Govern and Discover AI Agents and Tools with Amazon Bedrock AgentCore Registry

Have you noticed it yet? Your organization is building AI agents across multiple teams. One team creates a customer support agent, another builds an internal knowledge assistant, and a third develops a set of MCP tools for code review. But none of these teams know what the others have built. Agents and tools are scattered across repositories, accounts, and business units with no central place to discover, govern, or manage them.

This is the reality for many enterprises adopting agentic AI. The pace of agent development is accelerating, but the infrastructure to manage that growth is lagging behind. Without a centralized registry, you end up with duplicated efforts, unvetted external dependencies, and no consistent way to enforce security or quality standards.

The Problem with Siloed Agent Development

When agents and tools are built in isolation, several problems compound quickly. First, there is no discoverability. A developer in one team has no way to know that another team already built an agent that solves a similar problem. This leads to redundant work and inconsistent implementations across the organization.

Second, governance becomes nearly impossible. When external MCP tools or third-party agents are pulled into projects without any vetting process, you introduce security risks. There is no audit trail, no approval workflow, and no way to enforce organizational policies before these resources reach production.

Third, collaboration stalls. Without a shared catalog, teams cannot build on each other’s work. Every new project starts from scratch instead of composing existing, tested capabilities. The result is slower delivery and higher costs.

In this blog post, we explore how Amazon Bedrock AgentCore Registry addresses these challenges by providing a centralized catalog and governance layer for AI agents, tools, skills, and custom resources across your organization.

What Is Amazon Bedrock AgentCore Registry?

Amazon Bedrock AgentCore Registry is a fully managed, serverless service that acts as a single source of truth for all your AI resources. It provides a centralized catalog where you can register, discover, and govern agents, MCP tools, skills, and custom resources.

The service supports four resource types:

• A2A Agents — aligned to the Agent Card JSON schema for agent-to-agent communication
• MCP Tools — aligned to the MCP Registry open specification
• Skills — based on the skills.md YAML format
• Custom Resources — any valid JSON, giving you flexibility for resources that don’t fit the other categories

You can interact with the registry through the AWS Console, the AgentCore SDK, Boto3, RESTful APIs, or even as an MCP tool directly from your IDE.

Solution Overview

The architecture of Amazon Bedrock AgentCore Registry is built around three personas: Admin, Publisher, and Consumer. Each has a distinct role in the lifecycle of registry resources.

The Admin Flow

The admin is responsible for setting up and managing the registry infrastructure. This involves two primary tasks. First, the admin creates and configures the registry itself using CRUD operations. Second, the admin sets up authentication and authorization for developers, consumers, and approvers. The registry supports both AWS Identity and Access Management (IAM) and OAuth-based authorization, giving you flexibility in how you control access.

The admin also creates and manages approval workflows. When a publisher submits a new resource, the registry emits events through Amazon EventBridge. The admin can integrate these events with their own CI/CD pipelines to run security scans, deduplication checks, and validation before approving or rejecting a resource.

The Publisher Flow

Publishers are agent developers, tool developers, or teams who build and maintain resources they want to share with others. The publishing workflow starts in the IDE, where a developer builds an agent or MCP tool. The developer can first search the registry to discover what already exists, avoiding duplicate work.

Once the resource is ready, the developer integrates the registry into their CI/CD pipeline. For agents, the Agent Card schema is auto-synced to the registry. For MCP tools, the endpoint URL and schema are auto-synced as well. The publisher then creates a registry record and submits it for approval.

After submission, Amazon EventBridge emits an event that triggers the admin-controlled CI pipeline. This pipeline can run security scan scoring, deduplication checks, and validation. Based on the results, the admin or an automated approver updates the registry record status to Approved, Rejected, or Deprecated.

The Consumer Flow

Consumers are agent developers or autonomous agents that need to discover and integrate existing resources into their workflows. The consumer flow starts with a search. The registry supports both semantic and lexical search, so you can find resources by meaning or by keyword. Tag-based search enables fine-grained filtering using attribute-based access control (ABAC) policies.

The registry also features metadata auto-sync, which polls live resources to keep the catalog current. When a consumer finds a resource they need, they request access through the resource onboarding API. The registry returns the appropriate credentials — OAuth client ID and secret, mTLS certificates, or IAM credentials — depending on the authorization model. The consumer can then call the agent or tool directly with proper authentication.

The Approval Workflow

The approval workflow provides a structured governance process. Registry records transition through defined states: Draft, Pending Approval, Approved, Rejected, and Deprecated. A publisher creates a record in Draft state. When they submit it for approval, it moves to Pending Approval. If auto-approve is enabled on the registry, the record moves directly to Approved.

Otherwise, the admin reviews the submission and updates the status. Approved resources can later be deprecated when they are no longer maintained. Rejected resources can be updated and resubmitted. This state machine gives you full control over what enters your organization’s catalog.

Multi-Account Support

For organizations operating across multiple AWS accounts, the registry supports sharing through AWS Resource Access Manager (RAM). This means a central platform team can maintain the registry in one account and share it with development teams across the organization. This is particularly valuable for enterprises with strict account separation between development, staging, and production environments.

Security and Governance

Security is built into every layer of the registry. Access control is handled through IAM-based policies or OAuth with custom JWT authorizers. The registry supports AWS PrivateLink and VPC endpoints, so you can access resources hosted in customer VPCs without traversing the public internet.

The approval workflow integrates with external security scanning tools. You can plug in open-source MCP scanners or third-party security solutions into your admin-controlled CI pipeline. Every state transition emits an EventBridge event, giving you a complete audit trail of who registered what, when it was approved, and by whom.

Registry vs. Gateway

A common question is how the registry relates to Amazon Bedrock AgentCore Gateway. The distinction is straightforward:

• AgentCore Gateway is the data plane. It handles runtime execution, acting as a proxy when you call an agent or tool. Think of it as the traffic layer.
• AgentCore Registry is the control plane. It handles build-time concerns: cataloging, discovery, and governance of resources.

These two services are complementary, not competing. You use the registry to discover and vet resources, and the gateway to execute them at runtime.

Efficiency Gains

The centralized nature of the registry introduces measurable efficiency improvements. Teams no longer spend time rebuilding capabilities that already exist elsewhere in the organization. The deduplication feature prevents redundant registrations, and semantic search makes it easy to find existing resources that match your needs.

The approval workflow reduces the security review burden by automating checks through CI/CD integration. Instead of manual reviews for every new agent or tool, you define your policies once and let the pipeline enforce them consistently. This reduces the time from development to production while maintaining your security standards.

For organizations with dozens or hundreds of agents and tools, the registry transforms what would be a chaotic landscape into a governed, searchable catalog. Platform teams gain visibility into what is being built and used across the organization, enabling better resource allocation and strategic planning.

Conclusion

As agentic AI adoption grows within enterprises, the need for centralized discovery and governance becomes unavoidable. Amazon Bedrock AgentCore Registry provides the infrastructure to manage this complexity. It gives admins control over what enters the catalog, publishers a streamlined path to share their work, and consumers a fast way to find and integrate existing capabilities.

If you are building agentic applications on AWS, consider how a registry fits into your platform strategy. You can learn more about Amazon Bedrock AgentCore Registry in the AWS documentation. For a deeper look at the MCP Registry specification, visit the MCP Registry documentation. And if you are already using Amazon Bedrock for your agentic solutions, the registry integrates directly into your existing workflows.

Photo by Strange Happenings