Documentation
Integrations
Platforms
AWS

AWS

Run Agent Gateway on AWS to leverage Amazon Bedrock, ECS/EKS, and other AWS services.

Deployment options

Amazon ECS

Run Agent Gateway as an ECS service with Fargate or EC2.

{
  "family": "agentgateway",
  "networkMode": "awsvpc",
  "containerDefinitions": [
    {
      "name": "agentgateway",
      "image": "ghcr.io/agentgateway/agentgateway:latest",
      "portMappings": [
        {"containerPort": 3000, "protocol": "tcp"}
      ],
      "environment": [
        {"name": "ADMIN_ADDR", "value": "0.0.0.0:15000"}
      ],
      "secrets": [
        {
          "name": "OPENAI_API_KEY",
          "valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:openai-key"
        }
      ],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "/ecs/agentgateway",
          "awslogs-region": "us-east-1",
          "awslogs-stream-prefix": "agentgateway"
        }
      }
    }
  ],
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "512",
  "memory": "1024"
}

Amazon EKS

For EKS deployments, use kgateway which provides native Kubernetes Gateway API support, dynamic configuration, and MCP service discovery.

Deploy on EKS with kgateway

AWS integrations

Integration Purpose
Amazon Bedrock Access Claude, Llama, and other models
AWS Secrets Manager Secure API key storage
AWS ALB Load balancing with SSL termination
CloudWatch Logs and metrics
X-Ray Distributed tracing

IAM permissions

Create an IAM role for Agent Gateway with these permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeModel",
        "bedrock:InvokeModelWithResponseStream"
      ],
      "Resource": "arn:aws:bedrock:*:*:model/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "secretsmanager:GetSecretValue"
      ],
      "Resource": "arn:aws:secretsmanager:*:*:secret:llm-*"
    }
  ]
}

Learn more

DockerGoogle Cloud