Jerad
8bb4db3009
* feat(cdk): reorganize CDK samples into python/ and typescript/ folders - Move existing Python CDK samples to cdk/python/ - Add TypeScript CDK samples folder with knowledge-base-rag-agent - Update cdk/README.md with language comparison table - Update parent README with new paths and TypeScript mention - Add cdk/python/README.md for Python-specific guidance 🤖 Assisted by Amazon Q Developer * docs: add Jerad Engebreth to CONTRIBUTORS.md 🤖 Assisted by Amazon Q Developer * fix(cdk/typescript): document known vulnerabilities and fix npm workspaces build - Add Known Dependency Vulnerabilities section to README documenting upstream issues in aws-amplify (fast-xml-parser, lodash) - Add build/test scripts to Lambda layer package.json to fix npm workspaces build command 🤖 Assisted by Amazon Q Developer * fix(security): add HEALTHCHECK and non-root USER to Dockerfile - Add HEALTHCHECK instruction for container orchestration - Create non-root appuser for security best practices - Addresses CKV_DOCKER_2, CKV_DOCKER_3 security findings * fix(security): address CodeQL findings for insecure randomness and HTML sanitization - Replace Math.random() with crypto.randomBytes() for session ID generation - Use iterative sanitization loop to handle nested/obfuscated HTML tags - Addresses CodeQL insecure randomness and incomplete sanitization findings * fix(security): improve HTML sanitization to address CodeQL findings - Handle closing tags with spaces like </script > - Add data: and vbscript: URL scheme blocking - Use tag-based approach instead of content-matching regex - Add more dangerous tags (form, input, button, etc.) * remove unused import * fix(lint): fix import ordering and remove extra blank lines - Sort imports alphabetically (logging before os) - Remove extra blank line in knowledge_base.py - Consistent import grouping (stdlib, then third-party) * fix(security): use HTML entity encoding instead of regex-based sanitization - Replace regex-based tag stripping with HTML entity encoding - Encode all special characters (&, <, >, ", ', /, `, =) - This approach is CodeQL-compliant and more secure - Regex-based HTML filtering is inherently flawed * fix(lint): add __all__ to fix F401 unused import warnings - Add __all__ exports to infra_utils/__init__.py files - Explicitly declares AgentCoreRole as public API * style: apply ruff formatting to all Python files in 04-infrastructure-as-code - Format 32 Python files with ruff - Includes CDK Python samples, Terraform samples, and TypeScript agent code * refactor: rename project from bedrock-agentcore-template to knowledge-base-rag-agent - Update package.json names for root and infrastructure packages - Update README and docs with new project name and paths - Update CloudWatch, SNS, KMS, and Cognito resource names - Regenerate package-lock.json with new package names * refactor: complete project rename to knowledge-base-rag-agent - Update README title and all documentation headers - Update TypeScript stack descriptions and resource names - Update Python agent module docstrings - Update Dockerfile header comment - Update Lambda function package description - Rename runtime to knowledge_base_rag_agent - Rename memory to knowledge_base_rag_agent_memory - Rename API to Knowledge Base RAG Agent API - Update Secrets Manager secret name * fix: correct Docker references and fix Lambda bundling - Update README and docs to clarify Docker is for AgentCore Runtime container, not Lambda bundling - Add @aws-lambda-powertools/logger dependency for Lambda function - Add esbuild as dev dependency for NodejsFunction bundling - Fix S3 bucket deployment to use single deployment with auto content-type detection - Deploy config.json separately with prune:false to preserve other files --------- Co-authored-by: Jerad Engebreth <awsjerad@amazon.com>
5.5 KiB
5.5 KiB
Infrastructure as Code Samples for Amazon Bedrock AgentCore
Deploy Amazon Bedrock AgentCore resources using CloudFormation templates, AWS CDK, or Terraform.
Overview
These Infrastructure as Code samples enable you to:
- Deploy AgentCore resources consistently across environments
- Automate infrastructure provisioning with Infrastructure as Code
- Maintain version control of your infrastructure
- Implement AWS best practices for security and monitoring
Choose your preferred approach:
- CloudFormation - YAML/JSON templates for declarative infrastructure
- CDK - Python or TypeScript code for programmatic infrastructure
- Terraform - HCL code for declarative infrastructure with state management
Samples
1. Basic Agent Runtime
Deploy a simple AgentCore Runtime with a basic Strands agent - no additional tools or memory.
What it deploys:
- AgentCore Runtime with simple agent
- ECR Repository and automated Docker builds
- IAM roles with least-privilege policies
Use case: Learning AgentCore basics without complexity
Deployment time: ~5-15 minutes
Estimated cost: ~$50-100/month
Implementation: CloudFormation | CDK | Terraform
2. MCP Server on AgentCore Runtime
Deploy a complete MCP (Model Context Protocol) server with automated Docker building and JWT authentication.
What it deploys:
- AgentCore Runtime hosting MCP server
- Amazon Cognito for JWT authentication
- Automated ARM64 Docker builds
Sample MCP Tools: add_numbers, multiply_numbers, greet_user
Deployment time: ~10-15 minutes
Estimated cost: ~$50-100/month
Implementation: CloudFormation | CDK | Terraform
3. Multi-Agent Runtime
Deploy a multi-agent system where Agent1 (orchestrator) can invoke Agent2 (specialist) for complex tasks.
What it deploys:
- Two AgentCore Runtimes with agent-to-agent communication
- IAM roles with agent-to-agent invocation permissions
- Separate ECR repositories for each agent
Architecture: Agent1 routes requests and delegates to Agent2 for detailed analysis
Deployment time: ~15-20 minutes
Estimated cost: ~$100-200/month
Implementation: CloudFormation | CDK | Terraform
4. End-to-End Weather Agent with Tools and Memory
Deploy a complete weather-based activity planning agent with browser automation, code interpreter, and memory.
What it deploys:
- AgentCore Runtime with Strands agent
- Browser Tool for web scraping weather data
- Code Interpreter Tool for weather analysis
- Memory for storing user preferences
- S3 bucket for results storage
Features: Scrapes weather.gov, analyzes conditions, stores preferences, generates recommendations
Deployment time: ~15-20 minutes
Estimated cost: ~$100-150/month
Implementation: CloudFormation | CDK | Terraform
Prerequisites
Before deploying any sample, ensure you have:
- AWS Account with appropriate permissions
- AWS CLI installed and configured
- Access to Amazon Bedrock AgentCore (preview)
- IAM Permissions to create:
- CloudFormation stacks (for CloudFormation samples)
- IAM roles and policies
- ECR repositories
- Lambda functions
- AgentCore resources
- S3 buckets (for weather agent)
For CDK samples, also install:
- Python 3.8+
- AWS CDK v2.218.0 or later
For Terraform samples, also install:
- Terraform >= 1.6 (recommend tfenv for version management)
- Note:
brew install terraformprovides v1.5.7 which is deprecated
Repository Structure
04-infrastructure-as-code/
├── README.md # This file
├── cloudformation/ # CloudFormation samples
│ ├── README.md # CloudFormation-specific guide
│ ├── basic-runtime/
│ ├── mcp-server-agentcore-runtime/
│ ├── multi-agent-runtime/
│ └── end-to-end-weather-agent/
├── cdk/ # CDK samples (Python & TypeScript)
│ ├── README.md # CDK-specific guide
│ ├── python/ # Python CDK samples
│ │ ├── basic-runtime/
│ │ ├── mcp-server-agentcore-runtime/
│ │ ├── multi-agent-runtime/
│ │ └── end-to-end-weather-agent/
│ └── typescript/ # TypeScript CDK samples
│ └── knowledge-base-rag-agent/
└── terraform/ # Terraform samples
├── README.md # Terraform-specific guide
├── basic-runtime/
├── mcp-server-agentcore-runtime/
├── multi-agent-runtime/
└── end-to-end-weather-agent/