AWS Bedrock AgentCore: Your 30‑Day Launch Plan

AWS Bedrock AgentCore is now enterprise‑ready, and it’s time to move. The platform reached general availability on October 13, 2025, with secure session isolation, VPC/PrivateLink support, CloudFormation, and an eight‑hour execution window. On December 2, 2025, AWS added Policy (preview) and Evaluations (preview), plus bidirectional streaming and episodic memory updates—exactly the guardrails and QA you need to take agents from demo to production.

Here’s a pragmatic, opinionated playbook to ship your first production agent in 30 days—and avoid the potholes I see in real teams.

What just changed—and why it matters

Between October and early December 2025, AWS pressed the fast‑forward button on agentic capabilities:

• General availability unlocked session isolation, PrivateLink, tagging, and CloudFormation so you can deploy agents in a standard enterprise footprint. • AgentCore Runtime supports long‑running workflows up to eight hours for real back‑office automations, not just chat sessions. • AgentCore Gateway speaks the Model Context Protocol (MCP) and can wrap your existing APIs and Lambda functions as tools. • Identity brings identity‑aware authorization and secure token vaulting to let agents act on behalf of users. • Observability lands end‑to‑end traces and metrics in CloudWatch with OpenTelemetry support. • December 2 previews add Policy to intercept every tool call (policies are authored in natural language and compiled to Cedar) and Evaluations with 13 built‑in evaluators for quality checks. • Runtime adds bidirectional streaming for natural voice turns; Memory introduces episodic memory so agents can learn from experience.

In parallel, AWS launched Nova 2 models on December 2 with a one‑million‑token context, built‑in code interpreter and web grounding, and controllable “thinking intensity.” Nova 2 Sonic expanded real‑time voice with polyglot voices and cross‑modal interactions. You don’t have to use Nova with AgentCore, but the combo is compelling for voice agents and complex tool use.

Where can you run it today?

AgentCore GA spans nine regions (including N. Virginia, Ohio, Oregon, Mumbai, Singapore, Sydney, Tokyo, Frankfurt, and Ireland). Policy (preview) is available in all AgentCore regions; Evaluations (preview) currently runs in four (N. Virginia, Oregon, Sydney, Frankfurt). Check your latency budgets and compliance posture before you lock the region.

Primary question: Why choose AWS Bedrock AgentCore over DIY?

Because you get the boring‑but‑critical parts baked in: isolation boundaries, long‑running jobs, identity delegation, standardized tool integration (MCP), and out‑of‑the‑box observability. Rolling your own means inventing a runtime, a tool protocol, a memory layer, plus a policy engine and evaluation harness—then hardening all of it. That’s a year you could spend on your product.

People also ask: Is AWS Bedrock AgentCore only for Nova models?

No. AgentCore works with any framework (CrewAI, LangGraph, LlamaIndex, Google ADK, OpenAI Agents SDK, and others) and any model in or outside Bedrock. Nova 2 is a strong default, especially for long context and voice, but you can plug in third‑party or open models as your use case demands.

People also ask: How do I ballpark costs without surprises?

Two drivers dominate: model inference and runtime compute/memory during active work. AgentCore’s runtime is consumption‑based—idle I/O time (waiting on LLMs or API calls) doesn’t burn CPU. Keep agent thinking steps bounded, cap parallel tool calls, and prefer on‑demand model endpoints where available. For custom model development, AWS Nova Forge is a subscription service; public reporting has pegged that subscription around the low six figures per year. Start with off‑the‑shelf Nova 2 Lite or a familiar third‑party model, then justify custom training with a clear accuracy or latency goal.

AWS Bedrock AgentCore: Your 30‑day launch plan

Days 0–7: Frame the problem and choose the path

Pick one workflow with real business value and clear success criteria. Example: “Reduce invoice exception handling backlog by 60% with an agent that reconciles purchase orders, flags anomalies, and drafts outreach emails.” Decide on your stack: Nova 2 Lite for cost‑effective reasoning or your existing provider if you’ve already standardized. Validate regional availability against your data residency needs.

Security and data: enumerate every system the agent will touch. Draw the happy path and the forbidden path. Start your policy list in plain English (“Agent may read from Vendor API A; may never call write endpoints; may only email within @example.com”). You’ll translate this to AgentCore Policy when you wire tools.

Org setup: create an isolated AWS account (or at least a tight VPC), enable CloudTrail, set up CloudWatch dashboards, and define IAM roles for Runtime, Gateway, Memory, and Identity. If you operate in a multicloud pattern, our multicloud playbook for AWS Interconnect has patterns to route tool traffic privately across vendors.

Days 8–14: Prototype with real data, not stubs

Stand up AgentCore services:

• Runtime: deploy a minimal agent with two tools and a guardrail prompt; enable bidirectional streaming if you’re testing voice. • Gateway: wrap your internal APIs as MCP tools; document clear input/output contracts. • Memory: start with short‑term context + a vector store for documents (contracts, vendor terms). If you’re scaling retrieval, plan for vector durability. Amazon’s S3‑backed vector features are worth a look—see our take on RAG at billion‑vector scale. • Identity: integrate via Cognito, Microsoft Entra ID, or Okta so the agent can act on behalf of users. Map the minimal scopes you actually need.

For evaluations, assemble a small but representative test set: 50–200 real tickets, redacted. Label correct action, tool sequence, and acceptable replies. You’ll feed these to AgentCore Evaluations to establish a quality baseline.

Days 15–21: Wire guardrails and bake in QA

Convert your plain‑English rules into AgentCore Policy. Policies are compiled to Cedar under the hood, so keep them granular and auditable. Some patterns I like:

• Tool allowlists with context: “allow vendor_api.read only if tenant == user.tenant and request.time in business_hours.” • Output constraints: “block email.send if recipient domain != company_domain.” • PII handling: “mask SSNs and account numbers in any agent‑authored message unless channel == internal.”

Next, enable Evaluations (preview) and run nightly. Track helpfulness, tool selection accuracy, and factuality on your labeled set. If you use GitHub or an internal portal for engineering KPIs, surface these agent metrics alongside the developer ones—tying AI performance to your current operating rhythm keeps it honest. Our write‑up on operationalizing AI metrics for developers shows how to make these numbers actionable.

Operational hardening: set timeouts per tool call; limit parallelism; cap thinking intensity (if using Nova 2) to avoid runaway cost; and define a human‑in‑the‑loop path for escalations.

Days 22–30: Dress rehearsal and controlled launch

Run a week‑long dress rehearsal with real users under a feature flag. Every failure should create a traceable artifact: policy miss, tool timeout, hallucinated field, or missing memory. Triage daily and fix root causes. Then stage a controlled launch to 10–20% of target users. Keep Policy in “audit + enforce” mode and lock alerts on violations to your on‑call channel.

Post‑launch, add one improvement per week: a new tool, a better retrieval chunking strategy, or upgraded evaluation prompts. Slow, steady iteration beats a big‑bang rewrite.

Reference architecture (minimal, production‑ready)

Here’s a pattern we’ve shipped and like for back‑office automations:

• AgentCore Runtime in your primary region, VPC‑connected. • AgentCore Gateway exposes three tools: read‑only ERP queries, a reconciler Lambda, and an outbound email service constrained to internal recipients. • Memory: vector store for vendor docs plus short‑term episodic memory for few‑day context. • Identity: OIDC login, per‑tenant claims mapped to downstream scopes. • Observability: OTEL traces to CloudWatch; error budgets and SLOs defined on latency and resolution accuracy. • Optional: Nova 2 Lite for reasoning; swap to Pro (preview) only if your tasks truly require multi‑document chains and tool choreography beyond what Lite handles.

Risks, limitations, and gotchas

• Preview caveat: Policy and Evaluations are previews as of December 2, 2025. Expect some API edges and region gaps. Keep a feature flag ready to fall back to audit‑only mode if enforcement adds latency. • Streaming nuances: bidirectional streaming changes client UX—debounce interrupts and test with accents/background noise if you’re using Nova 2 Sonic. • Memory leakage: episodic memory is powerful; scope retention windows and encrypt sensitive chunks. • Tool sprawl: consolidating disparate APIs behind Gateway helps, but you still need ownership clarity. Write runbooks per tool and ensure clear timeouts and retry policies. • Vendor lock‑in: AgentCore embraces open protocols (MCP, OTEL) and supports third‑party models, but your deployment topology and policy logic will be AWS‑specific. Mitigate with clean interfaces and test paths on alternate runtimes quarterly. • Regional constraints: if your users sit outside the four Evaluations regions, run evaluations asynchronously and keep traffic local for production inference.

Data‑backed checkpoints you can cite internally

• GA date: October 13, 2025 (AgentCore). • New previews: December 2, 2025 (Policy, Evaluations), plus bidirectional streaming and episodic memory updates. • Execution window: up to eight hours in Runtime. • Regions: nine GA regions; Evaluations preview in four; Policy preview in all AgentCore regions. • Nova 2 models: available December 2 with a one‑million‑token context and controllable thinking intensity; Nova 2 Sonic adds polyglot voices and cross‑modal interactions.

How to measure success (before finance asks)

Pick three metrics that map to dollars and risk:

• Business outcome: backlog cleared, cycle time, first‑contact resolution. Target a step change (e.g., 40–60% improvement), not a rounding error. • Quality: Evaluations scores for tool choice accuracy and factuality on your labeled set. Watch for drift weekly. • Cost per resolved task: model + runtime + tool calls divided by tasks successfully closed. Track with a trailing seven‑day window.

Operationally, commit to an error budget. For example, “No more than 2% of sessions exceed our latency SLO or trigger a policy violation.” Tie paging to that budget.

When should you consider custom models via Nova Forge?

When off‑the‑shelf models systematically fail your domain tests and prompt‑engineering or light fine‑tuning can’t close the gap. Nova Forge lets you start from early Nova checkpoints (pre‑, mid‑, or post‑training) and train with your proprietary data, with access to responsible AI tooling and reinforcement fine‑tuning workflows. Public reporting indicates a six‑figure annual subscription; take that path only if you can justify the accuracy lift against the subscription plus training spend. Most teams should begin with Nova 2 Lite or their current provider, prove value, then graduate.

Let’s get practical: A pre‑flight checklist

Before you press “Go,” confirm:

• Region and latency budgets aligned with AgentCore availability. • Policies written in plain English and validated with dry‑run intercepts. • A labeled evaluation set exists and runs nightly. • Identity integration maps exact scopes and tenant boundaries. • Tool timeouts, retries, and rate limits are defined. • Observability is in place with OTEL traces and CloudWatch dashboards. • Human‑in‑the‑loop escalation exists for ambiguous tasks. • A rollback plan exists: turn off enforcement, revert to audit‑only, or disable a tool.

What to do next

• Engineering leads: nominate one workflow and one cross‑functional “agent owner.” Timebox to 30 days; resist scope creep. • Security: author top‑10 policies and run them in audit mode for a week. • Data: curate a compact, high‑signal knowledge base; don’t dump your entire intranet. • Product: write success criteria and publish them. • Finance: set a weekly cost guardrail (alerts at 70% and 90%).

Want a second set of eyes?

If you’re mapping agents across clouds or rethinking network paths, our team has shipped these architectures before. Start with our services overview, browse a few relevant case studies, and if you’re wrestling with data scale for retrieval, read our breakdown of S3 Vectors for RAG at scale. For executive sponsors considering CPU vs accelerator budgets alongside AI initiatives, our Graviton5 migration game plan pairs nicely with an agent roadmap. When you’re ready, get in touch and we’ll review your plan in an hour.

Bottom line

AWS Bedrock AgentCore now gives you the essentials to run serious agents: isolation, long runs, identity, standardized tools, observability—and, as of December, enforceable policies and built‑in evaluations. Pair it with Nova 2 where it fits, keep your scope tight, and measure relentlessly. In 30 days, you can put an agent on the field that actually moves a business metric—and you won’t be rebuilding your platform six months later.