Container builds package your agent as a Docker container image instead of a code ZIP. Use containers when you need system-level dependencies, custom native libraries, or full control over the runtime environment.
A container runtime is required for local development (agentcore dev) and packaging (agentcore package). Supported
runtimes:
The CLI auto-detects the first working runtime in the order listed above. If multiple are installed, the highest-priority one wins.
A local runtime is not required for
agentcore deploy— AWS CodeBuild builds the image remotely.
# New project with container build
agentcore create --name MyProject --build Container
# Add container agent to existing project
agentcore add agent --name MyAgent --build Container --framework Strands --model-provider BedrockBoth commands generate a Dockerfile and .dockerignore in the agent's code directory:
app/MyAgent/
├── Dockerfile
├── .dockerignore
├── pyproject.toml
└── main.py
The template uses ghcr.io/astral-sh/uv:python3.12-bookworm-slim as the base image with these design choices:
- Layer caching: Dependencies (
pyproject.toml) are installed before copying application code - Non-root: Runs as
bedrock_agentcore(UID 1000) - Observability: Default CMD wraps the agent with
opentelemetry-instrument - Fast installs: Uses
uv pip installfor dependency resolution
You can customize the Dockerfile freely — add system packages, change the base image, or use multi-stage builds.
In agentcore.json, set "build": "Container":
{
"type": "AgentCoreRuntime",
"name": "MyAgent",
"build": "Container",
"entrypoint": "main.py",
"codeLocation": "app/MyAgent/",
"runtimeVersion": "PYTHON_3_12"
}All other fields work the same as CodeZip agents.
Converting an existing CodeZip agent? Changing the
buildfield inagentcore.jsonalone is not enough — you must also add aDockerfileand.dockerignoreto the agent's code directory. The easiest way is to create a throwaway container agent withagentcore add agent --build Containerand copy the generated files.
agentcore devFor container agents, the dev server:
- Builds the container image and adds a dev layer with
uvicorn - Runs the container with your source directory volume-mounted at
/app - Enables hot reload via
uvicorn --reload— code changes apply without rebuilding
AWS credentials are forwarded automatically (environment variables and ~/.aws mounted read-only).
agentcore package # Build image locally, validate < 1 GB
agentcore deploy -y --progress # Build via CodeBuild, push to ECRLocal packaging validates the image size (1 GB limit). If no local runtime is available, packaging is skipped and deployment handles the build remotely.
| Error | Fix |
|---|---|
| No container runtime found | Install Docker, Podman, or Finch |
| Runtime not ready | Docker: start Docker Desktop / sudo systemctl start docker. Podman: podman machine start. Finch: finch vm init && finch vm start |
| Dockerfile not found | Ensure Dockerfile exists in the agent's codeLocation directory |
| Image exceeds 1 GB | Use multi-stage builds, minimize packages, review .dockerignore |
| Build fails | Check pyproject.toml is valid; verify network access for dependency installation |