Configuration Reference

July 10, 2026 · View on GitHub

AgentCore projects use JSON configuration files in the agentcore/ directory.

Files Overview

FilePurpose
agentcore.jsonProject, agents, memories, credentials, evaluators, online evals, gateways
aws-targets.jsonDeployment targets
.cli/deployed-state.jsonRuntime state (auto-managed, do not edit)
.env.localAPI keys for local development (gitignored)

agentcore.json

Main project configuration using a flat resource model. Agents, memories, and credentials are top-level arrays.

{
  "name": "MyProject",
  "version": 1,
  "tags": {
    "agentcore:created-by": "agentcore-cli",
    "agentcore:project-name": "MyProject"
  },
  "runtimes": [
    {
      "name": "MyAgent",
      "build": "CodeZip",
      "entrypoint": "main.py",
      "codeLocation": "app/MyAgent/",
      "runtimeVersion": "PYTHON_3_14",
      "networkMode": "PUBLIC",
      "protocol": "HTTP"
    }
  ],
  "memories": [],
  "credentials": [],
  "payments": [],
  "evaluators": [],
  "onlineEvalConfigs": [],
  "agentCoreGateways": [],
  "policyEngines": []
}

Project Fields

FieldRequiredDescription
nameYesProject name (1-23 chars, alphanumeric, starts with letter)
versionYesSchema version (integer, currently 1)
tagsNoProject-level tags applied to all resources
runtimesYesArray of agent specifications
memoriesYesArray of memory resources
credentialsYesArray of credential providers (API key or OAuth)
evaluatorsYesArray of custom evaluator definitions
onlineEvalConfigsYesArray of online eval configurations
paymentsNoArray of payment manager configurations
policyEnginesNoArray of policy engine configurations
agentCoreGatewaysNoArray of gateway definitions
mcpRuntimeToolsNoArray of MCP runtime tool definitions
unassignedTargetsNoTargets not yet assigned to a gateway

Gateway configuration is in the agentCoreGateways field. See Gateways and MCP Tools below.


Tags

AgentCore projects support config-driven tagging at both the project and resource levels. Tags flow through to the deployed CloudFormation resources and help with resource organization, cost allocation, and automation.

Project-Level Tags

Project-level tags are defined at the root of agentcore.json and are applied to all deployed resources. When you initialize a new project, two default tags are automatically created:

  • agentcore:created-by — set to "agentcore-cli"
  • agentcore:project-name — set to your project name

You can add additional project-level tags by editing the tags field in agentcore.json:

{
  "name": "MyProject",
  "version": 1,
  "tags": {
    "agentcore:created-by": "agentcore-cli",
    "agentcore:project-name": "MyProject",
    "Environment": "production",
    "Team": "platform",
    "CostCenter": "engineering"
  },
  "runtimes": [...],
  "memories": [...]
}

Per-Resource Tags

Individual resources can define their own tags. When a resource-level tag uses the same key as a project-level tag, the resource-level value takes precedence for that specific resource.

Example:

{
  "name": "MyProject",
  "version": 1,
  "tags": {
    "Environment": "production",
    "Team": "platform"
  },
  "runtimes": [
    {
      "name": "MyAgent",
      "tags": {
        "Environment": "staging",
        "Owner": "alice"
      },
      ...
    }
  ]
}

In this example, MyAgent will have tags: Environment: staging (overrides project-level), Team: platform (inherited from project), and Owner: alice (resource-specific).

Taggable Resources

The following resource types support tags:

  • Agents (runtimes array in agentcore.json)
  • Memories (memories array in agentcore.json)
  • Gateways (agentCoreGateways array in agentcore.json)
  • Evaluators (evaluators array in agentcore.json)
  • Online Eval Configs (onlineEvalConfigs array in agentcore.json)
  • Policy Engines (policyEngines array in agentcore.json)

Resources that are not taggable include credentials, MCP runtime tools, unassigned targets, and policies.

Tag Constraints

Tags must follow AWS tagging requirements:

  • Keys: 1-128 characters, cannot start with aws:, allowed characters are Unicode letters, digits, whitespace, and _.:/=+-@
  • Values: 0-256 characters, same allowed characters as keys
  • Maximum: 50 tags per resource

Managing Tags

Tags are managed by editing agentcore.json directly. There are no CLI commands for tag management. Changes take effect on the next deployment.


Agent Specification (AgentEnvSpec)

{
  "name": "MyAgent",
  "build": "CodeZip",
  "entrypoint": "main.py",
  "codeLocation": "app/MyAgent/",
  "runtimeVersion": "PYTHON_3_14",
  "networkMode": "PUBLIC",
  "envVars": [{ "name": "MY_VAR", "value": "my-value" }],
  "instrumentation": {
    "enableOtel": true
  }
}
FieldRequiredDescription
nameYesAgent name (1-48 chars, alphanumeric + underscore)
buildYes"CodeZip" or "Container"
entrypointYesEntry file (e.g., main.py or main.py:handler)
codeLocationYesDirectory containing agent code (and the Dockerfile for Container builds)
runtimeVersionYesRuntime version (see below)
networkModeNo"PUBLIC" (default) or "VPC"
networkConfigNoVPC configuration (subnets, security groups)
protocolNo"HTTP" (default), "MCP", or "A2A"
envVarsNoCustom environment variables
instrumentationNoOpenTelemetry settings
authorizerTypeNo"AWS_IAM" or "CUSTOM_JWT"
authorizerConfigurationNoJWT authorizer settings (for CUSTOM_JWT)
requestHeaderAllowlistNoHeaders to forward to the agent
lifecycleConfigurationNoRuntime session lifecycle settings (idle timeout, max lifetime)
executionRoleArnNoARN of an existing IAM execution role (skips CDK-managed role)
tagsNoAgent-level tags
buildContextPathNoContainer only. Docker build context directory (replaces codeLocation as context).
customDockerBuildArgsNoContainer only. Key/value pairs forwarded as --build-arg flags.

Runtime Versions

Python:

  • PYTHON_3_10
  • PYTHON_3_11
  • PYTHON_3_12
  • PYTHON_3_13
  • PYTHON_3_14

Node.js:

  • NODE_18
  • NODE_20
  • NODE_22

Memory Resource

{
  "name": "MyMemory",
  "eventExpiryDuration": 30,
  "strategies": [{ "type": "SEMANTIC" }, { "type": "SUMMARIZATION" }]
}
FieldRequiredDescription
nameYesMemory name (1-48 chars)
eventExpiryDurationYesDays until events expire (7-365)
strategiesYesArray of memory strategies (can be empty for short-term memory)

Memory Strategies

StrategyDescription
SEMANTICVector-based similarity search for relevant context
SUMMARIZATIONCompressed conversation history
USER_PREFERENCEStore user-specific preferences and settings
EPISODICCapture and reflect on meaningful interaction episodes

Strategy configuration:

{
  "type": "SEMANTIC",
  "name": "custom_semantic",
  "description": "Custom semantic memory",
  "namespaceTemplates": ["/users/facts", "/users/preferences"]
}

Credential Resource

API Key Credential

{
  "authorizerType": "ApiKeyCredentialProvider",
  "name": "OpenAI"
}
FieldRequiredDescription
authorizerTypeYesAlways "ApiKeyCredentialProvider"
nameYesCredential name (1-128 chars)

OAuth Credential

{
  "authorizerType": "OAuthCredentialProvider",
  "name": "MyOAuthProvider",
  "discoveryUrl": "https://idp.example.com/.well-known/openid-configuration",
  "scopes": ["read", "write"]
}
FieldRequiredDescription
authorizerTypeYesAlways "OAuthCredentialProvider"
nameYesCredential name (1-128 chars)
discoveryUrlYesOIDC discovery URL (must be a valid URL)
scopesNoArray of OAuth scopes
vendorNoCredential provider vendor (default: "CustomOauth2")
managedNoWhether auto-created by the CLI (do not edit)
usageNo"inbound" or "outbound"

The actual secrets (API keys, client IDs, client secrets) are stored in .env.local for local development and in AgentCore Identity service for deployed environments.


Evaluator Resource

See Evaluations for the full guide.

{
  "name": "ResponseQuality",
  "level": "SESSION",
  "description": "Evaluate response quality",
  "config": {
    "llmAsAJudge": {
      "model": "us.anthropic.claude-sonnet-4-5-20250514-v1:0",
      "instructions": "Evaluate the response quality. Context: {context}",
      "ratingScale": {
        "numerical": [
          { "value": 1, "label": "Poor", "definition": "Fails to meet expectations" },
          { "value": 5, "label": "Excellent", "definition": "Far exceeds expectations" }
        ]
      }
    }
  }
}
FieldRequiredDescription
nameYesEvaluator name (1-48 chars, alphanumeric + _)
levelYes"SESSION", "TRACE", or "TOOL_CALL"
descriptionNoEvaluator description
configYesLLM-as-a-Judge configuration (see below)

LLM-as-a-Judge Config

FieldRequiredDescription
modelYesBedrock model ID or cross-region inference profile
instructionsYesEvaluation prompt with placeholders (e.g. {context})
ratingScaleYesEither numerical or categorical array (not both)

Rating Scale

Numerical — scored values:

{ "numerical": [{ "value": 1, "label": "Poor", "definition": "..." }, ...] }

Categorical — named labels:

{ "categorical": [{ "label": "Pass", "definition": "..." }, ...] }

Online Eval Config Resource

{
  "name": "QualityMonitor",
  "agent": "MyAgent",
  "evaluators": ["ResponseQuality", "Builtin.Faithfulness"],
  "samplingRate": 10,
  "enableOnCreate": true
}
FieldRequiredDescription
nameYesConfig name (1-48 chars, alphanumeric + _)
agentYesAgent name to monitor (must match a project agent)
evaluatorsYesArray of evaluator names, Builtin.* IDs, or evaluator ARNs
samplingRateYesPercentage of requests to evaluate (0.01–100)
descriptionNoConfig description (max 200 chars)
enableOnCreateNoEnable evaluation on deploy (default: true)

Gateways and MCP Tools

Gateway and MCP tool configuration is part of agentcore.json (in the agentCoreGateways, mcpRuntimeTools, and unassignedTargets fields).

{
  "name": "MyProject",
  "version": 1,
  "runtimes": [...],
  "agentCoreGateways": [
    {
      "name": "MyGateway",
      "description": "My gateway",
      "authorizerType": "NONE",
      "targets": [
        {
          "name": "WeatherTools",
          "targetType": "mcpServer",
          "endpoint": "https://mcp.example.com/mcp"
        }
      ]
    }
  ]
}

Gateway

FieldRequiredDescription
nameYesGateway name (alphanumeric, hyphens, 1-100 chars)
descriptionNoGateway description
targetsYesArray of gateway targets
authorizerTypeNo"NONE" (default), "AWS_IAM", or "CUSTOM_JWT"
authorizerConfigurationNoRequired when authorizerType is "CUSTOM_JWT" (see below)

CUSTOM_JWT Authorizer Configuration

{
  "authorizerType": "CUSTOM_JWT",
  "authorizerConfiguration": {
    "customJwtAuthorizer": {
      "discoveryUrl": "https://idp.example.com/.well-known/openid-configuration",
      "allowedAudience": ["my-api"],
      "allowedClients": ["my-client-id"],
      "allowedScopes": ["read", "write"]
    }
  }
}
FieldRequiredDescription
discoveryUrlYesOIDC discovery URL (must end with /.well-known/openid-configuration)
allowedAudienceCond.Array of allowed audience values
allowedClientsCond.Array of allowed client IDs
allowedScopesCond.Array of allowed scopes
customClaimsCond.Custom claims for JWT validation

At least one of allowedAudience, allowedClients, allowedScopes, or customClaims must be provided.

Gateway Target

A target is a backend tool exposed through a gateway. Targets can be external MCP server endpoints or compute-backed implementations.

External MCP server endpoint:

{
  "name": "WeatherTools",
  "targetType": "mcpServer",
  "endpoint": "https://mcp.example.com/mcp"
}

External endpoint with outbound auth:

{
  "name": "SecureTools",
  "targetType": "mcpServer",
  "endpoint": "https://api.example.com/mcp",
  "outboundAuth": {
    "type": "OAUTH",
    "credentialName": "MyOAuthProvider",
    "scopes": ["tools:read"]
  }
}
FieldRequiredDescription
nameYesTarget name
targetTypeYes"mcpServer", "lambda", "openApiSchema", "smithyModel", "apiGateway", or "lambdaFunctionArn"
endpointCond.MCP server URL (required for external mcpServer targets)
computeCond.Compute configuration (required for lambda and scaffolded targets)
toolDefinitionsCond.Array of tool definitions (required for lambda targets)
outboundAuthNoOutbound authentication configuration

Outbound Auth

FieldRequiredDescription
typeYes"OAUTH", "API_KEY", or "NONE" (default)
credentialNameCond.Credential name (required when type is not "NONE")
scopesNoOAuth scopes (for "OAUTH" type)

Payment Manager Resource

Payment managers define how agents handle x402 microtransactions. Each manager has one or more connectors that provide wallet credentials. See Payments for the full usage guide.

{
  "payments": [
    {
      "name": "MyManager",
      "authorizerType": "AWS_IAM",
      "autoPayment": true,
      "defaultSpendLimit": "10.00",
      "paymentToolAllowlist": ["web_search", "fetch_url"],
      "networkPreferences": ["eip155:84532"],
      "description": "Production payment manager",
      "connectors": [
        {
          "name": "MyCDPConnector",
          "provider": "CoinbaseCDP",
          "credentialName": "my-cdp-creds"
        }
      ]
    }
  ]
}

Payment Manager Fields

FieldRequiredDescription
nameYesManager name (alphanumeric + underscore, max 48, starts with letter)
authorizerTypeNo"AWS_IAM" (default) or "CUSTOM_JWT"
authorizerConfigurationCond.Required when authorizerType is "CUSTOM_JWT" (see below)
connectorsYesArray of payment connector objects
autoPaymentNoEnable automatic payment (default: true)
defaultSpendLimitNoSpend cap (USD) for invoke --auto-session sessions only; not a deployed-agent budget (e.g., "10.00")
paymentToolAllowlistNoArray of tool names eligible for payment
networkPreferencesNoArray of network identifiers (e.g., "eip155:84532")
descriptionNoHuman-readable description

Authorizer Configuration (CUSTOM_JWT)

{
  "authorizerConfiguration": {
    "customJWTAuthorizer": {
      "discoveryUrl": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_XXXXX/.well-known/openid-configuration",
      "allowedClients": ["client-id-1"],
      "allowedAudience": ["https://api.example.com"],
      "allowedScopes": ["payments:read", "payments:write"]
    }
  }
}
FieldRequiredDescription
discoveryUrlYesOIDC discovery URL
allowedClientsNoArray of allowed client IDs
allowedAudienceNoArray of allowed audiences
allowedScopesNoArray of allowed scopes

Payment Connector

FieldRequiredDescription
nameYesConnector name (alphanumeric + underscore, max 48)
providerNo"CoinbaseCDP" (default) or "StripePrivy"
credentialNameYesName of the credential (maps to .env.local vars)

Payment Credential Provider

Payment connectors use a PaymentCredentialProvider credential type, distinct from ApiKeyCredentialProvider and OAuthCredentialProvider. The credential is automatically created during agentcore deploy from values in .env.local. You do not need to add it to the credentials array manually.


aws-targets.json

Deployment target

[
  {
    "name": "default",
    "description": "Production (us-west-2)",
    "account": "123456789012",
    "region": "us-west-2"
  }
]
FieldRequiredDescription
nameYesTarget name (used with --target flag)
descriptionNoTarget description
accountYesAWS account ID (12 digits)
regionYesAWS region

Supported Regions

See AgentCore Regions for the current list.


.env.local

Secrets for local development. This file is gitignored.

# API key credentials
AGENTCORE_CREDENTIAL_{projectName}OPENAI=sk-...
AGENTCORE_CREDENTIAL_{projectName}ANTHROPIC=sk-ant-...
AGENTCORE_CREDENTIAL_{projectName}GEMINI=...

# OAuth credentials
AGENTCORE_CREDENTIAL_{projectName}{credentialName}_CLIENT_ID=my-client-id
AGENTCORE_CREDENTIAL_{projectName}{credentialName}_CLIENT_SECRET=my-client-secret

# Payment credentials - CoinbaseCDP (3 variables per connector)
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_API_KEY_ID=your-api-key-id
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_API_KEY_SECRET=your-api-key-secret
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_WALLET_SECRET=your-wallet-secret

# Payment credentials - StripePrivy (4 variables per connector)
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_APP_ID=your-app-id
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_APP_SECRET=your-app-secret
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_AUTHORIZATION_PRIVATE_KEY=your-private-key
AGENTCORE_CREDENTIAL_{CREDENTIAL_NAME}_AUTHORIZATION_ID=your-auth-id

Environment variable names should match the credential names in your configuration. For payment credentials, {CREDENTIAL_NAME} is the connector's credentialName uppercased with hyphens replaced by underscores (e.g., my-cdp-creds becomes MY_CDP_CREDS). See Payments for details.