Create an AgentCore gateway using the AWS Management Console

To create a gateway using the console

Open the AgentCore console at https://console.aws.amazon.com/bedrock-agentcore/home#.
From the left navigation pane, select Gateways.
In the Gateways section, choose Create gateway.
(Optional) In the Gateway details section, do the following:
1. Change the generated Gateway name
2. Expand the Additional configurations section and do the following:
  1. In the Gateway description field, provide a description for your gateway.
  2. In the Instruction field, enter any special instructions or context that should be passed to tools when they are invoked.
  3. To enable a built-in tool for searching tools in the gateway, select Enable semantic search. If you enable this tool, you can't disable it later. For more information, see Search for tools in your AgentCore gateway with a natural language query.
  4. To enable detailed debugging messages to be returned in the gateway response, select Exception level debug. You can disable debugging messages later. For more information, see Turn on debugging messages.
In the Inbound Auth configurations section, select one of the following options:
- To allow Amazon Cognito to create authorization resources for you, select Quick create configurations with Cognito.
- To use an authorization configuration that you have set up already, select Use existing identity provider configurations and then configure the following fields:
  - Discovery URL – Enter the discovery URL from your identity provider.
  - Allowed audiences – Enter the audience value that your gateway will accept. To add more audiences, choose Add audience.
  - Allowed clients – Enter the public identifier of the client that your gateway will accept. To add more clients, choose Add client.
In the Permissions section, do the following:
1. To use an IAM service role to invoke the gateway on the user's behalf, select Use an IAM service role.
2. (If you use an IAM service role) Choose one of the following options under IAM role:
  - To create a service role with the necessary permissions to access your gateway, choose Create and use a new service role and optionally change the generated Service role name.
  - To use an existing service role, choose Use an existing service role and then select a role from the Service role name dropdown menu. Make sure that the service role that you choose has the necessary permissions. For more information, see AgentCore Gateway service role permissions.
(Optional) By default, your gateway is encrypted with an AWS managed key. To encrypt your gateway with a custom KMS key, expand the KMS key section, select Customize encryption settings (advanced), and choose a customer managed key. For more information, see Encrypt your AgentCore gateway with a customer-managed KMS key.
In the Target: ${target-name} section, do the following:
1. (Optional) Change the generated Target name.
2. (Optional) Provide a Target description.
3. For the Target type, choose an option. For more information about different target types, see Add targets to an existing AgentCore gateway.
4. Select or enter how the target type is defined.
5. For the Outbound Auth configurations, select an outbound authorization method. Then, select or provide the necessary details and any optional additional configurations. For more information, see Set up outbound authorization for your gateway.
To add more targets, choose Add another target and repeat the target configuration steps.
Choose Create gateway.

After creating your gateway, you can view its details, including the endpoint URL and associated targets.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Create a gateway

Create a gateway (API)