Deploy AI agents on Amazon Bedrock AgentCore using GitHub Actions

by
0 comments
Deploy AI agents on Amazon Bedrock AgentCore using GitHub Actions

Recently, AWS announced Amazon Bedrock AgentCore, a flexible service that helps developers intuitively create and manage AI agents across different frameworks and models, whether they are hosted on Amazon Bedrock or other environments. Specifically, AgentCore Runtime provides a secure, serverless, and purpose-built hosting environment to deploy and run AI agents or tools. AgentCore is runtime framework agnostic, working seamlessly with popular frameworks like Langgraph, Strands, and CrewAI to deploy your AI agents and tools with automatic scaling and built-in security.

This post demonstrates how to use a GitHub Actions Workflow to automate the deployment of AI agents on AgentCore Runtime. The approach provides a scalable solution with enterprise-level security controls, providing full continuous integration and delivery (CI/CD) automation. A comprehensive pipeline enables seamless agent deployments following AWS best practices, including OpenID Connect (OIDC) authentication, least-privilege access controls, and environmental separation. Our solution facilitates efficient updates to existing agents and integrates continuous security scans and rigorous code quality checks. The result is a robust deployment strategy that helps reduce operational complexity, increase security, and accelerate AI agent development in enterprise environments.

Benefits of Amazon Bedrock AgentCore Runtime

AgentCore Runtime is the ideal service for production agent deployments:

  • Provides a framework-agnostic environment to run agents
  • Works with large language models (LLMs) such as those offered by Amazon Bedrock and Anthropic Claude
  • Provides session isolation by running each user session in a dedicated microVM with isolated CPU, memory, and file system resources
  • Supports both real-time conversations and long-running workloads up to 8 hours
  • Provides built-in capabilities for authentication and observation

Solution overview

The solution is a comprehensive CI/CD pipeline built with GitHub Actions that streamlines agent deployment in line with security standards. It is provided as a ready-to-use solution that integrates with an existing development workflow. The solution includes the following key components:

The following figure shows the architecture for the solution.

Data flow consists of the following steps:

  1. A developer commits code changes from his local repository to the GitHub repository. In this solution, the GitHub action is triggered manually, but it can be automated.
  2. The GitHub action triggers the build phase.
  3. GitHub’s OIDC uses tokens to authenticate with AWS and access resources.
  4. GitHub Actions invokes commands to build and push the agent container image from the Dockerfile directly to Amazon ECR.
  5. AWS Inspector triggers an advanced security scan when an image is uploaded.
  6. An AgentCore runtime instance is created using the container image.
  7. The agent can further query the Amazon Bedrock model and invoke tools according to its configuration.

The following sections walk through the steps to deploy the solution:

  1. Download the source code from the GitHub repo.
  2. Create your agent code.
  3. Set up a GitHub secret.
  4. Create an IAM role and policies.
  5. Create a GitHub Actions workflow.
  6. Trigger and monitor the pipeline.
  7. Verify deployment.

Prerequisites

Before you can use our secure CI/CD pipeline to deploy agents to the AgentCore runtime, verify that you have the following conditions:

Download the source code

Clone the source code repository: bedrock-agentcore-runtime-cicd

git clone https://github.com/aws-samples/sample-bedrock-agentcore-runtime-cicd.git

The repository folder has the following structure:

bedrock-agentcore-runtime-cicd/
├── .github/
│   └── workflows/
│       └── deploy-agentcore.yml         # file contains the set of action to build and deploy the agent on AgentCore Runtime
│       └── test-agent.yml               # after deployment this file is used to test agent via manual workflow dispatch
├── agents/
│   ├── strands_agent.py                 # uses BedrockAgentCoreApp app that creates an AI agent using the Strands framework with Claude as the underlying model
│   ├── requirements.txt                 # contains dependencies 
├── scripts
│   ├── create_iam_role.py               # IAM role required for Bedrock AgentCore Runtime
│   ├── deploy_agent.py                  # deploys a custom agent to AWS Bedrock's AgentCore Runtime platform, which allows you to run containerized AI agents on AWS infrastructure 
│   └── setup_oidc.py                    # OIDC setup for Github Authentication and Authorization to access AWS account to deploy required services
│   └── cleanup_ecr.py                   # keeps 9 recent images in ECR registry, can be customized
│   └── create_guardrail.py              # setup minimum guardrail for content filtering, can be customized according to use case
│   └── test_agent.py                    # contains test cases
└── Dockerfile                           # contain instructions to build Docker image
└── README.md

Create the agent code

Build your agent with the framework of your choice using the AgentCore Runtime Toolkit. The toolkit uses BedrockAgentCoreApp to build an application that provides a standardized way to package your AI agent code into a container that can run on the AgentCore Runtime managed infrastructure. It also uses app.entrypointA Python decorator that marks a function as the main entry point. When an Amazon Bedrock agent receives an incoming API request, this function fetches and processes the user’s request. In this sample agent code, when someone calls your Amazon Bedrock agent using the API, the AgentCore runtime will automatically call the strands_agent_bedrock(payload) function.

In this post, we use agents/strands_agent.py File to create an agent using the Strands Agents Framework:

"""
This module defines a conversational AI agent that can perform calculations
using the Strands framework.
"""
from bedrock_agentcore.runtime import BedrockAgentCoreApp
from strands import Agent
from strands.models import BedrockModel
from strands_tools import calculator
# Initialize the Bedrock AgentCore application
app = BedrockAgentCoreApp()
# Configure the Claude model for the agent with guardrail
model_id = "us.anthropic.claude-sonnet-4-20250514-v1:0"
# Load guardrail ID if available
guardrail_config = None
try:
    with open("guardrail_id.txt", "r", encoding="utf-8") as f:
        guardrail_id = f.read().strip()
        if guardrail_id:
            guardrail_config = {
                "guardrailIdentifier": guardrail_id,
                "guardrailVersion": "1",
            }
            print(f"Loaded guardrail: {guardrail_id}")
except FileNotFoundError:
    print("No guardrail file found - running without guardrail")
model = BedrockModel(model_id=model_id, guardrail=guardrail_config)
# Create the agent with tools and system prompt
agent = Agent(
    model=model,
    tools=(calculator),
    system_prompt="You're a helpful assistant. You can do simple math calculation.",
)
@app.entrypoint
def strands_agent_bedrock(payload):
    """
    Main entrypoint for the Bedrock AgentCore Runtime.
    This function is called by AWS Bedrock AgentCore when the agent receives
    a request. It processes the user input and returns the agent's response.
    Args:
        payload (dict): Request payload containing user input
                       Expected format: {"prompt": "user question"}
    Returns:
        str: The agent's text response to the user's prompt
    """
    # Extract the user's prompt from the payload
    user_input = payload.get("prompt")
    # Process the input through the agent (handles tool selection and model inference)
    response = agent(user_input)
    # Extract and return the text content from the response
    return response.message("content")(0)("text")
if __name__ == "__main__":
    # Run the application locally for testing
    # In production, this is handled by Bedrock AgentCore Runtime
    app.run()

Set GitHub Secret

The GitHub Actions workflow must access the resources in your AWS account. In this post, we use the IAM OpenID Connect identity provider and IAM roles with IAM policies to access AWS resources. OIDC lets your GitHub Actions workflows access resources in AWS without the need to store AWS credentials as long-lived GitHub secrets. These credentials are stored as GitHub secrets in your GitHub repository settings. For more information see Using secrets in GitHub actions.

Create IAM roles and policies

Running agents or tools in the AgentCore Runtime requires an IAM execution role. For information about creating an IAM role, see Creating an IAM role.

The steps below create the required trust policy and execution role for the AgentCore runtime. See IAM Permissions for AgentCore Runtime for more details.

The following code is for the AgentCore runtime trust policy:

{
  "Version": "2012-10-17",
  "Statement": (
    {
      "Sid": "AssumeRolePolicy",
      "Effect": "Allow",
      "Principal": {
        "Service": "bedrock-agentcore.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
            "StringEquals": {
                "aws:SourceAccount": "accountId"
            },
            "ArnLike": {
                "aws:SourceArn": "arn:aws:bedrock-agentcore:region:accountId:*"
            }
       }
    }
  )
}

The following code is for the AgentCore runtime execution role:

{
        "Version": "2012-10-17",
        "Statement": (
            {
                "Effect": "Allow",
                "Action": (
                    "bedrock:InvokeModel",
                    "bedrock:InvokeModelWithResponseStream",
                    "bedrock:Converse",
                    "bedrock:ConverseStream"
                ),
                "Resource": (
                    "arn:aws:bedrock:*::foundation-model/us.anthropic.claude-sonnet-4-*",
                    "arn:aws:bedrock:*::foundation-model/anthropic.claude-*",
                    "arn:aws:bedrock:*:*:inference-profile/us.anthropic.claude-sonnet-4-*",
                    "arn:aws:bedrock:*:*:inference-profile/anthropic.claude-*"
                )
            },
            {
                "Effect": "Allow",
                "Action": (
                    "ecr:GetAuthorizationToken",
                    "ecr:BatchCheckLayerAvailability",
                    "ecr:GetDownloadUrlForLayer",
                    "ecr:BatchGetImage"
                ),
                "Resource": "arn:aws:ecr:::repository/bedrock-agentcore-*"
            },
            {
                "Effect": "Allow",
                "Action": (
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents"
                ),
                "Resource": "arn:aws:logs:*:*:*"
            }
        )
    }

Create GitHub Actions workflow

View the CI/CD workflow file here .github/workflows/deploy-agentcore.yml For details on creating a workflow. The following steps will be executed by the workflow:

  • It uses the default Ubuntu Github runner for a given task in the pipeline.
  • Installs the required dependencies mentioned in the workflow requirement.txt file.
  • It creates the Docker image and deploys it to the ECR repository.
  • The image has been scanned with Amazon Inspector to identify potential vulnerabilities.
  • AgentCore deploys the runtime agent as an endpoint.
  • Tests the agent endpoint to verify workflow functionality.

Trigger and Monitor Pipeline

This pipeline can be triggered by changing a code in the agent folder or manually using the workflow dispatch option. This may further change depending on your organization’s branch strategy. update code in .github/workflows/deploy-agentcore.yml To change this trigger behavior.

line pipe

detailed steps

testing agent

Once the agent is deployed, we will verify its functionality by triggering testing agent Workflow manually through workflow dispatch option.

test agent pipeline

testing agent

AgentCore runtime version and endpoint

Amazon Bedrock AgentCore implements automated versioning for the AgentCore runtime and lets you manage various configurations using endpoints. Endpoints provide a way to reference specific versions of the AgentCore runtime. For more details and sample code, see AgentCore runtime versions and endpoints.

Cleanup

To avoid future charges, complete the following steps:

  1. Delete ECR images from Amazon ECR console created through deployment using GitHub Actions.
  2. Delete an agent deployed in the AgentCore runtime.

Limitations and what to watch

A few caveats are worth noting. Amazon Bedrock AgentCore was a relatively new AWS service at the time of writing, so its APIs, quotas and supported features may change; the current AWS documentation should be treated as the source of truth. Stated capabilities such as session isolation in dedicated microVMs and workloads running up to eight hours reflect AWS’s own descriptions and may vary by region and configuration. Running agents on AgentCore, storing container images in Amazon ECR and executing GitHub Actions all incur costs, which is why the cleanup steps matter. Finally, the security posture of any CI/CD pipeline depends on how IAM roles, OIDC trust policies and repository secrets are scoped in practice — the template reduces friction but does not remove the need for careful review.

Conclusion

This post has demonstrated a comprehensive approach to using GitHub Actions for more secure and scalable deployment of AI agents on AgentCore Runtime. The solution provides a robust, automated, and controlled environment for generative AI applications, solving critical enterprise deployment challenges by automating dependency management, implementing continuous code quality checks, performing comprehensive vulnerability scanning, and facilitating consistent deployment processes. By removing infrastructure complexities, this pipeline helps developers focus on agent logic and functionality, while providing a framework-agnostic approach that supports seamless management of multiple AI agents at scale. As AI agents continue to transform enterprise capabilities, this solution represents a significant step toward streamlining AI agent development and operational management, offering a standardized, secure, and efficient deployment mechanism for modern generative AI applications.

As a next step, you can use Amazon Q to intelligently enhance and optimize your AI agent deployment pipeline, transforming your CI/CD processes with advanced, context-aware automation.


About the authors

Praful Gupta is an Associate Delivery Consultant at AWS based in Gurugram, India. Having started his professional journey with Amazon a year ago, he specializes in DevOps and generative AI solutions, helping customers with their cloud transformation. Outside of work, he enjoys networking with fellow professionals and spending time with family. Connect on LinkedIn here: linkedin.com/in/prafffulgupta11/

Anshu Bathla is a Consultant – SRC at AWS, based in Gurugram, India. He works with clients across a range of verticals to help strengthen their security infrastructure and meet their security goals. Outside of work, Anshu enjoys reading and gardening. Connect on LinkedIn here: http://linkin.com/in/anshu-bathla/

Related Articles