awslabs/agentcore-samples — Summary

Amazon Bedrock AgentCore Samples is AWS's official code sample repository for Amazon Bedrock AgentCore — a managed cloud infrastructure platform for deploying and operating AI agents at production scale. The repo provides getting-started tutorials, deep-dive feature examples, end-to-end use cases, framework integrations, infrastructure-as-code templates, and full reference blueprints.

Problem it solves: Moving AI agents from prototype to production requires solving infrastructure problems (compute, memory, identity, security, observability) that most developers don't want to build themselves. AgentCore provides managed infrastructure; this samples repo shows developers exactly how to use each capability.

Distinctive trait: This is the only framework in the corpus that is a cloud runtime infrastructure for agents rather than a workflow or skill system. AgentCore provides: managed agent harness (serverless runtime), MCP Gateway (convert any API to MCP tools), Identity (OAuth/OIDC for cross-service auth), Memory (managed vector+semantic store), Code Interpreter, Browser Tool, Observability (OpenTelemetry), and Cedar-policy-based access control. The repo demonstrates all of these with framework-agnostic samples (Strands, LangGraph, CrewAI, OpenAI Agents SDK, Google ADK all supported).

Target audience: AWS developers building production-grade AI agents who want to avoid building agent infrastructure themselves; ML engineers deploying agent workloads.

Scope: 2,868 GitHub stars, Apache-2.0, 30 contributors, actively maintained with daily pushes.

Differs from seeds: No seed framework matches — AgentCore is cloud infrastructure (AWS Lambda/ECS equivalent for agents), not a workflow or skill framework. Closest to how cloud-flow's hive-mind patterns operate at scale, but AgentCore is a managed AWS service with Cedar policies, IAM integration, and SOC-2 posture.

awslabs/agentcore-samples — Overview

Origin

Amazon Bedrock AgentCore is a new AWS service (announced in 2025) for deploying AI agents at production scale. The samples repo was originally called the "Bedrock AgentCore Starter Toolkit" but transitioned to use the new AgentCore CLI. The MIGRATION.md documents the old-path to new-path mapping.

Philosophy

"Deploy and operate AI agents securely at scale — using any framework and model" "Amazon Bedrock AgentCore is both framework-agnostic and model-agnostic, giving you the flexibility to deploy and operate advanced AI agents securely and at scale."

Key principles:

1. Framework agnostic: Works with Strands Agents, CrewAI, LangGraph, LlamaIndex, OpenAI Agents SDK, Google ADK — no lock-in to one framework
2. Model agnostic: Any LLM via Amazon Bedrock — Claude, Llama, Mistral, etc.
3. Managed infrastructure: "Eliminating the undifferentiated heavy lifting of building and managing specialized agent infrastructure"
4. Security by default: Cedar policies for fine-grained access control, AWS IAM integration, VPC support

Service Components

AgentCore CLI

The primary developer experience tool:

npm install -g @aws/agentcore
agentcore create --name myagent --model-provider bedrock
agentcore deploy
agentcore invoke --session-id "$(uuidgen)" "My prompt"

awslabs/agentcore-samples — Architecture

Distribution

• Type: standalone-repo (sample collection) + CLI tool (@aws/agentcore)
• Primary SDK: Python SDK (github.com/aws/bedrock-agentcore-sdk-python) + TypeScript SDK
• CLI: npm install -g @aws/agentcore (AgentCore CLI)
• License: Apache-2.0

Repository Structure

awslabs/agentcore-samples/
├── 00-getting-started/          # Quick start with AgentCore CLI
│   ├── python/                  # Python agent samples
│   └── typescript/              # TypeScript agent samples
├── 01-features/                 # Feature-specific deep dives
│   ├── 01-harness/              # Managed agent runtime
│   │   ├── 00-getting-started/
│   │   ├── 01-advanced-examples/ (custom containers, gateway, MCP, OAuth)
│   │   └── 02-use-cases/
│   ├── 02-host-your-agent/
│   ├── 03-connect-your-agent-to-anything/ # Gateway/MCP
│   ├── 04-manage-context-of-your-agent/   # Memory
│   ├── 05-authenticate-and-authorize/     # Identity + Cedar policies
│   ├── 06-observe-evaluate-optimize/      # Observability + Eval
│   ├── 07-centralize-and-govern/          # Gateway + Policy + Registry
│   │   ├── 01-gateway/
│   │   ├── 02-policy/
│   │   └── 03-registry/
│   └── 08-agents-that-transact/
├── 02-use-cases/               # (see below — mapped to end-to-end)
├── 03-integrations/
│   ├── identity-providers/     # Okta, Entra, Cognito
│   ├── observability/          # Grafana, Datadog, Dynatrace
│   ├── data-platforms/         # Data lake/warehouse integrations
│   └── ux-examples/            # Streamlit, AG-UI frontends
├── 04-infrastructure-as-code/  # CloudFormation, CDK, Terraform
├── 05-blueprints/              # Full-stack reference applications
├── 06-workshops/
├── pyproject.toml
└── requirements.txt

AgentCore Architecture (Service Layer)

Developer → AgentCore CLI → AWS CloudFormation
                                ↓
                         AgentCore Runtime (Lambda-like)
                                ↓
              ┌─────────────────┼─────────────────┐
           Gateway           Memory            Identity
        (MCP converter)   (vector store)   (OAuth/OIDC)
              ↓                 ↓                 ↓
        External APIs    Semantic recall    Cross-service auth

Required Runtime

• node >= 20 (AgentCore CLI)
• python >= 3.9 (Python samples)
• uv >= 0.4 (for sample execution)
• AWS CLI v2 (for credential setup)
• boto3 (Python SDK)
• AWS account with Bedrock access

awslabs/agentcore-samples — Components

AgentCore CLI Commands

AgentCore Service Capabilities (MCP-Exposed)

Managed Harness

• create_harness_agent — Define agent (model, tools, instructions)
• invoke_harness_agent — Run agent with session
• execute_command — Run arbitrary commands within agent context

Gateway (API→MCP Converter)

• Supports: Lambda function ARNs, MCP servers, OpenAPI specs, Smithy models
• Converts any API to MCP-compatible tools automatically

Memory

• Semantic memory (vector-based recall)
• Episodic memory (conversation history)
• agentcore add memory → auto-provisions memory infrastructure

Identity

• OAuth/OIDC agent identity
• Supported IdPs: Okta, Microsoft Entra, Cognito
• Token exchange for cross-service authentication

Observability

• OpenTelemetry integration
• Supported backends: Grafana, Datadog, Dynatrace
• agentcore observability commands

Evaluation

• Built-in evaluators + custom evaluator support
• Online eval (running in production) + offline eval (test suite)

Policy (Cedar)

• Fine-grained access control with Cedar policy language
• Resource-level permissions for agent actions

Sample Categories

awslabs/agentcore-samples — Uniqueness & Positioning

Differs from Seeds

No seed framework compares — AgentCore is a cloud infrastructure platform (like AWS Lambda but for AI agents), not a workflow or skill framework. The seeds are local process frameworks; AgentCore provides the runtime those processes would run on.

The closest conceptual relationship is to claude-flow (Archetype 3 — MCP-anchored toolserver with multi-agent patterns) — but claude-flow is a local tool coordination system while AgentCore is a managed cloud service with IAM, Cedar policies, serverless compute, and SOC-2 posture.

Distinctive Properties

1. Only managed cloud runtime in the corpus: AgentCore provides the infrastructure that developer-facing frameworks assume exists (compute, scaling, auth, storage). All other frameworks in the corpus run on the developer's local machine.

2. Cedar policy access control: Fine-grained resource permissions using Amazon's Cedar policy language — no other framework in the corpus ships a formal policy model for agent actions.

3. Framework-agnostic design: Strands, LangGraph, CrewAI, LlamaIndex, OpenAI Agents SDK, Google ADK all work without code changes — the abstraction layer is at the infrastructure level.

4. MCP Gateway as API converter: Any Lambda, OpenAPI spec, or Smithy model becomes an MCP tool automatically — solving the "connecting agents to enterprise APIs" problem without custom MCP server development.

5. Production-grade evaluation: Built-in online (real-time) and offline (test suite) evaluation with custom evaluator support — no other framework ships managed eval infrastructure.

Observable Failure Modes

• AWS vendor lock-in: All state (memory, compute, Gateway configs) is in AWS — migrating to another provider requires architectural changes
• Cost at scale: Serverless compute + managed memory + Gateway routing all incur AWS costs — no cost model visible in samples for budget estimation
• Complex IAM setup: The required IAM permissions (CloudFormation, S3, IAM role management, Lambda, CloudWatch, Bedrock) create initial setup friction
• Sample staleness: With the transition from Starter Toolkit to AgentCore CLI, some samples in legacy/ are outdated — MIGRATION.md helps but adds discovery friction

Governance Posture

As an official awslabs repo, AgentCore Samples carries:

• Enterprise security scanning in the repo (.checkov.yaml, .secrets.baseline, .github/ workflows)
• Apache-2.0 license
• CODE_OF_CONDUCT.md + CONTRIBUTING.md + CONTRIBUTORS.md
• Daily maintenance cadence (last pushed 2026-05-26)