Building a Market Research Agent with Brave Search MCP and AWS Bedrock AgentCore

Market research is one of the most time-intensive tasks in any product or strategy workflow. Analysts spend hours manually querying search engines, synthesizing results, and formatting reports — work that is repetitive, structured, and well-suited for automation. The Brave Search MCP server, deployed as an AgentCore runtime, reduces what would have been a custom integration project to a single runtime Amazon Resource Name (ARN). Your agent calls it like any other AWS service — authenticated through IAM, with no API keys to manage in your application code — and gets back structured, sourced search results it can immediately reason over. What stands out most about this architecture is how little code it actually takes to give an AgentCore agent access to the live web.

In this post, we show you how to build a production-ready market research agent that uses the Brave Search API through the Brave MCP Server deployment on AWS Bedrock AgentCore to conduct multi-angle web research automatically. By the end of this tutorial, you will have a working agent that:

• Accepts any research topic as input
• Runs searches across multiple angles (market size, key players, challenges and opportunities), and returns a structured JSON report with sources
• Authenticates entirely through AWS IAM — no API keys in your agent code

Solution Overview

The architecture follows a secure, modular pattern with two independently deployed components: a Brave Search MCP runtime that manages the Brave Search API key and handles all search requests, and a market research agent that calls the MCP runtime using IAM-authenticated API calls.

          ┌──────────────────────────────────────────────────┐
          │               Market Research Agent              │
          │  (Python code running on AWS Bedrock AgentCore)  │
          └────────────────┬─────────────────────────────────┘
                           │ IAM-authenticated API calls
                           ▼
          ┌──────────────────────────────────────────────────┐
          │              Brave Search MCP Runtime             │
          │  (Stores Brave API key, handles search requests)  │
          └────────────────┬─────────────────────────────────┘
                           │ HTTPS API calls with API key
                           ▼
                   ┌────────────────┐
                   │  Brave Search  │
                   │       API      │
                   └────────────────┘

Key security design: The Brave Search API key lives only in the Brave MCP Server runtime — not in your agent code. Your agent authenticates using AWS IAM, keeping credentials centralized and auditable. Rotating the Brave Search API key requires updating only the MCP runtime; the agent code is unaffected.

Solution Guidance

This solution uses the following AWS services and third-party components.

• AWS Bedrock AgentCore — Managed runtime for deploying and invoking AI agents and MCP servers as containerized workloads
• AWS Identity and Access Management (IAM) — Handles authentication for agent-to-runtime API calls without embedding credentials in code
• Amazon Elastic Container Registry (ECR) — Stores the container images for both the MCP runtime and the agent
• Amazon CloudWatch — Provides logs, metrics, and the GenAI Observability dashboard for monitoring agent execution
• Brave Search API — External web search API that powers the research queries
• Model Context Protocol (MCP) — Open protocol for connecting AI agents to external tools and data sources

Prerequisites

Before starting, ensure you have the following:

1. An AWS account with permissions to create IAM roles, ECR repositories, and Bedrock AgentCore runtimes
2. AWS CLI installed and configured (aws configure)
3. Python 3.9+ installed
4. A Brave Search API key — Get one free at https://brave.com/search/api/
5. Git for cloning the repository

Verify your environment before proceeding:

python3 --version
aws --version
aws sts get-caller-identity

Part 1: Deploy the Brave Search MCP Runtime

The Brave Search MCP Server is available directly from AWS Marketplace, which means you can subscribe, configure, and deploy it to AgentCore without writing any server code yourself. The following steps walk through the full process.

Step 1.1: Subscribe to the Brave Search MCP Server on AWS Marketplace

Navigate to AWS Marketplace and search for Brave Search MCP Server. The product page describes it as the #1 solution for connecting LLMs to the web, delivered as a container image and sold directly by Brave. It is categorized under Research, Software Development, and Data Analysis — a good signal that it is purpose-built for exactly this kind of agent use case.

Click View purchase options and complete the subscription flow. Once your subscription is confirmed, you will see a banner indicating your active agreement along with the option to launch your software.

You can review and manage your active subscription at any time from the Manage subscriptions page in AWS Marketplace. This view shows your agreement status, service start date, and the product ID for the Brave Search MCP Server container image.

Before proceeding to deployment, click Usage instructions from the agreement actions menu. This modal shows the current release version, a description of the REST API proxy the server exposes, key features, and the pricing model — $5 CPM ($0.005 per request) with a maximum rate of 50 requests per second and unlimited volume. The Brave Search API offers $5 in free credits each month, which can power trials and small-scale projects. A user-defined limit can be configured in the Brave Search API dashboard to prevent usage from exceeding the $5 in free credits each month, thus making the account effectively "free."

Step 1.2: Launch on Amazon Bedrock AgentCore

From the agreement summary page, click Launch software to open the deployment configuration. On the launch page, you will see several deployment targets. Select Amazon Bedrock AgentCore as your service and Amazon Bedrock AgentCore console as your launch method. The container image version will be pre-populated from your subscription — confirm it shows the latest stable release before proceeding. This will create a runtime on AgentCore that you will be able to use within your agent to perform searches.

Step 1.3: Configure Environment Variables

In the AgentCore runtime configuration, you will see a set of environment variables pre-populated with sensible defaults. The only required field you need to fill in is BRAVE_API_KEY — enter your Brave Search API key here. The remaining defaults (transport: http, port: 8000, host: 0.0.0.0, log level: info, stateless: true) are appropriate for production use and do not need to be changed for this tutorial.

Security note: Your Brave Search API key is stored securely within the AgentCore runtime environment. It never appears in your agent code, your deployment configuration, or version control. This is the core security advantage of the MCP pattern — credentials stay in the runtime, not in the application.

Step 1.4: Configure the Container Image and IAM Role

In the agent source section, select ECR Container as the source type. The image URI is automatically populated from your Marketplace subscription — it points to the Brave-published container image in ECR. For IAM permissions, select Create and use a new service role to let AgentCore provision the appropriate execution role automatically.

Click Host agent/tool to begin deployment.

Step 1.5: Copy the Runtime ARN

Deployment typically completes within a few minutes. Once the status shows Ready, you will see the full runtime details including the runtime ARN and runtime ID. Copy the runtime ARN — you will need it in Part 2 to configure your market research agent.

The ARN will follow this format:

arn:aws:bedrock-agentcore:us-east-1:123456789012:runtime/brave_search_mcp-name

Part 2: Deploy the Market Research Agent

With the Brave Search MCP runtime deployed, you can now deploy the agent that calls it.

Step 2.1: Clone the Repository

git clone https://github.com/aws-samples/sample-brave-demos.git
cd sample-brave-demos/BraveSearchMCPAgent

Step 2.2: Review the Agent Code

The agent in agent.py conducts research from three angles for any given topic. A few design points worth noting before running the setup:

• The agent uses Boto3 to call the MCP runtime — no Brave Search API key appears anywhere in the agent code
• Authentication is handled entirely through the IAM role attached to the agent runtime
• Three research angles run sequentially, covering market size, key players, and future outlook

Step 2.3: Run the Automated Setup Script

The repository includes a setup script that handles virtual environment creation, IAM policy configuration, ECR repository setup, and deployment in a single pass:

chmod +x setup.sh
./setup.sh

The script completes the following steps automatically:

1. ✅ Creates a Python virtual environment
2. ✅ Installs the AWS Bedrock AgentCore SDK
3. ✅ Configures the agent with your MCP ARN
4. ✅ Generates the deployment configuration
5. ✅ Creates an ECR repository for the container image
6. ✅ Builds and deploys the agent to AWS
7. ✅ Configures IAM permissions

Step 2.4: IAM Security Model

The setup script creates an IAM policy that grants the agent permission to invoke the specific MCP runtime — and nothing else:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "bedrock-agentcore:InvokeAgentRuntime",
      "Resource": [
        "arn:aws:bedrock-agentcore:us-east-1:123456789:runtime/brave_search_mcp-ABCD",
        "arn:aws:bedrock-agentcore:us-east-1:123456789:runtime/brave_search_mcp-ABCD/*"
      ]
    }
  ]
}

This policy follows the principle of least privilege: the agent can invoke one specific runtime, and nothing more. The two resource ARN patterns — the base ARN and the wildcard suffix — are both required; omitting either will result in an AccessDenied error at invocation time.

Part 3: Test Your Market Research Agent

Step 3.1: Invoke the Agent

Run a test query against the deployed agent:

./venv/bin/agentcore invoke --agent marketresearch '{"prompt": "quantum computing market"}'

Step 3.2: Review the Results

The agent returns a structured JSON report organized by research angle:

{
  "status": "success",
  "report": {
    "topic": "quantum computing market",
    "research_date": "2026-03-02",
    "findings": {
      "market size trends 2024 2025": [
        {
          "title": "Quantum Computing Market Size | Industry Report, 2030",
          "url": "https://www.grandviewresearch.com/...",
          "description": "Market size was estimated at $1.42 billion in 2024..."
        }
      ],
      "key players companies leaders": [
        {
          "title": "Quantum Computing Companies in 2026",
          "url": "https://thequantuminsider.com/...",
          "description": "IBM, Google, and Microsoft lead the market..."
        }
      ],
      "challenges opportunities future": [
        {
          "title": "The Rise of Quantum Computing",
          "url": "https://www.mckinsey.com/...",
          "description": "Businesses must prepare for enormous opportunities..."
        }
      ]
    }
  }
}

Step 3.3: Try Additional Research Topics

# AI chip market
./venv/bin/agentcore invoke --agent marketresearch '{"prompt": "AI chip market"}'

# Cloud computing trends
./venv/bin/agentcore invoke --agent marketresearch '{"prompt": "cloud computing trends"}'

# Electric vehicle market
./venv/bin/agentcore invoke --agent marketresearch '{"prompt": "electric vehicle market"}'

Part 4: Monitor and Manage Your Agent

Step 4.1: View CloudWatch Logs

Stream agent execution logs in real time:

aws logs tail /aws/bedrock-agentcore/runtimes/marketresearch-* --follow

Step 4.2: GenAI Observability Dashboard

AWS Bedrock AgentCore integrates with CloudWatch's GenAI Observability dashboard, which provides visibility into request volume and latency, success and error rates, token usage, and cost tracking. To access it, open the AWS Management Console and navigate to CloudWatch → GenAI Observability → Agent Core.

Step 4.3: Update the Agent

To deploy code changes without manual conflict resolution:

./venv/bin/agentcore deploy --agent marketresearch --auto-update-on-conflict

Part 5: Clean Up Resources

To avoid ongoing charges with AWS usage, remove all resources when you are done testing. The cleanup script removes the AgentCore runtime, IAM policies created during setup, the ECR repository and container images, and local configuration files.

Step 5.1: Remove the Market Research Agent

./cleanup.sh

Step 5.2: Remove the Brave MCP Runtime

Navigate to the Amazon Bedrock AgentCore console, select the brave_search_mcp runtime, and choose Delete. Optionally, cancel your Brave Search MCP Server subscription from the AWS Marketplace subscriptions page if you no longer need it.

Conclusion

Once the Brave Search MCP runtime is deployed, your agent calls it the same way it would call any other AWS service — a standard Boto3 invocation, authenticated through IAM, with no API keys to manage in your application code. The MCP layer handles all the complexity of credential storage, request formatting, and API communication, leaving your agent free to focus entirely on research logic.

The result is an agent that can answer questions about any market, industry, or technology topic in seconds — pulling fresh, sourced data from across the web and returning it in a structured format your downstream systems can immediately consume. What would have required a custom integration, a secrets-management strategy, and significant boilerplate code is reduced to a single runtime ARN and a few lines of Python.

This is the practical value of MCP on AgentCore: it turns external APIs into first-class tools for your agents, with the same security model and operational simplicity you already rely on across AWS. Brave Search is one example, but the same pattern applies to any MCP-compatible data source you want to bring into your agent workflows.