AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-01 · Documentation low

File: bedrock-agentcore/latest/devguide/runtime-mcp.md

Summary

Updated documentation to reflect a change from using a Python-based 'starter toolkit' to a Node.js-based 'AgentCore CLI' for deployment. Changed commands from 'agentcore configure' and 'agentcore launch' to 'agentcore create' and 'agentcore deploy', and updated the deployment artifact process from Docker/ECR to packaging/S3.

Security assessment

The changes are procedural updates for tooling and deployment workflow. While the documentation continues to mention the requirement for a Cognito user pool and OAuth tokens for secure access, this is not a new addition. There is no evidence in the diff that these changes were made to address a specific security vulnerability, weakness, or incident. The updates appear to be routine documentation maintenance for a changed CLI interface and deployment process.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-mcp.md b/bedrock-agentcore/latest/devguide/runtime-mcp.md
index e4d411e98..71000ebcc 100644
--- a//bedrock-agentcore/latest/devguide/runtime-mcp.md
+++ b//bedrock-agentcore/latest/devguide/runtime-mcp.md
@@ -171 +171 @@ You can also test your server using the MCP Inspector as described in Local test
-Install the AgentCore starter toolkit:
+Install the AgentCore CLI:
@@ -174 +174 @@ Install the AgentCore starter toolkit:
-    pip install bedrock-agentcore-starter-toolkit
+    npm install -g @aws/agentcore
@@ -176 +176 @@ Install the AgentCore starter toolkit:
-You use the starter toolkit to deploy your agent to AgentCore Runtime. 
+You use the AgentCore CLI to deploy your agent to AgentCore Runtime. 
@@ -195 +195 @@ Create a new file called `requirements.txt`, add the following to it:
-### Configure your MCP server for deployment
+### Create your project for deployment
@@ -197 +197 @@ Create a new file called `requirements.txt`, add the following to it:
-Before configuring your deployment, you need to set up a Cognito user pool for authentication as described in Set up Cognito user pool for authentication. This provides the OAuth tokens required for secure access to your deployed server.
+Before creating your project, you need to set up a Cognito user pool for authentication as described in Set up Cognito user pool for authentication. This provides the OAuth tokens required for secure access to your deployed server.
@@ -203,14 +203 @@ Starting **October 7, 2025** , Amazon Bedrock AgentCore uses a Service-Linked Ro
-After setting up authentication, create the deployment configuration:
-    
-    
-    agentcore configure -e my_mcp_server.py --protocol MCP
-
-This will start a guided prompt workflow:
-
-  * For execution role, you need to have an IAM execution role with appropriate permissions
-
-  * For ECR, just press `enter` to skip and it will auto-create
-
-  * For dependency file, the CLI will auto-detect from current directory
-
-  * For OAuth, type `yes` and provide the discovery URL and client ID token
+After setting up authentication, scaffold a new project with MCP protocol:
@@ -218,0 +206 @@ This will start a guided prompt workflow:
+    agentcore create --protocol MCP
@@ -219,0 +208 @@ This will start a guided prompt workflow:
+Follow the interactive prompts to provide a project name. The CLI scaffolds the project structure including an `agentcore/agentcore.json` configuration file. Copy your `my_mcp_server.py` file into the generated project's agent code directory, and ensure the entrypoint in `agentcore/agentcore.json` points to your server file.
@@ -226 +215 @@ Deploy your agent:
-    agentcore launch
+    agentcore deploy
@@ -230 +219 @@ This command will:
-  1. Build a Docker container with your agent
+  1. Package your agent code and dependencies
@@ -232 +221 @@ This command will:
-  2. Push it to Amazon ECR
+  2. Upload the deployment artifact to Amazon S3
@@ -334,12 +323 @@ For more information, see [Auth0 Dynamic Client Registration documentation](http
-### Step 5: Configure your MCP server for deployment
-
-After setting up authentication, create the deployment configuration:
-    
-    
-    agentcore configure -e my_mcp_server.py --protocol MCP
-
-This will start a guided prompt workflow:
-
-  * For execution role, you need to have an IAM execution role with appropriate permissions
-
-  * For ECR, just press `enter` to skip and it will auto-create
+### Step 5: Create your project for deployment
@@ -347 +325 @@ This will start a guided prompt workflow:
-  * For OAuth, type `yes` and provide the discovery URL and audience.
+After setting up authentication, scaffold a new project with MCP protocol:
@@ -349,0 +328 @@ This will start a guided prompt workflow:
+    agentcore create --protocol MCP
@@ -350,0 +330 @@ This will start a guided prompt workflow:
+Follow the interactive prompts to provide a project name. The CLI scaffolds the project structure including an `agentcore/agentcore.json` configuration file. Copy your `my_mcp_server.py` file into the generated project's agent code directory, and ensure the entrypoint in `agentcore/agentcore.json` points to your server file.
@@ -357 +337 @@ Deploy your agent:
-    agentcore launch
+    agentcore deploy
@@ -361 +341 @@ This command will:
-  * Build a Docker container with your agent
+  * Package your agent code and dependencies
@@ -363 +343 @@ This command will:
-  * Push it to Amazon ECR
+  * Upload the deployment artifact to Amazon S3
@@ -981 +961 @@ After running this script, note the following values for use in the deployment c
-  * Discovery URL: Used during the `agentcore configure` step
+  * Discovery URL: Used during the `agentcore create` step
@@ -983 +963 @@ After running this script, note the following values for use in the deployment c
-  * Client ID: Used during the `agentcore configure` step
+  * Client ID: Used during the `agentcore create` step