Amazon Bedrock AgentCore Gateway adds MCP enterprise features to centralize tool access

Amazon Bedrock AgentCore Gateway is extending its support for the Model Context Protocol (MCP) to address enterprise deployment challenges. Without a centralized gateway, each MCP server independently handles credentials, policy enforcement, private connectivity, and logging, leading to duplication and security overhead. AgentCore Gateway solves this by acting as a single entry point that aggregates capabilities from multiple MCP servers, REST APIs, and Lambda functions. It centralizes credential management, observability, and secure connectivity through features like resource-based policies (RBP) for access control, service control policies (SCPs) for governance, AWS PrivateLink for network isolation, and interceptor Lambda functions for custom request/response handling. Integration with AgentCore Policy (Preview) provides deterministic guardrails, while OAuth 2.0 authorization code flow enables delegated authentication.

The new capabilities further strengthen enterprise MCP support. AgentCore Gateway now supports all three MCP primitives—tools, prompts, and resources—with extended tool schema including outputSchema and annotations for read-only or destructive behavior. Dynamic listing enables runtime discovery of MCP servers, while streaming and session management support stateful real-time interactions. The gateway also facilitates elicitation for mid-execution input requests and OAuth 2.0 on-behalf-of token exchange for delegated authentication. By offering a single MCP endpoint that aggregates tools, prompts, and resources from every MCP server in an organization, clients can manage one unified catalog instead of 20 separate connections. This reduces infrastructure burden, improves security posture, and provides centralized audit logs, enabling enterprises to scale MCP deployments confidently.