Bring Amazon Bedrock AgentCore into Slack: a reusable pattern for AI agents

Embed AI agents where teams already work — secure, serverless, and swap‑friendly for any business domain

TL;DR

Embed Amazon Bedrock AgentCore agents directly into Slack using a serverless, SQS‑backed async pipeline. This pattern verifies Slack webhooks, maps Slack thread timestamps to persistent AgentCore memory, and offloads long-running reasoning to a containerized runtime (Strands Agents SDK + AgentCore). Start with a low‑risk pilot (FAQ or weather) using the provided GitHub sample, instrument observability, and enforce least‑privilege security before scaling.

Problem — and why this pattern matters

People live in Slack. Asking them to switch to another console to use an AI agent is a barrier to adoption. Embedding agents in Slack keeps identity, context, and tooling in one place so teams get answers where they already collaborate. That convenience matters to product adoption and speed of decisioning.

User snapshot

Example pilot interaction (real UX, simplified):

• Alice (sales): “@agent Give me a 1‑line summary of Acme Corp and last interaction.” (posted in a thread)
• Agent: “Processing your request…”
• Agent (followup): “Acme Corp — last contact: 2026‑02‑12 (sales rep Jenna). Summary: prospect interested in premium tier; follow-up scheduled.” (includes CRM link)

Architecture overview

Key components and pattern:

• API Gateway receives Slack webhooks and routes to a lightweight verification Lambda.
• Verification Lambda authenticates the request and responds immediately so Slack isn’t blocked.
• An SQS FIFO queue decouples Slack from longer agent runs. A second Lambda filters events and enqueues work, posting a “Processing…” thread reply.
• An Agent Integration Lambda consumes SQS messages and forwards them to a containerized AgentCore runtime (Strands Agents SDK + AgentCore Gateway + AgentCore Memory). The runtime calls models (example: Nova Pro) and tools via the Model Context Protocol (MCP).
• Tool calls are SigV4‑signed (AWS request signing) and secrets (Slack token, signing secret) are kept in Secrets Manager. Images are built with CodeBuild and stored in ECR; CDK deploys three stacks (Image, Agent, Slack).

Why these patterns? Practical tradeoffs

• Thread timestamps as session_id: Slack thread_ts is used as session_id and the Slack user ID as actor_id so each thread maps to a distinct AgentCoreMemory session. No external session DB required.
• Async queue to beat the 3‑second limit: Slack requires a quick acknowledgement. Enqueue to SQS to allow seconds‑to‑minutes of agent reasoning and tool calls without timing out the webhook.
• FIFO + idempotency: FIFO queue preserves order and dedupes messages; visibility timeout and redrive policies handle retries and failures.

“The integration brings agents into the workspace so teams don’t have to jump between apps or re-authenticate.”

How the pipeline works (step‑by‑step)

• 1) Verification Lambda: Validates Slack signature using the signing secret (stored in Secrets Manager) and immediately returns 200 to Slack.
• 2) SQS Integration Lambda: Filters events (mentions, direct messages), posts a “Processing…” message into the thread, and pushes a deduped payload onto an SQS FIFO queue.
• 3) Agent Integration Lambda: Pulls SQS messages, calls the AgentCore runtime endpoint (container), streams MCP‑formatted tool requests if needed, and updates the Slack thread with the final response.

Runtime, tools, and authentication

The runtime uses the Strands Agents SDK and AgentCore Gateway to orchestrate model‑driven planning and tool invocation. Tool calls follow the Model Context Protocol (MCP) so tools can stream results back to the agent. All backend tool endpoints are authenticated with AWS SigV4 signing (AWS request signing for secure tool calls), and secrets like tokens live in AWS Secrets Manager.

Build and deploy

• Container images built via AWS CodeBuild for ARM64 (Graviton) and pushed to ECR.
• Infrastructure packaged as three AWS CDK stacks: Image Stack, Agent Stack, Slack Stack.
• Sample repo: GitHub: Integrating Amazon Bedrock AgentCore with Slack (sample).

Implementation checklist

• Enable Slack app with scopes: app_mentions:read, chat:write, im:history, im:read, im:write.
• Store Slack signing secret and bot token in Secrets Manager and restrict access via IAM.
• Deploy API Gateway + Verification Lambda to respond within 3s.
• Set up SQS FIFO queue with dedupe and appropriate visibility timeout.
• Implement SQS Integration Lambda to post “Processing…” replies and enqueue messages.
• Run Agent Integration Lambda to call AgentCore runtime and post final thread responses.
• Build container images via CodeBuild → ECR; set up CDK stacks and deploy script.
• Instrument observability (logs, traces, metrics) and alerting before pilot users onboard.
• Create a data governance policy for AgentCore Memory retention and PII handling.

Sample message flow (simplified)

Slack message → verified → SQS payload → AgentCore input → tool calls → Slack thread update.

Slack message: {“text”:”@agent summarize Acme”,”user”:”U123″,”thread_ts”:”1680000000.000200″}
SQS payload: {“session_id”:”1680000000.000200″,”actor_id”:”U123″,”text”:”summarize Acme”,”source”:”slack”}
AgentCore input: {session_id, actor_id, memory:[], tools:[crm_lookup], model:NovaPro}
AgentCore output: {“text”:”Acme Corp — last contact: 2026‑02‑12. See CRM link.”,”actions”:[…]}

Observability & SLOs

Recommended metrics and logs to surface before widening the pilot:

• End‑to‑end latency (Slack webhook → final Slack thread update)
• SQS queue depth and age (visibility of backlog)
• Lambda execution duration and error rate
• Model inference time and tool invocation error rate
• Correlation IDs logged across Verification Lambda → SQS → Agent Lambda → runtime so you can trace a request.

Suggested alarms: queue depth above threshold, Lambda error rate spike, model latency above SLA. Correlate traces using a unique request_id stored in SQS message attributes.

Cost estimation approach (formula + example)

Use a simple cost formula and substitute your numbers:

Estimated monthly cost ≈ (#requests/mo) × (avg model runtime in seconds × model cost/sec) + Lambda compute + SQS costs + ECR/CodeBuild amortized.

Example (hypothetical numbers for planning purposes):

• #requests/mo = 10,000
• avg model runtime = 6 seconds
• assumed model cost/sec (example) = $0.015

Model cost = 10,000 × 6 × $0.015 = $900 (example). Add Lambda compute (e.g., a few hundred dollars depending on duration), SQS (<$50), and image build amortization. This is illustrative—use vendor pricing and runtime data from your pilot to refine.

Security & data governance checklist

• Secrets Manager for tokens and signing secrets; rotate keys on schedule.
• Least‑privilege IAM for Lambdas, ECR, and AgentCore runtime (limit SigV4 signing permissions to necessary tool endpoints).
• Encrypt AgentCore Memory at rest; define retention windows and PII scrubbing rules.
• Audit logs for tool calls and model usage; capture who initiated each session (actor_id) for traceability.
• Plan how to revoke access and purge memory quickly if a compromise occurs.

Common pitfalls & troubleshooting

• Webhook timeouts: Failing to immediately acknowledge Slack requests will cause retries and possible duplicate processing—always quick‑reply in Verification Lambda.
• Thread mapping edge cases: If users reply outside the thread or edit messages, ensure your SQS Integration Lambda normalizes session_id consistently.
• Duplicate messages: Use SQS FIFO dedupe and idempotency checks in Agent Integration Lambda.
• Cold starts: Long Lambda cold starts can add latency; keep verification Lambda light and tune provisioned concurrency if needed.
• Model cost surprises: Instrument model runtime and track cost per invocation early in the pilot.

Pilot plan & KPIs (2–4 week plan)

• Week 0: Deploy sample repo, configure Slack app and Secrets Manager, and set up observability dashboards.
• Week 1: Internal alpha — 5–10 users, low‑risk tasks (weather, FAQ). Measure median time‑to‑first‑response and error rate.
• Week 2–3: Broaden to 20–50 users, swap in a domain tool (CRM lookup). Measure adoption (DAU), ticket deflection, and cost per query.
• Success metrics: median time‑to‑first‑response < 10s for quick answers, >25% usage uptake among pilot users, and model cost within approved budget.

“Thread timestamps are used as natural session identifiers so each Slack thread becomes an isolated memory session.”

Why reuse matters for business

The Slack integration is durable: keep verification, SQS async pipeline, and thread→session mapping, and swap the runtime tools for different domains. That lets product teams iterate on domain logic (CRM, HR workflows, incident response) without modifying the messaging layer, accelerating time‑to‑value and lowering maintenance.

Where to get the sample and docs

• Sample repo and deployment scripts: github.com/aws-samples/sample-Integrating-Amazon-Bedrock-AgentCore-with-Slack
• Amazon Bedrock overview: aws.amazon.com/bedrock/

Quick glossary

• AgentCore: runtime that manages agent planning, memory, and tool orchestration (runs models and coordinates tools).
• Strands Agents SDK: open SDK used in the runtime to compose agents, tools, and memory.
• Model Context Protocol (MCP): protocol for structured, streaming tool calls between the model and tool endpoints.
• AWS SigV4: AWS request signing used to authenticate and authorize tool calls securely.
• Nova Pro: example Amazon Bedrock model used in the sample runtime for reasoning and tool selection.

Next practical step

Deploy the sample GitHub repo, run the weather/FAQ pilot, instrument the metrics above, and iterate on security and identity flows before enlarging scope. Embedding agents in Slack reduces friction for users and keeps contextual memory where decisions are being made — that’s where most of the business value shows up.