aws-ia
diff --git a/‎.header.md‎
Lines changed: 165 additions & 11 deletions b/‎.header.md‎
Lines changed: 165 additions & 11 deletions
@@ -43,7 +43,7 @@ This module simplifies the process of:
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Enable Agent Core Runtime
   create_runtime = true
@@ -68,7 +68,7 @@ module "agentcore" {
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Enable Agent Core Runtime
   create_runtime = true
@@ -94,7 +94,7 @@ module "agentcore" {
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Enable Agent Core Runtime with custom IAM role
   create_runtime = true
@@ -115,7 +115,7 @@ Create and configure an MCP gateway:
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Enable Agent Core Gateway
   create_gateway = true
@@ -157,7 +157,7 @@ The module can automatically create a Cognito User Pool to handle JWT authentica
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Enable Agent Core Gateway
   create_gateway = true
@@ -195,7 +195,7 @@ Below you can find how to configure a simple short-term memory (STM) with no lon
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Create a basic memory with default settings, no LTM strategies
   create_memory = true
@@ -216,7 +216,7 @@ resource "aws_kms_key" "memory_encryption_key" {
 
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Create memory with custom encryption
   create_memory = true
@@ -257,7 +257,7 @@ Captures individual preferences, interaction patterns, and personalized settings
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Create memory with built-in strategies
   create_memory = true
@@ -345,7 +345,7 @@ You can customize the namespace (where the memories are stored) by configuring t
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Enable Agent Core Memory
   create_memory = true
@@ -449,7 +449,7 @@ The Browser construct supports the following network modes:
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Enable Agent Core Browser Custom
   create_browser = true
@@ -477,6 +477,160 @@ module "agentcore" {
 }
 ```
 
+### AgentCore Gateway Target
+
+The Amazon Bedrock AgentCore Gateway Target enables you to define the endpoints and configurations that a gateway can invoke, such as Lambda functions or MCP servers. Gateway targets allow agents to interact with external services through the Model Context Protocol (MCP).
+
+```hcl
+module "agentcore" {
+  source  = "aws-ia/agentcore/aws"
+  version = "0.0.3"
+
+  # First, create a gateway
+  create_gateway = true
+  gateway_name = "MyGateway"
+
+  # Then create a gateway target for Lambda
+  create_gateway_target = true
+  gateway_target_name = "MyLambdaTarget"
+  gateway_target_description = "Lambda function target for processing requests"
+
+  # Use the gateway's IAM role for authentication
+  gateway_target_credential_provider_type = "GATEWAY_IAM_ROLE"
+
+  # Configure the Lambda target
+  gateway_target_type = "LAMBDA"
+  gateway_target_lambda_config = {
+    lambda_arn = "arn:aws:lambda:us-east-1:123456789012:function:my-function"
+    tool_schema_type = "INLINE"
+    inline_schema = {
+      name        = "process_request"
+      description = "Process incoming requests"
+
+      input_schema = {
+        type        = "object"
+        description = "Request processing schema"
+        properties = [
+          {
+            name        = "message"
+            type        = "string"
+            description = "Message to process"
+            required    = true
+          },
+          {
+            name = "options"
+            type = "object"
+            nested_properties = [
+              {
+                name = "priority"
+                type = "string"
+              }
+            ]
+          }
+        ]
+      }
+
+      output_schema = {
+        type = "object"
+        properties = [
+          {
+            name     = "status"
+            type     = "string"
+            required = true
+          },
+          {
+            name = "result"
+            type = "string"
+          }
+        ]
+      }
+    }
+  }
+}
+```
+
+#### Gateway Target with API Key Authentication
+
+```hcl
+module "agentcore" {
+  source  = "aws-ia/agentcore/aws"
+  version = "0.0.3"
+
+  # Create a gateway target with API Key authentication
+  create_gateway_target = true
+  gateway_target_name = "ApiKeyTarget"
+  gateway_target_gateway_id = "your-gateway-id" # If using existing gateway
+
+  gateway_target_credential_provider_type = "API_KEY"
+  gateway_target_api_key_config = {
+    provider_arn = "arn:aws:iam::123456789012:oidc-provider/example.com"
+    credential_location = "HEADER"
+    credential_parameter_name = "X-API-Key"
+    credential_prefix = "Bearer"
+  }
+
+  # Configure Lambda target
+  gateway_target_type = "LAMBDA"
+  gateway_target_lambda_config = {
+    lambda_arn = "arn:aws:lambda:us-east-1:123456789012:function:api-function"
+    tool_schema_type = "INLINE"
+    inline_schema = {
+      name        = "api_tool"
+      description = "External API integration tool"
+
+      input_schema = {
+        type = "string"
+        description = "Simple string input for API calls"
+      }
+    }
+  }
+}
+```
+
+#### Gateway Target with MCP Server
+
+```hcl
+module "agentcore" {
+  source  = "aws-ia/agentcore/aws"
+  version = "0.0.3"
+
+  # Create a gateway target for an MCP server
+  create_gateway_target = true
+  gateway_target_name = "MCPServerTarget"
+
+  # Configure MCP Server target
+  gateway_target_type = "MCP_SERVER"
+  gateway_target_mcp_server_config = {
+    endpoint = "https://mcp-server.example.com"
+  }
+}
+```
+
+### AgentCore Workload Identity
+
+The Amazon Bedrock AgentCore Workload Identity enables you to manage identity configurations for resources such as AgentCore runtime and AgentCore gateway. Workload identities provide secure access management and OAuth2 integration capabilities for your Bedrock AI applications.
+
+```hcl
+module "agentcore" {
+  source  = "aws-ia/agentcore/aws"
+  version = "0.0.3"
+
+  # Enable Workload Identity
+  create_workload_identity = true
+  workload_identity_name = "MyWorkloadIdentity"
+  workload_identity_allowed_resource_oauth_2_return_urls = [
+    "https://example.com/oauth2/callback",
+    "https://api.example.com/auth/callback"
+  ]
+
+  # Optional: Add tags
+  workload_identity_tags = {
+    Environment = "production"
+    Project     = "ai-assistants"
+  }
+}
+```
+
 ### AgentCore Code Interpreter Custom
 
 The Amazon Bedrock AgentCore Code Interpreter enables AI agents to write and execute code securely in sandbox environments, enhancing their accuracy and expanding their ability to solve complex end-to-end tasks. This is critical in Agentic AI applications where the agents may execute arbitrary code that can lead to data compromise or security risks. The AgentCore Code Interpreter tool provides secure code execution, which helps you avoid running into these issues.
@@ -507,7 +661,7 @@ The Code Interpreter construct supports the following network modes:
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.2"
+  version = "0.0.3"
 
   # Enable Agent Core Code Interpreter Custom
   create_code_interpreter = true