Run custom MCP proxies serverless on Amazon Bedrock AgentCore Runtime

2026-04-29 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure, Software Development & Engineering · Depth: Intermediate, long

Summary

This post details how to deploy a serverless Model Context Protocol (MCP) proxy on Amazon Bedrock AgentCore Runtime, enabling custom governance, controls, and observability for AI agent-tool interactions. The proxy acts as an intermediary, applying custom logic like input sanitization, audit trail generation, or data redaction, without modifying upstream MCP servers or clients. It runs as a stateless container on AgentCore Runtime, dynamically discovering tools from an upstream MCP server (like Amazon Bedrock AgentCore Gateway) at startup and forwarding requests. The solution supports both AWS Identity and Access Management (IAM) and JSON Web Token (JWT)-based authorization for proxy-to-upstream server communication. An open-source GitHub implementation provides the foundation, with deployment scripts and a test agent to demonstrate the end-to-end flow, including customization opportunities for tokenization and tool-level access control.

Key takeaway

For AI Architects and MLOps Engineers building enterprise AI agents, consider deploying a serverless MCP proxy on Amazon Bedrock AgentCore Runtime. This approach allows you to embed custom governance and security controls, such as data tokenization or fine-grained access control, directly into the agent-tool communication flow without altering existing backend systems. Your teams can maintain compliance and enhance security by centralizing custom logic at the protocol layer, ensuring robust and auditable AI agent operations.

Key insights

Deploying a serverless MCP proxy on AgentCore Runtime enables custom governance and control over AI agent-tool interactions.

Principles

• Separate custom control logic from core tool execution.
• Enforce authorization independently at each architectural layer.
• Dynamically discover and re-expose tools with custom logic.

Method

The proxy discovers tools from an upstream MCP server at startup, dynamically registers local FastMCP tools, and forwards client requests through handler functions that apply custom logic before or after forwarding.

In practice

• Implement PII tokenization in tool call arguments.
• Apply tool-level access control based on caller identity.
• Use AgentCore Gateway as a managed upstream MCP server.

Topics

• Model Context Protocol
• Amazon Bedrock AgentCore Runtime
• Serverless Proxy
• AI Agent Governance
• Tool Integration

Code references

• aws-samples/sample-mcp-proxy-agentcore-runtime
• strands-agents/sdk-python

Best for: MLOps Engineer, AI Engineer, AI Architect

Related on AIssential

• Introducing stateful MCP client capabilities on Amazon Bedrock AgentCore Runtime — Stateful MCP on Amazon Bedrock AgentCore Runtime enables interactive, multi-turn AI agent workflows.
• Secure AI agents with Policy and Lambda interceptors in Amazon Bedrock AgentCore gateway — Secure AI agents by combining deterministic Policy with dynamic Lambda interceptors in Amazon Bedrock AgentCore gateway.
• Rebooting Enterprise AI with MCP and Kubernetes — MCP acts as a "selectively permeable membrane" enabling secure, controlled AI agent interaction with enterprise systems.
• AWS Bedrock Agents: The Beginner’s Guide — AWS Bedrock Agents provide a managed platform for building and deploying AI agents with integrated orchestration and security.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.