Extending MCP support for Amazon Bedrock AgentCore Gateway

2026-06-01 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure, Robotics & Autonomous Systems · Depth: Intermediate, long

Summary

Amazon Bedrock AgentCore Gateway has introduced new capabilities to enhance enterprise Model Context Protocol (MCP) deployments. These extensions include broader support for MCP tool schema, prompts, and resources as first-class primitives, enabling a unified catalog for clients. The gateway now offers dynamic listing for runtime discovery of MCP servers, allowing personalized capabilities per user. It also supports streaming and session management for stateful, real-time interactions, with session timeouts configurable from 15 minutes to 8 hours (default 1 hour). Elicitation is now supported, enabling MCP servers to pause execution and request user input via form or URL modes. Furthermore, AgentCore Gateway facilitates OAuth 2.0 on-behalf-of (OBO) token exchange through AgentCore Identity, ensuring zero-trust authentication and fine-grained authorization across service hops, adhering to RFC 8693 and RFC 7523. This centralizes credential management, observability, and secure connectivity for diverse targets like REST APIs and AWS Lambda functions.

Key takeaway

For AI Architects or MLOps Engineers deploying enterprise MCP servers, AgentCore Gateway simplifies complex governance and security challenges. You can consolidate diverse MCP servers, REST APIs, and AWS Lambda functions behind a single, managed endpoint, reducing individual server overhead. Implement streaming and session management to build responsive, stateful agent workflows. Utilize elicitation for critical human approvals and OAuth 2.0 OBO token exchange for robust, zero-trust identity propagation. This approach centralizes control and enhances security without custom infrastructure.

Key insights

AgentCore Gateway centralizes MCP server governance, enabling scalable, secure, and stateful enterprise agent workflows.

Principles

• Centralize policy enforcement and logging for all MCP servers.
• Preserve user identity across service hops for zero-trust.
• Design for human-in-the-loop interactions with elicitation.

Method

AgentCore Gateway aggregates MCP server capabilities, caches primitives for default listing, and forwards dynamic list/invoke calls, managing sessions and token exchange.

In practice

• Configure dynamic listing for user-specific tool access.
• Enable streaming for real-time progress updates.
• Use elicitation for user approvals in high-risk operations.

Topics

• Amazon Bedrock AgentCore Gateway
• Model Context Protocol
• OAuth 2.0 Token Exchange
• Enterprise AI Agents
• Session Management
• Elicitation

Code references

• awslabs/agentcore-samples

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Engineer, AI Architect, MLOps Engineer

Related on AIssential

• Perplexity announces hybrid AI system that decides what runs locally or in the cloud — Perplexity's hybrid AI orchestrator intelligently routes tasks between local and cloud models for optimal privacy and efficiency.
• Codex Isn’t Just for Coders Anymore. OpenAI Is Coming for the Entire Office. — The expanding non-developer use of Codex is driving OpenAI's release of new enterprise features.
• Inside Google’s System for Coordinated A/B Testing Across Its Global Service Fleet — Google's system standardizes large-scale A/B testing across distributed services, ensuring statistical rigor and minimizing interference.
• Article: Two Misconfigurations That Caused Spark OOM Failures on Kubernetes — Cloud migrations can introduce silent infrastructure misconfigurations that cause Spark OOM failures under production load.
• You Can Finally Build Your Own LLM. Here’s Why You Probably Shouldn’t. — The build-versus-buy decision for LLMs is primarily an arithmetic problem, often favoring API rental over self-hosting.
• Introducing workspaces for Lambda Cloud — Lambda Cloud "workspaces" provide logical containers for GPU resources, enhancing access control and environment separation.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.