:doc:`BedrockAgentCoreControl <../../bedrock-agentcore-control>` / Client / create_agent_runtime

********************
create_agent_runtime
********************



.. py:method:: BedrockAgentCoreControl.Client.create_agent_runtime(**kwargs)

  

  Creates an Amazon Bedrock AgentCore Runtime.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreateAgentRuntime>`_  


  **Request Syntax**
  ::

    response = client.create_agent_runtime(
        agentRuntimeName='string',
        agentRuntimeArtifact={
            'containerConfiguration': {
                'containerUri': 'string'
            },
            'codeConfiguration': {
                'code': {
                    's3': {
                        'bucket': 'string',
                        'prefix': 'string',
                        'versionId': 'string'
                    }
                },
                'runtime': 'PYTHON_3_10'|'PYTHON_3_11'|'PYTHON_3_12'|'PYTHON_3_13',
                'entryPoint': [
                    'string',
                ]
            }
        },
        roleArn='string',
        networkConfiguration={
            'networkMode': 'PUBLIC'|'VPC',
            'networkModeConfig': {
                'securityGroups': [
                    'string',
                ],
                'subnets': [
                    'string',
                ]
            }
        },
        clientToken='string',
        description='string',
        authorizerConfiguration={
            'customJWTAuthorizer': {
                'discoveryUrl': 'string',
                'allowedAudience': [
                    'string',
                ],
                'allowedClients': [
                    'string',
                ],
                'allowedScopes': [
                    'string',
                ],
                'customClaims': [
                    {
                        'inboundTokenClaimName': 'string',
                        'inboundTokenClaimValueType': 'STRING'|'STRING_ARRAY',
                        'authorizingClaimMatchValue': {
                            'claimMatchValue': {
                                'matchValueString': 'string',
                                'matchValueStringList': [
                                    'string',
                                ]
                            },
                            'claimMatchOperator': 'EQUALS'|'CONTAINS'|'CONTAINS_ANY'
                        }
                    },
                ]
            }
        },
        requestHeaderConfiguration={
            'requestHeaderAllowlist': [
                'string',
            ]
        },
        protocolConfiguration={
            'serverProtocol': 'MCP'|'HTTP'|'A2A'
        },
        lifecycleConfiguration={
            'idleRuntimeSessionTimeout': 123,
            'maxLifetime': 123
        },
        environmentVariables={
            'string': 'string'
        },
        tags={
            'string': 'string'
        }
    )
    
  :type agentRuntimeName: string
  :param agentRuntimeName: **[REQUIRED]** 

    The name of the AgentCore Runtime.

    

  
  :type agentRuntimeArtifact: dict
  :param agentRuntimeArtifact: **[REQUIRED]** 

    The artifact of the AgentCore Runtime.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``containerConfiguration``, ``codeConfiguration``. 

  
    - **containerConfiguration** *(dict) --* 

      The container configuration for the agent artifact.

      

    
      - **containerUri** *(string) --* **[REQUIRED]** 

        The ECR URI of the container.

        

      
    
    - **codeConfiguration** *(dict) --* 

      The code configuration for the agent runtime artifact, including the source code location and execution settings.

      

    
      - **code** *(dict) --* **[REQUIRED]** 

        The source code location and configuration details.

        .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``s3``. 

      
        - **s3** *(dict) --* 

          The Amazon Amazon S3 object that contains the source code for the agent runtime.

          

        
          - **bucket** *(string) --* **[REQUIRED]** 

            The name of the Amazon S3 bucket. This bucket contains the stored data.

            

          
          - **prefix** *(string) --* **[REQUIRED]** 

            The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.

            

          
          - **versionId** *(string) --* 

            The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.

            

          
        
      
      - **runtime** *(string) --* **[REQUIRED]** 

        The runtime environment for executing the code (for example, Python 3.9 or Node.js 18).

        

      
      - **entryPoint** *(list) --* **[REQUIRED]** 

        The entry point for the code execution, specifying the function or method that should be invoked when the code runs.

        

      
        - *(string) --* 

        
    
    
  
  :type roleArn: string
  :param roleArn: **[REQUIRED]** 

    The IAM role ARN that provides permissions for the AgentCore Runtime.

    

  
  :type networkConfiguration: dict
  :param networkConfiguration: **[REQUIRED]** 

    The network configuration for the AgentCore Runtime.

    

  
    - **networkMode** *(string) --* **[REQUIRED]** 

      The network mode for the AgentCore Runtime.

      

    
    - **networkModeConfig** *(dict) --* 

      The network mode configuration for the AgentCore Runtime.

      

    
      - **securityGroups** *(list) --* **[REQUIRED]** 

        The security groups associated with the VPC configuration.

        

      
        - *(string) --* 

        
    
      - **subnets** *(list) --* **[REQUIRED]** 

        The subnets associated with the VPC configuration.

        

      
        - *(string) --* 

        
    
    
  
  :type clientToken: string
  :param clientToken: 

    A unique, case-sensitive identifier to ensure idempotency of the request.

    This field is autopopulated if not provided.

  
  :type description: string
  :param description: 

    The description of the AgentCore Runtime.

    

  
  :type authorizerConfiguration: dict
  :param authorizerConfiguration: 

    The authorizer configuration for the AgentCore Runtime.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``customJWTAuthorizer``. 

  
    - **customJWTAuthorizer** *(dict) --* 

      The inbound JWT-based authorization, specifying how incoming requests should be authenticated.

      

    
      - **discoveryUrl** *(string) --* **[REQUIRED]** 

        This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

        

      
      - **allowedAudience** *(list) --* 

        Represents individual audience values that are validated in the incoming JWT token validation process.

        

      
        - *(string) --* 

        
    
      - **allowedClients** *(list) --* 

        Represents individual client IDs that are validated in the incoming JWT token validation process.

        

      
        - *(string) --* 

        
    
      - **allowedScopes** *(list) --* 

        An array of scopes that are allowed to access the token.

        

      
        - *(string) --* 

        
    
      - **customClaims** *(list) --* 

        An array of objects that define a custom claim validation name, value, and operation

        

      
        - *(dict) --* 

          Defines the name of a custom claim field and rules for finding matches to authenticate its value.

          

        
          - **inboundTokenClaimName** *(string) --* **[REQUIRED]** 

            The name of the custom claim field to check.

            

          
          - **inboundTokenClaimValueType** *(string) --* **[REQUIRED]** 

            The data type of the claim value to check for.

             

            
            * Use ``STRING`` if you want to find an exact match to a string you define.
             
            * Use ``STRING_ARRAY`` if you want to fnd a match to at least one value in an array you define.
            

            

          
          - **authorizingClaimMatchValue** *(dict) --* **[REQUIRED]** 

            Defines the value or values to match for and the relationship of the match.

            

          
            - **claimMatchValue** *(dict) --* **[REQUIRED]** 

              The value or values to match for.

              .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``matchValueString``, ``matchValueStringList``. 

            
              - **matchValueString** *(string) --* 

                The string value to match for.

                

              
              - **matchValueStringList** *(list) --* 

                An array of strings to check for a match.

                

              
                - *(string) --* 

                
            
            
            - **claimMatchOperator** *(string) --* **[REQUIRED]** 

              Defines the relationship between the claim field value and the value or values you're matching for.

              

            
          
        
    
    
  
  :type requestHeaderConfiguration: dict
  :param requestHeaderConfiguration: 

    Configuration for HTTP request headers that will be passed through to the runtime.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``requestHeaderAllowlist``. 

  
    - **requestHeaderAllowlist** *(list) --* 

      A list of HTTP request headers that are allowed to be passed through to the runtime.

      

    
      - *(string) --* 

      
  
  
  :type protocolConfiguration: dict
  :param protocolConfiguration: 

    The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.

    

  
    - **serverProtocol** *(string) --* **[REQUIRED]** 

      The server protocol for the agent runtime. This field specifies which protocol the agent runtime uses to communicate with clients.

      

    
  
  :type lifecycleConfiguration: dict
  :param lifecycleConfiguration: 

    The life cycle configuration for the AgentCore Runtime.

    

  
    - **idleRuntimeSessionTimeout** *(integer) --* 

      Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will be automatically terminated. Default: 900 seconds (15 minutes).

      

    
    - **maxLifetime** *(integer) --* 

      Maximum lifetime for the instance in seconds. Once reached, instances will be automatically terminated and replaced. Default: 28800 seconds (8 hours).

      

    
  
  :type environmentVariables: dict
  :param environmentVariables: 

    Environment variables to set in the AgentCore Runtime environment.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  :type tags: dict
  :param tags: 

    A map of tag keys and values to assign to the agent runtime. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'agentRuntimeArn': 'string',
          'workloadIdentityDetails': {
              'workloadIdentityArn': 'string'
          },
          'agentRuntimeId': 'string',
          'agentRuntimeVersion': 'string',
          'createdAt': datetime(2015, 1, 1),
          'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **agentRuntimeArn** *(string) --* 

        The Amazon Resource Name (ARN) of the AgentCore Runtime.

        
      

      - **workloadIdentityDetails** *(dict) --* 

        The workload identity details for the AgentCore Runtime.

        
        

        - **workloadIdentityArn** *(string) --* 

          The ARN associated with the workload identity.

          
    
      

      - **agentRuntimeId** *(string) --* 

        The unique identifier of the AgentCore Runtime.

        
      

      - **agentRuntimeVersion** *(string) --* 

        The version of the AgentCore Runtime.

        
      

      - **createdAt** *(datetime) --* 

        The timestamp when the AgentCore Runtime was created.

        
      

      - **status** *(string) --* 

        The current status of the AgentCore Runtime.

        
  
  **Exceptions**
  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ConflictException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ValidationException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ThrottlingException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.InternalServerException`

  