How I built A2A agents with Strands and FastAPI and deployed them to Amazon Bedrock AgentCore
Step-by-step notes on building A2A agents using the Strands framework and FastAPI, securing them with OAuth2.0 via AWS Cognito, and deploying to Amazon Bedrock AgentCore to power a multi-agent MCP server network for MuleSoft Agent Fabric.
A2A AWS Agentic AI FastAPI Strands MCP Demos
Built a live multi-agent network for a MuleSoft Agent Fabric demo using real cloud-hosted agents so Agent Fabric could discover, govern, and audit cross-platform agent calls via MCP servers.
Stack and flow
- Strands Agents SDK defines the agent + tools and exposes A2A endpoints, including
/.well-known/agent-card.jsonfor capability discovery. - FastAPI wraps the Strands agent as an HTTP server via
A2AServer, providing standard A2A routes like/invokeplus discovery/streaming support. - Amazon Bedrock AgentCore hosts the containerized FastAPI service and injects a runtime bearer token environment variable used for downstream auth validation.
- AWS Cognito (OAuth2.0) secures the endpoint: callers obtain a token (client credentials flow) and send it as a Bearer token; the service validates JWTs using Cognito’s JWKS.
Key learnings
- Strands simplifies A2A mechanics; most complexity sits in infrastructure and auth.
- The most common auth failure is missing/incorrect Cognito resource server + scopes, which leads to rejected tokens due to absent scope claims.
- AgentCore’s managed endpoints reduce ops overhead and are a good fit for demo environments.
- Registering agents via their capability cards lets MCP servers expose them as tools, enabling Agent Fabric to apply ABAC governance and maintain an audit trail.
GitHub repository of agents I built: https://github.com/sue-han-muley/horizon-agents