# Create and manage registries Create and manage registries ## Create a registry ### Console 1. Open the [Amazon Bedrock AgentCore console](https://console.aws.amazon.com/bedrock-agentcore/home?region=us-east-1#). 1. In the navigation pane, under **Discover** , choose **Registry**. 1. In the **Registries** section, choose **Create registry**. 1. For **Name** , enter a name for your registry. The name must start with a letter or digit. Valid characters are a-z, A-Z, 0-9, \$1 (underscore), - (hyphen), . (dot), and / (forward slash). The name can have up to 64 characters. 1. (Optional) Expand **Additional details** and enter a **Description** (1–4,096 characters). 1. (Optional) Expand **Search API Authorization** to configure how consumers authorize when searching the registry (Inbound Authorization). Choose ** AWS IAM** to use standard AWS credentials, or **JSON Web tokens (JWT)** to use your corporate identity provider credentials. If you choose JWT, you can either quick create with Cognito, or bring your own IdP by providing the discovery URL, audience, scope, custom claims and clients. 1. Under **Record approval** , choose whether to enable **Auto-approval** . When auto-approval is off, a curator must review and approve each record before it becomes searchable. 1. Choose **Create registry**. The registry status starts as **Creating** and transitions to **Ready** when provisioning completes. **Note** For JWT enabled registries, At least one **JWT authorization configuration** field is required: allowed audiences, allowed clients, allowed scopes, or custom claims. If you configure more than one, AWS Agent Registry verifies all of them. ### AWS CLI **IAM-based registry:** ``` aws bedrock-agentcore-control create-registry \ --name "MyRegistry" \ --description "Production registry" \ --region us-east-1 ``` **JWT-based registry:** ``` aws bedrock-agentcore-control create-registry \ --name "MyOAuthRegistry" \ --authorizer-type CUSTOM_JWT \ --authorizer-configuration '{"customJWTAuthorizer": {"discoveryUrl": "https://cognito-idp.us-east-1.amazonaws.com//.well-known/openid-configuration", "allowedClients": [""]}}' \ --region us-east-1 ``` ### AWS SDK **IAM-based registry:** ``` import boto3 client = boto3.client('bedrock-agentcore-control') response = client.create_registry( name='MyRegistry', description='Production registry' ) print(response['registryArn']) ``` **JWT-based registry:** ``` import boto3 client = boto3.client('bedrock-agentcore-control') response = client.create_registry( name='MyOAuthRegistry', authorizerType='CUSTOM_JWT', authorizerConfiguration={ 'customJWTAuthorizer': { 'discoveryUrl': 'https://cognito-idp.us-east-1.amazonaws.com//.well-known/openid-configuration', 'allowedClients': [''] } } ) print(response['registryArn']) ``` ## List registries ### Console 1. Open the [Amazon Bedrock AgentCore console](https://console.aws.amazon.com/bedrock-agentcore/home?region=us-east-1#). 1. In the navigation pane, under **Discover** , choose **Registry**. 1. The **Registries** table displays all registries in your account with the following columns: 1. **Name** — The registry name (linked to the detail page). 1. **Description** — The registry description, if provided. 1. **Authorization type** — The inbound authorization method (AWS\$1IAM or CUSTOM\$1JWT). 1. **Status** — The current status (Creating, Ready, Updating, Deleting, or a failure state). 1. **ARN** — The registry Amazon Resource Name. 1. **Created** — The creation timestamp. 1. **Last updated** — The last modification timestamp. 1. Use the **Find registries** search bar to filter by name. 1. Use the pagination controls to navigate through results. ### AWS CLI ``` aws bedrock-agentcore-control list-registries \ --region us-east-1 ``` ### AWS SDK ``` import boto3 client = boto3.client('bedrock-agentcore-control') response = client.list_registries() for registry in response['registries']: print(f"{registry['name']} - {registry['status']} - {registry['registryArn']}") ``` ## View registry details ### Console 1. Open the [Amazon Bedrock AgentCore console](https://console.aws.amazon.com/bedrock-agentcore/home?region=us-east-1#). 1. In the navigation pane, under **Discover** , choose **Registry**. 1. Choose the registry name from the **Registries** table. 1. The registry detail page has two tabs: 1. **Manage records** — View and manage registry records. 1. **Search records** — Search for approved records in the registry. 1. The **Registry details** section displays: Name, Status, Description, Auto-approval (Enabled or Disabled), Registry ARN, Last updated date, Created date. 1. The **Registry records** section shows status summary counters (Total submitted, Pending approval, Approved, Deprecated, Rejected) and a records table. 1. The **Search API Authorization** (Inbound Authorization) section shows the current authorization type. ### AWS CLI ``` aws bedrock-agentcore-control get-registry \ --registry-id "" \ --region us-east-1 ``` ### AWS SDK ``` import boto3 client = boto3.client('bedrock-agentcore-control') response = client.get_registry( registryId='' ) print(f"Name: {response['name']}") print(f"Status: {response['status']}") print(f"ARN: {response['registryArn']}") ``` ## Update a registry ### Console 1. Open the [Amazon Bedrock AgentCore console](https://console.aws.amazon.com/bedrock-agentcore/home?region=us-east-1#). 1. In the navigation pane, under **Discover** , choose **Registry**. 1. Select the radio button next to the registry you want to edit, then choose **Edit** . Alternatively, choose the registry name and then choose **Edit**. 1. On the **Edit registry** page, update any of the following: 1. **Name** — Change the registry name (same naming rules as creation). 1. **Description** — Under **Additional details** , update or add a description. 1. **Record approval** — Toggle **Auto-approval** on or off. Changes only affect records submitted after the update. 1. Choose **Save changes**. **Note** Updating auto-approval config from OFF to ON only affects records submitted after the change. Existing records already 'Pending Approval' are not affected and must still be approved or rejected by calling UpdateRegistryRecordStatus API. Changing the config from ON to OFF only affects records that are published to 'Pending Approval' after the change is made. **Note** The discovery URL (for a JWT authorized registry) cannot be changed after the registry is created. The inbound authorization type (IAM or JWT) cannot be changed after the registry is created. ### AWS CLI ``` aws bedrock-agentcore-control update-registry \ --registry-id "" \ --description '{"optionalValue": "Updated description"}' \ --region us-east-1 ``` ### AWS SDK ``` import boto3 client = boto3.client('bedrock-agentcore-control') response = client.update_registry( registryId='', description={'optionalValue': 'Updated description'} ) print(f"Updated: {response['name']} - Status: {response['status']}") ``` ## Delete a registry ### Console 1. Open the [Amazon Bedrock AgentCore console](https://console.aws.amazon.com/bedrock-agentcore/home?region=us-east-1#). 1. In the navigation pane, under **Discover** , choose **Registry**. 1. Select the radio button next to the registry you want to delete, then choose **Delete**. 1. In the confirmation dialog, review the warning: you must first delete all registry records before deleting the registry. 1. Type **delete** in the confirmation field. 1. Choose **Delete**. The registry status changes to **Deleting** . A success banner confirms when deletion completes. ### AWS CLI ``` aws bedrock-agentcore-control delete-registry \ --registry-id "" \ --region us-east-1 ``` ### AWS SDK ``` import boto3 client = boto3.client('bedrock-agentcore-control') response = client.delete_registry( registryId='' ) print(f"Status: {response['status']}") # DELETING ```