AWS bedrock-agentcore documentation change
Summary
Updated A2A server tutorial to use AgentCore CLI, changed from manual setup to CLI-based project scaffolding and deployment, updated prerequisites, code examples, and deployment steps.
Security assessment
The changes are procedural updates for tooling and workflow improvements. No evidence of addressing a specific security vulnerability, incident, or weakness. The mention of Cognito authentication for secure access was already present in the previous version and remains a prerequisite without new security context.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-a2a.md b/bedrock-agentcore/latest/devguide/runtime-a2a.md index 7f6fa0e68..cad10b2e3 100644 --- a//bedrock-agentcore/latest/devguide/runtime-a2a.md +++ b//bedrock-agentcore/latest/devguide/runtime-a2a.md @@ -86 +86 @@ In this tutorial you create, test, and deploy an A2A server. - * Step 1: Create your A2A server + * Step 1: Create your A2A project @@ -103 +103 @@ In this tutorial you create, test, and deploy an A2A server. - * An AWS account with appropriate permissions and local credentials configured + * Node.js 18 or higher installed (required for the AgentCore CLI) @@ -105 +105 @@ In this tutorial you create, test, and deploy an A2A server. - * Understanding of the A2A protocol and agent-to-agent communication concepts + * The AgentCore CLI installed: `npm install -g @aws/agentcore` @@ -106,0 +107 @@ In this tutorial you create, test, and deploy an A2A server. + * An AWS account with appropriate permissions and local credentials configured @@ -107,0 +109 @@ In this tutorial you create, test, and deploy an A2A server. + * Understanding of the A2A protocol and agent-to-agent communication concepts @@ -110 +111,0 @@ In this tutorial you create, test, and deploy an A2A server. -### Step 1: Create your A2A server @@ -112 +112,0 @@ In this tutorial you create, test, and deploy an A2A server. -We are showing an example with strands, but you can use other ways to build with A2A. @@ -114 +114 @@ We are showing an example with strands, but you can use other ways to build with -#### Install required packages +### Step 1: Create your A2A project @@ -116 +116 @@ We are showing an example with strands, but you can use other ways to build with -First, install the required packages for A2A: +This example uses Strands Agents, but the AgentCore CLI also supports A2A projects with LangChain/LangGraph and Google ADK. @@ -117,0 +118 @@ First, install the required packages for A2A: +#### Scaffold the project @@ -119,3 +120 @@ First, install the required packages for A2A: - pip install strands-agents[a2a] - pip install bedrock-agentcore - pip install strands-agents-tools +Run the following command and select _Strands_ as your framework when prompted: @@ -123 +121,0 @@ First, install the required packages for A2A: -#### Create your first A2A server @@ -125 +123 @@ First, install the required packages for A2A: -Create a new file called `my_a2a_server.py`: + agentcore create --protocol A2A @@ -126,0 +125 @@ Create a new file called `my_a2a_server.py`: +The CLI scaffolds a complete project with all required dependencies and configuration. The generated `main.py` contains your A2A server: @@ -128,7 +126,0 @@ Create a new file called `my_a2a_server.py`: - import logging - import os - from strands_tools.calculator import calculator - from strands import Agent - from strands.multiagent.a2a import A2AServer - import uvicorn - from fastapi import FastAPI @@ -136 +128,4 @@ Create a new file called `my_a2a_server.py`: - logging.basicConfig(level=logging.INFO) + from strands import Agent, tool + from strands.multiagent.a2a.executor import StrandsA2AExecutor + from bedrock_agentcore.runtime import serve_a2a + from model.load import load_model @@ -138,2 +132,0 @@ Create a new file called `my_a2a_server.py`: - # Use the complete runtime URL from environment variable, fallback to local - runtime_url = os.environ.get('AGENTCORE_RUNTIME_URL', 'http://127.0.0.1:9000/') @@ -141 +134,4 @@ Create a new file called `my_a2a_server.py`: - logging.info(f"Runtime URL: {runtime_url}") + @tool + def add_numbers(a: int, b: int) -> int: + """Return the sum of two numbers.""" + return a + b @@ -143,6 +138,0 @@ Create a new file called `my_a2a_server.py`: - strands_agent = Agent( - name="Calculator Agent", - description="A calculator agent that can perform basic arithmetic operations.", - tools=[calculator], - callback_handler=None - ) @@ -150 +140 @@ Create a new file called `my_a2a_server.py`: - host, port = "0.0.0.0", 9000 + tools = [add_numbers] @@ -152,5 +142,4 @@ Create a new file called `my_a2a_server.py`: - # Pass runtime_url to http_url parameter AND use serve_at_root=True - a2a_server = A2AServer( - agent=strands_agent, - http_url=runtime_url, - serve_at_root=True # Serves locally at root (/) regardless of remote URL path complexity + agent = Agent( + model=load_model(), + system_prompt="You are a helpful assistant. Use tools when appropriate.", + tools=tools, @@ -159,8 +147,0 @@ Create a new file called `my_a2a_server.py`: - app = FastAPI() - - @app.get("/ping") - def ping(): - return {"status": "healthy"} - - app.mount("/", a2a_server.to_fastapi_app()) - @@ -168,2 +149 @@ Create a new file called `my_a2a_server.py`: - uvicorn.run(app, host=host, port=port) - + serve_a2a(StrandsA2AExecutor(agent)) @@ -178 +158 @@ Creates an agent with specific tools and capabilities -**A2AServer** +**StrandsA2AExecutor** @@ -181 +161 @@ Creates an agent with specific tools and capabilities -Wraps the agent to provide A2A protocol compatibility +Wraps the Strands agent to provide A2A protocol compatibility @@ -183 +163 @@ Wraps the agent to provide A2A protocol compatibility -**Agent Card URL** +**serve_a2a** @@ -186 +166 @@ Wraps the agent to provide A2A protocol compatibility -Dynamically constructs the correct URL based on deployment context using the `AGENTCORE_RUNTIME_URL` environment variable +The Amazon Bedrock AgentCore SDK helper that starts a Bedrock-compatible A2A server. It handles the `/ping` health endpoint, Agent Card serving, `AGENTCORE_RUNTIME_URL` environment variable, Bedrock header propagation, and runs on port 9000 by default. @@ -192,0 +173,2 @@ A2A servers run on port 9000 by default in AgentCore Runtime +To customize this agent, replace the `add_numbers` tool with your own tools and update the system prompt. + @@ -199 +181,2 @@ Run and test your A2A server in a local development environment. -Run your A2A server locally: +Start your A2A server locally using the AgentCore CLI: + @@ -200,0 +184 @@ Run your A2A server locally: + agentcore dev @@ -202 +186,4 @@ Run your A2A server locally: - python my_a2a_server.py +Alternatively, you can run the server directly: + + + python main.py @@ -240,24 +226,0 @@ You can also test your deployed server using the A2A Inspector as described in [ -Deploy your A2A server to AWS using the Amazon Bedrock AgentCore starter toolkit. - -#### Install deployment tools - -Install the Amazon Bedrock AgentCore starter toolkit: - - - pip install bedrock-agentcore-starter-toolkit - -Start by creating a project folder with the following structure: - - - ## Project Folder Structure - your_project_directory/ - ├── my_a2a_server.py # Your main agent code - ├── requirements.txt # Dependencies for your agent - -Create a new file called `requirements.txt`, add the following to it: - - - strands-agents[a2a] - bedrock-agentcore - strands-agents-tools - @@ -266 +229 @@ Create a new file called `requirements.txt`, add the following to it: -Configure authentication for secure access to your deployed server. For detailed Cognito setup instructions, see [Set up Cognito user pool for authentication](./runtime-mcp.html#runtime-mcp-appendix-a). This provides the OAuth tokens required for secure access to your deployed server. +Before deploying, configure authentication for secure access to your deployed server. For detailed Cognito setup instructions, see [Set up Cognito user pool for authentication](./runtime-mcp.html#runtime-mcp-appendix-a). This provides the OAuth tokens required for secure access to your deployed server. @@ -268,3 +231 @@ Configure authentication for secure access to your deployed server. For detailed -#### Configure your A2A server for deployment - -After setting up authentication, create the deployment configuration: +#### Deploy to AWS @@ -271,0 +233 @@ After setting up authentication, create the deployment configuration: +Deploy your agent: @@ -273 +234,0 @@ After setting up authentication, create the deployment configuration: - agentcore configure -e my_a2a_server.py --protocol A2A @@ -275 +236 @@ After setting up authentication, create the deployment configuration: - * Select protocol as A2A + agentcore deploy @@ -277 +238 @@ After setting up authentication, create the deployment configuration: - * Configure with OAuth configuration as setup in the previous step +This command will: @@ -278,0 +240 @@ After setting up authentication, create the deployment configuration: + 1. Package your agent code and dependencies @@ -279,0 +242 @@ After setting up authentication, create the deployment configuration: + 2. Upload the deployment artifact to Amazon S3 @@ -280,0 +244 @@ After setting up authentication, create the deployment configuration: + 3. Create a Amazon Bedrock AgentCore runtime @@ -282 +246 @@ After setting up authentication, create the deployment configuration: -#### Deploy to AWS + 4. Deploy your agent to AWS @@ -284 +247,0 @@ After setting up authentication, create the deployment configuration: -Deploy your agent: @@ -287 +249,0 @@ Deploy your agent: - agentcore launch