feat: Move AgentCore Gateways to CFN stack

Author: clareliguori

DEVELOP.md

@@ -175,16 +175,6 @@ uv pip install -r requirements.txt
 cdk deploy --app 'python3 cdk_stack.py'
 ```
 
-Then, deploy the Bedrock AgentCore Gateway:
-
-```bash
-cd gateway_setup/
-
-uv pip install -r requirements.txt
-
-python setup_gateway.py
-```
-
 #### Deploy dictionary MCP server
 
 Deploy the Lambda 'dictionary' function - the deployed function will be named "mcp-server-dictionary".
@@ -201,16 +191,6 @@ npm run build
 cdk deploy --app 'node lib/dictionary-mcp-server.js'
 ```
 
-Them, deploy the Bedrock AgentCore Gateway:
-
-```bash
-cd gateway_setup/
-
-npm install
-
-npm run setup
-```
-
 #### Deploy zen MCP server
 
 Deploy the 'zen' Bedrock AgentCore Gateway.
@@ -220,7 +200,7 @@ cd examples/servers/zen/
 
 uv pip install -r requirements.txt
 
-python setup_gateway.py
+cdk deploy --app 'python3 cdk_stack.py'
 ```
 
 #### Deploy the mcpdoc MCP server

README.md

@@ -49,7 +49,7 @@ Each Lambda function invocation will:
 This library supports connecting to Lambda-based MCP servers in four ways:
 
 1. The [MCP Streamable HTTP transport](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#streamable-http), using Amazon API Gateway. Typically authenticated using OAuth.
-1. The MCP Streamable HTTP transport, using Amazon Bedrock AgentCore Gateway (currently in Preview). Authenticated using OAuth.
+1. The MCP Streamable HTTP transport, using Amazon Bedrock AgentCore Gateway. Authenticated using OAuth.
 1. A custom Streamable HTTP transport with support for SigV4, using a Lambda function URL. Authenticated with AWS IAM.
 1. A custom Lambda invocation transport, using the Lambda Invoke API directly. Authenticated with AWS IAM.
 

e2e_tests/clean_up_integ_test.sh

@@ -23,12 +23,9 @@ cdk destroy --force --app 'python3 cdk_stack.py'
 
 cd ../book-search
 cdk destroy --force --app 'python3 cdk_stack.py'
-cd gateway_setup/
-python teardown_gateway.py
-cd ../
 
 cd ../zen
-python teardown_gateway.py
+cdk destroy --force --app 'python3 cdk_stack.py'
 
 cd ../weather-alerts
 cdk destroy --force --app 'node lib/weather-alerts-mcp-server.js'
@@ -41,7 +38,3 @@ cdk destroy --force --app 'node lib/dog-facts-mcp-server.js'
 
 cd ../dictionary
 cdk destroy --force --app 'node lib/dictionary-mcp-server.js'
-cd gateway_setup/
-npm install
-npm run teardown
-cd ../

e2e_tests/run_integ_test.sh

@@ -33,15 +33,11 @@ cdk deploy --app 'python3 cdk_stack.py' --require-approval never
 cd ../book-search
 uv pip install -r requirements.txt
 cdk deploy --app 'python3 cdk_stack.py' --require-approval never
-cd gateway_setup/
-uv pip install -r requirements.txt
-python setup_gateway.py
-cd ../
 
 # Deploy Python-based zen MCP server
 cd ../zen
 uv pip install -r requirements.txt
-python setup_gateway.py
+cdk deploy --app 'python3 cdk_stack.py' --require-approval never
 
 ######## Deploy Typescript-based example MCP servers ########
 
@@ -77,10 +73,6 @@ npm ci
 npm link @aws/run-mcp-servers-with-aws-lambda
 npm run build
 cdk deploy --app 'node lib/dictionary-mcp-server.js' --require-approval never
-cd gateway_setup/
-npm install
-npm run setup
-cd ../
 
 # Configure integ tests
 cd ../../../e2e_tests/

examples/servers/book-search/README.md

@@ -15,12 +15,6 @@ specification for the [Open Library Search API](https://openlibrary.org/dev/docs
 uv pip install -r requirements.txt
 
 cdk deploy --app 'python3 cdk_stack.py'
-
-cd gateway_setup/
-
-uv pip install -r requirements.txt
-
-python ./setup_gateway.py
 ```
 
 See the [development guide](/DEVELOP.md) for full instructions to deploy and run the examples in this repository.

examples/servers/book-search/cdk_stack.py

@@ -5,8 +5,10 @@
     DockerVolume,
     Duration,
     Environment,
+    Fn,
     RemovalPolicy,
     Stack,
+    aws_bedrockagentcore as bedrockagentcore,
     aws_iam as iam,
     aws_lambda as lambda_,
     aws_lambda_python_alpha as lambda_python,
@@ -15,6 +17,7 @@
 from cdk_nag import AwsSolutionsChecks
 from constructs import Construct
 import jsii
+import json
 import os
 
 
@@ -88,12 +91,75 @@ def __init__(
             ),
         )
 
+        # Load tools configuration
+        with open(os.path.join(os.path.dirname(__file__), "gateway-tools-list.json"), "r") as f:
+            tools_config = json.load(f)
+
+        # Get gateway name with length limit
+        gateway_name = f"LambdaMcpServer-BookSearch-Gateway{stack_name_suffix}"
+        if len(gateway_name) > 48:
+            gateway_name = gateway_name[:48].rstrip('-')
+
+        gateway = bedrockagentcore.CfnGateway(
+            self,
+            "Gateway",
+            name=gateway_name,
+            role_arn=f"arn:aws:iam::{self.account}:role/mcp-lambda-example-agentcore-gateways",
+            protocol_type="MCP",
+            authorizer_type="CUSTOM_JWT",
+            authorizer_configuration={
+                "customJwtAuthorizer": {
+                    "allowedClients": [
+                        Fn.import_value("LambdaMcpServer-Auth-InteractiveOAuthClientId"),
+                        Fn.import_value("LambdaMcpServer-Auth-AutomatedOAuthClientId"),
+                    ],
+                    "discoveryUrl": Fn.sub(
+                        "${IssuerDomain}/.well-known/openid-configuration",
+                        {
+                            "IssuerDomain": Fn.import_value("LambdaMcpServer-Auth-IssuerDomain"),
+                        }
+                    ),
+                }
+            },
+            exception_level="DEBUG",
+        )
+
+        bedrockagentcore.CfnGatewayTarget(
+            self,
+            "GatewayTarget",
+            gateway_identifier=gateway.attr_gateway_identifier,
+            name="book-search-target",
+            target_configuration={
+                "mcp": {
+                    "lambda": {
+                        "lambdaArn": server_function.function_arn,
+                        "toolSchema": {"inlinePayload": tools_config["tools"]},
+                    }
+                }
+            },
+            credential_provider_configurations=[
+                {"credentialProviderType": "GATEWAY_IAM_ROLE"}
+            ],
+        )
+
         CfnOutput(
             self,
             "ServerFunctionOutput",
             value=server_function.function_arn,
         )
 
+        CfnOutput(
+            self,
+            "GatewayIdOutput",
+            value=gateway.attr_gateway_identifier,
+        )
+
+        CfnOutput(
+            self,
+            "GatewayUrlOutput",
+            value=gateway.attr_gateway_url,
+        )
+
 
 app = App()
 env = Environment(account=os.environ["CDK_DEFAULT_ACCOUNT"], region="us-west-2")