iSharkFly-Docs/amazon-bedrock-agentcore-samples
1
0
Fork 0
mirror of https://github.com/awslabs/amazon-bedrock-agentcore-samples.git synced 2025-09-08 20:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
amazon-bedrock-agentcore-sa.../02-use-cases/07-AWS-Operations-Agent/configs/README.md

326 lines
11 KiB
Markdown
Raw Permalink Normal View History

Add AWS Operations Conversational Agent use case - Complete serverless AI-powered AWS operations platform - Multi-Lambda architecture with Function URL deployment - Bedrock AgentCore Gateway integration with MCP protocol - 20 AWS service tools for comprehensive operations - Dual authentication: AWS SigV4 + Okta JWT - Natural language interface with streaming responses - DynamoDB conversation persistence - Docker-based MCP Tool Lambda with Strands framework - Production-ready with enterprise security patterns - Comprehensive documentation and setup guides - Read-only operations by default with write enablement guide - Interactive client with CLI interface - Complete Okta OAuth2 PKCE setup - Management scripts for gateway and target operations - Sanitized configuration with dummy data for public sharing
2025-07-15 17:30:49 -07:00
# Bedrock AgentCore Gateway JSON Configuration System
---
## 📋 Navigation
**🏠 [README](../README.md)** | **📖 [Setup Guide](../docs/SETUP.md)** | **🏗️ [Architecture](../docs/ARCHITECTURE-FLOW.md)** | **🔧 [Scripts](../scripts/README.md)** | **🤖 [Client](../client/README.md)** | **⚙️ [Config](README.md)** | **🔐 [Okta Setup](../okta-auth/OKTA-OPENID-PKCE-SETUP.md)**
---
This directory contains the centralized JSON-based configuration system for the Bedrock AgentCore Gateway project. It provides a single source of truth for configuration and dynamic state management.
## 📁 **File Structure**
```
configs/
├── README.md # This file - Configuration documentation
├── bedrock-agentcore-config.json # Static configuration (endpoints, schemas, environments)
└── config_manager.py # Python module for config management
```
## 📋 **Configuration Files**
### **`bedrock-agentcore-config.json`** - Centralized Configuration
Contains all static configuration for the Bedrock AgentCore Gateway project:
#### **🔧 AWS Configuration**
- **Default Profile**: `demo1` for AWS CLI operations
- **Default Region**: `us-east-1` for AWS services
- **Default Account**: Your AWS account ID
#### **🌐 Bedrock AgentCore Gateway Settings**
- **Control Plane**: Production endpoints for gateway management
- **Gateway ID**: Your gateway ID (auto-generated)
- **Gateway URL**: Your gateway URL (auto-generated)
#### **🔐 Okta Authentication**
- **Discovery URL**: `https://dev-12345678.okta.com/oauth2/default/.well-known/openid-configuration`
- **Audience**: `api://default` for JWT validation
- **OAuth2 Configuration**: For Bedrock AgentCore Gateway authentication
#### **🛠️ Tool Schemas (21 AWS Tools)**
- **hello_world**: Basic greeting tool
- **get_time**: Server time tool
- **ec2_read_operations**: EC2 instance queries
- **s3_read_operations**: S3 bucket operations
- **lambda_read_operations**: Lambda function queries
- **cloudformation_read_operations**: Stack queries
- **iam_read_operations**: IAM role/policy queries
- **rds_read_operations**: Database queries
- **cloudwatch_read_operations**: Metrics and logs
- **cost_explorer_read_operations**: Cost analysis
- **ecs_read_operations**: Container queries
- **eks_read_operations**: Kubernetes queries
- **sns_read_operations**: Topic queries
- **sqs_read_operations**: Queue queries
- **dynamodb_read_operations**: Table queries
- **route53_read_operations**: DNS queries
- **apigateway_read_operations**: API queries
- **ses_read_operations**: Email queries
- **bedrock_read_operations**: Model queries
- **sagemaker_read_operations**: ML queries
#### **🌍 Environment Configurations**
- **AWS Profile/Region/Account**: Environment-specific AWS settings
- **Resource Prefixes**: For naming consistency
- **IAM Roles**: Bedrock AgentCore Gateway execution roles
- **Lambda ARNs**: Target Lambda function references
### **`config_manager.py`** - Configuration Manager
#### **📖 Configuration Access**
```python
from config_manager import BedrockAgentCoreConfigManager
config = BedrockAgentCoreConfigManager()
aws_config = config.get_aws_config('dev')
bedrock_agentcore_config = config.get_bedrock_agentcore_config()
okta_config = config.get_okta_authorizer_config()
```
#### **🔧 Key Methods**
- **`get_aws_config(environment)`**: AWS settings for specific environment
- **`get_bedrock_agentcore_config()`**: Bedrock AgentCore Gateway endpoints and settings
- **`get_okta_authorizer_config()`**: Okta authentication configuration
- **`get_tool_schemas()`**: All 21 MCP tool definitions
- **`get_environment_config(environment)`**: Environment-specific settings
- **`validate_config()`**: Validate configuration completeness
- **`update_gateway_info_from_response()`**: Update gateway info after creation
- **`clear_gateway_info()`**: Clear gateway info after deletion
## 🚀 **Usage Examples**
### **1. Basic Configuration Access**
```python
from config_manager import BedrockAgentCoreConfigManager
# Initialize configuration manager
config = BedrockAgentCoreConfigManager()
# Get AWS configuration for dev environment
aws_config = config.get_aws_config('dev')
print(f"AWS Profile: {aws_config['profile']}")
print(f"AWS Region: {aws_config['region']}")
print(f"AWS Account: {aws_config['account']}")
```
### **2. Bedrock AgentCore Gateway Configuration**
```python
# Get Bedrock AgentCore Gateway settings
bedrock_agentcore_config = config.get_bedrock_agentcore_config()
print(f"Control Plane: {bedrock_agentcore_config['control_plane']}")
print(f"Gateway ID: {bedrock_agentcore_config['gateway_id']}")
print(f"Data Plane URL: {bedrock_agentcore_config['gateway_url']}")
```
### **3. Tool Schema Access**
```python
# Get all tool schemas
tools = config.get_tool_schemas()
print(f"Available Tools: {len(tools)}")
# Get specific tool schema
ec2_tool = config.get_tool_schema('ec2_read_operations')
print(f"EC2 Tool Description: {ec2_tool['description']}")
```
### **4. Environment Configuration**
```python
# Get environment-specific configuration
env_config = config.get_environment_config('dev')
print(f"Lambda ARN: {env_config['lambda_arn']}")
print(f"Bedrock AgentCore Role: {env_config['bedrock_agentcore_role_arn']}")
```
### **5. Configuration Validation**
```python
# Validate configuration
is_valid = config.validate_config()
if is_valid:
print("✅ Configuration is valid")
else:
print("❌ Configuration has issues")
# Check for missing required settings
missing = config.validate_required_settings('dev')
if missing:
print(f"Missing settings: {', '.join(missing)}")
```
## 🔧 **Configuration Management**
### **Updating Configuration**
```bash
# Edit the main configuration file
nano configs/bedrock-agentcore-config.json
# Validate configuration after changes
python -c "from config_manager import BedrockAgentCoreConfigManager; BedrockAgentCoreConfigManager().validate_config()"
```
### **Gateway Information Updates**
```python
# After creating a gateway, update configuration
gateway_response = {
'gatewayId': 'abc123xyz',
'gatewayUrl': 'https://abc123xyz.gateway.bedrock-agentcore.us-east-1.amazonaws.com/mcp'
}
config.update_gateway_info_from_response(gateway_response)
# After deleting a gateway, clear configuration
config.clear_gateway_info('abc123xyz')
```
## 📋 **Configuration Schema**
### **Top-Level Structure**
```json
{
"aws": { ... },
"bedrock_agentcore": { ... },
"okta": { ... },
"environments": { ... },
"tool_schemas": [ ... ]
}
```
### **Required Sections**
-**`aws`**: AWS account, region, profile settings
-**`bedrock_agentcore`**: Bedrock AgentCore Gateway endpoints and settings
-**`okta`**: Okta authentication configuration
-**`environments`**: Environment-specific configurations
-**`tool_schemas`**: Tool definitions for MCP
### **Validation**
```python
# Validate entire configuration
config = BedrockAgentCoreConfigManager()
is_valid = config.validate_config()
# Check specific sections
aws_valid = config.get_aws_config('dev') is not None
bedrock_agentcore_valid = config.get_bedrock_agentcore_config() is not None
```
## 🔍 **Example Configuration**
```json
{
"aws": {
"default_profile": "demo1",
"default_region": "us-east-1",
"default_account": "123456789012"
},
"bedrock_agentcore": {
"service_account_id": "xxxxx",
"service_name": "bedrock-agentcore-control",
"active_endpoint": "production_endpoints",
"production_endpoints": {
"control_plane": "https://bedrock-agentcore-control.us-east-1.amazonaws.com",
"gateway_id": "example-gateway-abc123def456",
"gateway_url": "https://example-gateway-abc123def456.gateway.bedrock-agentcore.us-east-1.amazonaws.com/mcp"
}
},
"okta": {
"audience": "api://default",
"discovery_url": "https://dev-12345678.okta.com/oauth2/default/.well-known/openid-configuration"
},
"environments": {
"dev": {
"aws_profile": "demo1",
"aws_region": "us-east-1",
"aws_account": "123456789012",
"resource_prefix": "dev",
"bedrock_agentcore_role_name": "example-bedrock-agentcore-gateway-role",
"bedrock_agentcore_policy_name": "example-bedrock-agentcore-gateway-policy"
}
}
}
```
## 🧰 **Configuration Manager API**
### **Basic Usage**
```python
from config_manager import BedrockAgentCoreConfigManager
# Initialize manager
config_manager = BedrockAgentCoreConfigManager()
# Get configuration for environment
config = config_manager.get_aws_config('dev')
```
### **Available Methods**
#### **AWS Configuration**
- `get_aws_config(environment)`: Get AWS settings for environment
- `get_default_environment()`: Get default environment name
- `get_environments()`: Get list of available environments
#### **Bedrock AgentCore Gateway Configuration**
- `get_bedrock_agentcore_endpoints()`: Get active endpoints
- `get_bedrock_agentcore_role_arn(environment)`: Get role ARN
- `get_mcp_endpoint_url(gateway_id)`: Get MCP endpoint URL
- `get_mcp_gateway_url(gateway_id)`: Get gateway URL
#### **Dynamic ARN Generation**
```python
# Generate ARNs and URLs
role_arn = config_manager.get_bedrock_agentcore_role_arn("prod")
lambda_arn = config_manager.get_lambda_arn("dev", "my-function")
mcp_url = config_manager.get_mcp_gateway_url("GATEWAY123")
```
#### **Tool Management**
- `get_tool_schemas()`: Get all tool schemas
- `get_tool_schema(tool_name)`: Get specific tool schema
- `get_tool_count()`: Get total number of tools
- `get_tool_names()`: Get list of all tool names
#### **Gateway Management**
- `update_gateway_info_from_response(response)`: Update gateway info
- `clear_gateway_info(gateway_id)`: Clear gateway info
- `get_gateway_description(environment)`: Generate gateway description
- `get_target_description(environment)`: Generate target description
#### **Utility Methods**
- `print_config_summary(environment)`: Print configuration summary
- `validate_config()`: Validate configuration completeness
- `validate_required_settings(environment)`: Check for missing settings
## 🔄 **Legacy Support**
For backward compatibility with .env files:
```python
# Get equivalent of .env variable
token_url = config_manager.get_env_equivalent('OKTA_TOKEN_URL')
```
## 🧪 **Testing**
```bash
# Run configuration manager tests
python config_manager.py
# Expected output:
# 🧪 Testing Bedrock AgentCore Configuration Manager
# ==================================================
# 📋 Configuration Summary
# ...
# ✅ Configuration Manager Test Complete
```
## 🔌 **Environment Variables**
For scripts that need environment variables:
```bash
export AWS_PROFILE=myprofile
export AWS_REGION=us-east-1
export BEDROCK_AGENTCORE_GATEWAY_ID=ABC123XYZ
python create-target-json.py
```
---
Reference in New Issue Copy Permalink