Serverless AI agent using Strands SDK and AgentCore Gateway MCP with Bedrock, featuring Cognito JWT auth and end-to-end user context propagation.
The user authenticates with Amazon Cognito and receives a JWT access token.
The JWT is passed to an Agent Lambda which uses the Strands Agents SDK to create an AI agent backed by Amazon Bedrock (us.anthropic.claude-sonnet-4-6).
The Strands Agent connects to an AgentCore Gateway MCP endpoint, dynamically discovering available tools via the MCP tools/list protocol.
The AgentCore Gateway validates the JWT token using a CUSTOM_JWT authorizer backed by Cognito.
A Request Interceptor Lambda extracts JWT claims (user_id, username, client_id) and injects them as user_context into the MCP tool arguments.
The Tool Lambda executes AWS operations (e.g. S3 ListBuckets) with full user attribution, ensuring every action is traceable to the originating user.
The Strands SDK handles the full agentic loop: tool discovery, Claude tool selection, MCP tool execution, and response formatting — all in a single agent() call.
< Back to all patterns
Clone repo
git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/strands-agentcore-lambdaDeploy
python3 infrastructure/deploy_stack.pypython3 deploy_all.pypython3 create_cognito_user.pypython3 test_e2e_flow.pyTesting
See the README for detailed testing and end-to-end validation instructions.
Cleanup
aws cloudformation delete-stack --stack-name serverless-ai-agent-gateway-test --region us-east-1
Created by:
