* feat(e2e): Add Google ADK end-to-end tutorial with AgentCore
Add 6-lab workshop covering agent creation, memory, gateway,
runtime deployment, frontend, and cleanup using Google ADK
with Amazon Bedrock AgentCore services.
* docs(e2e): Update Google ADK README and remove duplicate
Replace placeholder README with full tutorial content and remove
the 'README copy.md' duplicate file.
* docs(e2e): Add Google ADK to README title
* style(e2e): Capitalize README title consistently
* docs: Add Diego Brasil to CONTRIBUTORS
* chore(e2e): Remove images-og_do_not_commit directory
Remove original source images that were not intended for version control.
* fix: Use importlib for dynamic import and clean up linting issues
* feat(e2e): Set Cognito MFA to OPTIONAL and clean up inline comment
---------
Signed-off-by: Akarsha Sehwag <akshseh@amazon.de>
Co-authored-by: Akarsha Sehwag <akshseh@amazon.de>
* feat: add missing CDK infrastructure files for knowledge-base-rag-agent
- Add all CDK stack files (api, cognito, storage, web-console, etc.)
- Add CDK constructs and utilities
- Fix web console S3 content-type bug with single BucketDeployment
- Add @aws-lambda-powertools/logger dependency for Lambda bundling
- Enable esbuild-based Lambda bundling (no Docker required)
This completes the knowledge-base-rag-agent infrastructure that was missing from the original PR.
* fix: add missing infrastructure files for knowledge-base-rag-agent
- Add exception to root .gitignore for knowledge-base-rag-agent/infrastructure/lib/
- This allows the critical CDK stack definitions and constructs to be tracked
- Without these files, developers cannot deploy the infrastructure
- Fixes the incomplete PR #923 that was missing the entire lib/ directory
The missing files include:
- 6 CDK constructs (API proxy, CORS config, Lambda utilities, etc.)
- 12 CDK stacks (API, Cognito, Database, Memory, Runtime, etc.)
- 1 utility file (NAG suppressions)
These are essential TypeScript source files, not build artifacts.
---------
Co-authored-by: Jerad Engebreth <awsjerad@amazon.com>
* Fix wording typo in notebook about user consent flow
cosmetic update
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add pyyaml to requirements.txt
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add HardikThakkar94 to CONTRIBUTORS.md
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Updates to fix the Streamlit app access when running in sagemaker
Modified
- Requirements.txt (added dependencies)
- chatbot_app_cognito.py (added get_streamlit_url, for sagemaker access)
- runtime_with_strands_and_egress_3lo.ipynb (streamlit piece for access url, cosmetic updates)
* Fixing Ruff errors reported by python-lint
* removing Ruff errors from python-lint
* passing 3.7 as the model for workshop
* Docs: add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook
* Revert "Docs: add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook"
This reverts commit 5dded4c38a.
* Add prerequisites (OpenAI or Azure OpenAI) cell to Outbound Auth notebook
* cosmetic fix
* Updating OpenAI URL
* Added instructions on the OAuth flow session binding and Streamlit functionality
* All imports are now properly organized at the top of the file, following Python best practices (PEP 8). The linting errors should now be resolved:
- ✅ runtime.py:18:1: E402 - Fixed
- ✅ runtime.py:19:1: E402 - Fixed
- ✅ runtime.py:19:20: F811 - Fixed
- ✅ runtime.py:25:1: E402 - Fixed
* formatting fixed
* Update Identity Outbound tutorial notebooks with corrections and improvements:
1. 05-Outbound_Auth_3lo notebook: Fixed credential provider name typo
2. 06-Outbound_Auth_Github notebook: Multiple improvements including:
- Updated description text for GitHub-specific use case
- Reorganized imports (moved to top of cell)
- Added boto session and region setup
- Reordered OAuth flow description
- Restructured notebook sections (removed redundant policy section, added clearer status check and invoke sections)
- Fixed credential provider name reference
* Fixed Identity Sections based on SageMaker (Workshop) to handle oauth2_callback_server and other cosmetic updates.
* Remove unused import and added permissions for 1st time model access for workshops
* formatting fixed.
* parameterize provider, update github image.
* added import boto3 and updated image for GitHub Session Binding
* Update Model and Remove Global Var
* Travel and Shopping concierge agents blueprints
* add missing contributors for the blueprint
* fix python-lint errors
* CodeQL fixes and config
* fix python-lint unused imports
* fix python-lint
* fix linter and cql issues
* run linter
* update codeql suppressions
* suppress codeql
* Revert accidental changes to 01-tutorials and 03-integrations
Remove files accidentally added to 01-tutorials and 03-integrations in previous commits.
These changes were not intended to be part of the blueprint additions.
Reverted files:
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/.dockerignore
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/Dockerfile
- 01-tutorials/03-AgentCore-identity/06-Outbound_Auth_Github/github_agent.py
- 03-integrations/IDP-examples/EntraID/.agentcore.json
- 03-integrations/IDP-examples/EntraID/.dockerignore
- 03-integrations/IDP-examples/EntraID/Dockerfile
- 03-integrations/IDP-examples/EntraID/strands_entraid_onenote.py
* fix formatting
* Update 05-blueprints/shopping-concierge-agent/tests/utils.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* removed tests folders.
* remove info logging
* remove logging
* codeql suppressions
* Update server.py
# codeql[py/clear-text-logging-sensitive-data] Debug logging for certificate verification - logs metadata only, not private key content
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Updating .gitignore and adding lib folder required for the shopping and travel concierge agents
* Add Demo video for agents
* Update demo section in README.md
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
* Add Demo's as Gif, update LFS and add note in ReadMe
* remove the .mp4 files as they are not supported
* change to google products and remove travel specific
* update product link
* fix url in shopping list and purchases
* remove amazon
* Add Visa B2B Use Case
* fix pylint
* CodeQL Fixes
---------
Signed-off-by: Hardik Thakkar <68253981+HardikThakkar94@users.noreply.github.com>
Co-authored-by: HT <hardikvt@amazon.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: safe code for handling jwt tokens
- removed global variables
- use app.logger instead of print for correct logging
- added agent code as file instead of generating it from string in notebook
- removed the runtime.py file as not useful
* fix: ruff linting errors
* fix: review comments
* fix: copilot review
* fix: timezone
Addresses all issues documented in #443:
1. Product Naming: Replace "AWS Bedrock" with "Amazon Bedrock" throughout
documentation and code to use correct product name
2. IAM Permissions: Add comprehensive IAM permissions documentation to
README including S3 Vector, SSM, DynamoDB, and Cognito permissions
required for deployment
3. AWS Region Configuration: Fix shell scripts to handle EC2 instances
with IAM roles by adding fallback to AWS_DEFAULT_REGION environment
variable and us-east-1 default
4. Gateway Wait Logic: Add polling logic to gateway creation script to
wait for gateway to reach ACTIVE/READY status before creating target,
preventing ValidationException errors
5. UV Migration: Migrate from pip/requirements.txt to modern uv package
manager with pyproject.toml for better dependency management and
alignment with project coding standards
All changes have been validated with automated tests.
Fixes#443
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>
Co-authored-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>
Add comprehensive tutorial demonstrating browser tool integration with Web Bot
authentication and signing capabilities for Amazon Bedrock AgentCore.
Key additions:
- New Jupyter notebook tutorial (01_agentcore-browser-tool-with-web-bot-auth.ipynb)
demonstrating Web Bot Auth integration with browser tool
- Architecture diagram illustrating the authentication flow and components
- Requirements file with necessary dependencies for the tutorial
- Updated browser tool README with link to new Web Bot Auth tutorial
This tutorial enables developers to build agents that can securely interact
with authenticated web applications using the browser tool with Web Bot Auth.
🤖 Assisted by Amazon Q Developer
* feat: Add AWS CDK implementation for basic AgentCore runtime deployment
This commit introduces a comprehensive CDK alternative to the existing CloudFormation
basic-runtime sample, providing a cleaner and more maintainable Infrastructure as Code
approach for deploying Amazon Bedrock AgentCore resources.
- **Complete CDK stack** (`basic_runtime_stack.py`) with proper construct separation
- **Dedicated IAM role construct** (`infra-utils/agentcore_role.py`) for reusability
- **Custom Lambda function** (`infra-utils/build_trigger_lambda.py`) for CodeBuild automation
- **S3 asset-based source packaging** eliminating Docker dependency for users
- **ARM64 CodeBuild integration** with automated container image building
- **Comprehensive documentation** matching CloudFormation sample structure
- Uses S3 assets instead of inline code for better maintainability
- Separates infrastructure utilities into dedicated `infra-utils/` directory
- Implements proper CDK patterns with construct separation
- Provides cleaner deployment experience (~5-10 min vs ~10-15 min)
- **Basic Strands agent** (`agent-code/basic_agent.py`) with simple Q&A functionality
- **ARM64 Dockerfile** optimized for AgentCore runtime requirements
- **Proper dependency management** with isolated requirements
- Updated title to reflect both CloudFormation and CDK options
- Added comprehensive CDK section with architecture highlights
- Included CDK prerequisites with version requirements (CDK 2.218.0+)
- Updated repository structure to show new CDK directory layout
- Added installation commands for required CDK dependencies
- Complete documentation following CloudFormation sample structure
- Detailed prerequisites, deployment, testing, and cleanup instructions
- Sample queries and troubleshooting sections
- Architecture explanation and use case descriptions
- **CDK 2.218.0+** required for BedrockAgentCore construct support
- **Python 3.8+** and **constructs>=10.0.79** for proper CDK functionality
- **S3 assets** for source code packaging without size limitations
- ECR repository for container image storage
- CodeBuild project with ARM64 support for automated builds
- Lambda function for build orchestration and completion waiting
- AgentCore Runtime with proper IAM permissions and networking
- Custom resource for deployment automation
- ✅ Successfully deployed and tested in AWS environment
- ✅ Verified agent functionality with sample queries
- ✅ Confirmed clean resource cleanup with `cdk destroy`
- Added David Kaleko to CONTRIBUTORS.md
This implementation provides a modern, maintainable alternative to CloudFormation
while maintaining feature parity and following AWS CDK best practices.
* fix: Resolve CDK Lambda import issues and reorganize infrastructure utilities
This commit fixes critical Lambda function import errors that were preventing
the CDK stack deployment from completing, and reorganizes the infrastructure
utilities for better Python module compatibility.
- **Root cause**: `cfnresponse` module is only available for inline CloudFormation
Lambda code, not when using CDK's `Code.from_asset()` approach
- **Solution**: Embedded the standard AWS-provided cfnresponse functionality
directly into the Lambda function to eliminate import dependencies
- **Impact**: Custom resource now properly signals CloudFormation completion/failure
- **Renamed**: `infra-utils/` → `infra_utils/` for proper Python module imports
- **Fixed**: Lambda handler path to use correct Python module notation
- **Updated**: Import statements to use underscore-based directory name
- Embedded cfnresponse class with SUCCESS/FAILED constants and send() method
- Added comprehensive comments explaining why local cfnresponse is necessary
- Maintains full compatibility with CloudFormation custom resource protocol
- Proper error handling and CloudWatch logging integration
- Updated Lambda handler path: `infra_utils.build_trigger_lambda.handler`
- Fixed import statements for renamed directory structure
- Removed conditional BedrockAgentCore imports (always available in CDK 2.218.0+)
- Moved infrastructure utilities to properly named Python package
- Added package `__init__.py` for proper module structure
- Maintained clean separation between infrastructure and agent code
- ✅ Resolves hanging CloudFormation deployments
- ✅ Custom resource now properly waits for CodeBuild completion
- ✅ Stack deployment completes successfully end-to-end
- ✅ Maintains compatibility with existing CloudFormation approach
- Verified Lambda function executes without import errors
- Confirmed CodeBuild triggering and monitoring functionality
- Validated complete stack deployment cycle
This fix ensures the CDK implementation works reliably and follows Python
packaging best practices while maintaining the same deployment behavior
as the CloudFormation equivalent.
* Minor README update
* Dockerfile updates including a health check to fix all ASH security scan warnings
* Readme updates in accordance with PR feedback
---------
Signed-off-by: David Kaleko <5712203+kaleko@users.noreply.github.com>
* Add Claude Agent SDK Integration with Streaming Support
This commit adds a new integration example demonstrating how to use the Claude Agent SDK with Amazon Bedrock AgentCore. The example showcases:
- Asynchronous streaming support for real-time responses
- Three operational modes: basic queries, custom options, and tool usage
- Integration with BedrockAgentCoreApp for managed deployment
- File system tools (Read/Write) support
- Custom Dockerfile with Node.js and Claude Code CLI setup
Also updates .gitignore to exclude AgentCore deployment artifacts (.bedrock_agentcore/ and .bedrock_agentcore.yaml).
* Fix ruff linting errors and add API key documentation
- Remove unused anyio import
- Move all imports to top of file before app initialization
- Add note about ANTHROPIC_API_KEY or Bedrock access requirements
- Include link to Claude Agent SDK documentation
* Format code with ruff
* Fix ASH security scan findings
- Add HEALTHCHECK to Dockerfile to verify agent.py exists (fixes CKV_DOCKER_2)
- Wrap app.run() in if __name__ == '__main__' guard (fixes semgrep finding)
* Update README with environment variables and cleanup section
- Add --disable-memory flag to configure command
- Document both CLAUDE_CODE_USE_BEDROCK and AWS_BEARER_TOKEN_BEDROCK env vars
- Add Clean Up section explaining memory (not needed) and agent runtime destruction
- Show example output of agentcore destroy command
* Added starter toolkit to reqmts
* Add browser tool with Strands integration tutorial and update contributors
- Add new tutorial: 03-browser-with-Strands with Jupyter notebook and requirements
- Update CONTRIBUTORS.md with new contributor information
- Update .gitignore to exclude .kiro and .vscode directories
* Update browser tool tutorial with renamed notebook
- Rename notebook to 01_getting_started-agentcore-browser-tool-with-strands.ipynb
- Update .gitignore with additional exclusions
* Remove complex timeout handling from Strands browser tutorial
- Simplified Step 4 invoke function by removing signal-based timeout protection
- Added simple comment about implementing timeout handling for slow websites
- Removed complex timeout_handler and invoke_with_timeout functions
- Updated notebook with executed results showing successful Tesla stock analysis
- Maintained clean error handling while simplifying timeout approach
- All cells executed successfully with real MarketWatch financial data
* Remove .aws-sam build artifacts
Deleted .aws-sam folder as it contains build artifacts that are generated
during sam build and should not be checked into version control.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix MCP 1.10.0 compatibility and add Docker support
- Fix MCP client for 1.10.0 API changes (streamablehttp_client now returns 3-tuple)
- Add comprehensive .gitignore for AWS Operations Agent project
- Add Dockerfiles for agent-lambda and mcp-tool-lambda
- Update requirements.txt to use mcp==1.10.0
- Add fallback DirectMCPClient class for better error handling
* Update documentation and scripts
- Update SETUP.md with latest deployment instructions
- Modify create-target.py script for improved functionality
* Remove .gitignore files from AgentCore samples repository
- Deleted 6 .gitignore files to prevent conflicts with parent repository
- Includes root .gitignore and use-case specific .gitignore files
- Cleaned up: customer-support-assistant, SRE-agent, AWS-operations-agent, and video-games-sales-assistant directories
- Enables consistent gitignore management at repository level
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: name <alias@amazon.com>
Co-authored-by: Claude <noreply@anthropic.com>
Bharathi Srinivasan