122 tools from the AWS Bedrock AgentCore MCP Server MCP Server, categorised by risk level.
View the AWS Bedrock AgentCore MCP Server policy →browser_console_messages Get recent browser console messages.
Returns console log, warning, and error messages captured since
the Playwright connection was established. Us... browser_hover Hover over an element identified by its accessibility ref.
Useful for triggering tooltips, dropdown menus, or hover states.
Returns the page snaps... browser_mouse_wheel Scroll the page by the specified pixel amounts.
Default scrolls down by 500px (roughly half a viewport). Use negative
delta_y to scroll up. Return... browser_network_requests List recent network requests and their status.
Returns a summary of network requests made by the page, including
URL, HTTP method, status code, an... browser_snapshot Capture an accessibility tree snapshot of the current page.
Returns a structured text view of the page with element refs.
Use the refs (e.g., e1, ... browser_take_screenshot Capture a visual screenshot of the page.
Returns the screenshot as a base64-encoded PNG image.
Use this when you need to visually inspect the page... download_file Download a file from the sandboxed code interpreter session.
Reads the content of a file at the specified path in the session's sandbox.
Args:
... fetch_agentcore_doc Fetch full document content by URL.
Retrieves complete AgentCore documentation content from URLs found via search_agentcore_docs
or provided direc... gateway_get Get details of an AgentCore Gateway.
Returns the gateway including status, authorizer configuration, URL,
protocol settings, and associated worklo... gateway_list List all AgentCore Gateways in the account.
Returns gateway summaries with IDs, names, authorizer types, status,
and timestamps. This is a read-on... gateway_resource_policy_get Get the resource-based policy attached to a gateway.
Returns the raw JSON policy document. This is a read-only operation
with no cost implications. gateway_target_get Get details of a gateway target.
Returns the target including status, credential provider config,
target configuration, metadata configuration, an... gateway_target_list List all targets attached to a gateway.
Returns target summaries with IDs, names, status, and timestamps.
This is a read-only operation with no co... get_agent_runtime Get details of an AgentCore Runtime including its configuration.
This is a read-only operation with no cost implications. get_agent_runtime_endpoint Get details of a specific runtime endpoint.
Read-only, no cost implications. get_browser_session Get the status and metadata of a browser session.
Returns session status, stream endpoints, viewport dimensions,
and creation timestamp. get_code_interpreter_session Get the status and details of a code interpreter session.
Args:
ctx: MCP context for error signaling and progress updates.
session_id: The... get_gateway_guide Get the comprehensive AgentCore Gateway guide.
Returns a detailed reference covering: prerequisites, tool cost
tiers, excluded operations and secu... get_identity_guide Get the comprehensive AgentCore Identity guide.
Returns a detailed reference covering: prerequisites, cost tiers,
data-plane exclusion rationale, ... get_memory_guide Get the comprehensive AgentCore Memory guide.
Returns a detailed reference covering: CLI commands, agentcore.json
schema, memory strategies, cost ... get_policy_guide Get the comprehensive AgentCore Policy guide.
Returns a detailed reference covering: CLI commands,
agentcore.json schema, Cedar policy concepts, p... get_runtime_guide Get a comprehensive reference guide for AgentCore Runtime.
Covers CLI commands, agentcore.json schema, protocol contracts,
session lifecycle, IAM ... identity_get_api_key_provider Get metadata for an API key credential provider.
Returns the provider ARN, the ARN of the backing Secrets Manager
secret, and timestamps. Does NOT... identity_get_oauth2_provider Get metadata for an OAuth2 credential provider.
Returns the provider ARN, vendor, callback URL, Secrets Manager
secret ARN, OAuth2 discovery outpu... identity_get_resource_policy Get the resource-based policy attached to an AgentCore resource.
Returns the policy as a JSON object. If no policy is attached,
returns a success ... identity_get_token_vault Get details of an AgentCore Identity token vault.
Returns the token vault ID, KMS configuration (key type and key
ARN), and last-modified timestam... identity_get_workload_identity Get details of an AgentCore workload identity.
Returns the workload identity including allowed OAuth2 return
URLs, ARN, and timestamps. This is a ... identity_list_api_key_providers List API key credential providers in the account.
Returns provider summaries with names, ARNs, and timestamps.
Does NOT return API key values. Thi... identity_list_oauth2_providers List OAuth2 credential providers in the account.
Returns provider summaries with names, ARNs, vendors, and
timestamps. Does NOT return client secr... identity_list_workload_identities List AgentCore workload identities in the account.
Returns workload identity summaries with names and ARNs. This
is a read-only operation with no ... list_agent_runtime_endpoints List all endpoints for an AgentCore Runtime.
Read-only, no cost implications. list_agent_runtime_versions List all versions of a specific AgentCore Runtime.
This is a read-only operation with no cost implications. list_agent_runtimes List all AgentCore Runtimes in the account.
This is a read-only operation with no cost implications. list_browser_sessions List active browser sessions.
Returns a summary of all browser sessions for the specified
browser resource, including session IDs, status, and cre... list_code_interpreter_sessions List code interpreter sessions with optional filtering.
Args:
ctx: MCP context for error signaling and progress updates.
code_interpreter_... memory_get Get details of an AgentCore Memory resource.
Returns the memory resource including status, strategies,
configuration, and timestamps. This is a re... memory_get_event Get a specific event from an AgentCore Memory resource.
Retrieves full event details including payload and metadata.
This is a read-only operation... memory_get_record Get a specific memory record from an AgentCore Memory resource.
Returns the full record including content, metadata, namespaces,
and strategy ID. ... memory_list List all AgentCore Memory resources in the account.
Returns memory summaries with IDs, ARNs, status, and timestamps.
This is a read-only operation... memory_list_actors List all actors in an AgentCore Memory resource.
Returns actor summaries (actor IDs) for the memory. This is
a read-only operation with no cost im... memory_list_events List events in an AgentCore Memory resource.
Lists events for a specific actor and session with optional
filtering by branch or metadata. This is ... memory_list_extraction_jobs List memory extraction jobs for an AgentCore Memory resource.
Returns extraction job metadata including status, actor/session
IDs, and failure rea... memory_list_records List memory records in an AgentCore Memory resource.
Returns memory record summaries filtered by namespace and
optionally by strategy. This is a r... memory_list_sessions List sessions for an actor in an AgentCore Memory resource.
Returns session summaries with session IDs, actor IDs, and
creation timestamps. This i... memory_retrieve_records Semantic search for memory records in an AgentCore Memory resource.
COST WARNING: Semantic search invokes embedding and retrieval
infrastructure. ... policy_engine_get Get details of an AgentCore Policy Engine.
Returns the policy engine including status, encryption config,
and timestamps. This is a read-only oper... policy_engine_list List AgentCore Policy Engines in the account.
Returns policy engine summaries with IDs, ARNs, status, and
timestamps. This is a read-only operatio... policy_generation_get Get details of an AgentCore Policy Generation.
Returns the generation including status, findings, and resource
context. Use to poll after policy_g... policy_generation_list List policy generations within a Policy Engine.
Returns policy generation summaries with IDs, ARNs, status,
resource context, and timestamps. Gene... policy_generation_list_assets List Cedar policies and findings produced by policy generation.
Returns generated policy assets — each with its Cedar definition
(if translatable)... policy_get Get details of a Cedar policy.
Returns the full policy including its Cedar definition, status,
and timestamps. This is a read-only operation with ... policy_list List Cedar policies within a Policy Engine.
Returns policy summaries with IDs, ARNs, definitions, status,
and timestamps. Optionally filter by tar... search_agentcore_docs Search curated AgentCore documentation and return ranked results with snippets.
This tool provides access to the complete Amazon Bedrock AgentCore... browser_click Click an element identified by its accessibility ref.
Use refs from the most recent browser_snapshot or navigation result.
If the ref is not found... browser_close Close the current page.
Closes the active page in the browser session. If multiple tabs
are open, subsequent tools will use the remaining tab. Use... browser_fill_form Fill multiple form fields in one action.
Clears each field before filling. Optionally clicks a submit button
after all fields are filled. Returns ... browser_handle_dialog Configure how JavaScript dialogs are handled for a session.
Sets a persistent handler for JavaScript dialogs (alert, confirm,
prompt, beforeunload... browser_press_key Press a keyboard key or key combination.
Simulates a key press on the page (not a specific element).
Supports modifier combinations like "Control+... browser_resize Resize the browser viewport.
Changes the viewport dimensions of the active page. Useful for
testing responsive layouts or viewing content at diffe... browser_select_option Select an option from a dropdown or combobox.
Provide one of: value (option value attribute), label (visible text),
or index (zero-based position)... browser_tabs Manage browser tabs: list, create, select, or close tabs.
Actions:
- "list": Show all open tabs with their titles and URLs.
- "new": Open a new ta... browser_type Type text into an element identified by its accessibility ref.
By default, clears the existing content before typing. Set
clear_first=False to app... browser_upload_file Upload files to a file input element identified by its ref.
Resolves the ref to a file input locator and sets the specified
file paths. For cloud ... create_agent_runtime Create a new AgentCore Runtime to host an agent or tool.
This is a one-time setup operation that creates AWS infrastructure
(IAM role binding, con... create_agent_runtime_endpoint Create a custom endpoint for an AgentCore Runtime.
Endpoints provide stable access points to specific runtime
versions. The DEFAULT endpoint is cr... gateway_create Create a new AgentCore Gateway resource.
COST WARNING: Creating a gateway provisions AWS infrastructure and
incurs AWS charges. Gateway invocation... gateway_resource_policy_put Create or update a resource-based policy on a gateway.
COST WARNING: The policy itself is free, but misconfigured policies
can expose a gateway to... gateway_target_create Create a new gateway target to expose tools through a gateway.
COST WARNING: Target creation is free, but tool invocations through
the gateway (La... gateway_target_update Update an existing gateway target.
COST WARNING: For mcpServer targets, updating triggers implicit
synchronization with the MCP server's tools/lis... gateway_update Update an AgentCore Gateway.
COST WARNING: Adding or enabling interceptors adds Lambda invocation
costs on every gateway request. Policy engine en... identity_create_api_key_provider Create an API key credential provider in AgentCore Identity.
COST WARNING: Creates a secret in AWS Secrets Manager (backing the
credential provide... identity_create_oauth2_provider Create an OAuth2 credential provider in AgentCore Identity.
COST WARNING: Creates a secret in AWS Secrets Manager (holding the
client_secret) and ... identity_create_workload_identity Create a new AgentCore workload identity.
COST WARNING: Creates a workload identity resource in AgentCore
Identity. Workload identities themselves... identity_put_resource_policy Create or replace the resource-based policy on an AgentCore resource.
ACCESS CONTROL WARNING: This modifies who can invoke or manage
the target re... identity_set_token_vault_cmk Set the customer master key (CMK) for an AgentCore Identity token vault.
COST WARNING: Switching to a CustomerManagedKey incurs AWS KMS
charges fo... identity_update_api_key_provider Update the API key stored in an existing credential provider.
COST WARNING: Rotates the secret in AWS Secrets Manager. Continues
to incur Secrets ... identity_update_oauth2_provider Update an OAuth2 credential provider's configuration.
COST WARNING: Rotates the secret in AWS Secrets Manager. Continues
to incur Secrets Manager ... identity_update_workload_identity Update an AgentCore workload identity.
Replaces the allowed OAuth2 return URLs list. This is a config
change only — the workload identity ARN and ... install_packages Install Python packages in a sandboxed code interpreter session.
Uses pip to install the specified packages in the session's sandbox.
Args:
c... memory_batch_create_records Batch create memory records in an AgentCore Memory resource.
COST WARNING: Creating memory records consumes storage and
indexing resources. Each r... memory_batch_update_records Batch update memory records in an AgentCore Memory resource.
Updates up to 100 memory records in a single call. Each record
must include its ID an... memory_create Create a new AgentCore Memory resource.
COST WARNING: Creating a memory resource provisions AWS infrastructure.
This incurs AWS charges. Memory st... memory_create_event Create an event in an AgentCore Memory resource (short-term memory).
COST WARNING: Creating events triggers background long-term memory
extraction... memory_update Update an AgentCore Memory resource.
COST WARNING: Adding new memory strategies may increase processing
costs as new strategies will process incom... policy_create Create a Cedar policy within an AgentCore Policy Engine.
COST WARNING: Creating a policy invokes the validation pipeline
and provisions a billable... policy_engine_create Create a new AgentCore Policy Engine.
COST WARNING: Creating a policy engine provisions AWS
infrastructure and incurs AWS charges. The engine star... policy_engine_update Update an AgentCore Policy Engine.
Currently only the description can be updated. The engine's name
and encryption configuration are immutable aft... policy_update Update a Cedar policy.
COST WARNING: Updating a policy re-invokes the validation
pipeline and consumes compute resources. This incurs AWS
charges.... update_agent_runtime Update an AgentCore Runtime, creating a new immutable version.
The DEFAULT endpoint automatically points to the new version.
Custom endpoints must... update_agent_runtime_endpoint Update an endpoint to point to a different runtime version.
Enables zero-downtime version transitions and rollbacks.
Configuration-only, no per-us... upload_file Upload a file to the sandboxed code interpreter session.
Creates or overwrites a file at the specified path in the session's sandbox
with the give... delete_agent_runtime Delete an AgentCore Runtime and all its versions.
All endpoints must be deleted first. Active sessions will be
terminated. This operation cannot b... delete_agent_runtime_endpoint Delete a runtime endpoint. Cannot delete the DEFAULT endpoint.
This operation cannot be undone. gateway_delete Delete an AgentCore Gateway.
WARNING: This permanently deletes the gateway. All associated
targets and the auto-created workload identity are remo... gateway_resource_policy_delete Delete the resource-based policy attached to a gateway.
WARNING: This removes all permissions granted by the resource
policy. Principals that reli... gateway_target_delete Delete a gateway target.
WARNING: This permanently removes the target from the gateway.
Tools exposed via this target will no longer be available ... identity_delete_api_key_provider Permanently delete an API key credential provider.
WARNING: This permanently deletes the credential provider and its
backing secret. Any agents or... identity_delete_oauth2_provider Permanently delete an OAuth2 credential provider.
WARNING: This permanently deletes the credential provider and its
backing secret. Any agents or ... identity_delete_resource_policy Permanently delete the resource-based policy on an AgentCore resource.
WARNING: Removes ALL access-control statements from the target
resource. Af... identity_delete_workload_identity Permanently delete an AgentCore workload identity.
WARNING: This permanently deletes the workload identity. Any
agents or code relying on this ide... memory_batch_delete_records Batch delete memory records from an AgentCore Memory resource.
WARNING: This permanently deletes up to 100 memory records in a
single call. This a... memory_delete Delete an AgentCore Memory resource.
WARNING: This permanently deletes the memory resource and all
associated data (events, memory records, strate... memory_delete_event Permanently delete an event from an AgentCore Memory resource.
WARNING: This permanently removes the event. This action cannot
be undone. Already-... memory_delete_record Permanently delete a memory record from an AgentCore Memory resource.
WARNING: This permanently removes the memory record. This action
cannot be u... policy_delete Delete a Cedar policy.
WARNING: This permanently deletes the policy. Delete is
asynchronous — status transitions through DELETING. This
action can... policy_engine_delete Delete an AgentCore Policy Engine.
WARNING: This permanently deletes the policy engine. The engine
must not have any associated policies before de... browser_evaluate Execute a JavaScript expression in the page context.
The expression is evaluated in the browser and its return value
is serialized to JSON. Use th... browser_navigate Navigate to a URL in the browser.
Loads the specified URL and returns an accessibility tree snapshot
of the loaded page. Use the element refs in t... browser_navigate_back Navigate back in browser history.
Returns an accessibility tree snapshot of the previous page. browser_navigate_forward Navigate forward in browser history.
Returns an accessibility tree snapshot of the next page. browser_wait_for Wait for text to appear or an element to become visible.
Provide either text or selector. Returns the page snapshot after
the condition is met. Ra... execute_code Execute code in a sandboxed code interpreter session.
Runs Python, JavaScript, or TypeScript code in the session's sandbox.
The execution context ... execute_command Execute a shell command in a sandboxed code interpreter session.
Runs a shell command in the session's sandbox environment.
Args:
ctx: MCP co... gateway_target_synchronize Explicitly synchronize gateway targets with their upstream tool catalog.
COST WARNING: Synchronization calls the MCP server's tools/list
endpoint ... invoke_agent_runtime Invoke an agent hosted in AgentCore Runtime.
Sends a request to the agent and returns the response. Each
invocation uses or creates a microVM sess... memory_start_extraction_job Start (or restart) a memory extraction job.
COST WARNING: Extraction jobs consume compute resources to
process events and produce memory records. ... policy_generation_start Start an AI-powered Cedar policy generation from natural language.
COST WARNING: Policy generation invokes foundation models and
consumes signific... start_browser_session Start a cloud browser session via Amazon Bedrock AgentCore.
Creates an isolated browser session running in a Firecracker microVM.
Returns the sess... start_code_interpreter_session Start a new sandboxed code interpreter session.
Creates a new session that can execute code, run commands, and manage files
in an isolated environ... stop_browser_session Stop a browser session and release resources.
Terminates the browser session and its underlying microVM.
The session cannot be resumed after stopp... stop_code_interpreter_session Stop a running code interpreter session and release its resources.
Args:
ctx: MCP context for error signaling and progress updates.
sessio... stop_runtime_session Stop a running runtime session to release its microVM.
Use this to terminate sessions early and **save costs** instead
of waiting for the idle tim... The AWS Bedrock AgentCore MCP Server MCP server exposes 122 tools across 4 categories: Read, Write, Destructive, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the AWS Bedrock AgentCore MCP Server server.
AWS Bedrock AgentCore MCP Server tools are categorised as Read (53), Write (38), Destructive (15), Execute (16). Each category has a recommended default policy.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.