From aws-agents
Deploys AgentCore agents to AWS with pre-flight validation, CDK/IAM/quota error diagnosis, version management, rollback, and canary deployments. For deploy failures or preparations.
npx claudepluginhub aws/agent-toolkit-for-aws --plugin aws-agentsThis skill is limited to using the following tools:
Deploy your AgentCore agent to AWS, or diagnose why a deploy failed.
Build, test, and deploy AI agents using AWS Bedrock AgentCore with local dev workflow, CDK/Terraform infra, Claude/OpenAI support. For AgentCore, Bedrock agents, AWS AI deployment.
Generates production checklists for AgentCore agents: IAM scoping, inbound auth (JWT/SigV4), secrets management, cold start optimization, session lifecycle, rate limiting, input validation, quotas.
Builds generative AI apps on Amazon Bedrock: invokes models via Converse/InvokeModel APIs, sets up RAG Knowledge Bases/Agents/Guardrails/AgentCore, troubleshoots errors like ThrottlingException/AccessDeniedException, handles prompt caching/quotas/costs/migrations/chunking/model selection (Claude/Llama/Nova/Titan).
Share bugs, ideas, or general feedback.
Deploy your AgentCore agent to AWS, or diagnose why a deploy failed.
agentcore deploy failed with an error$ARGUMENTS is optional:
/agents-deploy # interactive — pre-flight check or diagnose failure
/agents-deploy preflight # validate config and IAM before deploying
/agents-deploy diagnose # diagnose a failed deploy (paste error or read logs)
/agents-deploy preview # show what deploy will create without deploying
/agents-deploy rollback # roll back to a previous version
Run agentcore --version. This skill requires v0.9.0 or later. If the version is older, tell the developer to run agentcore update before proceeding.
Read agentcore/agentcore.json and agentcore/aws-targets.json if they exist.
Ask (or infer from context):
"Are you:
- About to deploy and want to check everything first
- Dealing with a failed deploy — what error did you see?
- Needing to roll back or pin a specific version?"
If the developer needs versioning, rollback, or canary deployment, load references/versioning.md and follow its instructions.
Run these checks before agentcore deploy:
Show the developer this command to run:
agentcore validate
This catches malformed agentcore.json before CDK even starts.
The most common deploy failure is a region mismatch. Show the developer these commands to verify:
# Your configured AWS region
aws configure get region
# The region in your deployment target
cat agentcore/aws-targets.json
# The account you're actually authenticated as
aws sts get-caller-identity
The region in aws-targets.json must match your aws configure default region. The account must match the account ID from sts get-caller-identity.
Show the developer this command to check enabled models in their region:
aws bedrock list-foundation-models --region $(aws configure get region) \
--query 'modelSummaries[?modelLifecycle.status==`ACTIVE`].modelId' \
--output table
Cross-region inference profile IDs use a geographic prefix (us., eu., apac.) or global. to control where inference runs. The CLI scaffolds global. by default (e.g., global.anthropic.claude-sonnet-4-5-20250929-v1:0), which routes to any commercial region. Geographic prefixes keep inference within that geography (e.g., eu. stays in EU regions). All prefixes require model access enabled in every destination region the profile covers. Check the Bedrock docs for which regions are included in each profile prefix.
agentcore deploy --dry-run
agentcore deploy --diff
--dry-run shows what resources will be created. --diff shows the CDK diff against what's currently deployed.
Show the developer the permissions needed and this verification command:
aws iam simulate-principal-policy \
--policy-source-arn $(aws sts get-caller-identity --query Arn --output text) \
--action-names iam:CreateRole \
--resource-arns "arn:aws:iam::*:role/*BedrockAgentCore*"
agentcore deploy -y # auto-confirm (alias: agentcore dp -y)
agentcore deploy -y -v # verbose — shows resource-level events
agentcore deploy --target staging -y # deploy to a specific target
Memory provisioning note: If your project includes memory, deploy takes 2–5 minutes longer while the memory resource becomes ACTIVE. This is normal — not an error. Check status:
agentcore status --type memory
If the developer pasted an error, diagnose it directly. If not, read the deploy logs:
# View recent deploy logs
ls -lt agentcore/.cli/logs/
cat agentcore/.cli/logs/deploy-*.log 2>/dev/null | tail -100
IAM permission error:
User: arn:aws:iam::123456789012:user/dev is not authorized to perform: iam:CreateRole
Fix: Attach the required IAM permissions (see Check 5 above). The deploying identity needs IAM write access scoped to *BedrockAgentCore* roles.
CDK bootstrap not run:
This stack uses assets, so the toolkit stack must be deployed to the environment
Fix:
npx cdk bootstrap aws://<YOUR_ACCOUNT_ID>/<REGION>
ECR authorization error:
no basic auth credentials
Error response from daemon: Head "https://<YOUR_ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com/..."
Fix:
aws ecr get-login-password --region <REGION> | \
docker login --username AWS --password-stdin <YOUR_ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com
Model access denied during deploy:
ValidationException: The provided model identifier is invalid
Fix: Enable the model in the Bedrock console → Model access. Ensure the model ID in agentcore.json matches an enabled model in your target region.
Region mismatch:
Stack ... is in region us-east-1 but the target is us-west-2
Fix: Update agentcore/aws-targets.json to match your aws configure default region, or run aws configure set region <REGION>.
Memory stuck in CREATING:
Memory resource is in CREATING state after 10 minutes
This is unusual — normal provisioning takes 2–5 minutes. Check:
agentcore status --type memory --json
If stuck, try removing and re-adding the memory resource.
Service quota exceeded:
LimitExceededException: Account limit for AgentCore runtimes exceeded
Fix: Request a quota increase in the AWS console → Service Quotas → Amazon Bedrock AgentCore.
agentcore deploy -y
If the same error recurs, check agentcore status to see the current state of all resources:
agentcore status
agentcore status --state pending-removal # resources marked for deletion
Define targets in agentcore/aws-targets.json:
[
{
"name": "staging",
"description": "Staging environment",
"account": "123456789012",
"region": "us-east-1"
},
{
"name": "production",
"description": "Production environment",
"account": "987654321098",
"region": "us-west-2"
}
]
Deploy to a specific target:
agentcore deploy --target staging -y
agentcore deploy --target production -y