Amazon Bedrock AgentCore announced in July 2025. It is designed to simplify the deployment of AI agents, and its AgentCore Runtime is a serverless, secure environment purpose-built for hosting such apps.
Amazon Bedrock Agents (Original Service)
- No container-level isolation was provided.
- It’s a fully managed, serverless service designed for rapid agent development.
- You didn’t need to manage infrastructure, but that also meant:
- No control over execution environments.
- No ability to isolate agents using containers or microVMs.
- Limited session persistence and security boundaries.
- Isolation was mostly logical (e.g., via tenant context injection) and not at the infrastructure level1
Amazon Bedrock AgentCore
- It uses container-like isolation via microVMs.
- Each agent session runs in a dedicated microVM with isolated compute, memory, and filesystem resources.
- This ensures:
- Complete execution environment separation.
- Secure session persistence for up to 8 hours.
- No cross-session contamination.
- Privileged tool operations are sandboxed securely2.
- You can deploy your own Docker container with custom logic, frameworks, and dependencies
| Feature | Bedrock Agents | Bedrock AgentCore |
|---|---|---|
| Custom Container | ❌ No | ✅ Yes (via microVMs or Docker) |
| Session Isolation | Logical only | Full infrastructure-level |
| Custom Runtime | ❌ Not supported | ✅ Supported |
| Use Case | Rapid prototyping | Production-grade deployment |
| Security | Basic | IAM, VPC, OAuth |
| Too Calling | Bedrock Native | Any API, Lambda, MCP |
| Memory | Stateless | Persistent Memory |
| Agentic AI Agents | Native Option | LangChain LangGraph CrewAI Strands Agents OpenAI Adent SDK Google ADK Microsoft AutoGen |
| LLM Model Option | Bedrock Only | Any provider |
| Tool protocols | M | MCP, A2A |
Comments are closed