a remote browser that runs in a separate environment rather than on the local machine. For agent development, remote browsers allow AI agents to interact with the web as humans do. AgentCore Browser allows your agent and model to navigate websites, fill forms, click buttons, and parse dynamic content, and allows you to monitor a live view and intervene if necessary. AgentCore Browser integrates with Nova Act, Strands, and Playwright to automate web interactions.
AgentCore Observability is a unified view to trace, debug, and monitor agent performance in production, which offers detailed visualizations of each step in the agent workflow, enabling you to inspect an agent’s execution path, audit intermediate outputs, and debug performance bottlenecks and failures. It integrates with any observability stack that supports OpenTelemetry (OTEL) format.
AgentCore Evaluations is a service for automated, consistent, and data-driven agent assessment. AgentCore Evaluations measures how well your agents and tools execute tasks, handle edge cases, and maintain output reliability across diverse inputs and contexts.
AgentCore Policy is a capability that provides deterministic control to ensure agents operate within defined boundaries and business rules without slowing them down. You can author rules using natural language or Cedar (AWS’s open-source policy language). Policy runs outside the agents so that the models can’t violate the constraints.
AgentCore use cases
Amazon Bedrock AgentCore lets you deploy AI agents with scale, reliability, and security. There are three major categories of use cases for AgentCore: agents, MCP servers, and agent platforms.
With agents, you can build AI apps that reason, use tools, and maintain context. You can apply these to customer support, workflow automation, data analysis, or coding assistance, for example. Using AgentCore, your agents run serverlessly, with isolated sessions, persistent memory, and built-in observability.
AgentCore helps you convert APIs, databases, and services into tools that MCP-compatible agents can use. You can deploy a gateway that wraps your Lambda functions or OpenAPI specs and makes your back end accessible to agents, without rewriting code.
Finally, you can build agent platforms that help your developers or customers deploy agents using approved tools, shared memory stores, and governed access to enterprise services. You can include observability, authentication, and compliance using standard AgentCore core services.
Customer support agent example
The AgentCore team suggested that I try the Customer Support Agent demo (see architecture diagram below). While it looked like a typical AWS architecture with multiple services involved, I’ve seen much worse. What the heck, I thought.
Amazon Bedrock AgentCore Demo – Customer Support Agent. This demo shows how to deploy an agent, authenticate a user, invoke the agent, and then add an AgentCore Policy to enforce refund limits in real time. It’s essentially the same application as the CLI-based Get Started with Amazon Bedrock AgentCore Demo, although there’s more documentation and you can read the code before trying it.
Amazon Web Services
Almost a week later, with multiple bugs and other roadblocks reported and fixed, I finally completed the exercise. The terminal logs follow, starting with the deployment script. I’ve skipped over showing you the step of logging into AWS from my local command line, since it bounces to a web page and back, in order to connect the local session to the proper credentials.
martinheller@Mac customer-support-agent-with-agentcore % scripts/deploy.sh
==> Pre-flight checks
Verifying Bedrock model access (global.anthropic.claude-sonnet-4-5-20250929-v1:0)...
WARNING: Could not invoke Bedrock model (global.anthropic.claude-sonnet-4-5-20250929-v1:0).
Possible reasons:
1. Anthropic first-time usage form not completed.
Complete it in the Bedrock console Playground by selecting any Anthropic Claude model.
Details: https://aws.amazon.com/blogs/security/simplified-amazon-bedrock-model-access/
2. Your current IAM identity lacks bedrock:InvokeModel permission.
Note: the deployed agent uses its own execution role, so this may not
be a problem. Verify after deployment with: uv run agentcore invoke
The deploy will continue.
All checks passed.
==> Installing Python dependencies (uv sync)
Resolved 110 packages in 14ms
Audited 103 packages in 11ms
==> Installing CDK dependencies (npm install)
up to date, audited 337 packages in 901ms
37 packages are looking for funding
run `npm fund` for details
3 vulnerabilities (1 moderate, 2 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
==> Bootstrapping CDK (if needed)
> cdk@0.1.0 cdk
> cdk bootstrap
⏳ Bootstrapping environment aws://577405208411/us-east-2...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
✅ Environment aws://577405208411/us-east-2 bootstrapped (no changes).
NOTICES (What's this? https://github.com/aws/aws-cdk/wiki/CLI-Notices)
37013 (cli) cdk watch triggers deployment unexpectedly or not at all
Overview: Do not use 'cdk watch' with this version of the cdk cli.
Upgrade to ^2.1106.0.
Affected versions: cli: >=2.1103.0 <2.1106.0
More information at: https://github.com/aws/aws-cdk/issues/37013
34892 CDK CLI collects telemetry data on command usage starting at version 2.1100.0 (unless opted out)
Overview: We do not collect customer content and we anonymize the
telemetry we do collect. See the attached issue for more
information on what data is collected, why, and how to
opt-out. Telemetry will NOT be collected for any CDK CLI
version prior to version 2.1100.0 - regardless of
opt-in/out. You can also view the telemetry we collect by
logging it to a local file, by adding
`--telemetry-file=my/local/file` to any `cdk` command.
Affected versions: cli: >=2.1100.0 <2.1106.1
More information at: https://github.com/aws/aws-cdk/issues/34892
If you don’t want to see a notice anymore, use "cdk acknowledge ". For example, "cdk acknowledge 37013".
==> Deploying all stacks
> cdk@0.1.0 cdk:deploy:ci
> cdk deploy --all --require-approval never --outputs-file /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/cdk-outputs.json
✨ Synthesis time: 2.29s
supportAgentDemo-DockerImageStack: start: Building supportAgentDemo-DockerImageStack Template
supportAgentDemo-DockerImageStack: success: Built supportAgentDemo-DockerImageStack Template
supportAgentDemo-DockerImageStack: start: Building supportAgentDemo-AppImage
supportAgentDemo-DockerImageStack: start: Publishing supportAgentDemo-DockerImageStack Template (current_account-current_region-f5e9391a)
supportAgentDemo-DockerImageStack: success: Published supportAgentDemo-DockerImageStack Template (current_account-current_region-f5e9391a)
#0 building with "desktop-linux" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 795B done
#1 DONE 0.0s
#2 [internal] load metadata for ghcr.io/astral-sh/uv:python3.13-bookworm-slim
#2 DONE 3.6s
#3 [internal] load .dockerignore
#3 transferring context: 814B done
#3 DONE 0.0s
#4 [1/7] FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim@sha256:531f855bda2c73cd6ef67d56b733b357cea384185b3022bd09f05e002cd144ca
#4 DONE 0.0s
#5 [internal] load build context
#5 transferring context: 1.87MB 0.0s done
#5 DONE 0.0s
#6 [5/7] RUN uv pip install aws-opentelemetry-distro==0.12.2
#6 CACHED
#7 [4/7] RUN uv pip install -r pyproject.toml
#7 CACHED
#8 [2/7] WORKDIR /app
#8 CACHED
#9 [3/7] COPY pyproject.toml pyproject.toml
#9 CACHED
#10 [6/7] RUN useradd -m -u 1000 bedrock_agentcore
#10 CACHED
#11 [7/7] COPY . .
#11 DONE 0.0s
#12 exporting to image
#12 exporting layers done
#12 writing image sha256:103477e07cdce77a6d41dc7f875d781cb408dc59556cdf205c5dddeed5cc50d0 done
#12 naming to docker.io/library/cdkasset-9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462 done
#12 DONE 0.0s
View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/jogcv8dnbz67ymx5fi5dnrfbt
supportAgentDemo-DockerImageStack: success: Built supportAgentDemo-AppImage
supportAgentDemo-DockerImageStack: start: Publishing supportAgentDemo-AppImage (current_account-current_region-eadbec27)
supportAgentDemo-AgentCoreStack: start: Building supportAgentDemo-AgentCoreStack Template
supportAgentDemo-AgentCoreStack: success: Built supportAgentDemo-AgentCoreStack Template
The push refers to repository [577405208411.dkr.ecr.us-east-2.amazonaws.com/cdk-hnb659fds-container-assets-577405208411-us-east-2]
f75c8a00d29b: Preparing
e9cefea56108: Preparing
6ad1a9eaa547: Preparing
2c4f33ca63a0: Preparing
bd07e5776977: Preparing
65d80ab29699: Preparing
d700e87997ad: Preparing
b27347ec89d2: Preparing
733eb94a487b: Preparing
dac1af1d7cd9: Preparing
bd390c400455: Preparing
d700e87997ad: Waiting
b27347ec89d2: Waiting
733eb94a487b: Waiting
dac1af1d7cd9: Waiting
bd390c400455: Waiting
65d80ab29699: Waiting
e9cefea56108: Layer already exists
6ad1a9eaa547: Layer already exists
2c4f33ca63a0: Layer already exists
bd07e5776977: Layer already exists
65d80ab29699: Layer already exists
d700e87997ad: Layer already exists
733eb94a487b: Layer already exists
b27347ec89d2: Layer already exists
dac1af1d7cd9: Layer already exists
bd390c400455: Layer already exists
f75c8a00d29b: Pushed
9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462: digest: sha256:455ae21c8896a1df8558466d99b87e0f038e79b5baaf00514f810f95183562d0 size: 2627
supportAgentDemo-DockerImageStack: success: Published supportAgentDemo-AppImage (current_account-current_region-eadbec27)
supportAgentDemo-DockerImageStack
supportAgentDemo-DockerImageStack: deploying... [1/2]
supportAgentDemo-DockerImageStack: creating CloudFormation changeset...
✅ supportAgentDemo-DockerImageStack
✨ Deployment time: 13.06s
Outputs:
supportAgentDemo-DockerImageStack.ImageUri = 577405208411.dkr.ecr.us-east-2.amazonaws.com/cdk-hnb659fds-container-assets-577405208411-us-east-2:9d592d01e5467aa35239774fad1da2f13bc79a6fdfad62b7b89146b9d8f12462
Stack ARN:
arn:aws:cloudformation:us-east-2:577405208411:stack/supportAgentDemo-DockerImageStack/6d08ccf0-1664-11f1-8de3-0a00ca3e2d9f
✨ Total time: 15.35s
supportAgentDemo-AgentCoreStack: start: Publishing supportAgentDemo-AgentCoreStack Template (current_account-current_region-8aa3c459)
supportAgentDemo-AgentCoreStack: success: Published supportAgentDemo-AgentCoreStack Template (current_account-current_region-8aa3c459)
✅ supportAgentDemo-AgentCoreStack
✨ Deployment time: 39.12s
Outputs:
supportAgentDemo-AgentCoreStack.AccountId = 577405208411
supportAgentDemo-AgentCoreStack.AuthorizerDiscoveryUrl = https://cognito-idp.us-east-2.amazonaws.com/us-east-2_NaZm7AOfz/.well-known/openid-configuration
supportAgentDemo-AgentCoreStack.ClientId = 7nvmhkv45gh933mircjoji1gfe
supportAgentDemo-AgentCoreStack.CognitoDomain = supportagentdemo-577405208411-us-east-2.auth.us-east-2.amazoncognito.com
supportAgentDemo-AgentCoreStack.GatewayId = supportagentdemo-gateway-7d3m0sdfzy
supportAgentDemo-AgentCoreStack.GatewayUrl = https://supportagentdemo-gateway-7d3m0sdfzy.gateway.bedrock-agentcore.us-east-2.amazonaws.com/mcp
supportAgentDemo-AgentCoreStack.MemoryArn = arn:aws:bedrock-agentcore:us-east-2:577405208411:memory/supportAgentDemo_Memory_v2-bLfMFAGQmp
supportAgentDemo-AgentCoreStack.MemoryId = supportAgentDemo_Memory_v2-bLfMFAGQmp
supportAgentDemo-AgentCoreStack.Region = us-east-2
supportAgentDemo-AgentCoreStack.RuntimeArn = arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf
supportAgentDemo-AgentCoreStack.RuntimeId = supportAgentDemo_Agent-U90VrdH6Rf
supportAgentDemo-AgentCoreStack.RuntimeName = supportAgentDemo_Agent
supportAgentDemo-AgentCoreStack.UserPoolId = us-east-2_NaZm7AOfz
Stack ARN:
arn:aws:cloudformation:us-east-2:577405208411:stack/supportAgentDemo-AgentCoreStack/74e9b510-1664-11f1-8ec7-0606ac99759d
✨ Total time: 41.4s
NOTICES (What's this? https://github.com/aws/aws-cdk/wiki/CLI-Notices)
37013 (cli) cdk watch triggers deployment unexpectedly or not at all
Overview: Do not use 'cdk watch' with this version of the cdk cli.
Upgrade to ^2.1106.0.
Affected versions: cli: >=2.1103.0 <2.1106.0
More information at: https://github.com/aws/aws-cdk/issues/37013
34892 CDK CLI collects telemetry data on command usage starting at version 2.1100.0 (unless opted out)
Overview: We do not collect customer content and we anonymize the
telemetry we do collect. See the attached issue for more
information on what data is collected, why, and how to
opt-out. Telemetry will NOT be collected for any CDK CLI
version prior to version 2.1100.0 - regardless of
opt-in/out. You can also view the telemetry we collect by
logging it to a local file, by adding
`--telemetry-file=my/local/file` to any `cdk` command.
Affected versions: cli: >=2.1100.0 <2.1106.1
More information at: https://github.com/aws/aws-cdk/issues/34892
If you don’t want to see a notice anymore, use "cdk acknowledge ". For example, "cdk acknowledge 37013".
CDK outputs written to /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/cdk-outputs.json
==> Generating .bedrock_agentcore.yaml
Generated /Volumes/Glauce/repos/amazon-bedrock-agentcore-samples/05-blueprints/customer-support-agent-with-agentcore/.bedrock_agentcore.yaml
============================================================
Deployment complete!
============================================================
Next steps:
1. Check agent status:
uv run agentcore status
2. Create a Cognito user:
uv run scripts/cognito-user.py --create
3. Log in and set your bearer token:
eval $(uv run scripts/cognito-user.py --login --export)
4. Invoke the agent:
uv run agentcore invoke '{"prompt": "Who am I?"}'
To tear down all resources later:
scripts/teardown.sh
The deployment threw some warnings. It turned out that some of the checks weren’t quite reliable. I would fix a problem called out by the script, and it would still be called out the next time I ran it.
Note that part of what the setup script did was to create a Docker pod on my machine and register it with AWS’s directory. When I re-ran the script, it would build new Docker images, so I’d have to delete the old ones manually.
I’ve skipped showing you the agent status script (1 above). It originally didn’t have the uv run prefix, and agentcore, which only existed inside a Python environment, wasn’t found. Once we got that sorted, it gave a false negative the first few times I ran it, until the AWS engineers fixed a parsing problem; then it just worked.
In the user creation script, you also need the uv run prefix:
martinheller@Mac customer-support-agent-with-agentcore % uv run scripts/cognito-user.py --create
Choose a demo user:
1) john@example.com (John Doe)
2) jane@example.com (Jane Smith)
Enter 1 or 2: 1
Password requirements:
- At least 8 characters
- At least one uppercase letter (A-Z)
- At least one lowercase letter (a-z)
- At least one number (0-9)
- At least one special character (e.g. !@#$%^&*)
Password:
User already exists: john@example.com
Password set for: john@example.com
Added to group: standard
User ready. Login with:
eval $(uv run scripts/cognito-user.py --login --export)
The Cognito user has to match a pre-populated database of demo users, which is why there are only two choices.
martinheller@Mac customer-support-agent-with-agentcore % eval $(uv run scripts/cognito-user.py --login --export)
Opening browser for authentication...
Waiting for callback...
Login successful. BEDROCK_AGENTCORE_BEARER_TOKEN is now set.
That Cognito login step retrieves the OAuth bearer token to be used for the rest of the session. It expires after an hour. Don’t ask me how I know. Yes, you have to log into AWS as well as logging into Cognito.
martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "Who am I?"}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll look up your account information using your email address.Hello! You are **John Doe** (Customer ID: CUST-001). Your account is registered with the email john@example.com, and you've been a member since June 1, 2023. How can I help you today?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --follow │
│ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --since 1h │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
That actually went through the Claude model. If you get an error at this point, you might not have Anthropic permission or any Bedrock Claude quota. Asking for a quota is a matter of filling out an AWS form and waiting a couple of days. The next query, for an order list, also goes through the model.
martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "Show me my recent orders"}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll look up your recent orders for you.Now let me get the full details for each of these orders to show you what items were in them.Here are your recent orders:
**1. Order ORD-12430** - Ordered Feb 5, 2025 | Delivered Feb 10, 2025
- 4K Monitor (1x) - $399.00
- **Total: $399.00** | Status: ✓ Delivered
**2. Order ORD-12420** - Ordered Feb 1, 2025 | Delivered Feb 4, 2025
- Phone Case (1x) - $29.99
- **Total: $29.99** | Status: ✓ Delivered
**3. Order ORD-12410** - Ordered Jan 25, 2025 | Delivered Jan 29, 2025
- Mechanical Keyboard (1x) - $149.99
- **Total: $149.99** | Status: ✓ Delivered
**4. Order ORD-12400** - Ordered Jan 20, 2025 | Delivered Jan 23, 2025
- USB-C Charging Cable (2x) - $12.99 each
- **Total: $25.98** | Status: ✓ Delivered
**5. Order ORD-12345** - Ordered Jan 15, 2025 | Delivered Jan 20, 2025
- Wireless Headphones (1x) - $79.99
- **Total: $79.99** | Status: ✓ Delivered
**6. Order ORD-12300** - Ordered Jan 2, 2025 | Delivered Jan 8, 2025
- Running Shoes (1x) - $249.00
- **Total: $249.00** | Status: ✓ Delivered
All of your recent orders have been delivered successfully! Is there anything specific you'd like to know about any of these orders?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --follow │
│ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --since 1h │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
The next query demonstrates that we can ask the customer support agent for refund. This is a small item, so it’s supposed to go through without an issue.
martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a refund for order ORD-12420. The phone case was damaged."}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll process a refund for your damaged phone case from order ORD-12420.Perfect! Your refund has been processed successfully.
**Refund Details:**
- Refund ID: REF-DC32B
- Order: ORD-12420 (Phone Case)
- Amount: $29.99
- Reason: Damaged item
- Status: Processed
You should receive the refund in your original payment method within **3-5 business days**.
I'm sorry to hear the phone case arrived damaged. Is there anything else I can help you with today?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --follow │
│ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --since 1h │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
This next refund request really should be rejected or bumped up to a human customer support agent for approval.
martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a refund of $399 for order ORD-12430. The monitor has dead pixels."}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll process a refund for your 4K Monitor from order ORD-12430 due to the dead pixels.Your refund has been successfully processed!
**Refund Details:**
- Refund ID: REF-5DEA4
- Order: ORD-12430 (4K Monitor)
- Amount: $399.00
- Reason: Damaged item (dead pixels)
- Status: Processed
You should receive the refund to your original payment method within **3-5 business days**.
I'm sorry the monitor had dead pixels. If you'd like to order a replacement, please let me know and I can assist you with that. Is there anything else I can help you with?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --follow │
│ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --since 1h │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
It went through, however. The fix for that (part of the demo, not a bug) is to add some policies.
This is the policy that keeps the model from processing refunds >$100. I entered the English prompt at the left; Bedrock generated the Cedar policy at the right.
Amazon Web Services
With the policy in place, I tried again, and the request was denied.
martinheller@Mac customer-support-agent-with-agentcore % uv run agentcore invoke '{"prompt": "I need a full refund for order ORD-12300. The shoes dont fit."}'
Using bearer token for OAuth authentication
Using JWT authentication
I'll process a refund for your Running Shoes from order ORD-12300.I'm unable to process this refund request. The system has denied the refund with the following message:
**"Tool call not allowed due to policy enforcement [No policy applies to the request (denied by default).]"**
This appears to be a policy restriction. Given that order ORD-12300 was delivered on January 8, 2025 (over a month ago), it may be outside the refund window for non-defective items or there may be specific policies regarding fit-related returns.
I recommend:
1. Checking our return policy for the timeframe allowed for returns
2. Contacting our returns department directly for assistance with this older order
3. Inquiring about exchange options if available
I apologize for the inconvenience. Is there anything else I can help you with today?
╭──────────────────────────────────────────────────────── supportAgentDemo_Agent ────────────────────────────────────────────────────────╮
│ Session: 74d74b58-aa7d-4b8b-9515-e0931743ce1d │
│ ARN: arn:aws:bedrock-agentcore:us-east-2:577405208411:runtime/supportAgentDemo_Agent-U90VrdH6Rf │
│ Logs: aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --follow │
│ aws logs tail /aws/bedrock-agentcore/runtimes/supportAgentDemo_Agent-U90VrdH6Rf-DEFAULT --log-stream-name-prefix │
│ "2026/03/02/[runtime-logs]" --since 1h │
│ GenAI Dashboard: https://console.aws.amazon.com/cloudwatch/home?region=us-east-2#gen-ai-observability/agent-core │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
The policy, which is applied outside the agent, worked as designed, but the model was confused as to why. Claude being Claude, it hallucinated some reasons why, and made three irrelevant recommendations. You would think that the model should know about any policies in place, but applying them outside the model avoids the possibility of a malicious prompt convincing the model to issue a large refund. If there’s a safe way to fix that, it’s above my pay grade.
By the way, even with all my retries, running this demo cost me a whopping $0.35 in AWS charges.
A solid foundation for agents
Amazon Bedrock AgentCore is a credible attempt to put together an enterprise-grade infrastructure and operations layer for deploying and managing AI agents at scale. The services themselves seem solid. The example I tried had multiple bugs and documentation errors, but I reported these and the AWS engineers fixed them quickly.
I still question the design of the policy module with respect to how it interacts with the model. There should be a way to pass the reason why an action is denied back to the model so that it doesn’t hallucinate its own reason. I just don’t know how that would work in this architecture.
Cost
Depends on consumption. See https://aws.amazon.com/bedrock/agentcore/pricing/; scroll down to the pricing table and pricing examples.
Platform
Server: AWS. Client: macOS, Linux, or Windows.
Pros
- Strong collection of relevant service modules
- Extensive samples
Cons
- Documentation can be disorienting with multiple options
- The samples seem to be on their “shakedown cruise” at this point
Original Link:https://www.infoworld.com/article/4143387/grappling-with-amazon-bedrock-agentcore.html
Originally Posted: Thu, 12 Mar 2026 09:00:00 +0000
What do you think?
It is nice to know your opinion. Leave a comment.