AgentCore projects use JSON configuration files in the agentcore/ directory.
| File | Purpose |
|---|---|
agentcore.json |
Project, agents, memories, credentials, evaluators, online evals, gateways |
aws-targets.json |
Deployment targets |
.cli/deployed-state.json |
Runtime state (auto-managed, do not edit) |
.env.local |
API keys for local development (gitignored) |
Main project configuration using a flat resource model. Agents, memories, and credentials are top-level arrays.
{
"name": "MyProject",
"version": 1,
"tags": {
"agentcore:created-by": "agentcore-cli",
"agentcore:project-name": "MyProject"
},
"runtimes": [
{
"name": "MyAgent",
"build": "CodeZip",
"entrypoint": "main.py",
"codeLocation": "app/MyAgent/",
"runtimeVersion": "PYTHON_3_14",
"networkMode": "PUBLIC",
"protocol": "HTTP"
}
],
"memories": [],
"credentials": [],
"payments": [],
"evaluators": [],
"onlineEvalConfigs": [],
"agentCoreGateways": [],
"policyEngines": []
}| Field | Required | Description |
|---|---|---|
name |
Yes | Project name (1-23 chars, alphanumeric, starts with letter) |
version |
Yes | Schema version (integer, currently 1) |
tags |
No | Project-level tags applied to all resources |
runtimes |
Yes | Array of agent specifications |
memories |
Yes | Array of memory resources |
credentials |
Yes | Array of credential providers (API key or OAuth) |
evaluators |
Yes | Array of custom evaluator definitions |
onlineEvalConfigs |
Yes | Array of online eval configurations |
payments |
No | Array of payment manager configurations |
policyEngines |
No | Array of policy engine configurations |
agentCoreGateways |
No | Array of gateway definitions |
mcpRuntimeTools |
No | Array of MCP runtime tool definitions |
unassignedTargets |
No | Targets not yet assigned to a gateway |
Gateway configuration is in the
agentCoreGatewaysfield. See Gateways and MCP Tools below.
AgentCore projects support config-driven tagging at both the project and resource levels. Tags flow through to the deployed CloudFormation resources and help with resource organization, cost allocation, and automation.
Project-level tags are defined at the root of agentcore.json and are applied to all deployed resources. When you
initialize a new project, two default tags are automatically created:
agentcore:created-by— set to"agentcore-cli"agentcore:project-name— set to your project name
You can add additional project-level tags by editing the tags field in agentcore.json:
{
"name": "MyProject",
"version": 1,
"tags": {
"agentcore:created-by": "agentcore-cli",
"agentcore:project-name": "MyProject",
"Environment": "production",
"Team": "platform",
"CostCenter": "engineering"
},
"runtimes": [...],
"memories": [...]
}Individual resources can define their own tags. When a resource-level tag uses the same key as a project-level tag, the resource-level value takes precedence for that specific resource.
Example:
{
"name": "MyProject",
"version": 1,
"tags": {
"Environment": "production",
"Team": "platform"
},
"runtimes": [
{
"name": "MyAgent",
"tags": {
"Environment": "staging",
"Owner": "alice"
},
...
}
]
}In this example, MyAgent will have tags: Environment: staging (overrides project-level), Team: platform (inherited
from project), and Owner: alice (resource-specific).
The following resource types support tags:
- Agents (
runtimesarray inagentcore.json) - Memories (
memoriesarray inagentcore.json) - Gateways (
agentCoreGatewaysarray inagentcore.json) - Evaluators (
evaluatorsarray inagentcore.json) - Online Eval Configs (
onlineEvalConfigsarray inagentcore.json) - Policy Engines (
policyEnginesarray inagentcore.json)
Resources that are not taggable include credentials, MCP runtime tools, unassigned targets, and policies.
Tags must follow AWS tagging requirements:
- Keys: 1-128 characters, cannot start with
aws:, allowed characters are Unicode letters, digits, whitespace, and_.:/=+-@ - Values: 0-256 characters, same allowed characters as keys
- Maximum: 50 tags per resource
Tags are managed by editing agentcore.json directly. There are no CLI commands for tag management. Changes take effect
on the next deployment.
{
"name": "MyAgent",
"build": "CodeZip",
"entrypoint": "main.py",
"codeLocation": "app/MyAgent/",
"runtimeVersion": "PYTHON_3_14",
"networkMode": "PUBLIC",
"envVars": [{ "name": "MY_VAR", "value": "my-value" }],
"instrumentation": {
"enableOtel": true
}
}| Field | Required | Description |
|---|---|---|
name |
Yes | Agent name (1-48 chars, alphanumeric + underscore) |
build |
Yes | "CodeZip" or "Container" |
entrypoint |
Yes | Entry file (e.g., main.py or main.py:handler) |
codeLocation |
Yes | Directory containing agent code |
runtimeVersion |
Yes | Runtime version (see below) |
networkMode |
No | "PUBLIC" (default) or "VPC" |
networkConfig |
No | VPC configuration (subnets, security groups) |
protocol |
No | "HTTP" (default), "MCP", or "A2A" |
envVars |
No | Custom environment variables |
instrumentation |
No | OpenTelemetry settings |
authorizerType |
No | "AWS_IAM" or "CUSTOM_JWT" |
authorizerConfiguration |
No | JWT authorizer settings (for CUSTOM_JWT) |
requestHeaderAllowlist |
No | Headers to forward to the agent |
lifecycleConfiguration |
No | Runtime session lifecycle settings (idle timeout, max lifetime) |
executionRoleArn |
No | ARN of an existing IAM execution role (skips CDK-managed role) |
tags |
No | Agent-level tags |
Python:
PYTHON_3_10PYTHON_3_11PYTHON_3_12PYTHON_3_13PYTHON_3_14
Node.js:
NODE_18NODE_20NODE_22
{
"name": "MyMemory",
"eventExpiryDuration": 30,
"strategies": [{ "type": "SEMANTIC" }, { "type": "SUMMARIZATION" }]
}| Field | Required | Description |
|---|---|---|
name |
Yes | Memory name (1-48 chars) |
eventExpiryDuration |
Yes | Days until events expire (7-365) |
strategies |
Yes | Array of memory strategies (can be empty for short-term memory) |
| Strategy | Description |
|---|---|
SEMANTIC |
Vector-based similarity search for relevant context |
SUMMARIZATION |
Compressed conversation history |
USER_PREFERENCE |
Store user-specific preferences and settings |
EPISODIC |
Capture and reflect on meaningful interaction episodes |
Strategy configuration:
{
"type": "SEMANTIC",
"name": "custom_semantic",
"description": "Custom semantic memory",
"namespaceTemplates": ["/users/facts", "/users/preferences"]
}{
"authorizerType": "ApiKeyCredentialProvider",
"name": "OpenAI"
}| Field | Required | Description |
|---|---|---|
authorizerType |
Yes | Always "ApiKeyCredentialProvider" |
name |
Yes | Credential name (1-128 chars) |
{
"authorizerType": "OAuthCredentialProvider",
"name": "MyOAuthProvider",
"discoveryUrl": "https://idp.example.com/.well-known/openid-configuration",
"scopes": ["read", "write"]
}| Field | Required | Description |
|---|---|---|
authorizerType |
Yes | Always "OAuthCredentialProvider" |
name |
Yes | Credential name (1-128 chars) |
discoveryUrl |
Yes | OIDC discovery URL (must be a valid URL) |
scopes |
No | Array of OAuth scopes |
vendor |
No | Credential provider vendor (default: "CustomOauth2") |
managed |
No | Whether auto-created by the CLI (do not edit) |
usage |
No | "inbound" or "outbound" |
The actual secrets (API keys, client IDs, client secrets) are stored in .env.local for local development and in
AgentCore Identity service for deployed environments.
See Evaluations for the full guide.
{
"name": "ResponseQuality",
"level": "SESSION",
"description": "Evaluate response quality",
"config": {
"llmAsAJudge": {
"model": "us.anthropic.claude-sonnet-4-5-20250514-v1:0",
"instructions": "Evaluate the response quality. Context: {context}",
"ratingScale": {
"numerical": [
{ "value": 1, "label": "Poor", "definition": "Fails to meet expectations" },
{ "value": 5, "label": "Excellent", "definition": "Far exceeds expectations" }
]
}
}
}
}| Field | Required | Description |
|---|---|---|
name |
Yes | Evaluator name (1-48 chars, alphanumeric + _) |
level |
Yes | "SESSION", "TRACE", or "TOOL_CALL" |
description |
No | Evaluator description |
config |
Yes | LLM-as-a-Judge configuration (see below) |
| Field | Required | Description |
|---|---|---|
model |
Yes | Bedrock model ID or cross-region inference profile |
instructions |
Yes | Evaluation prompt with placeholders (e.g. {context}) |
ratingScale |
Yes | Either numerical or categorical array (not both) |
Numerical — scored values:
{ "numerical": [{ "value": 1, "label": "Poor", "definition": "..." }, ...] }Categorical — named labels:
{ "categorical": [{ "label": "Pass", "definition": "..." }, ...] }{
"name": "QualityMonitor",
"agent": "MyAgent",
"evaluators": ["ResponseQuality", "Builtin.Faithfulness"],
"samplingRate": 10,
"enableOnCreate": true
}| Field | Required | Description |
|---|---|---|
name |
Yes | Config name (1-48 chars, alphanumeric + _) |
agent |
Yes | Agent name to monitor (must match a project agent) |
evaluators |
Yes | Array of evaluator names, Builtin.* IDs, or evaluator ARNs |
samplingRate |
Yes | Percentage of requests to evaluate (0.01–100) |
description |
No | Config description (max 200 chars) |
enableOnCreate |
No | Enable evaluation on deploy (default: true) |
Gateway and MCP tool configuration is part of agentcore.json (in the agentCoreGateways, mcpRuntimeTools, and
unassignedTargets fields).
{
"name": "MyProject",
"version": 1,
"runtimes": [...],
"agentCoreGateways": [
{
"name": "MyGateway",
"description": "My gateway",
"authorizerType": "NONE",
"targets": [
{
"name": "WeatherTools",
"targetType": "mcpServer",
"endpoint": "https://mcp.example.com/mcp"
}
]
}
]
}| Field | Required | Description |
|---|---|---|
name |
Yes | Gateway name (alphanumeric, hyphens, 1-100 chars) |
description |
No | Gateway description |
targets |
Yes | Array of gateway targets |
authorizerType |
No | "NONE" (default), "AWS_IAM", or "CUSTOM_JWT" |
authorizerConfiguration |
No | Required when authorizerType is "CUSTOM_JWT" (see below) |
{
"authorizerType": "CUSTOM_JWT",
"authorizerConfiguration": {
"customJwtAuthorizer": {
"discoveryUrl": "https://idp.example.com/.well-known/openid-configuration",
"allowedAudience": ["my-api"],
"allowedClients": ["my-client-id"],
"allowedScopes": ["read", "write"]
}
}
}| Field | Required | Description |
|---|---|---|
discoveryUrl |
Yes | OIDC discovery URL (must end with /.well-known/openid-configuration) |
allowedAudience |
Cond. | Array of allowed audience values |
allowedClients |
Cond. | Array of allowed client IDs |
allowedScopes |
Cond. | Array of allowed scopes |
customClaims |
Cond. | Custom claims for JWT validation |
At least one of
allowedAudience,allowedClients,allowedScopes, orcustomClaimsmust be provided.
A target is a backend tool exposed through a gateway. Targets can be external MCP server endpoints or compute-backed implementations.
External MCP server endpoint:
{
"name": "WeatherTools",
"targetType": "mcpServer",
"endpoint": "https://mcp.example.com/mcp"
}External endpoint with outbound auth:
{
"name": "SecureTools",
"targetType": "mcpServer",
"endpoint": "https://api.example.com/mcp",
"outboundAuth": {
"type": "OAUTH",
"credentialName": "MyOAuthProvider",
"scopes": ["tools:read"]
}
}| Field | Required | Description |
|---|---|---|
name |
Yes | Target name |
targetType |
Yes | "mcpServer", "lambda", "openApiSchema", "smithyModel", "apiGateway", or "lambdaFunctionArn" |
endpoint |
Cond. | MCP server URL (required for external mcpServer targets) |
compute |
Cond. | Compute configuration (required for lambda and scaffolded targets) |
toolDefinitions |
Cond. | Array of tool definitions (required for lambda targets) |
outboundAuth |
No | Outbound authentication configuration |
| Field | Required | Description |
|---|---|---|
type |
Yes | "OAUTH", "API_KEY", or "NONE" (default) |
credentialName |
Cond. | Credential name (required when type is not "NONE") |
scopes |
No | OAuth scopes (for "OAUTH" type) |
Payment managers define how agents handle x402 microtransactions. Each manager has one or more connectors that provide wallet credentials. See Payments for the full usage guide.
{
"payments": [
{
"name": "MyManager",
"authorizerType": "AWS_IAM",
"autoPayment": true,
"defaultSpendLimit": "10.00",
"paymentToolAllowlist": ["web_search", "fetch_url"],
"networkPreferences": ["eip155:84532"],
"description": "Production payment manager",
"connectors": [
{
"name": "MyCDPConnector",
"provider": "CoinbaseCDP",
"credentialName": "my-cdp-creds"
}
]
}
]
}| Field | Required | Description |
|---|---|---|
name |
Yes | Manager name (alphanumeric + underscore, max 48, starts with letter) |
authorizerType |
No | "AWS_IAM" (default) or "CUSTOM_JWT" |
authorizerConfiguration |
Cond. | Required when authorizerType is "CUSTOM_JWT" (see below) |
connectors |
Yes | Array of payment connector objects |
autoPayment |
No | Enable automatic payment (default: true) |
defaultSpendLimit |
No | Spend cap (USD) for invoke --auto-session sessions only; not a deployed-agent budget (e.g., "10.00") |
paymentToolAllowlist |
No | Array of tool names eligible for payment |
networkPreferences |
No | Array of network identifiers (e.g., "eip155:84532") |
description |
No | Human-readable description |
{
"authorizerConfiguration": {
"customJWTAuthorizer": {
"discoveryUrl": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_XXXXX/.well-known/openid-configuration",
"allowedClients": ["client-id-1"],
"allowedAudience": ["https://api.example.com"],
"allowedScopes": ["payments:read", "payments:write"]
}
}
}| Field | Required | Description |
|---|---|---|
discoveryUrl |
Yes | OIDC discovery URL |
allowedClients |
No | Array of allowed client IDs |
allowedAudience |
No | Array of allowed audiences |
allowedScopes |
No | Array of allowed scopes |
| Field | Required | Description |
|---|---|---|
name |
Yes | Connector name (alphanumeric + underscore, max 48) |
provider |
No | "CoinbaseCDP" (default) or "StripePrivy" |
credentialName |
Yes | Name of the credential (maps to .env.local vars) |
Payment connectors use a PaymentCredentialProvider credential type, distinct from ApiKeyCredentialProvider and
OAuthCredentialProvider. The credential is automatically created during agentcore deploy from values in
.env.local. You do not need to add it to the credentials array manually.
Deployment target
[
{
"name": "default",
"description": "Production (us-west-2)",
"account": "123456789012",
"region": "us-west-2"
}
]| Field | Required | Description |
|---|---|---|
name |
Yes | Target name (used with --target flag) |
description |
No | Target description |
account |
Yes | AWS account ID (12 digits) |
region |
Yes | AWS region |
See AgentCore Regions for the current list.
Secrets for local development. This file is gitignored.
# API key credentials
AGENTCORE_CREDENTIAL_{projectName}OPENAI=sk-...
AGENTCORE_CREDENTIAL_{projectName}ANTHROPIC=sk-ant-...
AGENTCORE_CREDENTIAL_{projectName}GEMINI=...
# OAuth credentials
AGENTCORE_CREDENTIAL_{projectName}{credentialName}_CLIENT_ID=my-client-id
AGENTCORE_CREDENTIAL_{projectName}{credentialName}_CLIENT_SECRET=my-client-secret
# Payment credentials - CoinbaseCDP (3 variables per connector)
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_API_KEY_ID=your-api-key-id
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_API_KEY_SECRET=your-api-key-secret
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_WALLET_SECRET=your-wallet-secret
# Payment credentials - StripePrivy (4 variables per connector)
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_APP_ID=your-app-id
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_APP_SECRET=your-app-secret
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_AUTHORIZATION_PRIVATE_KEY=your-private-key
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_AUTHORIZATION_ID=your-auth-idEnvironment variable names should match the credential names in your configuration. For payment credentials,
{CREDENTIAL_NAME} is the connector's credentialName uppercased with hyphens replaced by underscores (e.g.,
my-cdp-creds becomes MY_CDP_CREDS). See Payments for details.