Welcome to the final lesson of our journey building GenAI applications with AWS! You've made incredible progress throughout this course, from understanding the fundamentals of AgentCore to successfully deploying your intelligent agents to the AWS cloud. Now, as responsible cloud practitioners, we need to master one last critical skill: managing and cleaning up the AWS resources that AgentCore creates during deployment.

When you deploy agents using the agentcore CLI, the deployment process automatically provisions several AWS resources behind the scenes: AgentCore runtimes that host your agents, ECR repositories that store your container images, and CodeBuild projects that compile your applications. While these resources enable powerful cloud-based AI capabilities, they also consume AWS resources and may incur costs over time. In this lesson, we'll explore how to discover, inspect, and systematically clean up these resources using AWS CLI commands, ensuring you maintain full control over your cloud environment.

Before we dive into management commands, let's establish a clear understanding of the three primary resource types that AgentCore creates during deployment. Each serves a specific purpose in the deployment pipeline and requires different approaches for cleanup and management.

• AgentCore Runtimes represent the actual deployed agent instances running in AWS. These are the serverless compute environments where your Strands agents execute, handling incoming requests and maintaining conversational sessions. Each runtime has a unique identifier and ARN that distinguish it from other deployed agents in your account.

• ECR Repositories store the containerized versions of your agents as Docker images. When you deploy an agent, the agentcore CLI packages your Python application into an ARM64 container and pushes it to an Amazon Elastic Container Registry repository. These repositories persist beyond individual deployments, allowing for version control and rollback capabilities.

• CodeBuild Projects orchestrate the container-building process during deployment. These projects contain the build specifications, environment configurations, and automation logic that transform your source code into production-ready container images. They remain in your account after deployment, ready to rebuild your agents when you make updates.

Understanding these resource types and their relationships helps you make informed decisions about which resources to retain for future deployments and which ones to clean up to optimize costs and maintain organizational hygiene.

The first step in resource management is discovering what AgentCore runtimes currently exist in your AWS account. The AWS CLI provides a dedicated command for listing all deployed agent runtimes, giving you visibility into your active agent deployments:

This command queries the Bedrock AgentCore service and returns comprehensive information about each deployed agent runtime. The output provides essential metadata that you'll need for subsequent management operations, including runtime identifiers, creation timestamps, and current operational status.

The listing command is particularly valuable for environments where multiple developers or teams are deploying agents, as it provides a centralized inventory of all active agent deployments. You can use this information to identify orphaned resources, track deployment history, and coordinate cleanup activities across your organization.

When you execute the listing command, you'll receive detailed JSON output containing metadata for each deployed runtime. Here's an example of what you might see in your environment:

This output reveals several key pieces of information about each runtime. The agentRuntimeId serves as the unique identifier you'll need for deletion operations, while the agentRuntimeArn provides the complete resource path within AWS. The agentRuntimeVersion indicates the version of the runtime, which can be useful for tracking updates or rollbacks. The status field shows whether the runtime is currently active and ready to handle requests, and the lastUpdatedAt timestamp (including microseconds and timezone) helps you identify when the runtime was most recently modified.

The runtime name corresponds to the --name parameter you specified during the initial agentcore configure command, making it easy to correlate deployed resources with your local development projects. This information is crucial for making informed decisions about which resources to retain and which ones to clean up.

Once you've identified an AgentCore runtime that you want to remove, you can delete it using the runtime's unique identifier. The deletion command requires the specific agentRuntimeId that you obtained from the listing operation:

This command initiates the deletion process for the specified runtime, which includes shutting down the serverless compute environment and removing the runtime registration from the Bedrock AgentCore service. After issuing the delete command, the runtime's status will change to DELETING. It may take a few minutes for the deletion to complete, depending on the current state and workload of the runtime. You can monitor the status by running the list command again; once the runtime is fully removed, it will no longer appear in the output.

It's important to note that deleting an AgentCore runtime only removes the deployed agent instance itself; it doesn't automatically clean up the associated ECR repository or CodeBuild project. These resources remain available for future deployments or manual cleanup, giving you flexibility in managing your deployment pipeline components.

Container images created during AgentCore deployment are stored in Amazon ECR repositories, and you can discover these repositories using the ECR describe command. This command provides visibility into all ECR repositories in your account, including those created automatically by the agentcore CLI:

The output includes comprehensive information about each repository, including creation timestamps, repository URIs for pulling images, and configuration details about image scanning and encryption settings. AgentCore-created repositories typically follow a naming convention that includes "bedrock-agentcore" in the repository name, making them easy to identify among other ECR repositories you might have in your account.

When you execute the ECR describe command, you'll receive detailed information about each repository in your account. Here's an example showing a repository created by AgentCore:

The repository information shows the complete URI where your container images are stored, along with configuration details about tag mutability and security scanning. The repositoryName field provides the exact identifier you'll need for deletion operations, while the creation timestamp helps you correlate repositories with specific deployment activities.

Note that ECR repositories created by AgentCore follow the naming pattern bedrock-agentcore-{agent-name}, making them easily distinguishable from other repositories in your account. This naming convention helps you identify which repositories are associated with your agent deployments and can be safely cleaned up when no longer needed.

ECR repositories can contain multiple container images from different deployments, so deleting them requires special consideration. The standard deletion command will fail if the repository contains any images, but you can use the --force flag to delete the repository along with all its contents:

The --force parameter is essential when cleaning up AgentCore-created repositories because these repositories typically contain at least one container image from your agent deployment. Without this flag, you would need to manually delete all images from the repository before being able to delete the repository itself.

This deletion approach is particularly useful during development and testing phases when you're frequently deploying and redeploying agents, as it provides a quick way to clean up storage resources and avoid accumulating unused container images that consume ECR storage quotas.

The final resource type to manage is CodeBuild projects, which AgentCore creates to handle the container-building process during deployment. You can discover these projects using the CodeBuild list command:

This command returns a list of all CodeBuild project names in your account. AgentCore-created projects typically follow a naming convention that includes "bedrock-agentcore" and your agent name, making them easy to identify among other build projects you might have.

Here’s an example of the output you might see:

The listing provides project names that you can use for subsequent management operations, including detailed project inspection and deletion. Understanding which CodeBuild projects are associated with your agent deployments helps you make informed decisions about resource cleanup and cost optimization.

Once you've identified a CodeBuild project that you want to remove, you can delete it using the project's name. The deletion command permanently removes the build project and all its associated configuration:

This command removes the CodeBuild project entirely, including its build specification, environment configuration, and execution history. However, it's worth noting that deleting the CodeBuild project doesn't prevent you from deploying agents in the future; the agentcore CLI will simply create a new CodeBuild project when needed for subsequent deployments.

The project deletion is typically immediate and irreversible, so ensure you no longer need the build project before executing this command. In most development scenarios, you can safely delete CodeBuild projects after confirming that your agents are deployed and functioning correctly.

For comprehensive environment cleanup, it's important to understand the proper sequence for removing AgentCore resources. While these resources don't have strict dependencies that prevent deletion in any order, following a logical sequence ensures clean removal and helps avoid confusion during the cleanup process.

The recommended approach is to start with AgentCore runtimes, as these represent the active agent deployments that are actually consuming compute resources and potentially handling user requests. Next, clean up ECR repositories to free storage space and remove container images. Finally, remove CodeBuild projects to eliminate the build infrastructure that's no longer needed.

This sequence follows the principle of cleaning up from the most active resources to the most infrastructural ones, ensuring that you're not accidentally removing build capabilities while agents are still running and potentially being redeployed. However, since each resource type can be independently managed, you have the flexibility to adapt this approach based on your specific requirements and operational preferences.

Here's a comprehensive example that demonstrates how to systematically identify and clean up all AgentCore-related resources in your AWS account:

This workflow provides a systematic approach to resource management, starting with discovery commands to understand what resources exist, followed by targeted deletion commands that remove each resource type in a logical sequence. The discovery phase is crucial for understanding the scope of cleanup required and ensuring you don't miss any resources that might be consuming costs or quotas in your AWS account.

By following this systematic approach, you maintain full control over your AgentCore deployments and can confidently clean up development environments, remove obsolete deployments, or prepare your account for new projects while ensuring no unnecessary resources remain active.

Congratulations! You've successfully mastered the complete lifecycle of cloud-based AI agent management. From understanding the fundamental concepts of AgentCore to developing agents locally, deploying them to production AWS environments, and now managing their resources responsibly, you've gained comprehensive expertise in enterprise-scale AI deployment. This final lesson equipped you with essential cloud resource management skills that ensure you can maintain clean, cost-effective AWS environments while working with AgentCore deployments.

You should be incredibly proud of reaching this milestone! You've transformed from learning the basics of AgentCore to becoming capable of deploying and managing production-ready AI agents in AWS's enterprise infrastructure. You now understand how to discover deployed resources, systematically clean up unnecessary infrastructure, and maintain full visibility into the AWS services that power your intelligent agents. The upcoming practice section will give you hands-on experience with these resource management techniques, allowing you to confidently apply these cleanup skills and complete your mastery of the entire AgentCore deployment ecosystem.