bedrock-agentcore-starter-toolkit 0.1.26__py3-none-any.whl → 0.1.27__py3-none-any.whl

bedrock_agentcore_starter_toolkit/operations/runtime/models.py

@@ -22,6 +22,10 @@ class ConfigureResult(BaseModel):
     ecr_repository: Optional[str] = Field(None, description="ECR repository URI")
     auto_create_ecr: bool = Field(False, description="Whether ECR will be auto-created")
     memory_id: Optional[str] = Field(default=None, description="Memory resource ID if created")
+    network_mode: Optional[str] = Field(None, description="Network mode (PUBLIC or VPC)")
+    network_subnets: Optional[List[str]] = Field(None, description="VPC subnet IDs")
+    network_security_groups: Optional[List[str]] = Field(None, description="VPC security group IDs")
+    network_vpc_id: Optional[str] = Field(None, description="VPC ID")
 
 
 # Launch operation models
@@ -70,12 +74,18 @@ class StatusConfigInfo(BaseModel):
     ecr_repository: Optional[str] = Field(None, description="ECR repository URI")
     agent_id: Optional[str] = Field(None, description="BedrockAgentCore agent ID")
     agent_arn: Optional[str] = Field(None, description="BedrockAgentCore agent ARN")
+    network_mode: Optional[str] = None
+    network_subnets: Optional[List[str]] = None
+    network_security_groups: Optional[List[str]] = None
+    network_vpc_id: Optional[str] = None
     memory_id: Optional[str] = Field(None, description="Memory resource ID")
     memory_status: Optional[str] = Field(None, description="Memory provisioning status (CREATING/ACTIVE/FAILED)")
     memory_type: Optional[str] = Field(None, description="Memory type (STM or STM+LTM)")
     memory_enabled: Optional[bool] = Field(None, description="Whether memory is enabled")
     memory_strategies: Optional[List[str]] = Field(None, description="Active memory strategies")
     memory_details: Optional[Dict[str, Any]] = Field(None, description="Detailed memory resource information")
+    idle_timeout: Optional[int] = Field(None, description="Idle runtime session timeout in seconds")
+    max_lifetime: Optional[int] = Field(None, description="Maximum instance lifetime in seconds")
 
 
 class StatusResult(BaseModel):
@@ -94,3 +104,12 @@ class DestroyResult(BaseModel):
     warnings: List[str] = Field(default_factory=list, description="List of warnings during destruction")
     errors: List[str] = Field(default_factory=list, description="List of errors during destruction")
     dry_run: bool = Field(default=False, description="Whether this was a dry run")
+
+
+class StopSessionResult(BaseModel):
+    """Result of stop session operation."""
+
+    session_id: str = Field(..., description="Session ID that was stopped")
+    agent_name: str = Field(..., description="Name of the agent")
+    status_code: int = Field(..., description="HTTP status code of the operation")
+    message: str = Field(default="Session stopped successfully", description="Result message")

bedrock_agentcore_starter_toolkit/operations/runtime/status.py

@@ -26,6 +26,24 @@ def get_status(config_path: Path, agent_name: Optional[str] = None) -> StatusRes
     project_config = load_config(config_path)
     agent_config = project_config.get_agent_config(agent_name)
 
+    # ADD NETWORK CONFIGURATION EXTRACTION
+    network_mode = agent_config.aws.network_configuration.network_mode
+    vpc_id = None
+
+    if network_mode == "VPC" and agent_config.aws.network_configuration.network_mode_config:
+        network_config = agent_config.aws.network_configuration.network_mode_config
+
+        # Try to get VPC ID from subnets (best effort - don't fail if can't retrieve)
+        try:
+            import boto3
+
+            ec2_client = boto3.client("ec2", region_name=agent_config.aws.region)
+            subnet_response = ec2_client.describe_subnets(SubnetIds=network_config.subnets[:1])
+            if subnet_response["Subnets"]:
+                vpc_id = subnet_response["Subnets"][0]["VpcId"]
+        except Exception:
+            pass  # nosec B110 # Ignore errors - VPC ID is nice-to-have
+
     # Build config info
     config_info = StatusConfigInfo(
         name=agent_config.name,
@@ -36,8 +54,20 @@ def get_status(config_path: Path, agent_name: Optional[str] = None) -> StatusRes
         ecr_repository=agent_config.aws.ecr_repository,
         agent_id=agent_config.bedrock_agentcore.agent_id,
         agent_arn=agent_config.bedrock_agentcore.agent_arn,
+        network_mode=agent_config.aws.network_configuration.network_mode,
+        network_subnets=agent_config.aws.network_configuration.network_mode_config.subnets
+        if agent_config.aws.network_configuration.network_mode_config
+        else None,
+        network_security_groups=agent_config.aws.network_configuration.network_mode_config.security_groups
+        if agent_config.aws.network_configuration.network_mode_config
+        else None,
+        network_vpc_id=vpc_id,
     )
 
+    if agent_config.aws.lifecycle_configuration.has_custom_settings:
+        config_info.idle_timeout = agent_config.aws.lifecycle_configuration.idle_runtime_session_timeout
+        config_info.max_lifetime = agent_config.aws.lifecycle_configuration.max_lifetime
+
     # Check if memory is disabled first
     if agent_config.memory and agent_config.memory.mode == "NO_MEMORY":
         config_info.memory_type = "Disabled"

bedrock_agentcore_starter_toolkit/operations/runtime/stop_session.py

@@ -0,0 +1,123 @@
+"""Stop session operation - terminates active runtime sessions."""
+
+import logging
+from pathlib import Path
+from typing import Optional
+
+from botocore.exceptions import ClientError
+
+from ...services.runtime import BedrockAgentCoreClient
+from ...utils.runtime.config import load_config, save_config
+from ...utils.runtime.schema import BedrockAgentCoreAgentSchema, BedrockAgentCoreConfigSchema
+from .models import StopSessionResult
+
+log = logging.getLogger(__name__)
+
+
+def stop_runtime_session(
+    config_path: Path,
+    session_id: Optional[str] = None,
+    agent_name: Optional[str] = None,
+) -> StopSessionResult:
+    """Stop an active runtime session.
+
+    Args:
+        config_path: Path to BedrockAgentCore configuration file
+        session_id: Session ID to stop (if None, uses tracked session from config)
+        agent_name: Name of agent (for project configurations)
+
+    Returns:
+        StopSessionResult with operation details
+
+    Raises:
+        ValueError: If no session ID provided or found, or agent not deployed
+        FileNotFoundError: If configuration file doesn't exist
+    """
+    # Load project configuration
+    project_config = load_config(config_path)
+    agent_config = project_config.get_agent_config(agent_name)
+
+    log.info("Stopping session for agent: %s", agent_config.name)
+
+    # Check if agent is deployed
+    if not agent_config.bedrock_agentcore.agent_arn:
+        raise ValueError(
+            f"Agent '{agent_config.name}' is not deployed. Run 'agentcore launch' to deploy the agent first."
+        )
+
+    # Determine session ID to stop
+    target_session_id = session_id
+    if not target_session_id:
+        # Try to use tracked session from config
+        target_session_id = agent_config.bedrock_agentcore.agent_session_id
+        if not target_session_id:
+            raise ValueError(
+                "No active session found. Please provide --session-id or invoke the agent first to create a session."
+            )
+        log.info("Using tracked session ID from config: %s", target_session_id)
+    else:
+        log.info("Using provided session ID: %s", target_session_id)
+
+    region = agent_config.aws.region
+    agent_arn = agent_config.bedrock_agentcore.agent_arn
+
+    # Stop the session
+    client = BedrockAgentCoreClient(region)
+
+    try:
+        response = client.stop_runtime_session(
+            agent_arn=agent_arn,
+            session_id=target_session_id,
+        )
+
+        status_code = response.get("statusCode", 200)
+
+        # Success case
+        log.info("Session stopped successfully: %s", target_session_id)
+
+        # Clear the session ID from config if it matches
+        if agent_config.bedrock_agentcore.agent_session_id == target_session_id:
+            _clear_session_from_config(agent_config, project_config, config_path)
+
+        return StopSessionResult(
+            session_id=target_session_id,
+            agent_name=agent_config.name,
+            status_code=status_code,
+            message="Session stopped successfully",
+        )
+
+    except ClientError as e:
+        # Case 2: Error propagated as ClientError (defense in depth)
+        error_code = e.response.get("Error", {}).get("Code", "")
+        error_message = e.response.get("Error", {}).get("Message", "")
+        status_code = e.response.get("ResponseMetadata", {}).get("HTTPStatusCode", 500)
+
+        if error_code in ["ResourceNotFoundException", "NotFound"]:
+            log.warning("Session not found (may have already been terminated): %s", target_session_id)
+
+            # Still clear from config if it matches
+            if agent_config.bedrock_agentcore.agent_session_id == target_session_id:
+                _clear_session_from_config(agent_config, project_config, config_path)
+
+            return StopSessionResult(
+                session_id=target_session_id,
+                agent_name=agent_config.name,
+                status_code=404,
+                message="Session not found (may have already been terminated)",
+            )
+        else:
+            # Re-raise other client errors
+            log.error("Failed to stop session %s: %s - %s", target_session_id, error_code, error_message)
+            raise
+
+
+def _clear_session_from_config(
+    agent_config: BedrockAgentCoreAgentSchema,
+    project_config: BedrockAgentCoreConfigSchema,
+    config_path: Path,
+) -> None:
+    """Clear session ID from agent configuration."""
+    agent_config.bedrock_agentcore.agent_session_id = None
+    project_config.agents[agent_config.name] = agent_config
+    save_config(project_config, config_path)
+    log.info("Cleared session ID from configuration")

bedrock_agentcore_starter_toolkit/operations/runtime/vpc_validation.py

@@ -0,0 +1,196 @@
+"""VPC networking validation utilities for AgentCore Runtime."""
+
+import logging
+from typing import List, Optional, Tuple
+
+import boto3
+from botocore.exceptions import ClientError
+
+log = logging.getLogger(__name__)
+
+
+def validate_vpc_configuration(
+    region: str,
+    subnets: List[str],
+    security_groups: List[str],
+    session: Optional[boto3.Session] = None,
+) -> Tuple[str, List[str]]:
+    """Validate VPC configuration and return VPC ID and any warnings.
+
+    Args:
+        region: AWS region
+        subnets: List of subnet IDs
+        security_groups: List of security group IDs
+        session: Optional boto3 session (creates new if not provided)
+
+    Returns:
+        Tuple of (vpc_id, warnings_list)
+
+    Raises:
+        ValueError: If validation fails
+    """
+    if not session:
+        session = boto3.Session(region_name=region)
+
+    ec2_client = session.client("ec2", region_name=region)
+    warnings = []
+
+    # Validate subnets
+    vpc_id = _validate_subnets(ec2_client, subnets, warnings)
+
+    # Validate security groups
+    _validate_security_groups(ec2_client, security_groups, vpc_id, warnings)
+
+    return vpc_id, warnings
+
+
+def _validate_subnets(ec2_client, subnets: List[str], warnings: List[str]) -> str:
+    """Validate subnets and return VPC ID."""
+    try:
+        response = ec2_client.describe_subnets(SubnetIds=subnets)
+
+        if len(response["Subnets"]) != len(subnets):
+            found_ids = {s["SubnetId"] for s in response["Subnets"]}
+            missing = set(subnets) - found_ids
+            raise ValueError(f"Subnet IDs not found: {missing}")
+
+        # Check all subnets are in same VPC
+        vpc_ids = {subnet["VpcId"] for subnet in response["Subnets"]}
+
+        if len(vpc_ids) > 1:
+            raise ValueError(
+                f"All subnets must be in the same VPC. Found subnets in {len(vpc_ids)} different VPCs: {vpc_ids}"
+            )
+
+        vpc_id = vpc_ids.pop()
+        log.info("✓ Validated %d subnets in VPC %s", len(subnets), vpc_id)
+
+        # Check subnet availability zones
+        azs = {subnet["AvailabilityZone"] for subnet in response["Subnets"]}
+        if len(azs) < 2:
+            warnings.append(
+                f"Subnets are in only {len(azs)} availability zone(s). "
+                "For high availability, use subnets in multiple AZs."
+            )
+
+        return vpc_id
+
+    except ClientError as e:
+        error_code = e.response["Error"]["Code"]
+        if error_code == "InvalidSubnetID.NotFound":
+            raise ValueError(f"One or more subnet IDs not found: {subnets}") from e
+        raise ValueError(f"Failed to validate subnets: {e}") from e
+
+
+def _validate_security_groups(
+    ec2_client, security_groups: List[str], expected_vpc_id: str, warnings: List[str]
+) -> None:
+    """Validate security groups are in the expected VPC."""
+    try:
+        response = ec2_client.describe_security_groups(GroupIds=security_groups)
+
+        if len(response["SecurityGroups"]) != len(security_groups):
+            found_ids = {sg["GroupId"] for sg in response["SecurityGroups"]}
+            missing = set(security_groups) - found_ids
+            raise ValueError(f"Security group IDs not found: {missing}")
+
+        # Check all SGs are in same VPC
+        sg_vpcs = {sg["VpcId"] for sg in response["SecurityGroups"]}
+
+        if len(sg_vpcs) > 1:
+            raise ValueError(
+                f"All security groups must be in the same VPC. "
+                f"Found security groups in {len(sg_vpcs)} different VPCs: {sg_vpcs}"
+            )
+
+        sg_vpc_id = sg_vpcs.pop()
+
+        # Check SGs are in same VPC as subnets
+        if sg_vpc_id != expected_vpc_id:
+            raise ValueError(
+                f"Security groups must be in the same VPC as subnets. "
+                f"Subnets are in VPC {expected_vpc_id}, "
+                f"but security groups are in VPC {sg_vpc_id}"
+            )
+
+        log.info("✓ Validated %d security groups in VPC %s", len(security_groups), sg_vpc_id)
+
+    except ClientError as e:
+        error_code = e.response["Error"]["Code"]
+        if error_code == "InvalidGroup.NotFound":
+            raise ValueError(f"One or more security group IDs not found: {security_groups}") from e
+        raise ValueError(f"Failed to validate security groups: {e}") from e
+
+
+def check_network_immutability(
+    existing_network_mode: str,
+    existing_subnets: Optional[List[str]],
+    existing_security_groups: Optional[List[str]],
+    new_network_mode: str,
+    new_subnets: Optional[List[str]],
+    new_security_groups: Optional[List[str]],
+) -> Optional[str]:
+    """Check if network configuration is being changed (not allowed).
+
+    Returns:
+        Error message if change detected, None if no change
+    """
+    # Check mode change
+    if existing_network_mode != new_network_mode:
+        return (
+            f"Cannot change network mode from {existing_network_mode} to {new_network_mode}. "
+            f"Network configuration is immutable after agent creation. "
+            f"Create a new agent for different network settings."
+        )
+
+    # If both PUBLIC, no further checks needed
+    if existing_network_mode == "PUBLIC":
+        return None
+
+    # Check VPC resource changes
+    if set(existing_subnets or []) != set(new_subnets or []):
+        return (
+            "Cannot change VPC subnets after agent creation. "
+            "Network configuration is immutable. "
+            "Create a new agent for different network settings."
+        )
+
+    if set(existing_security_groups or []) != set(new_security_groups or []):
+        return (
+            "Cannot change VPC security groups after agent creation. "
+            "Network configuration is immutable. "
+            "Create a new agent for different network settings."
+        )
+
+    return None
+
+
+def verify_subnet_azs(ec2_client, subnets: List[str], region: str) -> List[str]:
+    """Verify subnets are in supported AZs and return any issues."""
+    # Supported AZ IDs for us-west-2
+    SUPPORTED_AZS = {
+        "us-west-2": ["usw2-az1", "usw2-az2", "usw2-az3"],
+        "us-east-1": ["use1-az1", "use1-az2", "use1-az4"],
+        # Add other regions as needed
+    }
+
+    supported = SUPPORTED_AZS.get(region, [])
+
+    response = ec2_client.describe_subnets(SubnetIds=subnets)
+    issues = []
+
+    for subnet in response["Subnets"]:
+        subnet_id = subnet["SubnetId"]
+        az_id = subnet["AvailabilityZoneId"]
+        az_name = subnet["AvailabilityZone"]
+
+        if supported and az_id not in supported:
+            issues.append(
+                f"Subnet {subnet_id} is in AZ {az_name} (ID: {az_id}) "
+                f"which is NOT supported by AgentCore in {region}. "
+                f"Supported AZ IDs: {supported}"
+            )
+        else:
+            log.info("✓ Subnet %s is in supported AZ: %s (%s)", subnet_id, az_name, az_id)
+
+    return issues

bedrock_agentcore_starter_toolkit/services/runtime.py

@@ -128,6 +128,7 @@ class BedrockAgentCoreClient:
         protocol_config: Optional[Dict] = None,
         env_vars: Optional[Dict] = None,
         auto_update_on_conflict: bool = False,
+        lifecycle_config: Optional[Dict] = None,
     ) -> Dict[str, str]:
         """Create new agent."""
         self.logger.info("Creating agent '%s' with image URI: %s", agent_name, image_uri)
@@ -154,17 +155,20 @@ class BedrockAgentCoreClient:
             if env_vars is not None:
                 params["environmentVariables"] = env_vars
 
+            if lifecycle_config is not None:
+                params["lifecycleConfiguration"] = lifecycle_config
+
             resp = self.client.create_agent_runtime(**params)
             agent_id = resp["agentRuntimeId"]
             agent_arn = resp["agentRuntimeArn"]
             self.logger.info("Successfully created agent '%s' with ID: %s, ARN: %s", agent_name, agent_id, agent_arn)
             return {"id": agent_id, "arn": agent_arn}
+
         except ClientError as e:
             error_code = e.response.get("Error", {}).get("Code")
             if error_code == "ConflictException":
                 if not auto_update_on_conflict:
                     self.logger.error("Agent '%s' already exists and auto_update_on_conflict is disabled", agent_name)
-                    # Create a more helpful error message
                     raise ClientError(
                         {
                             "Error": {
@@ -226,6 +230,7 @@ class BedrockAgentCoreClient:
         request_header_config: Optional[Dict] = None,
         protocol_config: Optional[Dict] = None,
         env_vars: Optional[Dict] = None,
+        lifecycle_config: Optional[Dict] = None,
     ) -> Dict[str, str]:
         """Update existing agent."""
         self.logger.info("Updating agent ID '%s' with image URI: %s", agent_id, image_uri)
@@ -252,6 +257,9 @@ class BedrockAgentCoreClient:
             if env_vars is not None:
                 params["environmentVariables"] = env_vars
 
+            if lifecycle_config is not None:
+                params["lifecycleConfiguration"] = lifecycle_config
+
             resp = self.client.update_agent_runtime(**params)
             agent_arn = resp["agentRuntimeArn"]
             self.logger.info("Successfully updated agent ID '%s', ARN: %s", agent_id, agent_arn)
@@ -312,6 +320,7 @@ class BedrockAgentCoreClient:
         protocol_config: Optional[Dict] = None,
         env_vars: Optional[Dict] = None,
         auto_update_on_conflict: bool = False,
+        lifecycle_config: Optional[Dict] = None,
     ) -> Dict[str, str]:
         """Create or update agent."""
         if agent_id:
@@ -324,6 +333,7 @@ class BedrockAgentCoreClient:
                 request_header_config,
                 protocol_config,
                 env_vars,
+                lifecycle_config,
             )
         return self.create_agent(
             agent_name,
@@ -335,6 +345,7 @@ class BedrockAgentCoreClient:
             protocol_config,
             env_vars,
             auto_update_on_conflict,
+            lifecycle_config,
         )
 
     def wait_for_agent_endpoint_ready(self, agent_id: str, endpoint_name: str = "DEFAULT", max_wait: int = 120) -> str:
@@ -483,6 +494,37 @@ class BedrockAgentCoreClient:
                     "before-sign.bedrock-agentcore.InvokeAgentRuntime", handler_id
                 )
 
+    def stop_runtime_session(
+        self,
+        agent_arn: str,
+        session_id: str,
+        endpoint_name: str = "DEFAULT",
+    ) -> Dict:
+        """Stop a runtime session.
+
+        Args:
+            agent_arn: Agent ARN
+            session_id: Session ID to stop
+            endpoint_name: Endpoint name, defaults to "DEFAULT"
+
+        Returns:
+            Response with status code
+
+        Raises:
+            ClientError: If the operation fails, including ResourceNotFoundException
+                        if the session doesn't exist
+        """
+        self.logger.info("Stopping runtime session: %s", session_id)
+
+        response = self.dataplane_client.stop_runtime_session(
+            agentRuntimeArn=agent_arn,
+            qualifier=endpoint_name,
+            runtimeSessionId=session_id,
+        )
+
+        self.logger.info("Successfully stopped session: %s", session_id)
+        return response
+
 
 class HttpBedrockAgentCoreClient:
     """Bedrock AgentCore client for agent management using HTTP requests with bearer token."""

bedrock_agentcore_starter_toolkit/utils/runtime/schema.py

@@ -16,7 +16,7 @@ class MemoryConfig(BaseModel):
     """Memory configuration for BedrockAgentCore."""
 
     mode: Literal["STM_ONLY", "STM_AND_LTM", "NO_MEMORY"] = Field(
-        default="STM_ONLY", description="Memory mode - always has STM, optionally adds LTM"
+        default="NO_MEMORY", description="Memory mode - opt-in feature"
     )
     memory_id: Optional[str] = Field(default=None, description="Memory resource ID")
     memory_arn: Optional[str] = Field(default=None, description="Memory resource ARN")
@@ -99,6 +99,48 @@ class ProtocolConfiguration(BaseModel):
         return {"serverProtocol": self.server_protocol}
 
 
+class LifecycleConfiguration(BaseModel):
+    """Lifecycle configuration for runtime sessions."""
+
+    idle_runtime_session_timeout: Optional[int] = Field(
+        default=None,
+        description="Timeout in seconds for idle runtime sessions (60-28800)",
+        ge=60,
+        le=28800,
+    )
+    max_lifetime: Optional[int] = Field(
+        default=None, description="Maximum lifetime for the instance in seconds (60-28800)", ge=60, le=28800
+    )
+
+    @field_validator("max_lifetime")
+    @classmethod
+    def validate_lifecycle_relationship(cls, v: Optional[int], info) -> Optional[int]:
+        """Validate that max_lifetime >= idle_timeout if both are set."""
+        if v is None:
+            return v
+
+        idle = info.data.get("idle_runtime_session_timeout")
+        if idle is not None and v < idle:
+            raise ValueError(
+                f"max_lifetime ({v}s) must be greater than or equal to idle_runtime_session_timeout ({idle}s)"
+            )
+        return v
+
+    def to_aws_dict(self) -> dict:
+        """Convert to AWS API format with camelCase keys."""
+        result = {}
+        if self.idle_runtime_session_timeout is not None:
+            result["idleRuntimeSessionTimeout"] = self.idle_runtime_session_timeout
+        if self.max_lifetime is not None:
+            result["maxLifetime"] = self.max_lifetime
+        return result
+
+    @property
+    def has_custom_settings(self) -> bool:
+        """Check if any custom lifecycle settings are configured."""
+        return self.idle_runtime_session_timeout is not None or self.max_lifetime is not None
+
+
 class ObservabilityConfig(BaseModel):
     """Observability configuration."""
 
@@ -117,6 +159,7 @@ class AWSConfig(BaseModel):
     network_configuration: NetworkConfiguration = Field(default_factory=NetworkConfiguration)
     protocol_configuration: ProtocolConfiguration = Field(default_factory=ProtocolConfiguration)
     observability: ObservabilityConfig = Field(default_factory=ObservabilityConfig)
+    lifecycle_configuration: LifecycleConfiguration = Field(default_factory=LifecycleConfiguration)
 
     @field_validator("account")
     @classmethod

{bedrock_agentcore_starter_toolkit-0.1.26.dist-info → bedrock_agentcore_starter_toolkit-0.1.27.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bedrock-agentcore-starter-toolkit
-Version: 0.1.26
+Version: 0.1.27
 Summary: A starter toolkit for using Bedrock AgentCore
 Project-URL: Homepage, https://github.com/aws/bedrock-agentcore-starter-toolkit
 Project-URL: Bug Tracker, https://github.com/aws/bedrock-agentcore-starter-toolkit/issues
@@ -83,38 +83,38 @@ Amazon Bedrock AgentCore includes the following modular Services that you can us
 ## 🚀 Amazon Bedrock AgentCore Runtime
 AgentCore Runtime is a secure, serverless runtime purpose-built for deploying and scaling dynamic AI agents and tools using any open-source framework including LangGraph, CrewAI, and Strands Agents, any protocol, and any model. Runtime was built to work for agentic workloads with industry-leading extended runtime support, fast cold starts, true session isolation, built-in identity, and support for multi-modal payloads. Developers can focus on innovation while Amazon Bedrock AgentCore Runtime handles infrastructure and security -- accelerating time-to-market
 
-**[Runtime Quick Start](https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/runtime/quickstart.html)**
+**[Runtime Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started-toolkit.html)**
 
 ## 🧠 Amazon Bedrock AgentCore Memory
 AgentCore Memory makes it easy for developers to build context aware agents by eliminating complex memory infrastructure management while providing full control over what the AI agent remembers. Memory provides industry-leading accuracy along with support for both short-term memory for multi-turn conversations and long-term memory that can be shared across agents and sessions.
 
 
-**[Memory Quick Start](https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/memory/quickstart.html)**
+**[Memory Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/memory-get-started.html)**
 
 ## 🔗 Amazon Bedrock AgentCore Gateway
 Amazon Bedrock AgentCore Gateway acts as a managed Model Context Protocol (MCP) server that converts APIs and Lambda functions into MCP tools that agents can use. Gateway manages the complexity of OAuth ingress authorization and secure egress credential exchange, making standing up remote MCP servers easier and more secure. Gateway also offers composition and built-in semantic search over tools, enabling developers to scale their agents to use hundreds or thousands of tools.
 
-**[Gateway Quick Start](https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/gateway/quickstart.html)**
+**[Gateway Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-quick-start.html)**
 
 ## 💻 Amazon Bedrock AgentCore Code Interpreter
 AgentCore Code Interpreter tool enables agents to securely execute code in isolated sandbox environments. It offers advanced configuration support and seamless integration with popular frameworks. Developers can build powerful agents for complex workflows and data analysis while meeting enterprise security requirements.
 
-**[Code Interpreter Quick Start](https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/builtin-tools/quickstart-code-interpreter.html)**
+**[Code Interpreter Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/code-interpreter-getting-started.html)**
 
 ## 🌐 Amazon Bedrock AgentCore Browser
 AgentCore Browser tool provides a fast, secure, cloud-based browser runtime to enable AI agents to interact with websites at scale. It provides enterprise-grade security, comprehensive observability features, and automatically scales— all without infrastructure management overhead.
 
-**[Browser Quick Start](https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/builtin-tools/quickstart-browser.html)**
+**[Browser Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-onboarding.html)**
 
 ## 📊 Amazon Bedrock AgentCore Observability
 AgentCore Observability helps developers trace, debug, and monitor agent performance in production through unified operational dashboards. With support for OpenTelemetry compatible telemetry and detailed visualizations of each step of the agent workflow, AgentCore enables developers to easily gain visibility into agent behavior and maintain quality standards at scale.
 
-**[Observability Quick Start](https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/observability/quickstart.html)**
+**[Observability Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-get-started.html)**
 
 ## 🔐 Amazon Bedrock AgentCore Identity
 AgentCore Identity provides a secure, scalable agent identity and access management capability accelerating AI agent development. It is compatible with existing identity providers, eliminating needs for user migration or rebuilding authentication flows. AgentCore Identity's helps to minimize consent fatigue with a secure token vault and allows you to build streamlined AI agent experiences. Just-enough access and secure permission delegation allow agents to securely access AWS resources and third-party tools and services.
 
-**[Identity Quick Start](https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/identity/quickstart.html)**
+**[Identity Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity-getting-started-cognito.html)**
 
 ## 🔐 Import Amazon Bedrock Agents to Bedrock AgentCore
 AgentCore Import-Agent enables seamless migration of existing Amazon Bedrock Agents to LangChain/LangGraph or Strands frameworks while automatically integrating AgentCore primitives like Memory, Code Interpreter, and Gateway. Developers can migrate agents in minutes with full feature parity and deploy directly to AgentCore Runtime for serverless operation.