Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025

Agentic AI meets Serverless on AWS
Vadym Kazulkin, ip.labs , AWS User Group Cologne 30 October 2025

Vadym Kazulkin
ip.labs GmbH Bonn, Germany
Co-Organizer of the Java User Group Bonn
[email protected]
@VKazulkin
https://dev.to/vkazulkin
https://github.com/Vadym79/
https://de.slideshare.net/VadymKazulkin/
https://www.linkedin.com/in/vadymkazulkin
https://www.iplabs.de/
Contact

Agentic AI meets Serverless on AWS
Agenda
▪AI Terminology
▪Current challenges with development of the AI agents
▪Introduction to Amazon Bedrock AgentCore
▪Introduction to the sample application
▪Dive into AgentCoreGateway /Runtime /Memory /Identity
/Observability
▪AgentCorePricing
▪Wrap up

Agentic AI meets Serverless on AWS
AI Terminology

Agentic AI meets Serverless on AWS
AI Terminology
▪Large Language Models, also known as LLMs, are very large deep
learning models that are pre-trained on vast amounts of data and
excels at processing, understanding, and generating human language.
▪A prompt is a natural language request submitted to a (Large)
Language Model to receive a response back.
▪The Model Context Protocol (MCP) is an open standard and open-
source framework that allows servers to expose tools (or functions)that
can be invoked by (Large) Language Models. Toolsenable models to
interact with external systems, such as querying databases, calling APIs,
or performing computations.
https://modelcontextprotocol.io/docs/getting-started/intro

Agentic AI meets Serverless on AWS
AI Terminology
▪An LLM/AI agentruns toolsin a loop to achieve a goal.
▪Agentic workflows are AI-driven processeswhere autonomous AI
agents make decisions, take actions and coordinate tasks with
minimal human intervention.
▪The Agent2Agent (A2A) is a protocol that allows AI agents to
communicate with each other, securely exchange information, and
coordinate actions.
https://simonwillison.net/2025/Sep/18/agents/ https://www.ibm.com/think/topics/agentic-workflows https://developers.googleblog.com/en/a2a-a-new-era-of-agent-interoperability/

Agentic AI meets Serverless on AWS
Current challenges with development of the
AI agents

Agentic AI meets Serverless on AWS
Current challenges with development of the AI agents
▪Building an AI agent that can handle a real-life use case in
production is a complex undertaking.
▪Although creating a proof of conceptdemonstrates the potential,
moving to production requires addressing scalability, security,
observability, and operational concerns that don’t surface in
development environments.
https://aws.amazon.com/blogs/machine-learning/move-your-ai-agents-from-proof-of-concept-to-production-with-amazon-bedrock-agentcore/

Agentic AI meets Serverless on AWS
Introduction to Amazon Bedrock AgentCore

Agentic AI meets Serverless on AWS
▪Amazon Bedrock AgentCoreenables you to deploy and operate
highly effective agents securely, at scale using any framework and
programming language and model (LLM).
▪With Amazon Bedrock AgentCore, developers can accelerate AI
agents into production with the scale, reliability, and security,
critical to real-world deployment.
▪Amazon Bedrock AgentCoreservices are composable.
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/what-is-bedrock-agentcore.html
Introduction to Amazon Bedrock AgentCore

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
Introduction to Amazon Bedrock AgentCore

Agentic AI meets Serverless on AWS
Introduction to the sample application
https://github.com/Vadym79/AWSLambdaJavaWithAmazonDSQL/tree/main/sample-app-with-pgjdbc https://github.com/Vadym79/amazon-bedrock-agentcore-demos

Agentic AI meets Serverless on AWS
https://github.com/Vadym79/AWSLambdaJavaWithAmazonDSQL/blob/main/sample-app-with-pgjdbc
https://dev.to/aws-heroes/serverless-applications-with-java-and-aurora-dsql-part-1-introduction-and-sample-application-10ip
Sample Application
•The question that I was asking myself was:
How can I easily talk to this Serverless
application (via its read APIs) using natural
language

Agentic AI meets Serverless on AWS
https://awslabs.github.io/mcp/servers/
Aurora DSQL MCP Server

Agentic AI meets Serverless on AWS
https://awslabs.github.io/mcp/servers/aurora-dsql-mcp-server/
Aurora DSQL MCP Server
Features overview:
▪Converting human-readable questions and commands into
structured Postgres-compatible SQL queries and executing them
against the configured Aurora DSQL database.
▪Read-only by default, transactions enabled with --allow-writes
▪Connection reuse between requests for improved performance

Agentic AI meets Serverless on AWS
https://github.com/strands-agents/samples/tree/main/03-integrations/aurora-DSQL
Aurora DSQL MCP Server

Agentic AI meets Serverless on AWS
https://github.com/strands-agents/samples/tree/main/03-integrations/aurora-DSQL
Aurora DSQL MCP Server -Get Order By ID

Agentic AI meets Serverless on AWS
https://github.com/strands-agents/samples/tree/main/03-integrations/aurora-DSQL
Aurora DSQL MCP Server -Single Order Users

Agentic AI meets Serverless on AWS
https://aws.amazon.com/blogs/machine-learning/unlocking-the-power-of-model-context-protocol-mcp-on-aws/
How to convert existing AWS Services to MCP Servers
How to convert existing AWS
Services to MCP Servers?
•API Gateway - to expose (sub)
set of its APIs as tools
•Lambda – to expose the
function itself as a tool

Agentic AI meets Serverless on AWS
https://github.com/Vadym79/AWSLambdaJavaWithAmazonDSQL/blob/main/sample-app-with-pgjdbc
https://dev.to/aws-heroes/serverless-applications-with-java-and-aurora-dsql-part-1-introduction-and-sample-application-10ip
Sample Application
•The question that I was asking myself was:
How can I easily talk to this Serverless
application (its read APIs) through the
natural language
•Then AgentCore(Gateway) was released

Agentic AI meets Serverless on AWS
Dive to AgentCoreGateway
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway.html

Agentic AI meets Serverless on AWS
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway.html
AgentCore Gateway
▪AgentCoreGateway provides an easy and secure way for developers to
build, deploy, discover, and connect to tools at scale.
▪With Gateway, developers can convert APIs (including existing Amazon
API Gateway Rest APIs), Lambda functions, and existing services into
Model Context Protocol (MCP)-compatible tools and make them
available to agents through Gateway.

Agentic AI meets Serverless on AWS
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway.html
AgentCore Gateway
▪AgentCoreGateway acts like an MCP server, providing a single access
point for an agent to interact with its tools. A Gateway can have
multiple targets, each representing a different tool or set of tools.
▪AgentCoreGateway supports OpenAPI, Smithy, and Lambda as
Gateway target types
▪AgentCoreGateway supports A2A (Agent2Agent) protocol
▪Strands Agents framework supports both protocols: MCP and A2A as well

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCore Gateway with Open API/Amazon Gateway as a
Target

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-2-exposing-existing-amazon-api-gateway-rest-api-via-mcp-and-4458
AgentCore Gateway with Open API/Amazon Gateway as a
Target

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-2-exposing-existing-amazon-api-gateway-rest-api-via-mcp-and-4458
AgentCore Gateway with Open API/Amazon Gateway as a
Target – Define Tools

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-2-exposing-existing-amazon-api-gateway-rest-api-via-mcp-and-4458
AgentCore Gateway with Open API/Amazon Gateway as a
Target

Agentic AI meets Serverless on AWS
https://strandsagents.com/latest/#
Strands Agents SDK
Strands Agents is a Python SDK that takes a model-driven approach to
building and running AI agents.
Features overview:
▪Lightweight & Flexible: Simple agent loop that just works and is fully
customizable
▪Model Agnostic: Support for Amazon Bedrock, Anthropic, LiteLLM,
Llama, Ollama, OpenAI, Writer, and custom providers
▪Advanced Capabilities: Multi-agent systems, autonomous agents, and
streaming support
▪Built-in MCP: Native support for Model Context Protocol (MCP) servers,
enabling access to thousands of pre-built tools

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-2-exposing-existing-amazon-api-gateway-rest-api-via-mcp-and-4458
AgentCore Gateway with Open API/Amazon Gateway as a
Target – Run Agent Locally

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCore Gateway with Lambda as a Target

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-3-exposing-existing-aws-lambda-function-via-mcp-and-gateway-2ga
AgentCore Gateway with Lambda as a Target

Agentic AI meets Serverless on AWS
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-using-mcp-semantic-search.html
AgentCore Gateway with Sematic Search for Tools with
Strands MCP Client

Agentic AI meets Serverless on AWS
Dive to AgentCoreRuntime
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agents-tools-runtime.html

Agentic AI meets Serverless on AWS
Deployment options of Agents prioto AgentCoreRuntime

Agentic AI meets Serverless on AWS
AgentCoreRuntime
Amazon Bedrock AgentCoreRuntimeprovides a secure, serverless and
purpose-built hosting environment for deploying and running AI agents
or tools. It offers the following benefits:
▪Framework agnostic-Runtime lets you transform any local agent code
to cloud-native deployments with a few lines of code no matter the
underlying framework. Works seamlessly with popular frameworks like
LangGraph, Strands, and CrewAI. You can also leverage it with custom
agents that don't use a specific framework.
▪Model flexibility-Runtime works with any Large Language Model, such
as models offered by Amazon Bedrock, Anthropic Claude, Google
Gemini, and OpenAI.
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-1-introduction-e5i

Agentic AI meets Serverless on AWS
AgentCoreRuntime
▪Protocol support-Service contract supports 2 communication
protocols:
▪HTTP Protocol: Direct REST API endpoints for traditional
request/response patterns
▪MCP Protocol: Model Context Protocol for tools and agent servers
▪A2A Protocol:Open standard designed to enable seamless
communication and collaboration between AI agents.
▪Extended execution time-Runtime supports both real-time
interactions and long-running workloads up to 8 hours, enabling
complex agent reasoning and asynchronous workloads that may
involve multi-agent collaboration or extended problem-solving
sessions.
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-1-introduction-e5i

Agentic AI meets Serverless on AWS
AgentCoreRuntime
▪Session isolation-In Runtime, each user session runs in a
dedicated microVMwith isolated CPU, memory, and filesystem
resources. This helps create complete separation between user
sessions, safeguarding stateful agent reasoning processes and
helps prevent cross-session data contamination.
After session completion, the entire microVMis terminated and
memory is sanitized, delivering deterministic security even when
working with non-deterministic AI processes.
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-1-introduction-e5i

Agentic AI meets Serverless on AWS
https://brooker.co.za/blog/2025/09/18/firecracker.html https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreRuntime
Firecracker is the right choice because:
•Agent sessions vary from milliseconds
(single-turn, single-shot, agent
interactions with small models), to hours
(multi-turn interactions, with thousands
of tool calls and LLM interactions).
•Context varies from zero to gigabytes.
•The flexibility of Firecracker, including
the ability to grow and shrink the CPU
and memory use of VMs in place, was a
key part of being able to build this
economically.

Agentic AI meets Serverless on AWS
AgentCoreRuntime Starter Toolkit
The Amazon Bedrock AgentCorePython SDKprovides a lightweight
wrapper that helps us deploy our agent functions as HTTP services
compatible with Amazon Bedrock AgentCore.
It handles all the HTTP server details so we can focus on our
agent's core functionality.
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-2-deploy-the-agent-with-the-agentcore-runtime-starter-3706

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-2-deploy-the-agent-with-the-agentcore-runtime-starter-3706
AgentCoreRuntime Develop and Deploy Agent with Starter Toolkit
#configure agent
agentcoreconfigure --entrypoint
agentcore_runtime_demo.py -er
IAM_ARN
#launch agent locally
agentcore launch -l
#deploy agent to AgentCore
Runtime
agentcore launch

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-2-deploy-the-agent-with-the-agentcore-runtime-starter-3706
AgentCoreRuntime

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-2-deploy-the-agent-with-the-agentcore-runtime-starter-3706
AgentCoreRuntime Invoke Agent with Starter Toolkit

Agentic AI meets Serverless on AWS
AgentCoreRuntime Custom Agent
Using Custom Agent to deploy it on AgentCore Runtime gives us full
control over our agent's HTTP interface.
To deploy a custom agent using FastAPI and Docker, follow
AgentCore Runtime requirements :
▪FastAPI Server: Web server framework for handling requests
▪/invocations Endpoint: POST endpoint for agent interactions
▪/ping Endpoint: GET endpoint for health checks
▪Docker Container: ARM64 containerized deployment package
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-4-using-custom-agent-with-strands-agents-sdk-201o

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCore Runtime Architecture

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-4-using-custom-agent-with-strands-agents-sdk-201o
AgentCoreRuntime Develop Custom Agent

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-4-using-custom-agent-with-strands-agents-sdk-201o
AgentCoreRuntime Deploy Custom Agent

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-4-using-custom-agent-with-strands-agents-sdk-201o
AgentCoreRuntime Invoke Custom Agent

Agentic AI meets Serverless on AWS
Dive to AgentCoreMemory
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/memory.html

Agentic AI meets Serverless on AWS
AgentCoreMemory
By default, the agents are stateless, so they don't remember the
previous conversations. To change that, we can provide the agent
with memory capabilities.
For example, Strands offers two built-in session managers for
persisting agent sessions:
▪FileSessionManager: Stores sessions in the local filesystem
▪S3SessionManager: Stores sessions in Amazon S3 buckets
Read more about this in the article Strands Session Management.
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4

Agentic AI meets Serverless on AWS
AgentCoreMemory
AgentCoreMemorylets your AI agents deliver intelligent, context-
aware, and personalized interactions by maintaining both
immediate and long-term knowledge.
AgentCoreMemory offers two types of memory:
▪Short-term memory: Stores conversations to keep track of
immediate context.
▪Long-term memory: Stores extracted insights -such as user
preferences, semantic facts, and summaries -for knowledge
retention across sessions.
.
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreShort-Term Memory
Short-term memory captures raw
interaction events, maintains immediate
context, powers real-time
conversations, enriches long-term
memory systems, and enables building
advanced contextual solutions such as
multi-step task completion, in-session
knowledge accumulation, and context-
aware decision making.

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreShort-Term Memory
When creating a memory resource, you
can specify an event expiry duration (up
to 365 days) to control how long raw
conversation data is retained in short-
term memory.

Agentic AI meets Serverless on AWS
AgentCoreCreate Short-Term Memory
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4

Agentic AI meets Serverless on AWS
AgentCoreCreate Short-Term Memory Hook with Strands Agents
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4
Strands Agents has a concept of hooks.
Especially important it is to understand
hook event lifecycle.

Agentic AI meets Serverless on AWS
AgentCoreCreate Short-Term Memory Hook with Strands Agents
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4

Agentic AI meets Serverless on AWS
AgentCoreInitialize Agent with Short-Term Memory
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4

Agentic AI meets Serverless on AWS
AgentCoreInvoke Agent With Short-Term Memory
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-6-using-agentcore-short-term-memory-with-strands-agents-sdk-55d4

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-7-using-agentcore-long-term-memory-with-strands-agents-sdk-lb2
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreLong-Term Memory
•Long-term memorygeneration is an
asynchronous process that runs in
the background and automatically
extracts insights after raw
conversation/context is stored in
Short Term Memory via CreateEvent.
•Stores extracted insights -such as
user preferences, semantic facts, and
summaries -for knowledge retention
across sessions.

Agentic AI meets Serverless on AWS
AgentCoreLong-Term Memory
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-7-using-agentcore-long-term-memory-with-strands-agents-sdk-lb2

Agentic AI meets Serverless on AWS
AgentCoreCreate Long-Term Memory
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-7-using-agentcore-long-term-memory-with-strands-agents-sdk-lb2

Agentic AI meets Serverless on AWS
AgentCoreCreate Long-Term Memory Hook with Strands Agents
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-7-using-agentcore-long-term-memory-with-strands-agents-sdk-lb2

Agentic AI meets Serverless on AWS
AgentCoreCreate Retrieve Memory with Strands Agents
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-7-using-agentcore-long-term-memory-with-strands-agents-sdk-lb2

Agentic AI meets Serverless on AWS
AgentCoreInitialize Agent with Long-Term Memory
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-7-using-agentcore-long-term-memory-with-strands-agents-sdk-lb2

Agentic AI meets Serverless on AWS
AgentCoreInvoke Agent With Long-Term Memory
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-7-using-agentcore-long-term-memory-with-strands-agents-sdk-lb2

Agentic AI meets Serverless on AWS
Dive to AgentCoreObservability
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability.html

Agentic AI meets Serverless on AWS
AgentCoreObservability
▪AgentCoreObservability gives us real-time visibility into agent
operational performance through access to dashboards powered
by Amazon CloudWatch and telemetry for key metrics such as
session count, latency, duration, token usage, and error rates.
▪AgentCoreemits telemetry data in standardized OpenTelemetry
(OTEL)-compatible format, enabling us to easily integrate it with
existing monitoring and observability stack such as Dynatrace,
Datadog, ArizePhoenix, LangSmith, and Langfuse.
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability.html

Agentic AI meets Serverless on AWS
AgentCoreObservability
▪By default, AgentCoreoutputs a set of key built-in metrics for agents,
gateway resources, and memory resources. We can also instrument
our agent code to provide additional span and trace data and custom
metrics and logs.
▪With AgentCore, you can also view metrics for agents that aren't
running in the AgentCoreruntime. Additional setup steps are required
to configure telemetry outputs for non-AgentCoreagents.
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability.html

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreObservability

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-3-agentcore-observability-f08
CloudWatch GenAI Observability

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-3-agentcore-observability-f08
CloudWatch GenAI Observability Model Invocation Metrics
You can find very useful metrics there like:
•Invocation count
•Invocation latency
•Invocation throttles
•Invocation error count
•Token count by model (input and output
tokens and total)
•Requests, grouped by input token

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-3-agentcore-observability-f08
CloudWatch GenAI Observability Model Invocation Logging

Agentic AI meets Serverless on AWS
AgentCoreObservability with ADOT
▪To view this data in the CloudWatch we need to add the AWS Distro for Open
Telemetry (ADOT) SDK to our agent code.
▪ADOTis a secure, production-ready, AWS-supported distribution of the
OpenTelemetryproject. Part of the Cloud Native Computing Foundation,
OpenTelemetryprovides open sourceAPIs, libraries, and agents to collect
distributed traces and metrics for application monitoring.
▪With ADOT, we can instrument our applications just once to send correlated
metrics and traces to multiple AWS and Partner monitoring solutions. In our
case we will send the metrics to the CloudWatch GenAI Observability service.
https://aws-otel.github.io/

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-3-agentcore-observability-f08
AgentCoreObservability with ADOT

Agentic AI meets Serverless on AWS
https://strandsagents.com/latest/documentation/docs/user-guide/observability-evaluation/observability/
AgentCoreObservability with ADOT

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-runtime-part-3-agentcore-observability-f08
AgentCoreObservability with ADOT For AgentCoreRuntime

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-4-agentcore-gateway-observability-2775
AgentCore Gateway Metrics
ListTools MCP operation: CallTool MCP operation:

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-4-agentcore-gateway-observability-2775
AgentCore Gateway Logs

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-4-agentcore-gateway-observability-2775
AgentCore Gateway Logs
•The only information we have in this
span is the http.urlproperty which ends
with /mcp, so we know that this is the
exact exposed AgentCoreGateway URL
and that's why we know that behind this
URL we exposed Open API target in our
case Amazon API Gateway).
•But we don't know what requests we're
sending to this Gateway Target and
what tools we're using. Here is where
AgentCoreGateway CloudWatch Log
comes to the rescue.

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-4-agentcore-gateway-observability-2775
AgentCore Gateway Logs

Agentic AI meets Serverless on AWS
AgentCoreObservability with ADOT For AgentCoreMemory

Agentic AI meets Serverless on AWS
AgentCoreMemory CloudWatch Metrics

Agentic AI meets Serverless on AWS
Dive to AgentCoreIdentity
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity.html

Agentic AI meets Serverless on AWS
AgentCoreIdentity
▪Amazon Bedrock AgentCoreIdentity is an identity and credential
management service designed specifically for AI agents and
automated workloads.
▪It provides secure authentication, authorization, and credential
management capabilities that enable agents and tools to access
AWS resources and third-party services on behalf of users while
helping to maintain strict security controls and audit trails.
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity.html

Agentic AI meets Serverless on AWS
AgentCoreIdentity
▪Amazon Bedrock AgentCoreIdentity addresses these challenges
by providing a centralized capability for managing agent identities,
securing credentials, and enabling seamless integration with AWS
and third-party services through Sigv4, standardized OAuth 2.0
flows, and API keys.
▪The service integrates natively with Amazon Bedrock AgentCoreto
provide identity and credential management for agent
applications, including Amazon Bedrock AgentCoreRuntime and
Amazon Bedrock AgentCoreGateway.
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity.html

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreIdentity Authentication Types
•Inbound Auth: authenticates and
authorizes the caller to get access to an
agent, tool, runtime, or Gateway. You can
configure using either IAM or JSON web
(for example, Oauth) tokens from your
identity provider.
•Outbound Auth: uses either an API key
or an OAuth client that allows an agent,
tool or Gateway access to downstream
resources. You can use the Outbound
Auth ARN in your agent or tool code.

Agentic AI meets Serverless on AWS
https://us-east-1.console.aws.amazon.com/bedrock-agentcore/identity
AgentCoreIdentity Authentication Types

Agentic AI meets Serverless on AWS
AgentCoreIdentity Inbound Auth For AgentCoreRuntime
We gave the agent exact the permissions it
required:
•To pull the Docker image from the ECR
repository which contains the image of
our agent.
•To write logs and push metrics and
traces to CloudWatch.
•To access the specific AgentCore
Gateway (for which we required Cognito
Pool permissions).
•To access the created AgentoCore
Memory.

Agentic AI meets Serverless on AWS
AgentCoreIdentity Inbound Auth For AgentCoreRuntime
Using Cognito as the Identity provider:

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreIdentity Inbound Auth For AgentCoreRuntime

Agentic AI meets Serverless on AWS
AgentCoreIdentity Inbound Auth For AgentCoreRuntime
using existing Identity provider (e.g.Okta, Auth0) configurations to
enable OAuth 2.0:

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreIdentity Inbound Auth For AgentCoreRuntime

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-2-exposing-existing-amazon-api-gateway-rest-api-via-mcp-and-4458
https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
AgentCoreIdentity Inbound Auth For AgentCoreGateway
Using Cognito as the Identity provider:
•Create Cognito User Pool.
•Create Cognito JWT token issuer
endpoint.
•Cognito User Pool OAuth 2.0
authorization server issues JSON
web tokens (JWTs) from the
token endpoint.

Agentic AI meets Serverless on AWS
AgentCoreIdentity Inbound Auth For AgentCoreGateway
https://github.com/Vadym79/amazon-bedrock-agentcore-demos

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
AgentCoreIdentity Outbound Auth For AgentCoreGateway

Agentic AI meets Serverless on AWS
AgentCoreIdentity Outbound Auth For AgentCoreGateway
•To authenticate Amazon API
Gateway with API Key we need to
pass its value as HTTP Header
with the name x-api-key. Other
APIs may require passing the API
Key as a query parameter
•The credentialLocationcan be
either HEADER or
QUERY_PARAMETER
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-2-exposing-existing-amazon-api-gateway-rest-api-via-mcp-and-4458

Agentic AI meets Serverless on AWS
AgentCoreIdentity Outbound Auth For AgentCoreGateway
https://github.com/Vadym79/amazon-bedrock-agentcore-demos/blob/main/amazon-agentcore-gateway-demos/AmazonBedrockAgentCoreGateway_API_Gateway_REST_API.ipynb

Agentic AI meets Serverless on AWS
AgentCoreIdentity Outbound Auth For AgentCoreGateway
"API Key" configuration is always
backed by storing the credentials in
the "AWS Secrets Manager" :
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-2-exposing-existing-amazon-api-gateway-rest-api-via-mcp-and-4458

Agentic AI meets Serverless on AWS
AgentCoreIdentity Outbound Auth For AgentCoreGateway
•Another option to create
Outbound Auth with AgentCore
Gateway is to use OAuth Client.
•We can select between included
providers like Google, Microsoft,
LinkedIn, Slack, GitHub
Salesforce and others or
configure the custom provider.
https://dev.to/aws-heroes/amazon-bedrock-agentcore-gateway-part-2-exposing-existing-amazon-api-gateway-rest-api-via-mcp-and-4458

Agentic AI meets Serverless on AWS
https://aws.amazon.com/bedrock/agentcore/pricing/
Pricing

Agentic AI meets Serverless on AWS
Wrap Up

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
Amazon Bedrock AgentCore

Agentic AI meets Serverless on AWS
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/vpc-interface-endpoints.html
AWS PrivateLinkAccess of Amazon Bedrock AgentCoreResources
▪You can use AWS PrivateLinkto create a private connection
between your VPC and Amazon Bedrock AgentCore.
▪You can access AgentCoreas if it were in your VPC, without the
use of an internet gateway, NAT device, VPN connection, or AWS
Direct Connect connection.
▪Instances in your VPC don't need public IP addresses to access
AgentCore.

Agentic AI meets Serverless on AWS
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/vpc-interface-endpoints.html
AWS PrivateLinkAccess of Amazon Bedrock AgentCoreResources
▪You establish this private connection by creating an interface endpoint,
powered by AWS PrivateLink. We create an endpoint network interface
in each subnet that you enable for the interface endpoint.
▪AgentCore supports the following primitives through the singular
interface endpoint com.amazonaws.region.bedrock-agentcore:
▪Runtime - Agent runtime operations
▪Memory - Memory store operations
▪Identity - Identity management operations
▪The following primitive uses a separate endpoint:
▪AgentCore Gateway - Uses endpoint com.amazonaws.region.bedrock-
agentcore.gateway

Agentic AI meets Serverless on AWS
https://github.com/awslabs/amazon-bedrock-agentcore-samples/tree/main/01-tutorials
Amazon Bedrock AgentCore
Amazon Bedrock AgentCore
services are composable.

Agentic AI meets Serverless on AWS
https://dev.to/vkazulkin/series/32759 https://dev.to/vkazulkin/series/33004
Amazon Bedrock AgentCoreRuntime/Gateway Series'
Articles

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/spring-ai-with-amazon-bedrock-part-5-spring-ai-meets-amazon-bedrock-agentcore-2n6n
•Spring AI supports Amazon Bedrock
Converse API.
•My article describes the example with
Spring AI hosted on AgentCoreRuntime
and use MCP Client with HTTP Streamable
transport protocol with exposed tools via
AgentCoreGateway.
What about other programming languages?

Agentic AI meets Serverless on AWS
https://dev.to/aws-heroes/spring-ai-with-amazon-bedrock-part-5-spring-ai-meets-amazon-bedrock-agentcore-2n6n
•Support of CloudWatch logs and basic
metrics out of the box.
•Currently no AgentCoreMemory support
within Spring AI.
•Challenging AgentCoreObservability
(agent, session and tracing metrics)
•AgentCoreRuntime doesn’t support Docker
compose to run ADOT as a sidecar
•Requires to run ADOT collector as a
separate application with exposed ports
4317/4318
•Spring Boot should be able to act as OTEL
collector
What about other programming languages?

Building production-ready AI Agents with Spring AI and Amazon Bedrock AgentCore
Resources
▪Context Engineering Needs Domain Understandingby Rod
Johnson
▪Introducing Domain-Integrated Context Engineering (DICE)
▪Domain Driven Agent Design (Why your AI agents need domain
awareness) by Russ Miles

Ask Me Anything
131 Agentic AI meets Serverless on AWS

Thank you

Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

Slide 73

Slide 74

Slide 75

Slide 76

Slide 77