AgentCore Gateway for Bedrock has been updated to strengthen enterprise support for Model Context Protocol (MCP) servers by centralizing MCP functionality and adding deployment — focused features. The release aggregates MCP primitives into a single endpoint and adds runtime and security capabilities that reduce per-server plumbing, making it easier for platform teams to enforce policies and for builders to integrate agents with corporate environments.
The gateway now exposes all three MCP primitives — tools, prompts, and resources — through one MCP endpoint and a unified catalog, and implements full MCP methods including tools/list, tools/call, prompts/list, prompts/get, and resources/list plus resource templates. Tool definitions can include name, icon, description and inputSchema as before, and now may also include optional outputSchema and annotations that mark properties such as read-only or destructive, giving richer metadata for callers and tool orchestration.
Runtime discovery and stateful interactions are a focus of the update: the gateway supports dynamic listing for runtime discovery, streaming and session management for stateful interactions, and elicitation to request additional input mid-execution. These additions aim to support longer — lived agent workflows and more interactive tool exchanges without requiring custom session infrastructure per MCP server.
Centralized governance and observability are improved by consolidating credential management and logging at the gateway. Platform teams can enforce resource — based policies (RBP) to restrict who can invoke the gateway — for example, limiting invocation to an Amazon VPC-and apply service control policies (SCPs) to manage maintenance within an AWS Organization. The gateway also collects centralized application and identity logs to simplify audit and compliance workflows.
To support network isolation and private connectivity, the gateway supports AWS PrivateLink for both control plane and data plane traffic and can reach private API endpoints or MCP servers using managed VPC resource mode. These connectivity options keep traffic inside VPC boundaries and simplify secure access to MCP servers that reside on private networks.
Extensibility and runtime enforcement are provided by an interceptor capability that runs AWS Lambda functions to customize request and response handling; documented examples include input sanitization, fine-grained authorization checks, and custom transformation logic. The gateway also integrates with AgentCore Policy (Preview) to supply centralized, agentic guardrails and supports OAuth 2.0 flows — specifically authorization — code and on-behalf-of token exchange — so agents can authenticate or act on behalf of users when invoking tools.
Operationally, the extensions are intended to reduce duplicated infrastructure work: without a gateway, each MCP server must implement credentials, policy enforcement, private connectivity and logging. With AgentCore Gateway, teams can focus on business logic while platform and security teams retain unified visibility, centralized policies and audit trails. Builders can begin using runtime discovery, stateful streaming, elicitation and delegated authentication patterns through the published GitHub samples; AgentCore Policy remains in Preview for early testing.
Sources
Replies (0)
No replies in this topic yet.
