Deploying AWS Bedrock AgentCore Agents with Pulumi
AWS Bedrock AgentCore lets you deploy agents as managed containerized runtimes.
This guide shows how to automate this deployment using Pulumi and Docker.
What You'll Deploy
Docker container with your agent code
Amazon ECR to store the image
Bedrock AgentCore Runtime to run your agent
The Setup
- Your Agent Code
# agents/my_agent/api.py
from fastapi import FastAPI
from langchain_openai import ChatOpenAI
import uvicorn
app = FastAPI()
@app.post("/invoke")
def invoke(input_data: dict):
llm = ChatOpenAI(model="gpt-4")
response = llm.invoke(input_data["input"])
return {"output": response.content}
if __name__ == "__main__":
uvicorn.run(app, host="0.0.0.0", port=8080)
- Test Locally
# Set your OpenAI API key
export OPENAI_API_KEY="sk-..."
# Run the agent
python agents/my_agent/api.py
Test with curl:
curl -X POST http://localhost:8080/invoke \
-H "Content-Type: application/json" \
-d '{"input": "Hello, what is AI?"}'
Example response:
{
"output": "AI, or Artificial Intelligence, refers to..."
}
- Dockerfile
FROM --platform=linux/arm64 ghcr.io/astral-sh/uv:python3.13-bookworm-slim
WORKDIR /app
# Copy dependencies
COPY pyproject.toml uv.lock
COPY agents ./agents
# Install dependencies
RUN uv sync --frozen --no-cache
EXPOSE 8080
# Start the agent API
CMD uv run uvicorn agents.my_agent.api:app --host 0.0.0.0 --port 8080
- Build and Push
# Login to ECR
aws ecr get-login-password --region eu-west-1 | \
docker login --username AWS --password-stdin <account>.dkr.ecr.eu-west-1.amazonaws.com
# Build for ARM64
docker buildx build \
--platform linux/arm64 \
-t <account>.dkr.ecr.eu-west-1.amazonaws.com/my-agents:my_agent_v1 \
--load \
.
# Push to ECR
docker push <account>.dkr.ecr.eu-west-1.amazonaws.com/my-agents:my_agent_v1
- Deploy with Pulumi
# __main__.py
import pulumi
import pulumi_aws as aws
# Load config
config = pulumi.Config()
region = config.require("aws_region")
bedrock_role_arn = config.require("bedrock_role_arn")
# Get existing ECR repository
ecr_repo = aws.ecr.get_repository(name="my-agents")
# Build image URI
image_uri = f"{ecr_repo.repository_url}:my_agent_v1"
# Deploy to Bedrock AgentCore
runtime = aws.bedrock.AgentcoreAgentRuntime(
"my_agent_runtime",
agent_runtime_name="my_agent",
agent_runtime_artifact={
"artifact_type": "Docker",
"docker_uri": image_uri,
},
role_arn=bedrock_role_arn,
environment_variables=[
{"name": "AWS_REGION", "value": region},
{"name": "ENV", "value": "production"},
],
)
# Export outputs
pulumi.export("runtime_name", runtime.agent_runtime_name)
pulumi.export("runtime_arn", runtime.arn)
- Configure and Deploy
# Set configuration
pulumi config set aws:region eu-west-1
pulumi config set aws_region eu-west-1
pulumi config set bedrock_role_arn arn:aws:iam::123456:role/AmazonBedrockExecutionRoleForAgents
# Deploy
pulumi up
Important Notes
ARM64 Required: Bedrock AgentCore only supports ARM64 architecture.
Always use --platform linux/arm64.
Runtime Naming Rules:
Must start with a letter
Only alphanumeric characters and underscores
Max 48 characters
IAM Role Permissions:
The Bedrock role needs:
ecr:GetAuthorizationToken
ecr:BatchGetImage
logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents
Viewing Your Agent
Go to AWS Console → Amazon Bedrock AgentCore
Navigate to Agent runtime
Find your runtime in the list
Choose Test endpoint to interact with it
