AWS API Changes

2025/11/03 - Amazon Bedrock AgentCore Control - 6 updated api methods

Changes Adds support for direct code deploy with CreateAgentRuntime and UpdateAgentRuntime

CreateAgentRuntime (updated)

Link ¶
Changes (request)

{'agentRuntimeArtifact': {'codeConfiguration': {'code': {'s3': {'bucket': 'string',
                                                                'prefix': 'string',
                                                                'versionId': 'string'}},
                                                'entryPoint': ['string'],
                                                'runtime': 'PYTHON_3_10 | '
                                                           'PYTHON_3_11 | '
                                                           'PYTHON_3_12 | '
                                                           'PYTHON_3_13'}}}

Creates an Amazon Bedrock AgentCore Runtime.

See also: AWS API Documentation

Request Syntax

client.create_agent_runtime(
    agentRuntimeName='string',
    agentRuntimeArtifact={
        'containerConfiguration': {
            'containerUri': 'string'
        },
        'codeConfiguration': {
            'code': {
                's3': {
                    'bucket': 'string',
                    'prefix': 'string',
                    'versionId': 'string'
                }
            },
            'runtime': 'PYTHON_3_10'|'PYTHON_3_11'|'PYTHON_3_12'|'PYTHON_3_13',
            'entryPoint': [
                'string',
            ]
        }
    },
    roleArn='string',
    networkConfiguration={
        'networkMode': 'PUBLIC'|'VPC',
        'networkModeConfig': {
            'securityGroups': [
                'string',
            ],
            'subnets': [
                'string',
            ]
        }
    },
    clientToken='string',
    description='string',
    authorizerConfiguration={
        'customJWTAuthorizer': {
            'discoveryUrl': 'string',
            'allowedAudience': [
                'string',
            ],
            'allowedClients': [
                'string',
            ]
        }
    },
    requestHeaderConfiguration={
        'requestHeaderAllowlist': [
            'string',
        ]
    },
    protocolConfiguration={
        'serverProtocol': 'MCP'|'HTTP'|'A2A'
    },
    lifecycleConfiguration={
        'idleRuntimeSessionTimeout': 123,
        'maxLifetime': 123
    },
    environmentVariables={
        'string': 'string'
    },
    tags={
        'string': 'string'
    }
)

type agentRuntimeName:

string

param agentRuntimeName:

[REQUIRED]

The name of the AgentCore Runtime.

type agentRuntimeArtifact:

dict

param agentRuntimeArtifact:

[REQUIRED]

The artifact of the AgentCore Runtime.

containerConfiguration (dict) --

The container configuration for the agent artifact.
- containerUri (string) -- [REQUIRED]
  
  The ECR URI of the container.
codeConfiguration (dict) --

The code configuration for the agent runtime artifact, including the source code location and execution settings.
- code (dict) -- [REQUIRED]
  
  The source code location and configuration details.
  
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys can be set: s3.
  - s3 (dict) --
    
    The Amazon Amazon S3 object that contains the source code for the agent runtime.
    - bucket (string) -- [REQUIRED]
      
      The name of the Amazon S3 bucket. This bucket contains the stored data.
    - prefix (string) -- [REQUIRED]
      
      The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
    - versionId (string) --
      
      The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
- runtime (string) -- [REQUIRED]
  
  The runtime environment for executing the code (for example, Python 3.9 or Node.js 18).
- entryPoint (list) -- [REQUIRED]
  
  The entry point for the code execution, specifying the function or method that should be invoked when the code runs.
  - (string) --

type roleArn:

string

param roleArn:

[REQUIRED]

The IAM role ARN that provides permissions for the AgentCore Runtime.

type networkConfiguration:

dict

param networkConfiguration:

[REQUIRED]

The network configuration for the AgentCore Runtime.

networkMode (string) -- [REQUIRED]

The network mode for the AgentCore Runtime.
networkModeConfig (dict) --

The network mode configuration for the AgentCore Runtime.
- securityGroups (list) -- [REQUIRED]
  
  The security groups associated with the VPC configuration.
  - (string) --
- subnets (list) -- [REQUIRED]
  
  The subnets associated with the VPC configuration.
  - (string) --

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier to ensure idempotency of the request.

This field is autopopulated if not provided.

type description:

string

param description:

The description of the AgentCore Runtime.

type authorizerConfiguration:

dict

param authorizerConfiguration:

The authorizer configuration for the AgentCore Runtime.

customJWTAuthorizer (dict) --

The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
- discoveryUrl (string) -- [REQUIRED]
  
  This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
- allowedAudience (list) --
  
  Represents individual audience values that are validated in the incoming JWT token validation process.
  - (string) --
- allowedClients (list) --
  
  Represents individual client IDs that are validated in the incoming JWT token validation process.
  - (string) --

type requestHeaderConfiguration:

dict

param requestHeaderConfiguration:

Configuration for HTTP request headers that will be passed through to the runtime.

requestHeaderAllowlist (list) --

A list of HTTP request headers that are allowed to be passed through to the runtime.
- (string) --

type protocolConfiguration:

dict

param protocolConfiguration:

The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.

serverProtocol (string) -- [REQUIRED]

The server protocol for the agent runtime. This field specifies which protocol the agent runtime uses to communicate with clients.

type lifecycleConfiguration:

dict

param lifecycleConfiguration:

The life cycle configuration for the AgentCore Runtime.

idleRuntimeSessionTimeout (integer) --

Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will be automatically terminated. Default: 900 seconds (15 minutes).
maxLifetime (integer) --

Maximum lifetime for the instance in seconds. Once reached, instances will be automatically terminated and replaced. Default: 28800 seconds (8 hours).

type environmentVariables:

dict

param environmentVariables:

Environment variables to set in the AgentCore Runtime environment.

(string) --
- (string) --

type tags:

dict

param tags:

A map of tag keys and values to assign to the agent runtime. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

(string) --
- (string) --

rtype:

dict

returns:

Response Syntax

{
    'agentRuntimeArn': 'string',
    'workloadIdentityDetails': {
        'workloadIdentityArn': 'string'
    },
    'agentRuntimeId': 'string',
    'agentRuntimeVersion': 'string',
    'createdAt': datetime(2015, 1, 1),
    'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING'
}

Response Structure

(dict) --
- agentRuntimeArn (string) --
  
  The Amazon Resource Name (ARN) of the AgentCore Runtime.
- workloadIdentityDetails (dict) --
  
  The workload identity details for the AgentCore Runtime.
  - workloadIdentityArn (string) --
    
    The ARN associated with the workload identity.
- agentRuntimeId (string) --
  
  The unique identifier of the AgentCore Runtime.
- agentRuntimeVersion (string) --
  
  The version of the AgentCore Runtime.
- createdAt (datetime) --
  
  The timestamp when the AgentCore Runtime was created.
- status (string) --
  
  The current status of the AgentCore Runtime.

CreateBrowser (updated)

Link ¶
Changes (request)

{'recording': {'s3Location': {'versionId': 'string'}}}

Creates a custom browser.

See also: AWS API Documentation

Request Syntax

client.create_browser(
    name='string',
    description='string',
    executionRoleArn='string',
    networkConfiguration={
        'networkMode': 'PUBLIC'|'VPC',
        'vpcConfig': {
            'securityGroups': [
                'string',
            ],
            'subnets': [
                'string',
            ]
        }
    },
    recording={
        'enabled': True|False,
        's3Location': {
            'bucket': 'string',
            'prefix': 'string',
            'versionId': 'string'
        }
    },
    browserSigning={
        'enabled': True|False
    },
    clientToken='string',
    tags={
        'string': 'string'
    }
)

type name:

string

param name:

[REQUIRED]

The name of the browser. The name must be unique within your account.

type description:

string

param description:

The description of the browser.

type executionRoleArn:

string

param executionRoleArn:

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the browser to access Amazon Web Services services.

type networkConfiguration:

dict

param networkConfiguration:

[REQUIRED]

The network configuration for the browser. This configuration specifies the network mode for the browser.

networkMode (string) -- [REQUIRED]

The network mode for the browser. This field specifies how the browser connects to the network.
vpcConfig (dict) --

VpcConfig for the Agent.
- securityGroups (list) -- [REQUIRED]
  
  The security groups associated with the VPC configuration.
  - (string) --
- subnets (list) -- [REQUIRED]
  
  The subnets associated with the VPC configuration.
  - (string) --

type recording:

dict

param recording:

The recording configuration for the browser. When enabled, browser sessions are recorded and stored in the specified Amazon S3 location.

enabled (boolean) --

Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.
s3Location (dict) --

The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.
- bucket (string) -- [REQUIRED]
  
  The name of the Amazon S3 bucket. This bucket contains the stored data.
- prefix (string) -- [REQUIRED]
  
  The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
- versionId (string) --
  
  The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.

type browserSigning:

dict

param browserSigning:

The browser signing configuration that enables cryptographic agent identification using HTTP message signatures for web bot authentication.

enabled (boolean) -- [REQUIRED]

Specifies whether browser signing is enabled. When enabled, the browser will cryptographically sign HTTP requests to identify itself as an AI agent to bot control vendors.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.

This field is autopopulated if not provided.

type tags:

dict

param tags:

A map of tag keys and values to assign to the browser. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

(string) --
- (string) --

rtype:

dict

returns:

Response Syntax

{
    'browserId': 'string',
    'browserArn': 'string',
    'createdAt': datetime(2015, 1, 1),
    'status': 'CREATING'|'CREATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'|'DELETED'
}

Response Structure

(dict) --
- browserId (string) --
  
  The unique identifier of the created browser.
- browserArn (string) --
  
  The Amazon Resource Name (ARN) of the created browser.
- createdAt (datetime) --
  
  The timestamp when the browser was created.
- status (string) --
  
  The current status of the browser.

DeleteAgentRuntime (updated)

Link ¶
Changes (request)

{'clientToken': 'string'}

Deletes an Amazon Bedrock AgentCore Runtime.

See also: AWS API Documentation

Request Syntax

client.delete_agent_runtime(
    agentRuntimeId='string',
    clientToken='string'
)

type agentRuntimeId:

string

param agentRuntimeId:

[REQUIRED]

The unique identifier of the AgentCore Runtime to delete.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service ignores the request but does not return an error.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING',
    'agentRuntimeId': 'string'
}

Response Structure

(dict) --
- status (string) --
  
  The current status of the AgentCore Runtime deletion.
- agentRuntimeId (string) --
  
  The unique identifier of the AgentCore Runtime.

GetAgentRuntime (updated)

Link ¶
Changes (response)

{'agentRuntimeArtifact': {'codeConfiguration': {'code': {'s3': {'bucket': 'string',
                                                                'prefix': 'string',
                                                                'versionId': 'string'}},
                                                'entryPoint': ['string'],
                                                'runtime': 'PYTHON_3_10 | '
                                                           'PYTHON_3_11 | '
                                                           'PYTHON_3_12 | '
                                                           'PYTHON_3_13'}}}

Gets an Amazon Bedrock AgentCore Runtime.

See also: AWS API Documentation

Request Syntax

client.get_agent_runtime(
    agentRuntimeId='string',
    agentRuntimeVersion='string'
)

type agentRuntimeId:

string

param agentRuntimeId:

[REQUIRED]

The unique identifier of the AgentCore Runtime to retrieve.

type agentRuntimeVersion:

string

param agentRuntimeVersion:

The version of the AgentCore Runtime to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'agentRuntimeArn': 'string',
    'agentRuntimeName': 'string',
    'agentRuntimeId': 'string',
    'agentRuntimeVersion': 'string',
    'createdAt': datetime(2015, 1, 1),
    'lastUpdatedAt': datetime(2015, 1, 1),
    'roleArn': 'string',
    'networkConfiguration': {
        'networkMode': 'PUBLIC'|'VPC',
        'networkModeConfig': {
            'securityGroups': [
                'string',
            ],
            'subnets': [
                'string',
            ]
        }
    },
    'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING',
    'lifecycleConfiguration': {
        'idleRuntimeSessionTimeout': 123,
        'maxLifetime': 123
    },
    'description': 'string',
    'workloadIdentityDetails': {
        'workloadIdentityArn': 'string'
    },
    'agentRuntimeArtifact': {
        'containerConfiguration': {
            'containerUri': 'string'
        },
        'codeConfiguration': {
            'code': {
                's3': {
                    'bucket': 'string',
                    'prefix': 'string',
                    'versionId': 'string'
                }
            },
            'runtime': 'PYTHON_3_10'|'PYTHON_3_11'|'PYTHON_3_12'|'PYTHON_3_13',
            'entryPoint': [
                'string',
            ]
        }
    },
    'protocolConfiguration': {
        'serverProtocol': 'MCP'|'HTTP'|'A2A'
    },
    'environmentVariables': {
        'string': 'string'
    },
    'authorizerConfiguration': {
        'customJWTAuthorizer': {
            'discoveryUrl': 'string',
            'allowedAudience': [
                'string',
            ],
            'allowedClients': [
                'string',
            ]
        }
    },
    'requestHeaderConfiguration': {
        'requestHeaderAllowlist': [
            'string',
        ]
    }
}

Response Structure

(dict) --
- agentRuntimeArn (string) --
  
  The Amazon Resource Name (ARN) of the AgentCore Runtime.
- agentRuntimeName (string) --
  
  The name of the AgentCore Runtime.
- agentRuntimeId (string) --
  
  The unique identifier of the AgentCore Runtime.
- agentRuntimeVersion (string) --
  
  The version of the AgentCore Runtime.
- createdAt (datetime) --
  
  The timestamp when the AgentCore Runtime was created.
- lastUpdatedAt (datetime) --
  
  The timestamp when the AgentCore Runtime was last updated.
- roleArn (string) --
  
  The IAM role ARN that provides permissions for the AgentCore Runtime.
- networkConfiguration (dict) --
  
  The network configuration for the AgentCore Runtime.
  - networkMode (string) --
    
    The network mode for the AgentCore Runtime.
  - networkModeConfig (dict) --
    
    The network mode configuration for the AgentCore Runtime.
    - securityGroups (list) --
      
      The security groups associated with the VPC configuration.
      - (string) --
    - subnets (list) --
      
      The subnets associated with the VPC configuration.
      - (string) --
- status (string) --
  
  The current status of the AgentCore Runtime.
- lifecycleConfiguration (dict) --
  
  The life cycle configuration for the AgentCore Runtime.
  - idleRuntimeSessionTimeout (integer) --
    
    Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will be automatically terminated. Default: 900 seconds (15 minutes).
  - maxLifetime (integer) --
    
    Maximum lifetime for the instance in seconds. Once reached, instances will be automatically terminated and replaced. Default: 28800 seconds (8 hours).
- description (string) --
  
  The description of the AgentCore Runtime.
- workloadIdentityDetails (dict) --
  
  The workload identity details for the AgentCore Runtime.
  - workloadIdentityArn (string) --
    
    The ARN associated with the workload identity.
- agentRuntimeArtifact (dict) --
  
  The artifact of the AgentCore Runtime.
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys will be set: containerConfiguration, codeConfiguration. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
```
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
```
  - containerConfiguration (dict) --
    
    The container configuration for the agent artifact.
    - containerUri (string) --
      
      The ECR URI of the container.
  - codeConfiguration (dict) --
    
    The code configuration for the agent runtime artifact, including the source code location and execution settings.
    - code (dict) --
      
      The source code location and configuration details.
      Note
      
      This is a Tagged Union structure. Only one of the following top level keys will be set: s3. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
      
      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
      - s3 (dict) --
        
        The Amazon Amazon S3 object that contains the source code for the agent runtime.
        
        bucket (string) --
        
        The name of the Amazon S3 bucket. This bucket contains the stored data.
        
        prefix (string) --
        
        The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
        
        versionId (string) --
        
        The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
    - runtime (string) --
      
      The runtime environment for executing the code (for example, Python 3.9 or Node.js 18).
    - entryPoint (list) --
      
      The entry point for the code execution, specifying the function or method that should be invoked when the code runs.
      - (string) --
- protocolConfiguration (dict) --
  
  The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.
  - serverProtocol (string) --
    
    The server protocol for the agent runtime. This field specifies which protocol the agent runtime uses to communicate with clients.
- environmentVariables (dict) --
  
  Environment variables set in the AgentCore Runtime environment.
  - (string) --
    - (string) --
- authorizerConfiguration (dict) --
  
  The authorizer configuration for the AgentCore Runtime.
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys will be set: customJWTAuthorizer. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
```
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
```
  - customJWTAuthorizer (dict) --
    
    The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
    - discoveryUrl (string) --
      
      This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
    - allowedAudience (list) --
      
      Represents individual audience values that are validated in the incoming JWT token validation process.
      - (string) --
    - allowedClients (list) --
      
      Represents individual client IDs that are validated in the incoming JWT token validation process.
      - (string) --
- requestHeaderConfiguration (dict) --
  
  Configuration for HTTP request headers that will be passed through to the runtime.
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys will be set: requestHeaderAllowlist. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
```
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
```
  - requestHeaderAllowlist (list) --
    
    A list of HTTP request headers that are allowed to be passed through to the runtime.
    - (string) --

GetBrowser (updated)

Link ¶
Changes (response)

{'recording': {'s3Location': {'versionId': 'string'}}}

Gets information about a custom browser.

See also: AWS API Documentation

Request Syntax

client.get_browser(
    browserId='string'
)

type browserId:

string

param browserId:

[REQUIRED]

The unique identifier of the browser to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'browserId': 'string',
    'browserArn': 'string',
    'name': 'string',
    'description': 'string',
    'executionRoleArn': 'string',
    'networkConfiguration': {
        'networkMode': 'PUBLIC'|'VPC',
        'vpcConfig': {
            'securityGroups': [
                'string',
            ],
            'subnets': [
                'string',
            ]
        }
    },
    'recording': {
        'enabled': True|False,
        's3Location': {
            'bucket': 'string',
            'prefix': 'string',
            'versionId': 'string'
        }
    },
    'browserSigning': {
        'enabled': True|False
    },
    'status': 'CREATING'|'CREATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'|'DELETED',
    'failureReason': 'string',
    'createdAt': datetime(2015, 1, 1),
    'lastUpdatedAt': datetime(2015, 1, 1)
}

Response Structure

(dict) --
- browserId (string) --
  
  The unique identifier of the browser.
- browserArn (string) --
  
  The Amazon Resource Name (ARN) of the browser.
- name (string) --
  
  The name of the browser.
- description (string) --
  
  The description of the browser.
- executionRoleArn (string) --
  
  The IAM role ARN that provides permissions for the browser.
- networkConfiguration (dict) --
  
  The network configuration for a browser. This structure defines how the browser connects to the network.
  - networkMode (string) --
    
    The network mode for the browser. This field specifies how the browser connects to the network.
  - vpcConfig (dict) --
    
    VpcConfig for the Agent.
    - securityGroups (list) --
      
      The security groups associated with the VPC configuration.
      - (string) --
    - subnets (list) --
      
      The subnets associated with the VPC configuration.
      - (string) --
- recording (dict) --
  
  The recording configuration for a browser. This structure defines how browser sessions are recorded.
  - enabled (boolean) --
    
    Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.
  - s3Location (dict) --
    
    The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.
    - bucket (string) --
      
      The name of the Amazon S3 bucket. This bucket contains the stored data.
    - prefix (string) --
      
      The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
    - versionId (string) --
      
      The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
- browserSigning (dict) --
  
  The browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
  - enabled (boolean) --
    
    Indicates whether browser signing is currently enabled for cryptographic agent identification using HTTP message signatures.
- status (string) --
  
  The current status of the browser.
- failureReason (string) --
  
  The reason for failure if the browser is in a failed state.
- createdAt (datetime) --
  
  The timestamp when the browser was created.
- lastUpdatedAt (datetime) --
  
  The timestamp when the browser was last updated.

UpdateAgentRuntime (updated)

Link ¶
Changes (request)

{'agentRuntimeArtifact': {'codeConfiguration': {'code': {'s3': {'bucket': 'string',
                                                                'prefix': 'string',
                                                                'versionId': 'string'}},
                                                'entryPoint': ['string'],
                                                'runtime': 'PYTHON_3_10 | '
                                                           'PYTHON_3_11 | '
                                                           'PYTHON_3_12 | '
                                                           'PYTHON_3_13'}}}

Updates an existing Amazon Secure Agent.

See also: AWS API Documentation

Request Syntax

client.update_agent_runtime(
    agentRuntimeId='string',
    agentRuntimeArtifact={
        'containerConfiguration': {
            'containerUri': 'string'
        },
        'codeConfiguration': {
            'code': {
                's3': {
                    'bucket': 'string',
                    'prefix': 'string',
                    'versionId': 'string'
                }
            },
            'runtime': 'PYTHON_3_10'|'PYTHON_3_11'|'PYTHON_3_12'|'PYTHON_3_13',
            'entryPoint': [
                'string',
            ]
        }
    },
    roleArn='string',
    networkConfiguration={
        'networkMode': 'PUBLIC'|'VPC',
        'networkModeConfig': {
            'securityGroups': [
                'string',
            ],
            'subnets': [
                'string',
            ]
        }
    },
    description='string',
    authorizerConfiguration={
        'customJWTAuthorizer': {
            'discoveryUrl': 'string',
            'allowedAudience': [
                'string',
            ],
            'allowedClients': [
                'string',
            ]
        }
    },
    requestHeaderConfiguration={
        'requestHeaderAllowlist': [
            'string',
        ]
    },
    protocolConfiguration={
        'serverProtocol': 'MCP'|'HTTP'|'A2A'
    },
    lifecycleConfiguration={
        'idleRuntimeSessionTimeout': 123,
        'maxLifetime': 123
    },
    environmentVariables={
        'string': 'string'
    },
    clientToken='string'
)

type agentRuntimeId:

string

param agentRuntimeId:

[REQUIRED]

The unique identifier of the AgentCore Runtime to update.

type agentRuntimeArtifact:

dict

param agentRuntimeArtifact:

[REQUIRED]

The updated artifact of the AgentCore Runtime.

containerConfiguration (dict) --

The container configuration for the agent artifact.
- containerUri (string) -- [REQUIRED]
  
  The ECR URI of the container.
codeConfiguration (dict) --

The code configuration for the agent runtime artifact, including the source code location and execution settings.
- code (dict) -- [REQUIRED]
  
  The source code location and configuration details.
  
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys can be set: s3.
  - s3 (dict) --
    
    The Amazon Amazon S3 object that contains the source code for the agent runtime.
    - bucket (string) -- [REQUIRED]
      
      The name of the Amazon S3 bucket. This bucket contains the stored data.
    - prefix (string) -- [REQUIRED]
      
      The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
    - versionId (string) --
      
      The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
- runtime (string) -- [REQUIRED]
  
  The runtime environment for executing the code (for example, Python 3.9 or Node.js 18).
- entryPoint (list) -- [REQUIRED]
  
  The entry point for the code execution, specifying the function or method that should be invoked when the code runs.
  - (string) --

type roleArn:

string

param roleArn:

[REQUIRED]

The updated IAM role ARN that provides permissions for the AgentCore Runtime.

type networkConfiguration:

dict

param networkConfiguration:

[REQUIRED]

The updated network configuration for the AgentCore Runtime.

networkMode (string) -- [REQUIRED]

The network mode for the AgentCore Runtime.
networkModeConfig (dict) --

The network mode configuration for the AgentCore Runtime.
- securityGroups (list) -- [REQUIRED]
  
  The security groups associated with the VPC configuration.
  - (string) --
- subnets (list) -- [REQUIRED]
  
  The subnets associated with the VPC configuration.
  - (string) --

type description:

string

param description:

The updated description of the AgentCore Runtime.

type authorizerConfiguration:

dict

param authorizerConfiguration:

The updated authorizer configuration for the AgentCore Runtime.

customJWTAuthorizer (dict) --

The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
- discoveryUrl (string) -- [REQUIRED]
  
  This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
- allowedAudience (list) --
  
  Represents individual audience values that are validated in the incoming JWT token validation process.
  - (string) --
- allowedClients (list) --
  
  Represents individual client IDs that are validated in the incoming JWT token validation process.
  - (string) --

type requestHeaderConfiguration:

dict

param requestHeaderConfiguration:

The updated configuration for HTTP request headers that will be passed through to the runtime.

requestHeaderAllowlist (list) --

A list of HTTP request headers that are allowed to be passed through to the runtime.
- (string) --

type protocolConfiguration:

dict

param protocolConfiguration:

The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.

serverProtocol (string) -- [REQUIRED]

The server protocol for the agent runtime. This field specifies which protocol the agent runtime uses to communicate with clients.

type lifecycleConfiguration:

dict

param lifecycleConfiguration:

The updated life cycle configuration for the AgentCore Runtime.

idleRuntimeSessionTimeout (integer) --

Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will be automatically terminated. Default: 900 seconds (15 minutes).
maxLifetime (integer) --

Maximum lifetime for the instance in seconds. Once reached, instances will be automatically terminated and replaced. Default: 28800 seconds (8 hours).

type environmentVariables:

dict

param environmentVariables:

Updated environment variables to set in the AgentCore Runtime environment.

(string) --
- (string) --

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier to ensure idempotency of the request.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'agentRuntimeArn': 'string',
    'agentRuntimeId': 'string',
    'workloadIdentityDetails': {
        'workloadIdentityArn': 'string'
    },
    'agentRuntimeVersion': 'string',
    'createdAt': datetime(2015, 1, 1),
    'lastUpdatedAt': datetime(2015, 1, 1),
    'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING'
}

Response Structure

(dict) --
- agentRuntimeArn (string) --
  
  The Amazon Resource Name (ARN) of the updated AgentCore Runtime.
- agentRuntimeId (string) --
  
  The unique identifier of the updated AgentCore Runtime.
- workloadIdentityDetails (dict) --
  
  The workload identity details for the updated AgentCore Runtime.
  - workloadIdentityArn (string) --
    
    The ARN associated with the workload identity.
- agentRuntimeVersion (string) --
  
  The version of the updated AgentCore Runtime.
- createdAt (datetime) --
  
  The timestamp when the AgentCore Runtime was created.
- lastUpdatedAt (datetime) --
  
  The timestamp when the AgentCore Runtime was last updated.
- status (string) --
  
  The current status of the updated AgentCore Runtime.