Streamlining AI Agent Deployment with Amazon Bedrock AgentCore and GitHub Actions

Introduction to Amazon Bedrock AgentCore

Benefits of Amazon Bedrock AgentCore Runtime

Solution Overview

Prerequisites for Using AgentCore Runtime

Step-by-Step Guide to Deploying AI Agents

1. Download Source Code

2. Create Agent Code

3. Set Up GitHub Secrets

4. Create IAM Roles and Policies

5. Create the GitHub Actions Workflow

6. Trigger and Monitor the Pipeline

7. Test the Agent

Managing Versioning and Endpoints

Clean-Up Procedure

Conclusion

About the Authors

Automating AI Agent Deployment with Amazon Bedrock AgentCore and GitHub Actions

In a rapidly evolving technological landscape, the demand for efficient and secure deployment of AI agents is more critical than ever. Recently, AWS unveiled Amazon Bedrock AgentCore, a versatile service designed to help developers effortlessly create and manage AI agents across various frameworks and hosting environments. This announcement includes AgentCore Runtime, a unique serverless solution that allows for smooth deployment and operation of AI agents, regardless of the underlying framework.

What is Amazon Bedrock AgentCore Runtime?

AgentCore Runtime offers developers a secure and flexible environment for deploying AI agents while supporting popular frameworks such as LangGraph, Strands, and CrewAI. With features like automatic scaling and built-in security measures, the AgentCore Runtime stands out as an ideal choice for production deployments.

Key Benefits:

• Framework Agnostic: Easily integrate diverse models, including those from Amazon Bedrock and Anthropic Claude.
• Session Isolation: Each user session operates within a dedicated microVM, ensuring isolated resources for enhanced security.
• Support for Long-running Workloads: Handle interactions that require sustained engagement, lasting up to 8 hours.
• Built-in Authentication and Observability: Monitor agent activity and secure interactions seamlessly.

Solution Overview

In this post, we will explore a CI/CD pipeline using GitHub Actions to automate the deployment of AI agents on AgentCore Runtime. This approach leverages AWS best practices to provide continuous integration and delivery (CI/CD) with enterprise-level security controls, making the deployment process efficient, secure, and scalable.

Architecture Overview

The pipeline includes key components and flows, as highlighted below:

1. Code Commit: Developers commit code changes to GitHub.
2. GitHub Actions Trigger: A manual trigger initiates the deployment, although automation is possible.
3. Build Stage: GitHub Actions builds the agent container image directly from the Dockerfile.
4. Security Checks: AWS Inspector performs security scans during image uploads.
5. Deployment: An AgentCore Runtime instance is created, allowing the agent to interact with the Amazon Bedrock model.

Step-by-Step Deployment Guide

Prerequisites

Ensure you have the following prerequisites set up before attempting to deploy agents on AgentCore Runtime.

Clone the Source Code

Clone the provided GitHub repository:

git clone https://github.com/aws-samples/sample-bedrock-agentcore-runtime-cicd.git

The directory structure consists of several components, including workflows, agents, and scripts for deployment.

Create Your Agent Code

Utilize the AgentCore Runtime toolkit to craft your agent. The toolkit employs BedrockAgentCoreApp as a foundational concept for encapsulating the agent code. The following code snippet from agents/strands_agent.py demonstrates how to create a simple calculator agent using the Strands framework.

from bedrock_agentcore.runtime import BedrockAgentCoreApp
from strands import Agent
from strands.models import BedrockModel
from strands_tools import calculator

app = BedrockAgentCoreApp()
model_id = "us.anthropic.claude-sonnet-4-20250514-v1:0"

@app.entrypoint
def strands_agent_bedrock(payload):
    user_input = payload.get("prompt")
    response = agent(user_input)
    return response.message["content"][0]["text"]

Set Up GitHub Secrets

To securely access AWS resources, configure GitHub secrets by navigating to your repository settings. This step is crucial for enabling OIDC access without long-lived AWS credentials.

Create IAM Roles and Policies

You will need an IAM execution role that allows the agent to carry out necessary actions. Below is an example trust policy you can use for configuring IAM roles for AgentCore Runtime.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "bedrock-agentcore.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Create the GitHub Actions Workflow

The CI/CD workflow file (located in .github/workflows/deploy-agentcore.yml) orchestrates the deployment lifecycle. Key actions include dependency installation, Docker image building, security scanning, and endpoint deployment.

Trigger and Monitor Your Pipeline

You can manually trigger this pipeline through code changes in the agents folder or the workflow dispatch option. Adjustments can be made in the .github/workflows/deploy-agentcore.yml file to align with your organizational needs.

Test the Agent

Post-deployment, you can verify the functionality by running the Test Agent workflow manually through the workflow dispatch option.

Versioning and Endpoint Management

Amazon Bedrock AgentCore provides automatic versioning for the runtime environment, enabling easy management of different agent configurations through dedicated endpoints.

Clean Up

To avoid incurring unwanted charges, make sure to delete the deployed ECR images and the agent instances from AgentCore Runtime.

Conclusion

In conclusion, this guide outlines a robust strategy to streamline AI agent deployment on Amazon Bedrock AgentCore Runtime using GitHub Actions. This solution implementation addresses critical enterprise demands for security, efficiency, and scalability. By automating critical steps, developers can focus on enhancing agent logic rather than infrastructure complexities.

Next Steps

Explore Amazon Q to further refine and optimize your AI agent deployment pipeline, enhancing your CI/CD processes with advanced automation capabilities.

About the Authors

Prafful Gupta is an Associate Delivery Consultant at AWS with expertise in DevOps and Generative AI solutions. You can connect with him on LinkedIn.

Anshu Bathla is a Lead Consultant at AWS, specializing in security infrastructure. You can reach out to him on LinkedIn.

Implementing automated and secure CI/CD pipelines for AI agent deployment allows businesses to harness the transformative power of generative AI efficiently. Leverage Amazon Bedrock AgentCore to take your AI capabilities to the next level!