Skip to content

Agentcore GW IAM Inbound Auth update #463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 11, 2025
Merged

Agentcore GW IAM Inbound Auth update #463

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
96c7644
AgentCore GW Inbound IAM OAuth
1vinodsingh1 Oct 10, 2025
949e0de
minor updates in README and others
1vinodsingh1 Oct 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions ...-mcp-tools/01-gateway-target-lambda.ipynb → ...ools/01-gateway-target-lambda-oauth.ipynb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,13 @@
}
},
"source": [
"# MCPify your AWS Lambda\n",
"# MCPify your AWS Lambda with Gateway OAuth Inbound\n",
"## Transform AWS Lambda functions into secure MCP tools with Bedrock AgentCore Gateway\n",
"\n",
"## Overview\n",
"Bedrock AgentCore Gateway provides customers a way to turn their existing AWS Lambda functions into fully-managed MCP servers without needing to manage infra or hosting. Gateway will provide a uniform Model Context Protocol (MCP) interface across all these tools. Gateway employs a dual authentication model to ensure secure access control for both incoming requests and outbound connections to target resources. The framework consists of two key components: Inbound Auth, which validates and authorizes users attempting to access gateway targets, and Outbound Auth, which enables the gateway to securely connect to backend resources on behalf of authenticated users. Gateways uses IAM role to authorize the calls to AWS Lambda functions for outb ound authorization.\n",
"Bedrock AgentCore Gateway provides customers a way to turn their existing AWS Lambda functions into fully-managed MCP servers without needing to manage infra or hosting. Gateway will provide a uniform Model Context Protocol (MCP) interface across all these tools. Gateway employs a dual authentication model to ensure secure access control for both incoming requests and outbound connections to target resources. The framework consists of two key components: Inbound Auth, which validates and authorizes users attempting to access gateway targets, and Outbound Auth, which enables the gateway to securely connect to backend resources on behalf of authenticated users. Gateways uses IAM role to authorize the calls to AWS Lambda functions for outbound authorization.\n",
"\n",
"In this example, we will demonstrate OAuth for inbound authorization and IAM roles for outbound authorization.\n",
"\n",
"![How does it work](images/lambda-iam-gateway.png)\n",
"\n",
Expand Down Expand Up @@ -482,7 +484,7 @@
],
"metadata": {
"kernelspec": {
"display_name": "Python 3 (ipykernel)",
"display_name": ".env",
"language": "python",
"name": "python3"
},
Expand All @@ -496,7 +498,7 @@
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.12.9"
"version": "3.13.7"
}
},
"nbformat": 4,
Expand Down
Loading
Loading