How to Convert Your Existing APIs into MCP-Compatible Tools Using Amazon Bedrock AgentCore Gateway

---

Introduction

As AI agents become central to enterprise workflows, one of the biggest challenges is connecting them to existing enterprise systems — REST APIs, Lambda functions, internal services — without rewriting everything from scratch. This is where Amazon Bedrock AgentCore Gateway comes in.

AgentCore Gateway is a fully managed service that transforms your existing APIs and Lambda functions into Model Context Protocol (MCP)-compatible tools, making them instantly accessible to AI agents through a single, secure endpoint. Instead of spending weeks writing custom integration code, you can expose your backend services to agents with just a few lines of code.

In this article, you'll learn:

• What AgentCore Gateway is and why it matters
• The types of targets (APIs) it supports
• How to set up a gateway end-to-end
• How to connect your gateway to an AI agent using Strands Agents
• Security best practices for production deployments

---

The Problem: The M×N Integration Challenge

When building AI agents for production, developers face a complex integration problem:

• M agents need access to *N tools/APIs
• Each integration requires custom protocol handling, authentication, error handling, and retry logic
• Managing credentials across multiple services is error-prone
• No standard way to expose enterprise APIs to AI agents

Without a centralized solution, teams spend months building "plumbing" instead of agent logic.

---

The Solution: AgentCore Gateway

AgentCore Gateway solves this by acting as a centralized tool server with native MCP support. It provides:

Capability	What It Does
Translation	Converts agent MCP requests into API calls and Lambda invocations
Composition	Combines multiple APIs, Lambda functions, and MCP servers into a single endpoint
Security Guard	Manages OAuth authorization for both ingress and egress
Semantic Tool Selection	Agents can search across thousands of tools to find the right one
Credential Exchange	Handles credential injection for tools with different auth requirements
Serverless Infrastructure	Fully managed, auto-scaling, no infrastructure to manage

---

Supported Target Types

AgentCore Gateway supports two categories of targets:

MCP Targets (Aggregation Mode)

The gateway combines all MCP targets into a single unified virtual MCP server. Clients see one consolidated tools/list response.

Target Type	Use Case
AWS Lambda Functions	Custom business logic — weather APIs, CRM queries, database operations
Amazon API Gateway REST API Stages	Expose existing API Gateway endpoints as agent tools
OpenAPI Schema	Convert any REST API described by an OpenAPI spec into MCP tools
Smithy Models	AWS-native service modeling
Existing MCP Servers	Aggregate multiple MCP servers behind one gateway
Built-in Templates	1-click integrations for Salesforce, Slack, Jira, Asana, Zendesk

HTTP Targets

Gateway sends traffic directly to HTTP targets without aggregation or protocol translation — useful for pass-through scenarios.

---

Step-by-Step: Setting Up AgentCore Gateway

Prerequisites

• AWS Account with configured credentials
• Node.js 18+ (for AgentCore CLI)
• Python 3.10+ (for the agent script)
• IAM permissions for creating roles, Lambda functions, and using AgentCore
• Amazon Bedrock model access (e.g., Claude Sonnet 3.7)

Step 1: Install the AgentCore CLI

npm install -g @aws/agentcore

Step 2: Create a New Project

agentcore create --name MyGatewayAgent --defaults

This creates a project with a default Python Strands agent. Alternatively, omit --defaults to use the interactive wizard for choosing your framework.

Step 3: Add a Gateway and Target

# Create a gateway (no auth for quick testing)
agentcore add gateway --name TestGateway --authorizer-type NONE --runtimes MyGatewayAgent

# Add a Lambda function as a target
agentcore add gateway-target --name TestLambdaTarget --type lambda-function-arn \
  --lambda-arn arn:aws:lambda:us-east-1:123456789012:function:my-tool-function \
  --tool-schema-file tools.json \
  --gateway TestGateway

The tools.json file defines the tool schema that tells the agent what your Lambda function does and what parameters it accepts.

Step 4: Deploy

agentcore deploy

The CLI synthesizes an AWS CDK stack and deploys your gateway, targets, and agent. This takes about 2–3 minutes.

Step 5: Verify Your Gateway

# Check deployment status
agentcore status

# Quick validation via curl
curl -X POST YOUR_GATEWAY_URL \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'

---

Connecting the Gateway to an AI Agent

Here's a complete Python script using Strands Agents to interact with your gateway:

from strands import Agent
from strands.models import BedrockModel
from strands.tools.mcp.mcp_client import MCPClient
from mcp.client.streamable_http import streamablehttp_client

def create_transport(mcp_url: str):
    return streamablehttp_client(mcp_url)

def get_all_tools(client):
    """Paginate through all available tools."""
    tools, more = [], True
    pagination_token = None
    while more:
        tmp_tools = client.list_tools_sync(pagination_token=pagination_token)
        tools.extend(tmp_tools)
        pagination_token = tmp_tools.pagination_token
        more = pagination_token is not None
    return tools

def main():
    gateway_url = "https://<gateway-id>.gateway.bedrock-agentcore.<region>.amazonaws.com/mcp"
    
    # Setup model
    model = BedrockModel(
        model_id="anthropic.claude-3-7-sonnet-20250219-v1:0",
        streaming=True,
    )
    
    # Connect to Gateway via MCP
    mcp_client = MCPClient(lambda: create_transport(gateway_url))
    
    with mcp_client:
        tools = get_all_tools(mcp_client)
        print(f"Available tools: {[t.tool_name for t in tools]}")
        
        # Create agent with discovered tools
        agent = Agent(model=model, tools=tools)
        
        # Ask the agent to use your tools
        response = agent("What's the weather in Mumbai?")
        print(f"Agent: {response.message['content']}")

if __name__ == "__main__":
    main()

Install dependencies:

pip install strands-agents mcp

---

Adding Authentication for Production

For production deployments, always use JWT-based authorization:

agentcore add gateway --name ProdGateway \
  --authorizer-type CUSTOM_JWT \
  --discovery-url https://cognito-idp.us-east-1.amazonaws.com/<POOL_ID>/.well-known/openid-configuration \
  --allowed-audience <CLIENT_ID> \
  --runtimes MyGatewayAgent

AgentCore Gateway provides comprehensive authentication:

• Ingress authentication: Verifies agent/user identity via JWT tokens
• Egress authentication: Manages OAuth flows, token refresh, and credential storage for downstream services
• Supports Amazon Cognito, Okta, Microsoft Azure Entra ID, Auth0, and any OIDC-compliant IdP

---

Unifying Multiple MCP Servers

A powerful pattern for large organizations: if you already have multiple MCP servers owned by different teams (e.g., product catalog team, payments team, promotions team), you can aggregate them behind a single gateway:

[Agent] → [AgentCore Gateway] → [MCP Server: Cart]
                               → [MCP Server: Catalog]
                               → [MCP Server: Payments]

Each team maintains ownership of their individual MCP servers while the gateway provides:

• Centralized tool discovery
• Unified authentication
• Semantic search across all tools
• Routing and load balancing

---

Key Benefits Summary

Benefit	Details
Zero-code conversion	Transform REST APIs / Lambda → MCP tools without rewriting
Single endpoint	Agents connect to one URL to access all tools
Enterprise security	JWT auth, OAuth flows, credential injection — all built-in
Semantic discovery	Agents find the right tool from thousands using semantic search
Framework agnostic	Works with Strands, LangGraph, CrewAI, LlamaIndex, Google ADK, OpenAI Agents SDK
Model agnostic	Use Claude, Nova, Llama, Gemini, GPT — any foundation model
Serverless	No infrastructure to manage; scales automatically

---

Troubleshooting

Issue	Solution
"No module named 'strands'"	Run: pip install strands-agents
"Model not enabled"	Enable Claude Sonnet 3.7 in Bedrock console → Model access
"AccessDeniedException"	Check IAM permissions for bedrock-agentcore:*
Gateway not responding	Wait 30–60 seconds after creation for DNS propagation

---

Cleanup

# Remove gateway and targets
agentcore remove gateway --name TestGateway

# Remove all resources
agentcore remove all
agentcore deploy

---

Conclusion

Amazon Bedrock AgentCore Gateway eliminates the "M×N integration problem" that has plagued enterprise AI agent development. Instead of building custom connectors for every API-agent combination, you get a single managed service that:

1. Converts your existing APIs into MCP-compatible tools
2. Provides enterprise-grade security out of the box
3. Lets agents discover tools intelligently via semantic search
4. Works with any framework and any model

Whether you're exposing a single Lambda function or unifying dozens of MCP servers across teams, AgentCore Gateway gets your agents connected to production systems in minutes, not months.

---

References

• Amazon Bedrock AgentCore Gateway Documentation
• Get Started with AgentCore Gateway
• AgentCore Gateway Samples on GitHub
• Introducing AgentCore Gateway (AWS Blog)
• Transform Your MCP Architecture with Gateway (AWS Blog)

---