Bharathi Srinivasan
02471ab710
* fix: resolve cfn-nag failures in CloudFormation templates - customer_support_lambda.yaml: add cfn_nag suppression metadata (F3, F38, W11) to GatewayAgentCoreRole; wildcard policy is intentional for this tutorial sample - bearer-token-injection/cognito.yaml: MfaConfiguration OFF -> OPTIONAL - strands-agents/cognito.yaml: MfaConfiguration OFF -> OPTIONAL - typescript_mastra/github-source.yaml: fix YAML indentation on ImageScanningConfiguration (was at col 0, causing parse error) - java_adk/github-source.yaml: same YAML indentation fix Fixes 6 cfn-nag failures (F3, F38 x1, F78 x2, FATAL x2) across 5 templates. * fix: correct agentcore-map.png image path in 01-features README * fix: resolve cdk-nag warnings across features and workshops * chore: add cfn-nag suppression metadata to 12 CloudFormation templates Adds cfn_nag rules_to_suppress Metadata blocks to suppress expected warnings in tutorial/demo templates: - W60 (VPC flow logs): 10 templates — demo VPCs don't require flow logs - W33 (MapPublicIpOnLaunch): 8 templates — public subnets need auto-IP for tutorial accessibility - W40/W5 (SG open egress/ingress): 8 templates — intentional open egress in AgentCore SGs and browser-firewall SGs (filtered by Network Firewall); broad rules in demo ALB/web server SGs - W2/W9 (SG SSH from 0.0.0.0/0): 2 templates — development EC2 instances use SSM but SSH open for tutorial convenience - W56 (ALB HTTP listener): cluster.yaml — demo uses HTTP; HTTPS requires ACM certificate - W59 (API Gateway no auth): infrastructure_all.yaml — AgentCore Gateway handles authentication upstream Files modified (12): 01-features/.../01-claude-code-with-s3-files/cfn-vpc.yaml 01-features/.../02-claude-code-with-efs/cfn-vpc.yaml 01-features/.../05-domain-filtering/agentcore-browser-firewall.yaml 03-integrations/.../common/01-network.yaml 03-integrations/.../ecs/cluster.yaml 06-workshops/.../01-claude-code-with-s3-files/cfn-vpc.yaml 06-workshops/.../02-claude-code-with-efs/cfn-vpc.yaml 06-workshops/.../07-bearer-token-injection/.../infrastructure_all.yaml 06-workshops/.../07-connecting-public-browser-.../cfn-browser.yaml 06-workshops/.../08-Interacting-with-vpc-.../cfn-vpc-browser.yaml 06-workshops/.../09-browser-with-domain-filtering/agentcore-browser-firewall.yaml 06-workshops/.../11-browser-with-proxy/agentcore-browser-proxy.yaml * fix: move suppression comments after Python syntax tokens Misplaced # pragma: allowlist secret comments were placed before trailing commas and closing braces, causing those tokens to be treated as comment text rather than Python syntax. Moved all commas and closing brace/comma sequences before the comment in 21 files, resolving all ruff invalid-syntax errors reported by CI. * fix: restore missing Python files in 04-entra-obo-mcp-runtime * style: apply ruff formatting to all PR-touched Python files * style: apply ruff formatting to pre-existing unformatted Python files 12 files with pre-existing formatting issues were surfaced by the CI ruff format check because they appear in this PR's changed-files list. Applied ruff format to bring them into compliance.
Amazon Bedrock AgentCore Runtime
Overview
Amazon Bedrock AgentCore Runtime is a secure, serverless runtime designed for deploying and scaling AI agents and tools. It supports any frameworks, models, and protocols, enabling developers to transform local prototypes into production-ready solutions with minimal code changes.
Amazon BedrockAgentCore Python SDK provides a lightweight wrapper that helps you deploy your agent functions as HTTP services that are compatible with Amazon Bedrock. It handles all the HTTP server details so you can focus on your agent's core functionality.
All you need to do is decorate your function with the @app.entrypoint decorator and use the configure and launch capabilities of the SDK to deploy your agent to AgentCore Runtime. Your application is then able to invoke this agent using the SDK or any of the AWS's developer tools such as boto3, AWS SDK for JavaScript or the AWS SDK for Java.
Key Features
Framework and Model Flexibility
- Deploy agents and tools from any framework (such as Strands Agents, LangChain, LangGraph, CrewAI)
- Using any model (in Amazon Bedrock or not)
Integration
Amazon Bedrock AgentCore Runtime integrates with other Amazon Bedrock AgentCore capabilities through a unified SDK, including:
- Amazon Bedrock AgentCore Memory
- Amazon Bedrock AgentCore Gateway
- Amazon Bedrock AgentCore Observability
- Amazon Bedrock AgentCore Tools
This integration aims to simplify the development process and provide a comprehensive platform for building, deploying, and managing AI agents.
Use Cases
The runtime is suitable for a wide range of applications, including:
- Real-time, interactive AI agents
- Long-running, complex AI workflows
- Multi-modal AI processing (text, image, audio, video)
Tutorials overview
In these tutorials we will cover the following functionality: