Skip to main content
Agents running on Amazon Bedrock AgentCore Runtime emit OpenTelemetry telemetry through a managed pipeline that, by default, delivers to Amazon CloudWatch. To send that telemetry to Bronto you disable the managed pipeline and export OTLP to Bronto — either directly from the runtime or through an OTel Collector. Unlike log-only AWS services, there is no CloudWatch log group or Firehose stream to point at Bronto for the rich agent signal. The nested GenAI traces — model calls, token usage, tool calls, and prompt/response content — are produced by the agent framework’s instrumentation running inside the runtime.

Two requirements

1

Instrument your agent and disable the managed pipeline

Configure the OpenTelemetry SDK inside your agent and take AWS’s managed observability out of the way (agentcore configure --disable-otel plus DISABLE_ADOT_OBSERVABILITY=true at runtime), so your own exporters own the signal. For the full setup — the trace/metric/log providers, GenAI attributes, and making prompt/response content searchable — see Amazon Bedrock AgentCore observability with OpenTelemetry.
2

Export OTLP to Bronto

The instrumented runtime exports OTLP to an OTel Collector, which holds the Bronto credential and forwards each signal to Bronto. Where you don’t operate a Collector, the runtime can export straight to Bronto with the credential in the request header.
ADOT — the AWS Distro for OpenTelemetry Collector — receives OTLP from your agent and forwards logs, metrics and traces to Bronto over OTLP/HTTP. The Collector holds the Bronto credential so it never lives in the runtime config, and it keeps routing consistent via service.name / service.namespace (see Data Organization). It is also where you add processors, sampling, or fan-out to multiple backends; the Self-Managed OTel Collector is the same pattern for full-control deployments. Point the agent’s OTLP exporters at the Collector (OTEL_EXPORTER_OTLP_ENDPOINT) rather than at Bronto directly. AgentCore’s managed public network mode requires an internet-reachable endpoint; a proven pattern is ADOT on ECS Fargate behind a public HTTPS ALB. Use the Collector health endpoint (port 13133) for the ALB health check, not the OTLP receiver on 4318. See Amazon Bedrock AgentCore observability with OpenTelemetry for the SDK bootstrap and environment variables.
The fully-managed AgentCore Runtime does not host a Collector sidecar and cannot reach a private VPC-only Collector in its public network mode. Expose the Collector securely over HTTPS, or use direct export below.

LLM observability for AgentCore

For the agent-specific signal — nested agent-loop traces, per-model token usage, tool calls, and prompt/response content following the OpenTelemetry GenAI semantic conventions — see Amazon Bedrock AgentCore observability under AI assisted observability.

Alternatives

  • Direct OTLP export from the runtime — for the fully-managed runtime with no Collector to hand, or for short-lived jobs, export OTLP straight to Bronto: set OTEL_EXPORTER_OTLP_ENDPOINT to the Bronto ingestion base and inject the x-bronto-api-key header, sourced from AWS Secrets Manager at startup. No Collector, VPC, NAT, or sidecar is required — the agent’s telemetry ships at full fidelity straight from the runtime.
  • Keep the managed CloudWatch pipeline — if you leave AgentCore’s default observability enabled, its telemetry lands in CloudWatch; you can then forward those log groups with the CloudWatch Log Forwarder. This is a fallback: it does not preserve the nested trace fidelity that exporting OTLP to Bronto gives you.
See Ingesting AWS Data into Bronto for the full service-to-method mapping.

References