Summary
- • AWS launches serverless MCP proxy hosting on Amazon Bedrock AgentCore Runtime
- • Proxies add custom governance, filtering, and audit logic to MCP tool traffic
- • Pattern enables portable compliance controls for hybrid and on-premises environments
- • Built-in CloudWatch and OpenTelemetry observability included out of the box
Details
AgentCore Runtime now supports serverless MCP proxy deployments
Amazon Bedrock AgentCore Runtime is a fully managed environment that natively supports the MCP protocol, enabling teams to host MCP proxies as serverless workloads with automatic scaling — no infrastructure management required.
MCP proxies discover upstream tools at startup and re-expose them with injected logic
The proxy pattern works by connecting to an upstream MCP server at initialization, enumerating its tools, and re-advertising them downstream. All requests are forwarded transparently while custom middleware applies controls — sanitization, redaction, logging — in the request path.
Built-in observability via CloudWatch and OpenTelemetry included natively
AgentCore Runtime integrates with Amazon CloudWatch and the OpenTelemetry standard out of the box, giving teams audit trails and telemetry without additional instrumentation for MCP traffic passing through proxies.
AgentCore Identity provides authentication and authorization at the Runtime layer
Runtime includes AgentCore Identity for authN/authZ, enabling policy enforcement on who and what can invoke deployed MCP servers and proxies — critical for production governance requirements.
Proxy pattern targets hybrid environments where Lambda interceptors are insufficient
Organizations with compliance logic tightly coupled to internal libraries or on-premises systems cannot easily package that logic as a Lambda function. Running it as a standalone MCP server on Runtime offers greater portability and independence from any single gateway or platform.
AgentCore Gateway handles centralized governance; Runtime handles compute execution
The two services are complementary: Gateway provides semantic tool discovery, managed credentials, and policy enforcement at the fleet level. Runtime provides the execution environment for custom logic that needs to run as a dedicated service rather than a request interceptor.
Upstream MCP server compatibility is protocol-level, not vendor-specific
The proxy can connect to any MCP-compatible endpoint — AgentCore-hosted, self-managed, or third-party. This vendor-neutral design allows enterprises to adopt the pattern incrementally without migrating existing MCP tool servers.
Product Launch = new AWS capability; Tech Info = how the system works; Infrastructure = platform/ops features; New Tech = new capability component; Strategy = architectural positioning; Context = background on related services; Industry Update = ecosystem-level implications
What This Means
For AI engineering teams running agents in production, this gives a concrete, AWS-managed path to inserting compliance and governance logic into MCP tool calls without forking upstream servers or building custom infrastructure. The proxy-on-Runtime pattern is especially relevant for regulated industries — finance, healthcare, government — where data redaction and audit trails at the protocol layer are non-negotiable. As MCP adoption grows, the ability to wrap any MCP endpoint with organization-specific controls, and deploy that wrapper serverlessly, significantly lowers the operational barrier to meeting enterprise security requirements at agent scale.