Skip to content

jritsema/terraform-agentcore

BranchesTags

Repository files navigation

terraform-agentcore

A Terraform module for running AI agents on Amazon Bedrock AgentCore.

Includes a python test client to invoke the agent.

Usage

AgentCore Runtime

Deploy a code project with a Dockerfile to AgentCore Runtime.

name = "myagent"

enable_runtime = true

server_protocol = "HTTP" # or MCP, or A2A

dockerfile = "../"

environment_variables = {
  FOO = "bar"
}

AgentCore Memory

name = "myagent"

enable_memory = true

memory_short_term_expiration_days = 30

AgentCore Code Interpreter

name = "myagent"

enable_code_interpreter = true

AgentCore Browser

name = "myagent"

enable_browser = true

AgentCore Gateway

name = "myagent"

enable_gateway = true

# Optional: Use Cognito for authentication (default: true)
use_cognito_for_auth = true

# Optional: Custom JWT configuration (when use_cognito_for_auth = false)
gateway_jwt_discovery_url = "https://your-jwt-provider.com/.well-known/jwks.json"
gateway_jwt_allowed_audience = ["your-audience"]
gateway_jwt_allowed_clients = ["client-id-1", "client-id-2"]

Development

 Choose a make command to run

  init      project initialization - install tools and register git hook
  checks    run all pre-commit checks
  summary   summary of terraform resource changes

Note that if using Amazon Q Developer CLI, the Hashicorp MCP server is pre-configured in the terraform agent.

q chat --agent terraform

Test Client

Once the agent has deployed to AgentCore Runtime, you can use the included test client to invoke it.

One time setup of python virtual environment and packages:

make init && make install

Then invoke the agent:

make start

Terraform module documentation

Requirements

Name Version
terraform >= 1.0
aws 6.18.0
docker ~> 3.0

Providers

Name Version
aws 6.18.0
docker ~> 3.0
random n/a

Modules

No modules.

Resources

Name Type
aws_bedrockagentcore_agent_runtime.main resource
aws_bedrockagentcore_browser.main resource
aws_bedrockagentcore_code_interpreter.main resource
aws_bedrockagentcore_gateway.main resource
aws_bedrockagentcore_memory.main resource
aws_bedrockagentcore_memory_strategy.fact_extractor resource
aws_bedrockagentcore_memory_strategy.preference_learner resource
aws_bedrockagentcore_memory_strategy.session_summarizer resource
aws_cognito_resource_server.gateway resource
aws_cognito_user_pool.gateway resource
aws_cognito_user_pool_client.gateway resource
aws_cognito_user_pool_domain.gateway resource
aws_ecr_repository.main resource
aws_iam_role.agentcore_runtime resource
aws_iam_role.gateway resource
aws_iam_role_policy.agentcore_runtime resource
aws_iam_role_policy.browser resource
aws_iam_role_policy.code_interpreter resource
aws_iam_role_policy.gateway_minimal resource
aws_iam_role_policy.memory resource
docker_image.main resource
docker_registry_image.main resource
random_string.domain_suffix resource
aws_caller_identity.current data source
aws_ecr_authorization_token.token data source
aws_region.current data source

Inputs

Name Description Type Default Required
dockerfile Path to the Dockerfile context directory string "../agent" no
enable_browser Enable AgentCore Browser bool false no
enable_code_interpreter Enable AgentCore Code Interpreter bool false no
enable_gateway Enable AgentCore Gateway bool false no
enable_memory Enable AgentCore Memory bool false no
enable_runtime Enable AgentCore Runtime bool true no
environment_variables Environment variables for the AgentCore Runtime map(string) {} no
gateway_jwt_allowed_audience Allowed audience values for JWT token validation (required when use_cognito_for_auth is false) list(string) [] no
gateway_jwt_allowed_clients Allowed client IDs for JWT token validation (optional when use_cognito_for_auth is false) list(string) [] no
gateway_jwt_discovery_url JWT discovery URL for custom JWT authorizer (required when use_cognito_for_auth is false) string null no
gateway_mcp_instructions Instructions for the MCP protocol configuration string null no
gateway_mcp_search_type Search type for MCP string "SEMANTIC" no
gateway_mcp_supported_versions Supported MCP protocol versions list(string) 
[
  "2025-06-18"
]
 no
memory_short_term_expiration_days Memory short term expiration in days number 30 no
name Name for the AgentCore resources string n/a yes
server_protocol Server protocol for AgentCore Runtime string "HTTP" no
tags Default tags to apply to all resources map(string) {} no
use_cognito_for_auth Use Cognito User Pool for gateway authentication. If false, custom JWT configuration is required. bool true no

Outputs

Name Description
agentcore_runtime_arn ARN of the AgentCore runtime
browser_arn ARN of the AgentCore browser
browser_id ID of the AgentCore browser
client_id Client ID for gateway authentication
code_interpreter_arn ARN of the AgentCore code interpreter
code_interpreter_id ID of the AgentCore code interpreter
cognito_client_id ID of the Cognito User Pool Client for gateway authentication
cognito_client_secret Secret of the Cognito User Pool Client for gateway authentication
cognito_domain Domain of the Cognito User Pool for OAuth endpoints
cognito_user_pool_id ID of the Cognito User Pool for gateway authentication
gateway_arn ARN of the AgentCore gateway
gateway_id ID of the AgentCore gateway
gateway_role_arn ARN of the Gateway execution role
gateway_url URL of the AgentCore gateway
memory_id ID of the AgentCore memory
token_url Token URL for gateway authentication

About

A Terraform module for running AI agents on Amazon Bedrock AgentCore

Topics

bedrock agents agentic-ai agentcore

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages