AWS announced Amazon Bedrock AgentCore earlier this year, and the pitch is compelling: a fully managed platform for deploying AI agents in production. No infrastructure to run, no orchestration logic to maintain, AWS handles the scaling, state management, and session persistence. For SRE teams that want to deploy AI-powered operational tooling without running and maintaining that tooling themselves, it sounds like exactly what's needed.

I've spent time evaluating it for production SRE workloads. Here's an honest assessment.

What AgentCore Actually Provides

AgentCore is a managed runtime for agents built on Bedrock models. The key capabilities:

Managed code execution. AgentCore provides a sandboxed execution environment for agent tool code. You define your tools, and AgentCore runs them without you provisioning Lambda functions or containers. This eliminates a real category of operational overhead.

Built-in memory. Session state and long-term memory are managed by AWS. Your agent can remember context across conversations and sessions without you building a state store. For incident response agents, this means an agent investigating a multi-day incident can maintain context without you building that persistence layer.

Identity and authorization. AgentCore includes an identity layer for agent-to-service auth. Instead of your agent code managing AWS credentials or API tokens, you configure permissions at the AgentCore level. This is significant for enterprise environments where credential management is a compliance concern.

Browser tool. AgentCore includes a managed browser tool — the agent can navigate web pages as part of its reasoning. Less useful for typical SRE workloads, but interesting for agents that need to interact with UIs that don't have APIs.

Observability. Integrated with CloudWatch for agent execution traces, tool call logs, and performance metrics.

What It Looks Like to Deploy an Agent

Here's the deployment model for an AgentCore-hosted incident response agent:

python
# agent_definition.py — what you write
# The tools run in AgentCore's managed execution environment

def fetch_service_metrics(service_name: str, hours_back: int = 2) -> dict:
    """Fetch CloudWatch metrics for a given service."""
    import boto3
    cw = boto3.client('cloudwatch')
    
    # AgentCore provides the IAM role; you just use boto3 normally
    response = cw.get_metric_statistics(
        Namespace='AWS/ApplicationELB',
        MetricName='HTTPCode_Target_5XX_Count',
        Dimensions=[{'Name': 'LoadBalancer', 'Value': service_name}],
        StartTime=datetime.utcnow() - timedelta(hours=hours_back),
        EndTime=datetime.utcnow(),
        Period=300,
        Statistics=['Sum']
    )
    return response['Datapoints']


def search_recent_deployments(service_name: str) -> list:
    """Check CodeDeploy for recent deployments."""
    import boto3
    cd = boto3.client('codedeploy')
    # ...

You define the functions, package them, and deploy via the AgentCore console or CLI. AWS runs them. The model (Claude on Bedrock, in this case) orchestrates the tool calls according to the instructions you provide in the system prompt.

The agent endpoint becomes an API you invoke — either directly from your incident management tooling, or via an EventBridge rule triggered by a CloudWatch alarm.

The Production SRE Assessment

What works well

Operational overhead is genuinely low. This is the core value proposition and it delivers. You're not running a Lambda with 15 dependencies, managing layer versions, worrying about cold starts on your incident-critical tooling. AWS manages that. For teams that want AI-powered operations without a platform engineering investment, this reduces the barrier significantly.

IAM integration is clean. Instead of managing secrets in Parameter Store and injecting them into Lambda environment variables, you configure IAM roles at the AgentCore level. The execution environment gets the permissions it needs. This is meaningfully cleaner for organizations where credential hygiene is carefully audited.

Session memory is useful. We tested multi-turn incident investigations where an agent needed to remember findings from earlier in the investigation as it continued querying. AgentCore's session management handled this without us building any state management. Useful for complex incidents that span hours.

Where it falls short for SRE workloads

Limited support for third-party observability stacks. If your observability platform is Datadog, Grafana Cloud, Honeycomb, or anything other than AWS-native services, the value of the tight AWS integration diminishes. Your tools are calling third-party APIs regardless, so you're not getting native integration — you're just running your tool code in a different managed environment.

Execution time limits create problems for some workloads. Some SRE use cases — "run a deployment and watch the error rate for 30 minutes" — need long-running execution. AgentCore's execution model is optimized for request-response interactions. Long-polling and sustained monitoring workflows are awkward.

Debugging is harder than DIY. When something goes wrong — the agent makes an incorrect tool call, the reasoning goes sideways — diagnosing it through CloudWatch traces is more opaque than debugging your own agent with structured logging and full control over the execution. The black-box nature of managed execution makes iterating on agent behavior slower.

Cost model at scale. AgentCore pricing is per-invocation and per-token. At low volume this is economical. At high volume — dozens of incidents per day, each generating hundreds of tool calls — you'll want to model the costs carefully against a self-managed alternative.

The Verdict

AgentCore is the right choice for teams that:

  • Are primarily AWS-native (CloudWatch, X-Ray, CodeDeploy, ECS)
  • Want to minimize platform engineering investment
  • Are running moderate incident volume (< 20 automated investigations/day)
  • Prioritize speed of deployment over customization flexibility

Build your own agent infrastructure if:

  • You run a multi-cloud or hybrid environment
  • Your observability stack is Datadog, Grafana, or another third party
  • You need long-running monitoring workflows
  • You want full visibility into agent reasoning and execution
  • Volume is high enough that token costs warrant optimization

The honest answer for most mature SRE organizations: AgentCore as the path of least resistance to get something working, with a migration to self-managed as your requirements grow. The API surface AWS exposes gives you portability — your tool implementations don't need to change dramatically when you move off AgentCore.

What I'd watch for: the async execution improvements and the broader multi-cloud connector story. If AWS can solve those two things, AgentCore becomes a much more compelling production choice for complex SRE workloads.

*Zak Hassan is a Staff SRE specializing in AI-powered infrastructure automation. Find him at zakhassan.com or on LinkedIn.*

Topic Paths

AI Infrastructure

Distributed Tracing in Production: Sampling, Tail Latency, and Making Traces Useful

Distributed tracing is the observability tool that most teams implement but few use to its potential. The initial setup — instrument services, emit spans, visualize in Jaeger or Tempo — is the easy part.

AI Infrastructure

Prompt Engineering for SREs: Writing AI Instructions That Actually Work in Production

SREs are good at writing precise specifications — blog posts, alert definitions, SLO documents. Prompt engineering is the same discipline applied to AI systems: writing instructions that produce consistent, correct behavior from a model.

AI Infrastructure

Operating SageMaker in Production: What the Documentation Doesn't Tell You

Amazon SageMaker is AWS's managed ML platform — training, experimentation, model hosting, pipelines, feature stores, and monitoring in one integrated service. The getting-started experience is genuinely smooth.

About the Author

Zak Hassan writes about reliability engineering under real scale constraints.

Staff-level SRE and platform engineer focused on identity reliability, Kubernetes, observability, cloud architecture, AI infrastructure, and reducing operational uncertainty.

Connect on LinkedIn