Solving WebRTC NAT traversal for LiveKit agents in serverless microVMs (AgentCore Runtime)

Sundar_Raghavan · March 4, 2026, 1:36pm

Hey everyone,

We validated that LiveKit agents run on **Amazon Bedrock AgentCore Runtime** — AWS’s serverless container hosting for AI agents — and put together a deployment example following the existing patterns in `livekit-examples/agent-deployment` - Add Amazon Bedrock AgentCore Runtime deployment example by sundargthb · Pull Request #21 · livekit-examples/agent-deployment · GitHub

## What is it

AgentCore Runtime is a managed container runtime on AWS. You push an ARM64 Docker image, create a runtime, and it handles scaling (including to zero), session isolation, and CloudWatch observability. Your LiveKit agent code doesn’t change at all — it just runs inside an AgentCore container instead of Kubernetes, Render, or LiveKit Cloud.

## How it works

```

AgentCore Runtime (VPC, private subnets)

└── Agent Container (ARM64)

    └── livekit-agents (start mode)

          └── TURN server (KVS Managed or third-party)

                └── LiveKit Cloud / self-hosted server

```

The agent joins LiveKit rooms as a normal WebRTC participant. No bridge, no adapter. The only setup specific to AgentCore is networking: VPC mode with a NAT Gateway for UDP egress, and a TURN server for NAT traversal.

## TURN options

Two approaches work, both included in the example:

- **KVS Managed TURN** (AWS-native): Uses the `GetIceServerConfig` API from Amazon Kinesis Video Streams. Auto-rotating credentials, no third-party dependency. Tradeoff: requires a KVS signaling channel and has a 5 TPS rate limit per channel, so high-volume deployments need a pooling strategy.

- **Third-party TURN** (Cloudflare, Twilio, metered.ca): Simple env-var config, predictable pricing at scale.

## Example code

PR submitted to [`livekit-examples/agent-deployment`]( Add Amazon Bedrock AgentCore Runtime deployment example by sundargthb · Pull Request #21 · livekit-examples/agent-deployment · GitHub ) adding an `bedrock-agentcore/` folder with:

- `agent.py` — standard LiveKit agent with TURN configuration (both KVS and static)

- `kvs_turn.py` — KVS Managed TURN helper module

- `Dockerfile` — ARM64 container

- `deploy.py` — boto3 deployment script

- Full README with VPC setup, IAM, TURN options, build/push/deploy steps

Follows the same structure as the existing `aws-ecs/`, `kubernetes/`, and `render/` folders, with one difference: this example includes agent-side code (`agent.py`, `kvs_turn.py`) because AgentCore runs agents in microVMs inside a VPC, which requires TURN configuration for WebRTC NAT traversal. ECS and Kubernetes don’t need this because the agent has direct network access. It also has an ARM64 Dockerfile since AgentCore requires `linux/arm64`.

## Docs placement suggestions

Also opened a GitHub issue requesting two small docs updates to link to the example:

1. **[Self-hosted deployments page](https://docs.livekit.io/deploy/custom/deployments.md)** → Add “Amazon Bedrock AgentCore Runtime” as a new entry in the **“Where to deploy”** bullet list, right after Render and before “More deployment examples.” Same format as Kubernetes and Render: linked name + one-line description + link to the `bedrock-agentcore/` example folder.

2. **[AWS integration page](https://docs.livekit.io/agents/integrations/aws.md)** → Add a **“Deploying to AWS”** section at the bottom (after “AWS plugin documentation”) with a brief note that AgentCore Runtime is available for hosting and a link to the deployment guide. This connects the AI services page to the deployment option for AWS-focused developers.

## Why this complements LiveKit

- No SDK changes — agent code is portable across deployment targets

- Works alongside the existing AWS plugin (Bedrock, Polly, Transcribe, Nova Sonic)

- Serverless scaling (including to zero) and session isolation

- Fills a gap for AWS-centric teams who want managed infrastructure without Kubernetes

- Community example that follows existing repo patterns — minimal maintenance for the LiveKit team

Would love to hear from anyone else running LiveKit agents on AWS, or if there are questions about the VPC/TURN setup. Happy to iterate on the PR based on feedback.

**Links:**

- [PR to agent-deployment repo]( GitHub - livekit-examples/agent-deployment · GitHub ) (bedrock-agentcore/ folder)

- [GitHub issue for docs updates]( GitHub · Where software is built ) (specific placement details)

- [AgentCore Runtime docs]( Overview - Amazon Bedrock AgentCore )

- [AgentCore VPC configuration]( Configure Amazon Bedrock AgentCore Runtime and tools for VPC - Amazon Bedrock AgentCore )

Topic		Replies	Views
Best Platform To Self Host Self Hosting agent-deployment	2	109	March 19, 2026
Livekit with ECS Fargate Self Hosting	5	88	February 13, 2026
Cloud-deployed agent never connects Agents agent-deployment	4	83	March 8, 2026
Livekit Agent Dispatch issue, hosted on livekit cloud Agents agent-development , other , livekit-cloud	3	31	April 9, 2026
Migrating from self hosted livekit-agent to livekit cloud Agents python , agent-deployment	3	53	March 10, 2026

Solving WebRTC NAT traversal for LiveKit agents in serverless microVMs (AgentCore Runtime)

Related topics