Problem
I'm trying to implement the 3-legged OAuth (3LO) flow using AWS Identity outside of the Runtime environment. The SDK currently defaults to local authentication settings and expects a ".agentcore.json" configuration file that isn't available in my setup.
When the configuration file is absent, the SDK attempts to create an Identity Workload as a fallback. However, the agent's execution role is denied access, causing the process to fail with messages like "save_turn() is deprecated..." and similar warnings.
Requested Solution
Enable passing a workload identity name directly to the @require_access_token decorator. The decorator should retrieve the workload access token automatically and proceed normally.
Current Alternatives Considered
- Manually placing the
".agentcore.json" file
- Explicitly setting the
BedrockAgentCoreContext
Deployment Context
The agent runs on Amazon ECS infrastructure.
Problem
I'm trying to implement the 3-legged OAuth (3LO) flow using AWS Identity outside of the Runtime environment. The SDK currently defaults to local authentication settings and expects a
".agentcore.json"configuration file that isn't available in my setup.When the configuration file is absent, the SDK attempts to create an Identity Workload as a fallback. However, the agent's execution role is denied access, causing the process to fail with messages like "save_turn() is deprecated..." and similar warnings.
Requested Solution
Enable passing a workload identity name directly to the
@require_access_tokendecorator. The decorator should retrieve the workload access token automatically and proceed normally.Current Alternatives Considered
".agentcore.json"fileBedrockAgentCoreContextDeployment Context
The agent runs on Amazon ECS infrastructure.