Security features of MCP tools Getting started with MCP tools Explore AgentCore Gateway

Protocol-based tools

When considering protocol-based tools, the Model Context Protocol (MCP) provides the most comprehensive and flexible foundation for tool integration. As stated in the AWS Open Source blog post on agent interoperability, AWS has embraced MCP as a strategic protocol, actively contributing to its development.

The following table describes options for MCP tool deployment.

Deployment model	Description	Ideal for	Implementation
Local stdio-based	Tools run in the same process as the agent	Development, testing, and simple tools	Quick to implement with no network overhead
Local server-sent events (SSE)-based	Tools run locally but communicate over HTTP	More complex local tools with separation of concerns	Better isolation but still low latency
Remote HTTP Streamable	Tools run on remote servers	Production environments and shared tools	Scalable and centrally managed

The official MCP SDKs are available for building MCP tools:

Python SDK – Comprehensive implementation with full protocol support
TypeScript SDK – JavaScript/TypeScript implementation for web applications
Java SDK – Java implementation for enterprise applications

These SDKs provide the building blocks for creating MCP-compatible tools in your preferred language, with consistent implementations of the protocol specification.

In addition, AWS has implemented MCP in the Strands Agents SDK. The Strands Agents SDK provides a straightforward way to create and use MCP-compatible tools. Comprehensive documentation is available in the Strands Agents GitHub repository. For simpler use cases or when working outside of the Strands Agents framework, the official MCP SDKs offer direct implementations of the protocol in multiple languages.

Security features of MCP tools

Security features of MCP tools include the following:

OAuth 2.0/2.1 authentication – Industry-standard authentication
Permission scoping – Fine-grained access control for tools
Tool capability discovery – Dynamic discovery of available tools
Structured error handling – Consistent error patterns

Getting started with MCP tools

To implement MCP for tool integration, take the following actions:

Explore the Strands Agents SDK for a production-ready MCP implementation.
Review the MCP technical documentation to understand core concepts.
Use the practical examples described in this AWS Open Source Blog post.
Start with simple local tools before progressing to remote tools.
Join the MCP community to influence the protocol's evolution.

Explore AgentCore Gateway

Amazon Bedrock AgentCore Gateway provides an easy and secure way for developers to build, deploy, discover, and connect to MCP tools, and other target endpoints at scale. With AgentCore Gateway, developers can convert APIs, AWS Lambda functions, and existing services into MCP-compatible tools. Then, with just a few lines of code, they can make these tools available to agents through AgentCore Gateway endpoints. AgentCore Gateway supports OpenAPI, Smithy, and Lambda as input types, and is the only solution that provides both comprehensive ingress authentication and egress authentication in a fully managed service.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tool categories

Framework-native tools