This pattern demonstrates the simplest deployment of an AgentCore Runtime using Terraform. It creates a basic agent without additional tools like Memory, Code Interpreter, or Browser.
- Overview
- Architecture
- Prerequisites
- Quick Start
- Testing the Agent
- Sample Queries
- Customization
- File Structure
- Troubleshooting
- Cleanup
- Pricing
- Next Steps
- Resources
- 🤝 Contributing
- 📄 License
This Terraform configuration creates a minimal AgentCore deployment that includes:
- AgentCore Runtime: Hosts a simple Strands agent
- ECR Repository: Stores the Docker container image
- IAM Roles: Provides necessary permissions
- CodeBuild Project: Automatically builds the ARM64 Docker image
This makes it ideal for:
- Learning AgentCore basics with Terraform
- Quick prototyping and experimentation
- Understanding the core deployment pattern
- Building a foundation before adding complexity
This Terraform configuration creates:
- S3 Bucket: Stores agent source code for version-controlled builds
- ECR Repository: Container registry for the agent Docker image
- CodeBuild Project: Automated Docker image building and pushing
- IAM Roles: Execution roles for the agent and CodeBuild
- AgentCore Runtime: Serverless agent runtime with the deployed container
The agent-code/ directory contains your agent's source files:
basic_agent.py- Agent implementationDockerfile- Container configurationrequirements.txt- Python dependencies
Automatic Change Detection:
- Terraform archives the
agent-code/directory - Uploads to S3 with MD5-based versioning
- CodeBuild pulls from S3 and builds the Docker image
- Any changes to files trigger automatic rebuild (new files, modifications, deletions)
-
Terraform (>= 1.6)
- Recommended: tfenv for version management
- Or download directly: terraform.io/downloads
Note:
brew install terraformprovides v1.5.7 (deprecated). Use tfenv or direct download for >= 1.6. -
AWS CLI (configured with credentials)
aws configure
-
Python 3.11+ (for testing scripts)
python --version # Verify Python 3.11 or later pip install boto3 -
Docker (for local testing, optional)
- AWS Account with appropriate permissions
- Access to Amazon Bedrock models
Copy the example variables file and customize:
cp terraform.tfvars.example terraform.tfvarsEdit terraform.tfvars with your preferred values.
See State Management Options in the main README for detailed guidance on local vs. remote state.
Quick start with local state:
terraform initFor team collaboration, use remote state - see the main README for setup instructions.
terraform planMethod 1: Using Deploy Script (Recommended)
Make the script executable (first-time only):
chmod +x deploy.shThen deploy:
./deploy.shThe deploy script:
- Validates Terraform configuration
- Shows deployment plan
- Prompts for confirmation
- Applies changes
Method 2: Direct Terraform Commands
terraform applyWhen prompted, type yes to confirm the deployment.
Note: The deployment process includes:
- Creating ECR repository
- Building Docker image via CodeBuild
- Creating AgentCore Runtime
Total deployment time: ~3-5 minutes
After deployment completes:
terraform outputExample output:
agent_runtime_id = "AGENT1234567890"
agent_runtime_arn = "arn:aws:bedrock-agentcore:<us-west-2>:123456789012:agent-runtime/AGENT1234567890"
ecr_repository_url = "123456789012.dkr.ecr.us-west-2.amazonaws.com/agentcore-basic-basic-agent"
Before testing, ensure you have the required packages installed:
Option A: Using uv (Recommended)
uv venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
uv pip install boto3 # Required for agent invocationOption B: System-wide installation
pip install boto3 # Required for agent invocationNote: boto3 is required for the test script to invoke the agent runtime via AWS API.
# Run the test suite
python test_basic_agent.py $(terraform output -raw agent_runtime_arn)# Get the runtime ARN from outputs
RUNTIME_ARN=$(terraform output -raw agent_runtime_arn)
# Invoke the agent
aws bedrock-agentcore invoke-agent-runtime \
--agent-runtime-arn $RUNTIME_ARN \
--qualifier DEFAULT \
--payload $(echo '{"prompt": "Hello, introduce yourself"}' | base64) \
response.json
# View the response
cat response.json | jq -r '.response'- Navigate to Amazon Bedrock console
- Go to AgentCore → Runtimes
- Select your runtime
- Use the "Test" feature to send queries
Try these queries to test your basic agent:
-
Simple Math:
{"prompt": "What is 2+2?"} -
General Knowledge:
{"prompt": "What is the capital of France?"} -
Explanation Request:
{"prompt": "Explain what Amazon Bedrock is in simple terms"} -
Creative Task:
{"prompt": "Write a haiku about cloud computing"}
Edit files in agent-code/ and deploy:
basic_agent.py- Agent logic and system promptDockerfile- Container configurationrequirements.txt- Python dependencies
Changes are automatically detected and trigger rebuild. Run terraform apply to deploy.
Add to terraform.tfvars:
environment_variables = {
LOG_LEVEL = "DEBUG"
}Set network_mode = "PRIVATE" for VPC deployment (requires additional VPC configuration).
basic-runtime/
├── main.tf # AgentCore runtime resource
├── variables.tf # Input variables
├── outputs.tf # Output values
├── versions.tf # Provider configuration
├── iam.tf # IAM roles and policies
├── s3.tf # S3 bucket for source code
├── ecr.tf # ECR repository
├── codebuild.tf # Docker build automation
├── buildspec.yml # CodeBuild build specification
├── terraform.tfvars.example # Example configuration
├── backend.tf.example # Remote state example
├── test_basic_agent.py # Automated test script
├── agent-code/ # Agent source code
│ ├── basic_agent.py # Agent implementation
│ ├── Dockerfile # Container configuration
│ └── requirements.txt # Python dependencies
├── scripts/ # Build automation scripts
│ └── build-image.sh # CodeBuild trigger & verification
├── deploy.sh # Deployment helper script
├── destroy.sh # Cleanup helper script
├── .gitignore # Git ignore patterns
└── README.md # This file
If the Docker build fails:
-
Check CodeBuild logs:
aws codebuild batch-get-builds \ --ids $(terraform output -raw codebuild_project_name) \ --region us-west-2 -
Common issues:
- Network connectivity issues
- ECR authentication problems
- Python dependency conflicts
If the runtime creation fails:
-
Verify the Docker image exists:
aws ecr describe-images \ --repository-name $(terraform output -raw ecr_repository_url | cut -d'/' -f2) \ --region us-west-2 -
Check IAM role permissions
-
Verify Bedrock AgentCore service quotas
If invoking the agent fails:
- Check runtime status in AWS Console
- Review CloudWatch Logs for the runtime
- Verify Bedrock model access permissions
Make the script executable (first-time only):
chmod +x destroy.shThen cleanup:
./destroy.shOr use Terraform directly:
terraform destroyConfirm all resources are deleted:
# Check ECR repositories
aws ecr describe-repositories --region us-west-2 | grep agentcore-basic
# Check AgentCore runtimes
aws bedrock-agentcore list-agent-runtimes --region us-west-2For current pricing information, please refer to:
- Amazon Bedrock Pricing
- Amazon ECR Pricing
- AWS CodeBuild Pricing
- Amazon S3 Pricing
- Amazon CloudWatch Pricing
Note: Actual costs depend on your usage patterns, AWS region, and specific services consumed.
- MCP Server Runtime - Add MCP protocol support
- Multi-Agent Runtime - Deploy multiple coordinating agents
- End-to-End Weather Agent - Full-featured agent with tools
- Terraform AWS Provider Documentation
- AWS Bedrock AgentCore Documentation
- Strands Agents Documentation
- AgentCore Samples Repository
We welcome contributions! Please see our Contributing Guide for details.
This project is licensed under the MIT License - see the LICENSE file for details.