Skip to content

feat: gateway targets #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat: gateway targets #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7a31f49
feat: gateway targets
alexa-perlov Nov 14, 2025
e77432f
Merge branch 'main' into feat/updates
alexa-perlov Nov 14, 2025
15a11a5
fix: lint
alexa-perlov Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
154 changes: 154 additions & 0 deletions .header.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -477,6 +477,160 @@ module "agentcore" {
}
```

### AgentCore Gateway Target

The Amazon Bedrock AgentCore Gateway Target enables you to define the endpoints and configurations that a gateway can invoke, such as Lambda functions or MCP servers. Gateway targets allow agents to interact with external services through the Model Context Protocol (MCP).

```hcl
module "agentcore" {
source = "aws-ia/agentcore/aws"
version = "0.0.2"

# First, create a gateway
create_gateway = true
gateway_name = "MyGateway"

# Then create a gateway target for Lambda
create_gateway_target = true
gateway_target_name = "MyLambdaTarget"
gateway_target_description = "Lambda function target for processing requests"

# Use the gateway's IAM role for authentication
gateway_target_credential_provider_type = "GATEWAY_IAM_ROLE"

# Configure the Lambda target
gateway_target_type = "LAMBDA"
gateway_target_lambda_config = {
lambda_arn = "arn:aws:lambda:us-east-1:123456789012:function:my-function"
tool_schema_type = "INLINE"
inline_schema = {
name = "process_request"
description = "Process incoming requests"

input_schema = {
type = "object"
description = "Request processing schema"
properties = [
{
name = "message"
type = "string"
description = "Message to process"
required = true
},
{
name = "options"
type = "object"
nested_properties = [
{
name = "priority"
type = "string"
}
]
}
]
}

output_schema = {
type = "object"
properties = [
{
name = "status"
type = "string"
required = true
},
{
name = "result"
type = "string"
}
]
}
}
}
}
```

#### Gateway Target with API Key Authentication

```hcl
module "agentcore" {
source = "aws-ia/agentcore/aws"
version = "0.0.2"

# Create a gateway target with API Key authentication
create_gateway_target = true
gateway_target_name = "ApiKeyTarget"
gateway_target_gateway_id = "your-gateway-id" # If using existing gateway

gateway_target_credential_provider_type = "API_KEY"
gateway_target_api_key_config = {
provider_arn = "arn:aws:iam::123456789012:oidc-provider/example.com"
credential_location = "HEADER"
credential_parameter_name = "X-API-Key"
credential_prefix = "Bearer"
}

# Configure Lambda target
gateway_target_type = "LAMBDA"
gateway_target_lambda_config = {
lambda_arn = "arn:aws:lambda:us-east-1:123456789012:function:api-function"
tool_schema_type = "INLINE"
inline_schema = {
name = "api_tool"
description = "External API integration tool"

input_schema = {
type = "string"
description = "Simple string input for API calls"
}
}
}
}
```

#### Gateway Target with MCP Server

```hcl
module "agentcore" {
source = "aws-ia/agentcore/aws"
version = "0.0.2"

# Create a gateway target for an MCP server
create_gateway_target = true
gateway_target_name = "MCPServerTarget"

# Configure MCP Server target
gateway_target_type = "MCP_SERVER"
gateway_target_mcp_server_config = {
endpoint = "https://mcp-server.example.com"
}
}
```

### AgentCore Workload Identity

The Amazon Bedrock AgentCore Workload Identity enables you to manage identity configurations for resources such as AgentCore runtime and AgentCore gateway. Workload identities provide secure access management and OAuth2 integration capabilities for your Bedrock AI applications.

```hcl
module "agentcore" {
source = "aws-ia/agentcore/aws"
version = "0.0.2"

# Enable Workload Identity
create_workload_identity = true
workload_identity_name = "MyWorkloadIdentity"
workload_identity_allowed_resource_oauth_2_return_urls = [
"https://example.com/oauth2/callback",
"https://api.example.com/auth/callback"
]

# Optional: Add tags
workload_identity_tags = {
Environment = "production"
Project = "ai-assistants"
}
}
```

### AgentCore Code Interpreter Custom

The Amazon Bedrock AgentCore Code Interpreter enables AI agents to write and execute code securely in sandbox environments, enhancing their accuracy and expanding their ability to solve complex end-to-end tasks. This is critical in Agentic AI applications where the agents may execute arbitrary code that can lead to data compromise or security risks. The AgentCore Code Interpreter tool provides secure code execution, which helps you avoid running into these issues.
Expand Down
Loading