Build a device management agent with Amazon Bedrock AgentCore

The proliferation of Internet of Things (IoT) devices has transformed how we interact with our environments, from homes to industrial settings. However, as the number of connected devices grows, so does the complexity of managing them. Traditional device management interfaces often require navigating through multiple applications, each with its own UI and learning curve. This fragmentation creates friction for users trying to monitor and control their IoT environment.

In this post, we explore how to build a conversational device management system using Amazon Bedrock AgentCore. With this solution, users can manage their IoT devices through natural language, using a UI for tasks like checking device status, configuring WiFi networks, and monitoring user activity. To learn more about how Amazon Bedrock AgentCore enables deploying and operating highly effective agents securely at scale using a variety of frameworks and models, refer to Enabling customers to deliver production-ready AI agents at scale.

The challenge of device management

Managing a modern IoT environment involves navigating numerous challenges that can hinder user experience and technology adoption. Interface fragmentation forces users to juggle multiple applications and management tools for different devices, and technical complexity can make even basic configuration tasks intimidating for non-specialists. Adding to these difficulties are visibility limitations that prevent comprehensive monitoring of device status, and inadequate user management capabilities that make it difficult to track device usage patterns.

Together, these pain points create significant friction for users trying to implement and maintain IoT solutions effectively.

Solution overview

The conversational AI solution using agents offers a comprehensive approach to IoT complexity through its unified conversational interface that consolidates device management tasks into a single access point. Users can perform sophisticated operations through natural language interaction instead of navigating technical menus, while gaining comprehensive visibility across connected devices and transforming complex configuration tasks into straightforward conversations. The system delivers essential capabilities, including device management for inventory control and status monitoring, WiFi network management for simplified network configuration, user management for access control, and activity tracking for temporal analysis of user interactions. This seamless management experience minimizes monitoring vulnerabilities and provides valuable insights into usage patterns and potential security concerns, effectively removing the typical barriers to successful IoT implementation while maintaining appropriate system authorization throughout the network.

Architecture overview

The device management system follows a modular architecture that uses several AWS services. The architecture consists of the following components:

• User and application interface – Users interact with the system through a web application that serves as the frontend interface.
• Foundation models – This system uses various foundation models (FMs) in Amazon Bedrock to power natural language understanding and generation capabilities.
• Amazon Bedrock AgentCore Gateway – This feature acts as the secure entry point for authenticated requests, validating bearer tokens before routing requests to the appropriate target.
• Amazon Bedrock AgentCore Identity – This feature manages agent identity and permissions, controlling what actions the agent can perform on behalf of users.
• Amazon Bedrock AgentCore Memory – This feature supports both short-term and long-term memory, maintaining immediate conversation context within a session and storing persistent insights and preferences across sessions. This enables agents to provide consistent, context-aware responses without developers needing to manage complex memory infrastructure.
• Amazon Bedrock AgentCore Observability – This feature monitors agent performance, tracks metrics, and provides insights into system usage and behavior for debugging and optimization.
• Amazon Bedrock AgentCore Runtime – This secure, serverless environment supports AI agents built with open source frameworks. It maintains complete session isolation by dedicating isolated containers per user session, enabling scalable and secure management of long-running, stateful interactions.
• Amazon Cognito – Amazon Cognito handles user authentication through bearer token generation and validation, facilitating secure access to the system.
• Amazon DynamoDB – Amazon DynamoDB stores system data across five tables.
• AWS Lambda – The solution connects the gateway to AWS Lambda functions that execute specific device management operations. Lambda contains the business logic for device management, implementing seven core tools.

This architecture enables a seamless flow from user query to response: the user submits a natural language request through the application, which is authenticated through Amazon Cognito and processed by Amazon Bedrock AgentCore Runtime. The runtime determines the appropriate tool to invoke and sends the request through the gateway to the Lambda function, which queries or updates DynamoDB as needed. The result flows back through the same path, with the runtime generating a natural language response based on the data retrieved.

Refer to the GitHub repository for detailed deployment instructions.

Key functionalities of the device management agent

The device management system uses Lambda to implement seven essential tools for device management, including listing devices, retrieving settings, managing WiFi networks, and monitoring user activity, all invoked by the agent as needed. This functionality is supported by our flexible NoSQL database architecture in DynamoDB, which comprises five distinct tables—Devices, DeviceSettings, WifiNetworks, Users, and UserActivities—storing specialized data to maintain comprehensive system records. Together, these components create a robust foundation that enables efficient device management while maintaining detailed audit trails of system activities.

Key features showcase

Performance and security considerations

The solution balances robust concurrent processing capabilities with comprehensive protection measures. The device management system efficiently handles multiple simultaneous requests through automatically scaling Lambda functions, consistent DynamoDB performance regardless of data volume, and intelligent retry logic with exponential backoff when encountering rate limitations. To scale across hundreds of tools, the semantic search capability in Amazon Bedrock AgentCore Gateway enables efficient and relevant discovery of tools by meaning, facilitating quick and accurate responses even at large scale.

The system implements industry-leading security practices, including Amazon Cognito authentication, Amazon Bedrock AgentCore Identity, layered access control through gateway and Lambda level permission verification, comprehensive data encryption at rest and in transit, and Amazon Bedrock Guardrails to help prevent prompt injection attacks while maintaining interaction safety.

Conclusion

The device management system presented in this post uses Amazon Bedrock AgentCore to transform IoT management through conversational AI, creating an intuitive interface where complex device operations become simple dialogue. Its composable, reusable, and decoupled agentic architecture alleviates undifferentiated heavy lifting by providing built-in features for secure, scalable deployment and seamless integration. By combining large language models with an AWS infrastructure, the solution provides enterprise-grade capabilities without burdening developers with infrastructure management. Key benefits include simplified user experiences through natural language interaction, operational efficiency with unified interfaces, comprehensive device visibility, and future-proof architecture that evolves with AI advancements. The system’s model-agnostic approach supports continuous improvement as new FMs emerge, and robust security and observability features help organizations confidently deploy scalable, next-generation device management solutions tailored to their specific IoT environments.

To implement this solution, refer to the GitHub repository.

---

About the Author

Godwin Sahayaraj Vincent is an Enterprise Solutions Architect at AWS who is passionate about Machine Learning and providing guidance to customers to design, deploy and manage their AWS workloads and architectures. In his spare time, he loves to play cricket with his friends and tennis with his three kids.

Ramesh Kumar Venkatraman is a Senior Solutions Architect at AWS who is passionate about Generative AI, Containers and Databases. He works with AWS customers to design, deploy and manage their AWS workloads and architectures. In his spare time, he loves to play with his two kids and follows cricket.

Chhavi Kaushik is an AWS Solutions Architect specializing in cloud-native architectures and digital transformation. She is passionate about helping customers harness the power of Generative AI, designing and implementing enterprise-scale solutions that combine AWS’s cutting-edge AI/ML services. Outside of her professional life, Chhavi enjoys exploring the California outdoors, making the most of the Bay Area’s beautiful weather and lifestyle.