rvennam

Configure Route to Remote A2A Agent

Pre-requisites

This lab assumes that you have completed the setup in 001 and 002

Lab Objectives

• Deploy a mock A2A agent and expose it as a remote service
• Route to the remote A2A agent through AgentGateway
• Validate A2A connectivity through the gateway
• Observe A2A traffic in access logs

rvennam

Solo Enterprise for Agentgateway - Feature List

A comprehensive list of functional features available in Solo Enterprise for Agentgateway, categorized by LLM and MCP capabilities.

---

LLM Features

Multi-Provider Routing

• Route to OpenAI

rvennam

{
  "policies": [
    {
      "key": "backend/enterprise-agentgateway/aliases-policy:ai:enterprise-agentgateway/openai",
      "name": {
        "kind": "AgentgatewayPolicy",
        "name": "aliases-policy",
        "namespace": "enterprise-agentgateway"
      },
      "target": {

rvennam

{
  "workloads": [
    {
      "workloadIps": [
        "10.20.0.28"
      ],
      "protocol": "TCP",
      "networkMode": "Standard",
      "uid": "//Pod/agentcore/agentcore-a2a-proxy-546cfdb7f9-t2tzf",
      "name": "agentcore-a2a-proxy-546cfdb7f9-t2tzf",

rvennam

{
  "policies": [
    {
      "key": "traffic/jwt-test/jwt-transform:jwt:jwt-test/jwt-route",
      "name": {
        "kind": "AgentgatewayPolicy",
        "name": "jwt-transform",
        "namespace": "jwt-test"
      },
      "target": {

rvennam

{
  "workloads": [
    {
      "workloadIps": [
        "10.20.0.28"
      ],
      "protocol": "TCP",
      "networkMode": "Standard",
      "uid": "//Pod/agentcore/agentcore-a2a-proxy-546cfdb7f9-t2tzf",
      "name": "agentcore-a2a-proxy-546cfdb7f9-t2tzf",

rvennam

Workshop: Invoking AWS AgentCore Agents Through Solo Agent Gateway (A2A) — EKS with IRSA

Overview

In this workshop you will:

1. Configure IRSA (IAM Roles for Service Accounts) so the A2A proxy can call AgentCore without static AWS credentials
2. Deploy a thin A2A proxy that wraps an AWS Bedrock AgentCore runtime agent
3. Route traffic to it through Solo Agent Gateway using the A2A protocol
4. Apply enterprise policies (JWT auth, rate limiting) via EnterpriseAgentgatewayPolicy

rvennam

Workshop: Routing to AWS AgentCore Agents Through Solo Agent Gateway

Overview

Route requests to an AWS Bedrock AgentCore agent through Solo Agent Gateway — no proxy, no custom code, no AWS SDK. The gateway handles authentication to AgentCore using a Cognito JWT stored in a Kubernetes Secret, so clients don't need any AWS credentials or tokens.

  your auth (optional)          Cognito JWT (from K8s Secret)
  API key, OAuth, none          backend.auth.secretRef
        │                              │

rvennam

Workshop: Routing to AWS AgentCore Agents Through Solo Agent Gateway

Overview

Route requests to an AWS Bedrock AgentCore agent through Solo Agent Gateway — no proxy, no custom code, no AWS SDK. AgentCore validates JWTs issued by an Amazon Cognito User Pool, and Agent Gateway forwards them directly.

┌──────────┐      ┌──────────────────┐      ┌─────────────────────┐
│          │      │                  │      │                     │
│ Client ├─JWT─▶│ Agent Gateway ├─────▶│ AWS Bedrock │

rvennam

Workshop: Routing to AWS AgentCore Agents Through Solo Agent Gateway

Overview

In this workshop you will route requests to an AWS Bedrock AgentCore agent through Solo Agent Gateway — with no proxy, no custom code, and no AWS SDK. AgentCore's JWT authentication lets the gateway forward requests directly, using standard Kubernetes Gateway API resources.

                                    HTTPS + Bearer JWT
┌──────────┐      ┌──────────────────┐      ┌─────────────────────┐
│ │ │ │ │ │