AWS AgentCore Agentic AI Bedrock CLI

Deploy an AI Agent in Minutes with AgentCore Managed Harness

No orchestration code. No infrastructure yak-shaving. Just a config file, the agentcore CLI, and a working agent on AWS in minutes. Here's exactly how I built it — screenshots, harness.json, deploy output, and all. Plus: what the new Agent Toolkit for AWS means for builders.

VR
Vishnu Rachapudi
Cloud & AI Engineer · AWS Community Builder (Security)
May 2026 12 min read
3 API calls to live
0 Lines of orch. code
~5 min Prototype to deploy
1 Terminal to rule them all

I've been tracking the AgentCore story since re:Invent 2025. When AWS dropped the Managed Harness (preview) on April 22, 2026, I dropped what I was doing and spent an evening building with it. What follows is that evening, documented.

If you've ever tried to stand up an agent from scratch — orchestration loop, compute, sandboxing, auth, persistent storage, tool wiring — you know it easily burns a day before your agent does anything useful. The managed harness eliminates that entirely.

In this post
  1. What is AgentCore Managed Harness — and why it matters
  2. The AgentCore CLI — one terminal to build, deploy, operate
  3. Hands-on: creating a project and harness from scratch
  4. Adding tools — AgentCore Browser + more
  5. Deploy to AWS — what happens under the hood
  6. Bonus: Agent Toolkit for AWS — what it is and why you care
  7. My takeaways
Section 01

What is AgentCore Managed Harness?

In AgentCore, a harness is the orchestration foundation that turns a model into a running agent. It bundles: the agent loop (reason → select tool → act → respond), compute isolation, tool connections, memory, identity, networking, and observability.

Before the managed harness, you had to write all of this yourself — even with the AgentCore SDK. The managed harness is AWS providing that plumbing as a managed offering. You declare the model, system prompt, and tools as config. A working agent is the result.

What the managed harness owns
🔁
Full agent loop
Reasoning, tool selection, action execution, and streaming — managed end-to-end.
🖥️
Isolated microVM
Each session gets its own microVM with filesystem and shell access.
🔌
Tool wiring
Browser, code interpreter, MCP, gateway — plug in via config, not code.
🧠
Memory
Persistent context across sessions when enabled. Named memory resource.
🌐
VPC & auth
IAM, custom JWT, VPC placement — all optional config in the harness.
📦
Session storage
Mount a persistent path (e.g. /mnt/data) for session-level filesystem.
Availability: Managed harness (preview) is live in US West (Oregon), US East (N. Virginia), Asia Pacific (Sydney), and Europe (Frankfurt). The CLI and persistent filesystem are available in all commercial AgentCore regions. No additional charge for CLI, harness, or skills — you pay only for compute consumed.
Section 02

The AgentCore CLI — one terminal to build, deploy, operate

Before the CLI, deploying an agent meant stepping outside your dev environment entirely. Now everything lives in one terminal. The help output shows the full picture:

terminal — agentcore --help
vishnu@user:~$ agentcore version

Build and deploy Agentic AI applications on AgentCore

Commands:
add Add resources to project config
dev|d Launch local dev server, or invoke locally
deploy|dp Deploy project infrastructure to AWS via CDK
create Create a new AgentCore project
invoke|i Invoke a deployed agent endpoint
logs|l Stream or search agent runtime logs
traces|t View and download agent traces
run Run evaluations, batch evals, or optimization recommendations
status|s Show deployed resource details and status
fetch Fetch access info for deployed resources
evals View saved eval results from past runs
update Check for and install CLI updates

The add command supports a rich menu of resources — harnesses, agents, memory, credentials, evaluators, gateways, A/B tests (preview), and config bundles.

Section 03

Hands-on: creating a project from scratch

Step 1 — Create the project

I started with agentcore create. The flag --session-storage-mount-path mounts a persistent volume at /mnt/data inside the agent's microVM — useful when your agent needs to read/write files across turns.

terminal — agentcore create
vishnu@user:~$ agentcore create --name myawssol --model-provider bedrock --session-storage-mount-path /mnt/data
[done] Create myawssol/ project directory
[done] Prepare agentcore/ directory
[done] Initialize git repository
[done] Add harness to project

Created:
myawssol/
agentcore/ Config and CDK project
app/myawssol/ Harness config

Harness project created successfully!

To continue:
cd myawssol
agentcore deploy

Step 2 — Inspect the generated harness.json

The project scaffold drops a harness.json and a system-prompt.md in app/myawssol/. Everything about your agent is declared here.

app/myawssol/harness.json
vishnu@user:~/myawssol/app/myawssol$ cat harness.json
{
"name": "myawssol",
"model": {
"provider": "bedrock",
"modelId": "global.anthropic.claude-sonnet-4-6"
},
"tools": [],
"skills": [],
"memory": {
"name": "myawssolMemory"
},
"sessionStoragePath": "/mnt/data"
}

Clean. The model is Claude Sonnet 4.6 on Bedrock (global inference profile). Memory is enabled by default — the harness will create a named memory resource to carry context across sessions. Session storage is mounted at /mnt/data.

Configuring the harness interactively with agentcore add

You can also build the harness interactively. The agentcore add wizard walks you through name → model provider → custom environment → memory → advanced settings → confirm.

terminal — agentcore add → Add Resource
vishnu@user:~/myawssol$ agentcore add

Add Resource

❯ Harness Managed config-based agent loop, no code required
Agent Deploy an HTTP, MCP, A2A, or AG-UI agent
Memory Persistent context storage
Credential API key credential providers
Evaluator Custom LLM-as-a-Judge evaluator
Online Eval Config Continuous evaluation pipeline
Gateway Route and manage gateway targets
AB Test [preview] Compare agent configurations with traffic splitting

The wizard walks through each option. The Advanced settings step is where things get interesting:

terminal — Advanced settings (optional)
Advanced settings (optional)
Configure tools, network, lifecycle, execution limits, truncation, or session storage

❯ [ ] Tools Add browser, code interpreter, MCP, or gateway tools
[ ] Authentication Inbound auth: AWS_IAM or Custom JWT
[ ] Network Deploy inside a VPC with custom subnets and security groups
[ ] Lifecycle Set idle timeout and max session lifetime
[ ] Execution limits Cap iterations, tokens, and per-turn timeout
[ ] Truncation Choose how context is managed when it exceeds limits
[ ] Session Storage Mount persistent storage for session data
Section 04

Adding tools to the harness

I added the AgentCore Browser tool — this gives the agent the ability to navigate web pages, extract content, and interact with UIs. One command:

terminal — agentcore add tool
vishnu@user:~/myawssol$ agentcore add tool --harness myawssol --type agentcore_browser --name browser
Added tool 'browser' to harness 'myawssol'.
Run 'agentcore deploy' to apply changes.

This appended the tool entry to harness.json:

"tools": [
  {
    "type": "agentcore_browser",
    "name": "browser"
  }
]

No SDK import. No handler registration. No Lambda function. Just config.

Other available tool types you can wire in the same way:

  • agentcore_code_interpreter — sandboxed code execution inside the microVM
  • agentcore_gateway — route calls through an AgentCore gateway
  • remote_mcp_server — attach any MCP server endpoint as a tool
Section 05

Deploy — what happens under the hood

From the project root, agentcore deploy handles everything. It calls CDK behind the scenes but you never see CloudFormation directly unless you want to.

terminal — agentcore deploy
vishnu@user:~/myawssol$ agentcore deploy

AgentCore Deploy

Validate project
Check dependencies
Build CDK project
Synthesize CloudFormation
Check stack status
Computing diff changes...
Publish assets
Deploy to AWS

Log: agentcore/.cli/logs/deploy/deploy-20260526-201234.log

Esc back · Ctrl+C quit

The deploy pipeline: validate → CDK synth → CloudFormation diff → publish assets → deploy to AWS. The agent endpoint URL, IAM role ARN, and session storage path are all available after deploy via agentcore fetch or agentcore status.

1
agentcore create
Scaffolds project directory, CDK config, and a starter harness.json with model + memory + session storage.
2
Edit harness.json + system-prompt.md
Declare your model, tools, memory, and system instructions. No orchestration code.
3
agentcore add tool (optional)
Browser, code interpreter, MCP, or gateway tools added via CLI. Config updated automatically.
4
agentcore deploy
CDK synthesize → CloudFormation diff → deploy. Agent endpoint live in minutes.
5
agentcore invoke / logs / traces
Test from the same terminal. Stream logs. View traces. No context-switching.
Section 06

Bonus: Agent Toolkit for AWS

A week after the managed harness dropped, AWS announced another piece: the Agent Toolkit for AWS (May 2026). This is the successor to the MCP servers, plugins, and skills that lived on AWS Labs.

One-line summary: Agent Toolkit for AWS is a production-ready suite of tools and guidance that helps AI coding agents build on AWS with fewer errors, lower token costs, and enterprise-grade security controls. It is free — you pay only for the resources consumed.

It's composed of three things:

🌐
AWS MCP Server (GA)
A fully-managed, remote MCP server that gives any coding agent (Kiro, Claude Code, Cursor, Codex) secure, IAM-governed access to all AWS services — plus documentation search so agents always have current knowledge even for services launched after their training cutoff.
🔌
Agent Plugins
Bundles of the MCP server + curated skills in a single install. Three plugins at launch: AWS Core (full-stack apps), AWS Data Analytics (pipelines + BI), and AWS Agents (building with AgentCore).
📚
Curated Skills
Encoding of AgentCore best practices directly into your coding agent. Fewer wrong turns on a platform that evolves fast. Agents get recommendations aligned with how the platform is actually meant to be used — not just which API endpoints exist.

Why this matters for AgentCore builders

The AWS Agents plugin is the key one for anyone using the managed harness. Point Kiro, Claude Code, or Cursor at it and your coding agent now understands AgentCore structure, best practices, harness config patterns, and CDK/CloudFormation implications — in context, at generation time.

Combined with the managed harness: you describe what you want in plain language to your coding agent, it generates a valid harness.json + system prompt aligned with AWS conventions, and agentcore deploy ships it. The time from idea to running agent continues to compress.

Quick start: Browse available skills and plugins on GitHub at github.com/aws/agent-toolkit-for-aws or visit the quick start guide linked from the AWS announcement.
Section 07

My takeaways

I've been building with Bedrock agents, Strands, and AgentCore for a while now. Here's where the managed harness sits in that progression from my perspective:

  • The infrastructure tax is real — Every team building agents I've spoken to loses days to the same setup: compute, auth, tool wiring, session state. The harness eliminates that first hill entirely.
  • Config as the contract — harness.json is your entire agent definition. Model, tools, memory, storage, networking. Versioned in git. Reviewable. Diffable. This is the right abstraction.
  • The escape hatch is critical — When you need full control, you can export the harness orchestration as Strands-based Python code. You're never locked into the managed abstraction.
  • One terminal is underrated — Before this, switching between my editor, AWS Console, CDK, and a separate deploy pipeline was constant friction. agentcore dev, agentcore deploy, agentcore invoke, agentcore logs — same terminal, same context.
  • Agent Toolkit closes the loop — The coding agent that helps you write the harness config can now be equipped with current, curated knowledge of the harness itself. That's a flywheel.

We're in an era where the time from "I have an agent idea" to "I have a working agent in production" is measured in minutes, not days. This release is a meaningful part of that shift.

If you're building on AWS with Bedrock and haven't touched AgentCore's managed harness yet — spin up the CLI, run agentcore create, and see how far you get before dinner.

Links: AgentCore Harness Docs · Agent Toolkit for AWS · More posts on Dev.to
Written by Vishnu Rachapudi
14x AWS Certified · Cloud & AI Engineer at SUDO Consultants · AWS Community Builder (Security)
Dev.to LinkedIn All posts