# Release notes for Amazon Bedrock AgentCore
<a name="release-notes"></a>

We recommend subscribing to the RSS feed so updates to these notes are delivered to your Inbox.

## May 2026
<a name="_may_2026"></a>

### Harness: Bring-Your-Own File System (Amazon S3 Files and Amazon EFS)
<a name="_harness_bring_your_own_file_system_amazon_s3_files_and_amazon_efs_2"></a>

AgentCore harnesses now support Amazon S3 Files and Amazon EFS access points alongside managed session storage. Attach access points at `CreateHarness` or `UpdateHarness` time and the harness mounts them into every session at a path you specify. Use S3 Files for round-trip with an S3 bucket, EFS for low-latency shared storage, or combine up to five mounts on a single harness. See [Filesystem](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/harness-memory.html#harness-filesystem).

### Runtime: Bring-Your-Own File System (Amazon S3 Files and Amazon EFS)
<a name="_runtime_bring_your_own_file_system_amazon_s3_files_and_amazon_efs_2"></a>

Developers can now attach Amazon S3 Files and Amazon EFS access points directly to agent runtimes. AgentCore Runtime mounts the file system into every session at a path you specify, and your agent reads and writes using standard file operations — no custom mount code, no privileged containers, and no download orchestration required. Mount an S3 Files file system for automatic synchronization between file operations and the S3 bucket, or an EFS access point for a shared NFS file system with sub-millisecond latency. This enables agents to load shared skills, prompt templates, or datasets at session start without re-downloading, persist intermediate results across sessions, and collaborate on the same data across multiple agents. Available across all 15 AWS Regions where AgentCore Runtime is supported. See [File system configurations in AgentCore Runtime](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-filesystem-configurations.html).

### Agent Performance Loop: Optimization, Batch Evaluation, and User Simulation
<a name="_agent_performance_loop_optimization_batch_evaluation_and_user_simulation_2"></a>

Three new capabilities close the observe-evaluate-optimize-deploy loop, enabling teams to continuously improve agent quality using real production data. Optimization analyzes production traces and evaluator outputs to recommend targeted updates to system prompts and tool descriptions, with built-in A/B testing to validate changes before rollout. Batch evaluation replays curated or historical sessions to compare pre/post scores and catch regressions before changes reach end users. User simulation generates realistic, multi-turn conversations using LLM-backed actors to reveal behaviors beyond scripted test cases. See [Optimization](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/optimization.html), [Batch Evaluations](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/batch-evaluations-getting-started.html), and [User Simulation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/user-simulation.html).

### AgentCore is generally available in AWS GovCloud (US-West)
<a name="agentcore_is_generally_available_in_shared_aws_govcloud_us_west"></a>

Enterprise-grade agentic AI capabilities are now available for workloads with elevated compliance needs. With AgentCore, organizations can accelerate agents from prototype to production using any framework and any model, while maintaining the security and compliance controls required for government and regulated workloads. For details about AgentCore in AWS GovCloud (US), visit the [GovCloud Documentation](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-bedrock-agentcore.html).

### Amazon Bedrock AgentCore payments is now in Preview
<a name="_amazon_bedrock_agentcore_payments_is_now_in_preview_2"></a>

Teams can now enable AI agents to autonomously access and pay for APIs, MCP servers, web content, and other agents. Built in partnership with Coinbase and Stripe, AgentCore payments is the first managed payment capabilities purpose-built for autonomous agents, handling the full payment lifecycle from wallet authentication through transaction execution to spending governance and observability. As AI agents become more capable and services shift to pay-per-use models built for machine consumption, developers need infrastructure that lets their agents transact without building bespoke billing integrations, credential management, orchestration logic, budgeting, and observability from scratch. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/payments.html).

### Runtime: Custom Header Passthrough
<a name="_runtime_custom_header_passthrough_2"></a>

AgentCore now supports passing arbitrary custom headers through to agents, aligned with Gateway’s header propagation model. Previously restricted to `Authorization` and `X-Amzn-Bedrock-AgentCore-Runtime-Custom-*` headers only, customers can now forward headers like transitive authentication tokens and webhook signatures without modification. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-header-allowlist.html).

## April 2026
<a name="_april_2026"></a>

### Identity, Gateway, and Runtime: VPC Egress Support
<a name="_identity_gateway_and_runtime_vpc_egress_support_2"></a>

Identity, Gateway, and Runtime now support secure egress to resources within customer VPCs, available in managed and self-managed configurations. Enables agents to invoke private resources (e.g., EKS-hosted MCP servers) directly through Gateway and connect to Identity Providers operating within customer VPCs. Includes private DNS resolution for managed VPC egress. See documentation for more details: [Gateway](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-quick-start.html) \| [Identity](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity-private-idp.html).

### Runtime: Node.js Direct Code Deployment
<a name="_runtime_node_js_direct_code_deployment_2"></a>

AgentCore now supports Node.js as a managed language runtime for direct code deployment, alongside existing Python support. Developers can package their Node.js-based agents into a .zip archive without building or managing container images. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started-code-deploy-node.html).

### Agent Optimization Loop capabilities in Public Preview
<a name="_agent_optimization_loop_capabilities_in_public_preview_2"></a>

AgentCore launches recommendations and two validation methods (batch evaluations and A/B tests), completing the observe-evaluate-improve loop for production agents. Developers can now act on evaluation findings through systematic, validated improvements rather than manual intervention. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/optimization.html).

### Identity: On-Behalf-Of (OBO) Token Exchange
<a name="_identity_on_behalf_of_obo_token_exchange_2"></a>

AgentCore Identity now supports OBO token exchange, enabling agents to securely access protected resources on behalf of authenticated users without requiring multiple consent flows. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/on-behalf-of-token-exchange.html).

### Region Expansion: São Paulo and Canada Central
<a name="_region_expansion_são_paulo_and_canada_central_2"></a>

AgentCore Identity, Runtime, Code Interpreter, Browser Tool, Gateway, Policy, and Observability are now generally available in São Paulo (GRU). Policy launched in Canada Central (YUL).

### Memory: Structured Metadata Filtering on Long-Term Memory
<a name="_memory_structured_metadata_filtering_on_long_term_memory_2"></a>

Teams can now attach structured attributes to memory records and narrow retrieval to only results that match specific values, like priority, department, tags, or time range. Indexed keys can be declared when creating a memory (and cannot be removed once created), metadata schemas can be configured on strategies for automatic LLM extraction from conversations, and metadata filters can be applied when retrieving or listing memory records. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/long-term-memory-metadata.html).

### Observability: Trace Latency Improvements
<a name="_observability_trace_latency_improvements_2"></a>

Put-to-get latency for complete traces (spans and logs) reduced to under 10 seconds. Previous release had reduced latency to 10 seconds for spans and 30 seconds for logs separately.

### AgentCore harness is now in Public Preview
<a name="_agentcore_harness_is_now_in_public_preview_2"></a>

Teams can now deploy production-ready AI agents without building infrastructure from scratch. The managed harness provides tools, environment management, context systems, memory, identity controls, and observability — all configurable through three API calls. Supports any model provider (Bedrock, Anthropic, OpenAI, Gemini) and runs agents in secure isolated microVMs with persistent memory. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/harness.html).

### AgentCore MCP Server in awslabs/mcp
<a name="_agentcore_mcp_server_in_awslabsmcp_2"></a>

Your coding agent can now spin up an AgentCore agent, cloud browser, run code in a Code Interpreter sandbox, or stand up a Memory resource from any MCP-compatible client (Kiro, Claude Code, Cursor, and others) — without writing a single boto3 call. The official AgentCore MCP server in [awslabs/mcp](https://github.com/awslabs/mcp) covers Runtime, Memory, Browser, and Code Interpreter, and authenticates through your default AWS credential chain. See [documentation](https://github.com/awslabs/mcp/blob/main/src/amazon-bedrock-agentcore-mcp-server/README.md) for installation notes.

### AgentCore CLI: Agent Inspector
<a name="_agentcore_cli_agent_inspector_2"></a>

Developers running `agentcore dev` now get a browser-based UI for chatting with agents, inspecting token usage and tool calls, viewing execution traces on a timeline, and browsing deployed AgentCore Memory — all locally before pushing to the cloud. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-get-started-cli.html).

### Observability: UI Enhancements for Trace and Trajectory
<a name="_observability_ui_enhancements_for_trace_and_trajectory_2"></a>

Trace tree details now bundle repeated spans, add visual span icons, and implement default agent span filters to reduce infrastructure noise. Trajectory diagrams eliminate repeated nodes and align layout with industry standards. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-view.html).

### Gateway and Policy: Full Availability Zone Coverage
<a name="_gateway_and_policy_full_availability_zone_coverage_2"></a>

Gateway and Policy services are now available across all availability zones within launched regions.

### AgentCore Registry is now in Public Preview
<a name="_agentcore_registry_is_now_in_public_preview_2"></a>

 AWS Agent Registry for centralized agent discovery and governance launched in Preview. Customers can create a private, governed catalog and discovery layer for agents, tools, skills, MCP servers, and custom resources. Accessible via Console UI, APIs, or as an MCP server queryable from IDEs. Supports IAM and OAuth (Custom JWT) based access. See [blog](https://aws.amazon.com/blogs/machine-learning/the-future-of-managing-agents-at-scale-aws-agent-registry-now-in-preview/) and [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/registry.html).

### Observability: Cross-Account Monitoring
<a name="_observability_cross_account_monitoring_2"></a>

AgentCore launched cross-account observability. Customers can monitor logs, metrics, traces, and Evaluations results from a centralized monitoring account by linking multiple source accounts. Each monitoring account can link up to 100,000 log groups across source accounts, and each source account can share data with up to five monitoring accounts. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-cross-account.html).

### AgentCore CLI: Resource Import and Bash Commands
<a name="_agentcore_cli_resource_import_and_bash_commands_2"></a>

CLI now supports importing existing AgentCore resources (evaluator and online evaluation config) from your account, executing bash commands within the agent’s Runtime or locally within its container, BYO Dockerfile for Runtime, and Memory streaming. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-get-started-cli.html).

### Browser: OS-Level Interaction Capabilities
<a name="_browser_os_level_interaction_capabilities_2"></a>

AgentCore Browser launched OS-level interaction capabilities, enabling automation of workflows requiring direct operating system control beyond Chrome DevTools Protocol — including mouse operations, print dialogs, native system alerts, and keyboard shortcuts. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-tool.html).

### Gateway: 3LO Support for MCP Targets is now GA
<a name="_gateway_3lo_support_for_mcp_targets_is_now_ga_2"></a>

Three-legged OAuth (3LO) support for MCP servers reached general availability. Gateways with MCP targets can now obtain user-specific tokens for different end users, enabling access to user-specific data from external services that require explicit user consent. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-MCPservers.html).

### Observability: Unlimited X-Ray Policy Limits
<a name="_observability_unlimited_x_ray_policy_limits_2"></a>

X-Ray policy limits expanded from 1,200 AgentCore resources to unlimited through wildcard support in resource policies. Removes scaling constraints for enterprise deployments with large agent portfolios.

### Integrations: LangChain Deep Agents Partnership
<a name="_integrations_langchain_deep_agents_partnership_2"></a>

AgentCore Code Interpreter is now the first AWS-native sandbox provider in LangChain’s Deep Agents framework. New PyPI package `langchain-agentcore-codeinterpreter` published under the LangChain org with documentation live on the LangChain site. Native CLI support via `--sandbox agentcore`.

### Integrations: AG-UI Partnership with CopilotKit
<a name="_integrations_ag_ui_partnership_with_copilotkit_2"></a>

CopilotKit published a joint blog announcing AgentCore as the recommended deployment target for AG-UI agents. AgentCore is now listed as a first-party deployment platform in the [AG-UI GitHub repository](https://github.com/ag-ui-protocol/ag-ui).

## March 2026
<a name="_march_2026"></a>

### AgentCore Evaluations is now Generally Available
<a name="_agentcore_evaluations_is_now_generally_available_2"></a>

AgentCore Evaluations became generally available, providing automated quality assessment for AI agents. Teams can evaluate using 13 built-in evaluators for response quality, safety, task completion, and tool usage. Ground Truth support measures agent performance against reference answers, behavioral assertions, and expected tool execution sequences. Custom evaluators support LLM-based or code-based (Lambda) evaluation logic. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/evaluations.html).

### Observability: One-Click Enablement for Memory and Gateway
<a name="_observability_one_click_enablement_for_memory_and_gateway_2"></a>

One-click observability enablement launched for Memory and Gateway. Customers can now enable logging and tracing for these resource types individually as a one-time effort. This capability was already available for Runtime, Browser Tool, and Code Interpreter. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-configure.html).

### Runtime: Additional IAM Condition Keys
<a name="_runtime_additional_iam_condition_keys_2"></a>

Support deployed for `bedrock-agentcore:RuntimeAuthorizerType` (mandate specific authorization mechanisms) and `aws:VpceOrgID` (restrict invocations to organization-owned VPC endpoints). Essential for OAuth runtimes where principal-based keys are not applicable. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security_iam_service-with-iam.html).

### AgentCore CLI is now Generally Available
<a name="_agentcore_cli_is_now_generally_available_2"></a>

AgentCore CLI reached GA (v0.4.0), providing a comprehensive command-line tool for building and deploying AI agents in minutes. Streamlines the full lifecycle — scaffolding projects with multiple frameworks (Strands, LangChain, Google ADK, OpenAI Agents), local development with hot reload, adding capabilities like memory and credentials, and deploying to production with full infrastructure management. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-get-started-cli.html).

### Browser and Code Interpreter: Chrome Policies and Custom Root CA Support
<a name="_browser_and_code_interpreter_chrome_policies_and_custom_root_ca_support_2"></a>

AgentCore launched Chrome Enterprise policies (100\+ configurable policies for browser behavior) and custom root CA certificates for both Browser and Code Interpreter. Enables agents to connect to internal services using organization-signed SSL certificates. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-tool.html).

### Runtime: Managed Session Storage in Public Preview
<a name="_runtime_managed_session_storage_in_public_preview_2"></a>

AgentCore Runtime now offers managed session storage, enabling agents to persist filesystem state across stop and resume cycles. Supports standard Linux filesystem operations with up to 1 GB per session and 14-day retention. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-persistent-filesystems.html).

### Control Plane Private Link Support for Gateway and Evaluations
<a name="_control_plane_private_link_support_for_gateway_and_evaluations_2"></a>

 AWS PrivateLink support launched for control plane operations for Gateway and Evaluations. AgentCore now has PLE support for all control plane and data plane operations except Identity control plane. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/vpc-interface-endpoints.html).

### Code Interpreter: Node.js Support
<a name="_code_interpreter_node_js_support_2"></a>

AgentCore Code Interpreter launched Node.js runtime support for JavaScript and TypeScript with pre-installed libraries available immediately. Removes a critical barrier for enterprise customers with substantial Node.js investments. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/code-interpreter-runtime-selection.html).

### Memory: Resource-Based Policies (RBP)
<a name="_memory_resource_based_policies_rbp_2"></a>

Resource-Based Policy support launched for Memory resources. Customers can attach policies directly to memory resources for granular access control without updating caller IAM roles for every new principal. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/resource-based-policies.html).

### Runtime: Execute Shell Commands (InvokeAgentRuntimeCommand)
<a name="_runtime_execute_shell_commands_invokeagentruntimecommand_2"></a>

AgentCore Runtime introduced a new API enabling customers to execute shell commands directly within running microVM sessions with real-time HTTP/2 streaming output. Allows organizations to delegate deterministic operations — testing, version control, builds, deployments — to direct execution while preserving agent resources for reasoning. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-execute-command.html).

### Runtime: OAuth Authentication for WebSocket Connections
<a name="_runtime_oauth_authentication_for_websocket_connections_2"></a>

AgentCore Runtime now supports OAuth authentication for browser-based WebSocket connections. Browser JavaScript clients can authenticate directly with AgentCore Runtime using an OAuth bearer token without requiring a proxy or server-side relay. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started-websocket.html).

### Memory: Record Streaming
<a name="_memory_record_streaming_2"></a>

Developers can now receive push-based notifications whenever memory records are created, updated, or deleted — eliminating polling. Enables event-driven architectures that react to memory record lifecycle changes including triggering downstream workflows and tracking state changes across agents and sessions. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/memory-record-streaming.html).

### Runtime: AG-UI Protocol Support
<a name="_runtime_ag_ui_protocol_support_2"></a>

AgentCore Runtime launched native support for the AG-UI (Agent User Interface) protocol, enabling real-time streaming of text chunks, reasoning steps, tool calls, and results to frontends; state synchronization for UI elements; structured tool call visualization; and bidirectional WebSocket transport. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-agui-protocol-contract.html).

### Control Plane Private Link Support for Runtime, Memory, and Built-in Tools
<a name="_control_plane_private_link_support_for_runtime_memory_and_built_in_tools_2"></a>

 AWS PrivateLink launched for control plane operations across Runtime, Memory, and Built-in Tools. Customers can now create, update, and delete these resources from within their VPC using the new endpoint `com.amazonaws.region.bedrock-agentcore-control`. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/vpc-interface-endpoints.html).

### AgentCore Policy is now Generally Available
<a name="_agentcore_policy_is_now_generally_available_2"></a>

Developers can now use AgentCore Policy in production across thirteen AWS Regions worldwide. Policy gives organizations centralized, fine-grained control over agent-tool interactions by defining exactly what tools an agent can access and under what conditions. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/policy.html).

### Stateful MCP Support in Runtime
<a name="_stateful_mcp_support_in_runtime_2"></a>

MCP servers running in AgentCore Runtime can now maintain session context across interactions. When configured in stateful mode, servers unlock advanced capabilities including elicitation (collect user input mid-workflow), sampling (server-initiated LLM calls from within tool execution), and real-time progress notifications (stream updates during long-running tasks). See the [Stateful MCP Server guide](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/mcp-stateful-features.html).

### Python 3.14 Support in Runtime
<a name="_python_3_14_support_in_runtime_2"></a>

AgentCore Runtime now supports [Python 3.14 for Direct Code Deploy](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started-code-deploy-python.html). Build and deploy agents using the latest Python release and take advantage of its performance improvements and new language features without custom containers.

### AgentCore CLI: Additional Features
<a name="_agentcore_cli_additional_features_2"></a>

AgentCore CLI integrates with AgentCore Gateway and introduces logs/traces commands. New and updated commands: `agentcore add` (incorporate Gateways and Gateway Targets into your project), `agentcore logs` (view logs for deployed agents), `agentcore traces` (view traces for deployed agents). Individual memory resources can now be deployed independently. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-get-started-cli.html).

### Latency Improvements in Runtime
<a name="_latency_improvements_in_runtime_2"></a>

Sequential calls within a session are now 25-35% faster. AgentCore Runtime now caches authentication tokens for their full 30-minute validity window, eliminating redundant token fetches on every invocation. Platform overhead TM99 decreased 35% in PDX and 25% in IAD, with other regions seeing 12-18% improvements.

## February 2026
<a name="_february_2026"></a>

### Latency Improvements in Evaluations
<a name="_latency_improvements_in_evaluations_2"></a>

Evaluation scores now arrive approximately 50% faster. AgentCore Evaluations moved to incremental state management in the evaluation pipeline, replacing a previous approach that rescanned logs every 5 minutes. P90 end-to-end processing time decreased 37-50% by region. Log query volume is down 70-90% and log query costs down 60-80%.

### AgentCore is now ISO and CSA STAR Certified
<a name="_agentcore_is_now_iso_and_csa_star_certified_2"></a>

AgentCore achieved ISO and CSA STAR compliance standards. The service is now officially listed on the [AWS compliant services page](https://aws.amazon.com/compliance/services-in-scope/).

### AgentCore CLI: Public Preview Launch
<a name="_agentcore_cli_public_preview_launch_2"></a>

 [AgentCore CLI](https://github.com/aws/agentcore-cli) launched in public preview. Developers can create, develop locally, and deploy AI agents using popular frameworks (Strands, LangChain, AutoGen, Google ADK, OpenAI Agents). Manages the full lifecycle from project creation to teardown, with support for memory and identity.

### Browser: Proxy Configuration, Browser Profiles, and Browser Extensions
<a name="_browser_proxy_configuration_browser_profiles_and_browser_extensions_2"></a>

AgentCore Browser now supports three new capabilities: proxy configuration for IP stability and corporate network integration; browser profiles for persisting cookies and local storage across sessions; and browser extensions for loading Chrome extensions (ad blocking, auth helpers, custom routing). See docs: [Proxies](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-proxies.html) \| [Profiles](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-profiles.html) \| [Extensions](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-extensions.html).

## January 2026
<a name="_january_2026"></a>

### Runtime, Tools, and Observability: Region Expansion
<a name="_runtime_tools_and_observability_region_expansion_2"></a>

AgentCore Runtime and Tools (Browser, Code Interpreter) launched in 5 new regions — Europe (Stockholm, Paris, London), Asia Pacific (Seoul), and Canada (Central) — followed by Observability. This brings the full AgentCore capability set to these regions.

### Runtime: VPC Condition Keys Support
<a name="_runtime_vpc_condition_keys_support_2"></a>

AgentCore launched IAM policy condition key support for VPC configurations across Runtime, Browser, and Code Interpreter. Two new condition keys — `bedrock-agentcore:Subnets` and `bedrock-agentcore:SecurityGroups` — enable enterprises to enforce organizational network policies, mandate VPC-connected deployments, and restrict to approved subnets and security groups. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-vpc.html).

## December 2025
<a name="_december_2025"></a>

### Policy in Amazon Bedrock AgentCore
<a name="_policy_in_amazon_bedrock_agentcore_2"></a>

Added documentation for the Policy in AgentCore feature, which enables policy-based governance and control for agent interactions. This feature provides policy evaluation, monitoring, and enforcement capabilities for agent workflows.

### Episodic memory strategy
<a name="_episodic_memory_strategy_2"></a>

Added documentation for using the episodic memory strategy in AgentCore Memory. See [Episodic memory strategy](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/episodic-memory-strategy.html).

### Custom claims value support for AgentCore Gateway authentication
<a name="_custom_claims_value_support_for_agentcore_gateway_authentication_2"></a>

Added documentation for specifying custom claims values in AgentCore Gateway authentication. See [The authorization configuration](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-create-api.html).

### Bidirectional streaming
<a name="_bidirectional_streaming_2"></a>

Added documentation for bidirectional streaming with AgentCore Runtime, which enables real-time, full-duplex communication between clients and agents using WebSocket protocol for interactive agent experiences. See [Bidirectional streaming with AgentCore Runtime](https://docs.aws.amazon.com//bedrock-agentcore/latest/devguide/runtime-bidirectional-streaming.html).

### Authentication token support for AgentCore Gateway
<a name="_authentication_token_support_for_agentcore_gateway_2"></a>

Added documentation for setting up authentication tokens for AgentCore Gateway gateways. See [OAuth authorization](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-building-adding-targets-authorization.html).

### Amazon Bedrock AgentCore Evaluations
<a name="_amazon_bedrock_agentcore_evaluations_2"></a>

Added documentation for Amazon Bedrock AgentCore Evaluations, a comprehensive suite of capabilities for measuring and monitoring the performance, accuracy, and reliability of your agent or tools in both development and production environments. See [Evaluate agent performance with Amazon Bedrock AgentCore Evaluations](https://docs.aws.amazon.com//bedrock-agentcore/latest/devguide/evaluation/evaluation.html).

### API gateways as gateway targets
<a name="_api_gateways_as_gateway_targets_2"></a>

Added documentation for adding an Amazon API Gateway gateway as a target. See [Amazon API Gateway REST API stages as targets](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-api-gateway.html).

## November 2025
<a name="_november_2025"></a>

### Direct code deployment
<a name="_direct_code_deployment_2"></a>

Added documentation for direct code deployment, which enables you to deploy Python agents to Amazon Bedrock AgentCore Runtime using ZIP file archives for faster development and simpler packaging. See [Get started with direct code deployment](https://docs.aws.amazon.com//bedrock-agentcore/latest/devguide/runtime-get-started-code-deploy.html).

## October 2025
<a name="_october_2025"></a>

### General Availability
<a name="_general_availability_2"></a>

Amazon Bedrock AgentCore is now generally available across nine AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo). The platform enables building, deploying, and operating agents securely at scale using any framework and any foundation model.

### Web Bot Auth (Preview)
<a name="_web_bot_auth_preview_2"></a>

Added documentation for Browser Web Bot Auth feature, which enables AI agents to cryptographically sign HTTP requests to reduce CAPTCHA challenges when browsing websites.

### Runtime identity service-linked role
<a name="_runtime_identity_service_linked_role_2"></a>

Added documentation for the new runtime identity service-linked role that manages workload identity access tokens and OAuth credentials. Updated BedrockAgentCoreFullAccess policy to include permission for creating the Amazon Bedrock AgentCore runtime identity service-linked role.

### Model Context Protocol (MCP) servers as Gateway targets
<a name="_model_context_protocol_mcp_servers_as_gateway_targets_2"></a>

Added documentation for the Model Context Protocol (MCP) servers as Gateway targets and using synchronization operations.

### Model Context Protocol (MCP) server support
<a name="_model_context_protocol_mcp_server_support_2"></a>

Added documentation for the Model Context Protocol (MCP) server that helps you transform, deploy, and test AgentCore-compatible agents directly from your development environment. The MCP server works with popular MCP clients including Kiro, Cursor, Claude Code, and Amazon Q CLI.

## September 2025
<a name="_september_2025"></a>

### Runtime and Memory: VPC Support
<a name="_runtime_and_memory_vpc_support_2"></a>

AgentCore Runtime and Memory now support deployment within customer VPCs, enabling secure connectivity to private resources such as databases, internal APIs, and services that are not publicly accessible. Agents running in VPC-connected runtimes can access resources in private subnets while maintaining the same managed infrastructure experience. See [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-vpc.html).

### Tagging and AWS CloudFormation Support
<a name="tagging_and_shared_aws_cloudformation_support"></a>

AgentCore resources now support tagging for cost allocation, access control, and organizational tracking. Additionally, AWS CloudFormation support enables infrastructure-as-code provisioning and management of AgentCore Runtime and Memory resources, allowing teams to define, version, and deploy agent infrastructure through standard CloudFormation templates. See [Tagging](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/tagging.html).

## July 2025
<a name="_july_2025"></a>

### Initial release (preview)
<a name="_initial_release_preview_2"></a>

Initial release of the Amazon Bedrock AgentCore Developer Guide.