iSharkFly-Docs/amazon-bedrock-agentcore-samples
1
0
Fork 0
mirror of synced 2026-05-22 14:43:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
558 Commits 114 Branches 0 Tags
main
Commit Graph

6 Commits

Author SHA1 Message Date
Bharathi Srinivasan e746bf7764 Features folder revamp (#1540) 
adding scripts for agentcore features; jupyter notebooks moved to workshops; reorganising folders
 2026-05-20 18:35:16 -07:00
Jerad 8bb4db3009 feat(cdk): reorganize CDK samples into python/ and typescript/ folders and add TypeScript CDK sample (#923) 
* feat(cdk): reorganize CDK samples into python/ and typescript/ folders

- Move existing Python CDK samples to cdk/python/
- Add TypeScript CDK samples folder with knowledge-base-rag-agent
- Update cdk/README.md with language comparison table
- Update parent README with new paths and TypeScript mention
- Add cdk/python/README.md for Python-specific guidance

🤖 Assisted by Amazon Q Developer

* docs: add Jerad Engebreth to CONTRIBUTORS.md

🤖 Assisted by Amazon Q Developer

* fix(cdk/typescript): document known vulnerabilities and fix npm workspaces build

- Add Known Dependency Vulnerabilities section to README documenting
  upstream issues in aws-amplify (fast-xml-parser, lodash)
- Add build/test scripts to Lambda layer package.json to fix npm
  workspaces build command

🤖 Assisted by Amazon Q Developer

* fix(security): add HEALTHCHECK and non-root USER to Dockerfile

- Add HEALTHCHECK instruction for container orchestration
- Create non-root appuser for security best practices
- Addresses CKV_DOCKER_2, CKV_DOCKER_3 security findings

* fix(security): address CodeQL findings for insecure randomness and HTML sanitization

- Replace Math.random() with crypto.randomBytes() for session ID generation
- Use iterative sanitization loop to handle nested/obfuscated HTML tags
- Addresses CodeQL insecure randomness and incomplete sanitization findings

* fix(security): improve HTML sanitization to address CodeQL findings

- Handle closing tags with spaces like </script >
- Add data: and vbscript: URL scheme blocking
- Use tag-based approach instead of content-matching regex
- Add more dangerous tags (form, input, button, etc.)

* remove unused import

* fix(lint): fix import ordering and remove extra blank lines

- Sort imports alphabetically (logging before os)
- Remove extra blank line in knowledge_base.py
- Consistent import grouping (stdlib, then third-party)

* fix(security): use HTML entity encoding instead of regex-based sanitization

- Replace regex-based tag stripping with HTML entity encoding
- Encode all special characters (&, <, >, ", ', /, `, =)
- This approach is CodeQL-compliant and more secure
- Regex-based HTML filtering is inherently flawed

* fix(lint): add __all__ to fix F401 unused import warnings

- Add __all__ exports to infra_utils/__init__.py files
- Explicitly declares AgentCoreRole as public API

* style: apply ruff formatting to all Python files in 04-infrastructure-as-code

- Format 32 Python files with ruff
- Includes CDK Python samples, Terraform samples, and TypeScript agent code

* refactor: rename project from bedrock-agentcore-template to knowledge-base-rag-agent

- Update package.json names for root and infrastructure packages
- Update README and docs with new project name and paths
- Update CloudWatch, SNS, KMS, and Cognito resource names
- Regenerate package-lock.json with new package names

* refactor: complete project rename to knowledge-base-rag-agent

- Update README title and all documentation headers
- Update TypeScript stack descriptions and resource names
- Update Python agent module docstrings
- Update Dockerfile header comment
- Update Lambda function package description
- Rename runtime to knowledge_base_rag_agent
- Rename memory to knowledge_base_rag_agent_memory
- Rename API to Knowledge Base RAG Agent API
- Update Secrets Manager secret name

* fix: correct Docker references and fix Lambda bundling

- Update README and docs to clarify Docker is for AgentCore Runtime container, not Lambda bundling
- Add @aws-lambda-powertools/logger dependency for Lambda function
- Add esbuild as dev dependency for NodejsFunction bundling
- Fix S3 bucket deployment to use single deployment with auto content-type detection
- Deploy config.json separately with prune:false to preserve other files

---------

Co-authored-by: Jerad Engebreth <awsjerad@amazon.com>
 2026-02-05 10:32:37 -06:00
Tesfagabir Meharizghi 83b72e1dda Add Terraform Infrastructure-as-Code (IaC) patterns for AgentCore deployment (#654) 
* feat: Add Terraform basic-runtime pattern

* Modified the Terraform basic-runtime with test script, README, default region

* feat: Add Terraform mcp-server-runtime pattern

* feat: Add Terraform multi-agent-runtime pattern

* feat: Add Terraform end-to-end-weather-agent runtime pattern

* Added Terraform main README

* Fixed basic runtime test script

* docs: add Terraform support to IaC README

* Replaced resources to intuitive names, removed hardcoded values, cleaned README

* Enhanced Terraform READMEs

* Removed unused imports

---------

Co-authored-by: Tesfagabir Meharizghi <mehariz@amazon.com>
 2025-11-24 08:38:56 -05:00
David Kaleko 89891fcba5 Add AWS CDK implementation for existing CFN examples (#536) 
* feat: Add AWS CDK implementation for basic AgentCore runtime deployment

This commit introduces a comprehensive CDK alternative to the existing CloudFormation
basic-runtime sample, providing a cleaner and more maintainable Infrastructure as Code
approach for deploying Amazon Bedrock AgentCore resources.

- **Complete CDK stack** (`basic_runtime_stack.py`) with proper construct separation
- **Dedicated IAM role construct** (`infra-utils/agentcore_role.py`) for reusability
- **Custom Lambda function** (`infra-utils/build_trigger_lambda.py`) for CodeBuild automation
- **S3 asset-based source packaging** eliminating Docker dependency for users
- **ARM64 CodeBuild integration** with automated container image building
- **Comprehensive documentation** matching CloudFormation sample structure

- Uses S3 assets instead of inline code for better maintainability
- Separates infrastructure utilities into dedicated `infra-utils/` directory
- Implements proper CDK patterns with construct separation
- Provides cleaner deployment experience (~5-10 min vs ~10-15 min)

- **Basic Strands agent** (`agent-code/basic_agent.py`) with simple Q&A functionality
- **ARM64 Dockerfile** optimized for AgentCore runtime requirements
- **Proper dependency management** with isolated requirements

- Updated title to reflect both CloudFormation and CDK options
- Added comprehensive CDK section with architecture highlights
- Included CDK prerequisites with version requirements (CDK 2.218.0+)
- Updated repository structure to show new CDK directory layout
- Added installation commands for required CDK dependencies

- Complete documentation following CloudFormation sample structure
- Detailed prerequisites, deployment, testing, and cleanup instructions
- Sample queries and troubleshooting sections
- Architecture explanation and use case descriptions

- **CDK 2.218.0+** required for BedrockAgentCore construct support
- **Python 3.8+** and **constructs>=10.0.79** for proper CDK functionality
- **S3 assets** for source code packaging without size limitations

- ECR repository for container image storage
- CodeBuild project with ARM64 support for automated builds
- Lambda function for build orchestration and completion waiting
- AgentCore Runtime with proper IAM permissions and networking
- Custom resource for deployment automation

-  Successfully deployed and tested in AWS environment
-  Verified agent functionality with sample queries
-  Confirmed clean resource cleanup with `cdk destroy`

- Added David Kaleko to CONTRIBUTORS.md

This implementation provides a modern, maintainable alternative to CloudFormation
while maintaining feature parity and following AWS CDK best practices.

* fix: Resolve CDK Lambda import issues and reorganize infrastructure utilities

This commit fixes critical Lambda function import errors that were preventing
the CDK stack deployment from completing, and reorganizes the infrastructure
utilities for better Python module compatibility.

- **Root cause**: `cfnresponse` module is only available for inline CloudFormation
  Lambda code, not when using CDK's `Code.from_asset()` approach
- **Solution**: Embedded the standard AWS-provided cfnresponse functionality
  directly into the Lambda function to eliminate import dependencies
- **Impact**: Custom resource now properly signals CloudFormation completion/failure

- **Renamed**: `infra-utils/` → `infra_utils/` for proper Python module imports
- **Fixed**: Lambda handler path to use correct Python module notation
- **Updated**: Import statements to use underscore-based directory name

- Embedded cfnresponse class with SUCCESS/FAILED constants and send() method
- Added comprehensive comments explaining why local cfnresponse is necessary
- Maintains full compatibility with CloudFormation custom resource protocol
- Proper error handling and CloudWatch logging integration

- Updated Lambda handler path: `infra_utils.build_trigger_lambda.handler`
- Fixed import statements for renamed directory structure
- Removed conditional BedrockAgentCore imports (always available in CDK 2.218.0+)

- Moved infrastructure utilities to properly named Python package
- Added package `__init__.py` for proper module structure
- Maintained clean separation between infrastructure and agent code

-  Resolves hanging CloudFormation deployments
-  Custom resource now properly waits for CodeBuild completion
-  Stack deployment completes successfully end-to-end
-  Maintains compatibility with existing CloudFormation approach

- Verified Lambda function executes without import errors
- Confirmed CodeBuild triggering and monitoring functionality
- Validated complete stack deployment cycle

This fix ensures the CDK implementation works reliably and follows Python
packaging best practices while maintaining the same deployment behavior
as the CloudFormation equivalent.

* Minor README update

* Dockerfile updates including a health check to fix all ASH security scan warnings

* Readme updates in accordance with PR feedback

* feat: Add CDK implementation for end-to-end weather agent

- Complete CDK stack for weather-based activity planning agent
- Includes browser tool, code interpreter, memory, and S3 storage
- Fixed IAM permissions for bedrock-agentcore services
- Added proper CloudFormation response handling for custom resources
- Comprehensive documentation with deployment and testing instructions
- Production-ready infrastructure with monitoring and best practices

* Add CDK implementation for multi-agent runtime

Convert CloudFormation multi-agent-runtime example to CDK with:
- Dual agent architecture (orchestrator + specialist)
- Agent-to-agent communication via bedrock-agentcore:InvokeAgentRuntime
- Separate ECR repos and CodeBuild projects for each agent
- IAM roles with proper cross-agent invocation permissions
- Custom resource Lambda for build triggering
- Comprehensive documentation and test script

Tested and validated: orchestrator correctly delegates complex queries to specialist agent while handling simple queries directly.

* README updates to make sure CDK readmes parallel that of cloudformation, copied architecture diagrams over because they're the same

* Add CDK implementation for MCP server AgentCore runtime

Convert CloudFormation mcp-server-agentcore-runtime example to CDK with:
- MCP server with FastMCP and three tools (add_numbers, multiply_numbers, greet_user)
- Cognito JWT authentication with pre-created test user
- ECR repository and CodeBuild project for ARM64 Docker image
- IAM roles with proper permissions for MCP protocol
- Custom Lambda functions for build triggering and password setting
- Architecture diagram and comprehensive documentation
- Test scripts for authentication and MCP tool validation

Tested and validated: MCP server successfully deployed with JWT auth, all three tools working correctly via MCP client.

* Reorganizing READMEs to avoid duplication, top level IaC README describes each example only once then links to both CFN and CDK versions of each

* Python linting fixes

---------

Signed-off-by: David Kaleko <5712203+kaleko@users.noreply.github.com>
 2025-11-06 14:28:30 -03:00
David Kaleko 301fb99f90 Add AWS CDK implementation for basic-runtime sample (#507) 
* feat: Add AWS CDK implementation for basic AgentCore runtime deployment

This commit introduces a comprehensive CDK alternative to the existing CloudFormation
basic-runtime sample, providing a cleaner and more maintainable Infrastructure as Code
approach for deploying Amazon Bedrock AgentCore resources.

- **Complete CDK stack** (`basic_runtime_stack.py`) with proper construct separation
- **Dedicated IAM role construct** (`infra-utils/agentcore_role.py`) for reusability
- **Custom Lambda function** (`infra-utils/build_trigger_lambda.py`) for CodeBuild automation
- **S3 asset-based source packaging** eliminating Docker dependency for users
- **ARM64 CodeBuild integration** with automated container image building
- **Comprehensive documentation** matching CloudFormation sample structure

- Uses S3 assets instead of inline code for better maintainability
- Separates infrastructure utilities into dedicated `infra-utils/` directory
- Implements proper CDK patterns with construct separation
- Provides cleaner deployment experience (~5-10 min vs ~10-15 min)

- **Basic Strands agent** (`agent-code/basic_agent.py`) with simple Q&A functionality
- **ARM64 Dockerfile** optimized for AgentCore runtime requirements
- **Proper dependency management** with isolated requirements

- Updated title to reflect both CloudFormation and CDK options
- Added comprehensive CDK section with architecture highlights
- Included CDK prerequisites with version requirements (CDK 2.218.0+)
- Updated repository structure to show new CDK directory layout
- Added installation commands for required CDK dependencies

- Complete documentation following CloudFormation sample structure
- Detailed prerequisites, deployment, testing, and cleanup instructions
- Sample queries and troubleshooting sections
- Architecture explanation and use case descriptions

- **CDK 2.218.0+** required for BedrockAgentCore construct support
- **Python 3.8+** and **constructs>=10.0.79** for proper CDK functionality
- **S3 assets** for source code packaging without size limitations

- ECR repository for container image storage
- CodeBuild project with ARM64 support for automated builds
- Lambda function for build orchestration and completion waiting
- AgentCore Runtime with proper IAM permissions and networking
- Custom resource for deployment automation

-  Successfully deployed and tested in AWS environment
-  Verified agent functionality with sample queries
-  Confirmed clean resource cleanup with `cdk destroy`

- Added David Kaleko to CONTRIBUTORS.md

This implementation provides a modern, maintainable alternative to CloudFormation
while maintaining feature parity and following AWS CDK best practices.

* fix: Resolve CDK Lambda import issues and reorganize infrastructure utilities

This commit fixes critical Lambda function import errors that were preventing
the CDK stack deployment from completing, and reorganizes the infrastructure
utilities for better Python module compatibility.

- **Root cause**: `cfnresponse` module is only available for inline CloudFormation
  Lambda code, not when using CDK's `Code.from_asset()` approach
- **Solution**: Embedded the standard AWS-provided cfnresponse functionality
  directly into the Lambda function to eliminate import dependencies
- **Impact**: Custom resource now properly signals CloudFormation completion/failure

- **Renamed**: `infra-utils/` → `infra_utils/` for proper Python module imports
- **Fixed**: Lambda handler path to use correct Python module notation
- **Updated**: Import statements to use underscore-based directory name

- Embedded cfnresponse class with SUCCESS/FAILED constants and send() method
- Added comprehensive comments explaining why local cfnresponse is necessary
- Maintains full compatibility with CloudFormation custom resource protocol
- Proper error handling and CloudWatch logging integration

- Updated Lambda handler path: `infra_utils.build_trigger_lambda.handler`
- Fixed import statements for renamed directory structure
- Removed conditional BedrockAgentCore imports (always available in CDK 2.218.0+)

- Moved infrastructure utilities to properly named Python package
- Added package `__init__.py` for proper module structure
- Maintained clean separation between infrastructure and agent code

-  Resolves hanging CloudFormation deployments
-  Custom resource now properly waits for CodeBuild completion
-  Stack deployment completes successfully end-to-end
-  Maintains compatibility with existing CloudFormation approach

- Verified Lambda function executes without import errors
- Confirmed CodeBuild triggering and monitoring functionality
- Validated complete stack deployment cycle

This fix ensures the CDK implementation works reliably and follows Python
packaging best practices while maintaining the same deployment behavior
as the CloudFormation equivalent.

* Minor README update

* Dockerfile updates including a health check to fix all ASH security scan warnings

* Readme updates in accordance with PR feedback

---------

Signed-off-by: David Kaleko <5712203+kaleko@users.noreply.github.com>
 2025-10-20 18:43:42 -04:00
omrsamer 534d438500 Feature/cfn samples mcp server (#464) 
* Add CloudFormation samples for MCP Server on AgentCore Runtime

- Created 04-cfn-samples/ directory with production-ready CloudFormation templates
- Added mcp-server-agentcore-runtime sample with:
  - Complete CloudFormation template (mcp-server-template.yaml)
  - Automated deployment scripts (deploy.sh, test.sh, cleanup.sh)
  - Authentication helper (get_token.py)
  - MCP client test script (test_mcp_server.py)
  - Comprehensive documentation (README.md, DETAILED_GUIDE.md)
- Features:
  - One-command deployment with automated Docker image building
  - JWT authentication via Cognito
  - ARM64 Docker images built via CodeBuild
  - Three sample MCP tools (add_numbers, multiply_numbers, greet_user)
  - Least-privilege IAM roles
  - Complete troubleshooting guide

* Add omrsamer to CONTRIBUTORS.md

* Add three additional CloudFormation samples

- Added basic-runtime: Simple agent without tools or memory
- Added multi-agent-runtime: Two-agent system with orchestrator and specialist
- Added weather-agent-runtime: Complete agent with browser, code interpreter, and memory
- Updated main README with all four samples and comprehensive documentation

* Add deployment and cleanup scripts for all CFN samples

- Added deploy.sh and cleanup.sh for basic-runtime
- Added deploy.sh and cleanup.sh for multi-agent-runtime
- Added deploy.sh and cleanup.sh for weather-agent-runtime
- All scripts are executable and follow the same pattern as mcp-server-agentcore-runtime
- Scripts include proper error handling and user-friendly output

* Add comprehensive README documentation for CFN samples with architecture diagrams

- Added detailed README.md files for basic-runtime, multi-agent-runtime, and weather-agent-runtime
- Included architecture PNG diagrams for basic-runtime and multi-agent-runtime
- Standardized testing sections across all READMEs (AWS CLI and Console only)
- Removed Python testing sections for consistency
- Added deployment, testing, troubleshooting, and cost estimate sections
- Updated CONTRIBUTORS.md with contributor name
- Updated main 04-cfn-samples README.md

* Add architecture diagram to mcp-server-agentcore-runtime README

- Added architecture.png with visual diagram
- Updated README to use local PNG instead of tutorial reference
- Added detailed architecture component descriptions

* Update get_token.py cosmetic changes

* Fix Python formatting to pass ruff linter

* Restructure infrastructure samples: rename to 04-infrastructure-as-code and organize CloudFormation templates

- Rename 04-cfn-samples to 04-infrastructure-as-code
- Create cloudformation subfolder for better organization
- Rename weather-agent-runtime to end-to-end-weather-agent
- Rename weather agent template.yaml to end-to-end-weather-agent.yaml
- Update all documentation and scripts to reflect new structure
- Update main README with new paths and folder structure
- All Python files pass ruff formatting checks

* Update CloudFormation examples to use us-west-2 region and remove production-ready language

- Changed all deploy.sh, cleanup.sh, and test.sh scripts from us-east-1 to us-west-2
- Updated all README files with CLI examples to use us-west-2
- Updated Python helper scripts (get_token.py, test_mcp_server.py) to use us-west-2 in examples
- Updated multi-agent-runtime template.yaml default region to us-west-2
- Removed 'production-ready' language from README files, replaced with 'complete'
- All 4 CloudFormation examples now consistently use us-west-2 region

* Resolve CONTRIBUTORS.md merge conflict - include all contributors from both branches

---------

Signed-off-by: Maira Ladeira Tanke <102240958+mttanke@users.noreply.github.com>
Co-authored-by: Maira Ladeira Tanke <102240958+mttanke@users.noreply.github.com>
 2025-10-14 09:18:20 -04:00