AgentCore Identity
The Identity feature provides a straightforward way to integrate the Agent with standard SSO and OAuth2 services. It can be used to authenticate and validate permissions for your agent invocations (inbound), and also to authenticate your agent with other services (outbound). For example, if an agent needs to access the user’s files in services like Google Drive and Dropbox, the developers can use the Identity feature to store the credentials and handle the authorization flow securely.
The AgentCore SDK provides annotations to specify the credentials that the functions require. It automatically handles the authorization flows and refresh of expired tokens. When additional authorization is required, it provides an authorization URL for the user. It can automatically cache the authorization tokens to reduce the number of times the user needs to authenticate or enforce authentication on critical tools.
The Identity feature guarantees that user access tokens and API Keys will be stored and handled safely, and offers a straightforward way to provide a good user authentication experience for agents who act on behalf of the user on external systems and integrations, with great developer experience. See the Amazon Bedrock AgentCore Developer Guide for more information.
AgentCore Gateway
The AgentCore Gateway feature provides a straightforward way to connect GenAI agents to REST services and third-party tools. It converts REST APIs, AWS Lambda functions, and existing services into MCP (Model Context Protocol) compatible tools, with strong authentication and authorization with OAuth2 tokens or API Keys. It also provides out-of-the-box integration with multiple services, including Slack, Jira, Zoom, and Salesforce.
It can be used to quickly develop agents that interact with those services on behalf of users, accelerating time-to-market for deeply integrated agents, and guaranteeing that the integrations and communications will be performed securely. See the Amazon Bedrock AgentCore Developer Guide for more information.
AgentCore Built-in Tools
AgentCore provides a set of specialized tools for common scenarios, alleviating the need to implement those tools by hand and making sure they run in secure, isolated environments. As of July 2025, two tools are provided: The AgentCore CodeInterpreter and the AgentCore Browser.
The AgentCore Code Interpreter can be used to run custom code in isolated environments, without risking the Agent. It can execute and debug code generated by agents or provided by the user, as well as perform complex calculations, including Data Science workloads.
The AgentCore Browser lets agents safely interact with websites and web applications. It isolates the browsing environment from the agent execution by running the browser in a safe sandbox environment. It provides advanced features like visual analysis with screenshots, human intervention with live interactive view capabilities, and recording browser interactions for auditing purposes. See the Getting Started with AgentCore Browser Guide and the Amazon Bedrock AgentCore Code Interpreter Guide for more information.
The Agent Marketplace: Accelerating “Buy Over Build”
Alongside AgentCore, AWS unveiled the Agent Marketplace: a repository of over 800 prebuilt agents and tools ready to deploy. Agents can be searched and filtered by use case, such as contract analysis, compliance automation, or developer productivity, and deployed directly into the AgentCore environment.
For enterprises, this shifts the calculus: if a capability already exists, it is increasingly cost-effective to purchase, configure, and extend it rather than reinvent from scratch. For vendors and ISVs, the Marketplace offers streamlined distribution to a broad customer base, benefiting from AWS’s compliance and billing frameworks.
AgentCore Pricing
Amazon Bedrock AgentCore uses a modular, consumption-based pricing model with no upfront commitments or minimum fees. You pay only for the resources and features you actively use, so costs scale directly with agent activity and adoption. This applies across its main subsystems: Runtime, Tools (Browser, Code Interpreter), Gateway, Identity, Memory, and Observability. See the table below for details of the pricing of the AgentCore components.
Brian Tarbox
André Luís Gobbi Sanches
