Add an API Gateway REST API as a target for Amazon Bedrock AgentCore Gateway - Amazon API Gateway
ConsiderationsAdd a stage of an API as a target for a AgentCore Gateway
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Add an API Gateway REST API as a target for Amazon Bedrock AgentCore Gateway

An Amazon Bedrock AgentCore Gateway provides AI agent developers a secure way to expose your API Gateway REST APIs as Model Context Protocol (MCP)-compatible tools. AgentCore Gateway uses targets to define tools. When you add your stage as a target, your Gateway becomes a single MCP URL that enables access to the tools for an agent. For more information, see API Gateway REST API stages as targets in the Amazon Bedrock AgentCore Gateway Developer Guide.

API Gateway targets connect your AgentCore Gateway to stages of your REST APIs. You can include the entire stage as a target, or select resources. After you create the API Gateway target, AgentCore Gateway translates incoming MCP requests into HTTP requests and handles the response formatting. MCP clients can retrieve API documentation using the tools/list method and invoke APIs using the tools/call method.

Considerations

The following considerations might impact your use adding a stage as a target to a AgentCore Gateway:

  • You must already have a AgentCore Gateway.

  • Only public REST APIs are supported.

  • The default endpoint of your API cannot be disabled.

  • Every method of your API must either have an operation name defined for it, or your need to create a name override when you add your stage as a target. This name is used as the tool name that agents use to interact with your method.

  • You can use API_KEY, NO_AUTH, or GATEWAY_IAM_ROLE credential provider types for Outbound Auth to allow your Gateway to access your API. The API_KEY credential provider is defined by AgentCore Gateway. You can use your existing API Gateway API key. For more information, see Setting up Outbound Auth.

  • If you use a Amazon Cognito user pool or Lambda authorizer to control access to your API, MCP clients cannot access it.

  • Your API must be in the same account and Region as your AgentCore Gateway.

Add a stage of an API as a target for a AgentCore Gateway

The following procedure shows how to add a stage of an API as a target for a AgentCore Gateway.

To add a stage of an API as a target for a AgentCore Gateway

  1. Sign in to the API Gateway console at https://console.amazonaws.cn/apigateway.

  2. Choose a REST API that's deployed to a stage.

  3. In the main navigation pane, choose Stages.

  4. Choose Stage actions, and then choose Create MCP target.

  5. For AgentCore Gateway, select an AgentCore Gateway.

  6. For Target name, enter a target name.

  7. For Target description, enter a description.

  8. Keep the provided API and stage.

  9. For Select API resources, select the resources of your API that agents using your AgentCore Gateway can access.

    If you don't select a resource, an agent cannot view the documentation or invoke the endpoint.

  10. The combination of the resource and the method are the operations for the tool. If your operation does not have a name, create a name override.

    You can also define an operation name for a method when you create it.

  11. For Outbound Auth configuration, choose either IAM Role , No authorization or API key.

  12. Choose Create target.

To view all the AgentCore Gateways that have access to your APIs, choose the MCP targets section in the main navigation pane. In this section, you can create a MCP target for any API in your Region deployed to a stage. Choose Create MCP target and follow the previous steps.

You can also view the available tools for your target and edit your target in the AgentCore Gateway console. For more information, see Add targets to an existing AgentCore Gateway.