As AI rapidly moves from experimentation to production, teams face an increasing number of architectural decisions that directly shape long-term outcomes. While most decisions are reversible "two-way doors" open to iteration, your infrastructure choice is a one-way door that defines how far your application can scale, how securely it operates, and how reliably it serves users. Enter Amazon Bedrock AgentCore, AWS's new foundation for building and deploying intelligent agents at production scale.
Before diving in, it’s worth clarifying an important distinction: Amazon Bedrock AgentCore is not responsible for your agent’s orchestration or business logic. Instead, it provides the managed runtime infrastructure that executes that logic – handling scaling, isolation, networking, and security so you can focus on how your agent thinks and behaves.
In this hands-on guide, we'll deploy an AI agent to AgentCore Runtime to orchestrate a Retrieval-Augmented Generation (RAG) chatbot workflow with user authentication and streamed responses. This hands-on example will illustrate core architectural concepts for building and operating AI agents on AWS, highlighting several important considerations:
- Security: JWT-based authentication ensures only authorized users have access to your agent
- Scalability: Amazon Bedrock AgentCore's serverless nature automatically handles traffic spikes
- Cost Efficiency: Pay only for active compute time, not idle resources
- Observability: Built-in logging and session management for debugging
- Maintainability: Terraform enables consistent deployments across environments
Along the way, we'll also explore the trade-offs involved in architectural decisions for production-level chatbots.
Why Amazon Bedrock AgentCore?
Amazon Bedrock AgentCore is an agentic platform for building, deploying, and operating AI agents securely at scale across any framework, model, or protocol, with no infrastructure management required. Its modular services include Runtime, Memory, Gateway, Identity, Browser, and Observability, which you can use together or independently for your agent workloads.
At the heart of this platform is AgentCore Runtime, a secure, serverless execution environment purpose-built to host and scale AI agents and tools without requiring the provisioning or tuning of compute resources.
AgentCore Runtime’s serverless model lets you focus on your agent’s logic instead of infrastructure. There is no need to configure auto-scaling groups, monitor CPU or memory metrics, or reserve capacity in advance. The service automatically scales based on load, provides session isolation and extended runtimes, and abstracts away the undifferentiated heavy lifting of agent hosting.
You also pay only for the active resources you consume. Idle time spent waiting for large language model responses or external context retrieval is not counted toward the final cost. Compared with services that charge for pre-allocated resources, such as Amazon EC2 or Amazon ECS, this model can significantly reduce overall CPU costs for agent-based applications.
Beyond AgentCore Runtime, Amazon Bedrock AgentCore offers several other services that can facilitate AI agent development and integrate with AgentCore Runtime, such as:
- AgentCore Memory: Offers both long-term and short-term memory for conversation and contextual history
- AgentCore Gateway: A secure way to build, deploy, discover, and connect to tools at scale
- AgentCore Identity: An identity and credential management service designed specifically for AI agents and automated workloads
If you are using Amazon Cognito User Pools to authenticate users, you can integrate JWT Token Authentication to secure your application. Learn more about Amazon Bedrock AgentCore here.
Architecture Decisions for Production RAG
Knowledge Base & Vector Store
Production RAG systems must support reliable semantic search, frequent document updates, and secure access to knowledge sources, while keeping operational complexity low. The vector store should scale with growing data volumes without requiring ongoing infrastructure management.
For this implementation, we're using Amazon Bedrock Knowledge Base with Amazon S3 Vectors as the vector store. This combination offers several advantages:
- Managed Service Benefits: Using a managed knowledge base reduces operational burden by handling document chunking, embedding generation, and retrieval APIs out of the box, while still allowing flexibility by supporting multiple vector store backends, such as Amazon OpenSearch, Amazon Aurora PostgreSQL, Pinecone, and others, as architectural requirements evolve.
- Amazon S3 Vectors: A newer option that provides a simple, cost-effective, and performant vector store for small-to-medium RAG applications. For an in-depth analysis, check out our blog on Amazon S3 Vectors.
- Amazon Bedrock Data Automation (BDA): Automatically handles multimodal document ingestion without manual parsing/chunking configurations. (Note: Currently not available in all regions - this tutorial uses us-east-1.)
Embedding Model
To perform the type of semantic search required for RAG, we first use a specialized model to compute vector embeddings for the documents we want to retrieve, and then store those embeddings in a vector database. These embeddings allow user queries to be compared based on meaning rather than exact keyword matches.
Amazon Titan Text Embeddings is AWS’s native embedding model family designed for high-quality semantic retrieval across a wide range of text workloads. For this implementation, we’re using Amazon Titan Text Embeddings V2 due to its improved retrieval performance, larger token input size of up to 8,192 tokens, and lower cost compared to alternatives such as Cohere’s embedding models.
Chunking Strategy
Amazon Bedrock Knowledge Base offers multiple chunking strategies, including standard, hierarchical, semantic, and multimodal.
For RAG applications, semantic chunking is typically the best fit. Instead of splitting documents based on layout or fixed token counts, it groups content by meaning, which improves retrieval accuracy and helps ensure the model receives context that is actually relevant to the user’s question. This deeper semantic alignment is especially important for conversational workloads, and it’s why AWS recommends semantic chunking as the default approach for RAG-based chatbots.
LLM Model
Anthropic Claude Haiku 4.5 is a lightweight, high-performance foundation model designed for low-latency, cost-efficient conversational and agentic workloads. It strikes a strong balance between speed, reasoning capability, and operational cost, making it well-suited for production chatbot deployments.
We're using Anthropic Claude Haiku 4.5 as the foundation model because it delivers near-frontier performance at a fraction of the cost of larger models like Sonnet. It performs particularly well for chatbots that require fast responses, reliable reasoning, and consistent use of agentic tools. To learn more, read about our deep dive into Claude Haiku 4.5.
Future Considerations: As LLM models evolve, you may need to update your model to leverage improved reasoning, higher-quality training data, and better tool-use capabilities.
Hands-On Tutorial
Prerequisites.
To deploy your AI agent, you'll need:
- An AWS account with permissions for Amazon Bedrock, Amazon Bedrock AgentCore, and Amazon S3
- AWS credentials loaded via aws configure sso or environment variables
- Python v3.12+
- Terraform v1.14.3+
- Docker
- Code editor (VS Code, Cursor, etc.)
Clone the repository: https://github.com/caylent/agentcore-blog.
This tutorial creates resources in us-east-1 to leverage Bedrock Data Automation.
Agent Code Overview
The main entry point for the agent invocation is agent/app.py: