AWS AgentCore Integration

AWS AgentCore (Amazon Bedrock AgentCore) provides infrastructure for building, deploying, and monitoring AI agents on AWS. LangGuard integrates with AgentCore to capture agent execution traces and performance metrics.

Overview

The AWS AgentCore integration enables LangGuard to:

Capture agent execution traces from Bedrock agents
Monitor tool usage and action group invocations
Track knowledge base queries and retrieval performance
Apply governance policies to agent interactions

Prerequisites

An AWS account with Bedrock agents configured
IAM user or role with AgentCore read permissions
AWS Access Key ID and Secret Access Key
LangGuard admin role

Setup

Step 1: Configure IAM Permissions

Create or update an IAM policy with AgentCore read access:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:ListAgents",
        "bedrock:GetAgent",
        "bedrock:ListAgentVersions",
        "bedrock:ListAgentActionGroups",
        "bedrock:ListAgentKnowledgeBases",
        "logs:GetLogEvents",
        "logs:FilterLogEvents"
      ],
      "Resource": "*"
    }
  ]
}

Step 2: Add Integration in LangGuard

Navigate to Integrations in the sidebar
Click Add Integration
Select AI Frameworks > AWS AgentCore
Enter:
- Name: A friendly name (e.g., "Production Bedrock Agents")
- Access Key ID: Your AWS access key
- Secret Access Key: Your AWS secret key
- Region: The AWS region (e.g., us-east-1)
Click Test Connection
Click Save

What Gets Captured

Agent Executions

Field	Description
Agent Name	The Bedrock agent invoked
Session ID	The conversation session
Input	User input to the agent
Output	Agent response
Duration	Total execution time
Status	Success or error

Action Groups

Action group invocations and their results
API calls made by action groups
Lambda function execution details

Knowledge Base Queries

Retrieval queries and results
Source documents retrieved
Relevance scores

Troubleshooting

Authentication Failed

Verify the Access Key ID and Secret Access Key are correct
Ensure the IAM policy includes the required Bedrock permissions
Check that the region is correct

No Agent Data

Confirm Bedrock agents exist in the specified region
Verify agent invocation logging is enabled
Check CloudWatch Logs permissions

Next Steps

Integrations Overview — See all available integrations
AWS Bedrock — Monitor Bedrock foundation models
Trace Explorer — Analyze agent traces

Overview​

Prerequisites​

Setup​

Step 1: Configure IAM Permissions​

Step 2: Add Integration in LangGuard​

What Gets Captured​

Agent Executions​

Action Groups​

Knowledge Base Queries​

Troubleshooting​

Authentication Failed​

No Agent Data​

Next Steps​