New pattern - agentcore-gateway-lambda-cdk#3085
Conversation
… pattern Deploy an Amazon Bedrock Agent powered by OpenAI GPT OSS model with a Lambda action group for tool use (weather + time). First pattern combining Bedrock Agents with OpenAI models on Bedrock.
… tools pattern Deploy an AgentCore Gateway exposing Lambda functions as MCP tools. First CDK pattern for AgentCore Gateway with Lambda tool targets, inline tool schemas, and IAM authentication.
|
Hi @biswanathmukherjee 👋 Friendly nudge — this pattern is ready for review. Deployed and tested end-to-end on a live AWS account. Would appreciate a look when you have time. Thank you! |
|
Hi @biswanathmukherjee 👋 This is the first AgentCore Gateway pattern — a brand new service (Spring 2026) exposing Lambda tools via MCP protocol with IAM auth. Zero existing patterns for this service. Deployed and tested. |
| const gatewayRole = new iam.Role(this, "GatewayRole", { | ||
| assumedBy: new iam.ServicePrincipal("bedrock-agentcore.amazonaws.com"), | ||
| description: "Role for AgentCore Gateway to invoke Lambda tools", | ||
| }); | ||
| toolFn.grantInvoke(gatewayRole); |
There was a problem hiding this comment.
Trust policy missing aws:SourceAccount / aws:SourceArn conditions (confused-deputy risk)
The Gateway service role is assumed by bedrock-agentcore.amazonaws.com with no Condition block. AWS docs explicitly recommend restricting this trust policy with aws:SourceAccount and aws:SourceArn to prevent another customer's gateway from being able to assume this role.
|
This PR also includes |
Addresses confused-deputy risk by restricting the bedrock-agentcore.amazonaws.com service principal with aws:SourceAccount condition per AWS docs. Ref: https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.html
|
Thank you @parikhudit! Great catch on the confused-deputy risk. Fixed in commit 5356c85 — added assumedBy: new iam.ServicePrincipal('bedrock-agentcore.amazonaws.com', {
conditions: {
StringEquals: { 'aws:SourceAccount': this.account },
},
}), |
3 participants
Description
Deploy an Amazon Bedrock AgentCore Gateway with Lambda tool targets, exposing tools via the MCP protocol with IAM authentication.
Changes
lib/agentcore-gateway-lambda-stack.ts— CDK stack: AgentCore Gateway + Lambda tool target with MCP protocolsrc/index.js— Lambda handler with input validation and error sanitizationREADME.md— Architecture, deployment steps, and testing instructions (tools/list + tools/call)example-pattern.json— Pattern metadata with services fieldTesting
cdk synth— clean, 7 resources