AWS Bedrock AgentCore adds persistent filesystem storage and shell command execution

AWS Bedrock AgentCore Adds Persistent Filesystem Storage and Shell Command Execution

Amazon Web Services has released two capabilities for Bedrock AgentCore Runtime that address core limitations in production agentic workflows: managed session storage (public preview) for persistent filesystem state and InvokeAgentRuntimeCommand for executing shell commands directly within agent sessions.

The Problem: Ephemeral Agent Filesystems

Bedrock AgentCore Runtime isolates each session in a dedicated microVM with its own kernel, memory, and filesystem. This architecture provides strong security boundaries but creates a critical limitation: when a microVM terminates—either explicitly or through idle timeout—all agent-created artifacts disappear. Agents that spend 20 minutes scaffolding projects, installing dependencies, and generating code must repeat this work entirely when resumed.

AWS identified two specific friction points teams encounter in production:

1. Ephemeral filesystem state: Agent sessions lose all generated files, installed packages, git history, and configuration when stopped
2. Deterministic operation routing: Running tests or executing git commands forces teams to either route them through the LLM as tool calls (adding latency and non-determinism) or build custom orchestration logic outside the runtime

Managed Session Storage: Persistent Agent Filesystem State

Managed session storage provides agents with a persistent directory that survives stop/resume cycles. Data persists at the runtime level—when a microVM terminates and is replaced, the filesystem remains intact.

Configuration requires adding sessionStorage to the agent runtime's filesystem configuration:

aws bedrock-agentcore create-agent-runtime \
  --filesystem-configurations '[{ "sessionStorage": { "mountPath": "/mnt/workspace" } }]'

Alternatively, using AWS SDK for Python:

control_client.create_agent_runtime(
  filesystemConfigurations=[{
    'sessionStorage': {
      'mountPath': '/mnt/workspace'
    }
  }]
)

Once configured, any files written to the mount path are automatically persisted. Agents require no code changes—no special APIs, serialization, or save/restore logic. Files written to /mnt/workspace on Day 1 remain accessible when the same runtime-session-id is invoked on Day 2.

By default, session storage data is retained for 14 days of idle time. When an agent endpoint is updated to a different version and the same session ID is invoked, session data is refreshed, providing a clean context for the new version.

Execute Command: Direct Shell Access Within Sessions

The InvokeAgentRuntimeCommand capability enables agents to execute shell commands directly within their dedicated microVM, bypassing the LLM entirely. This eliminates token costs, latency, and non-determinism from predictable operations like npm test or git push.

Practical Workflow: Multi-Day Development

AWS demonstrates a realistic scenario:

Day 1: Agent downloads a codebase to /mnt/workspace, extracts files, and sets up the development environment. When the session is stopped, the entire workspace persists.

Day 2: Same runtime-session-id is invoked. A new microVM boots and mounts the identical storage. The agent finds all files, dependencies, and build artifacts exactly as left—resuming work immediately without reinitializing.

Architecture Details

Bedrock AgentCore uses two Boto3 service clients:

• Control plane client (bedrock-agentcore-control): Runtime lifecycle operations
• Data plane client (bedrock-agentcore): Session operations like InvokeAgentRuntime and InvokeAgentRuntimeCommand

The mount path must follow the pattern /mnt/[folder-name] (e.g., /mnt/workspace or /mnt/data).

What This Means

These features fundamentally change how production agents handle state and deterministic operations. Previously, agents operating over multiple sessions faced a choice: implement complex checkpoint logic with S3 uploads/downloads, keep sessions perpetually alive, or accept repeated initialization overhead. Now, filesystem persistence is built into the runtime—agents naturally maintain state across sessions. Combined with direct shell command execution, teams can build workflows that previously required significant orchestration infrastructure outside the agent runtime. For coding agents specifically, the ability to preserve installed dependencies, git history, and build artifacts across sessions eliminates a major class of wasted compute.