2025-07-16 14:07:30 -04:00
|
|
|
server {
|
|
|
|
|
listen 8080;
|
|
|
|
|
server_name localhost;
|
|
|
|
|
|
|
|
|
|
# Root set to okta-auth directory to serve iframe-oauth-flow.html
|
fix (02-use-cases): AWS Operations Agent updated with AgentCore Runtime (#177)
* feat: Add AWS Operations Agent with AgentCore Runtime
- Complete rewrite of AWS Operations Agent using Amazon Bedrock AgentCore
- Added comprehensive deployment scripts for DIY and SDK runtime modes
- Implemented OAuth2/PKCE authentication with Okta integration
- Added MCP (Model Context Protocol) tool support for AWS service operations
- Sanitized all sensitive information (account IDs, domains, client IDs) with placeholders
- Added support for 17 AWS services: EC2, S3, Lambda, CloudFormation, IAM, RDS, CloudWatch, Cost Explorer, ECS, EKS, SNS, SQS, DynamoDB, Route53, API Gateway, SES, Bedrock, SageMaker
- Includes chatbot client, gateway management scripts, and comprehensive testing
- Ready for public GitHub with security-cleared configuration files
Security: All sensitive values replaced with <YOUR_AWS_ACCOUNT_ID>, <YOUR_OKTA_DOMAIN>, <YOUR_OKTA_CLIENT_ID> placeholders
* Update AWS Operations Agent architecture diagram
---------
Co-authored-by: name <alias@amazon.com>
2025-07-31 11:59:30 -07:00
|
|
|
# UPDATE THIS PATH: Replace with your actual project path + /okta-auth
|
|
|
|
|
root /path/to/your/AgentCore/okta-auth;
|
2025-07-16 14:07:30 -04:00
|
|
|
index iframe-oauth-flow.html;
|
|
|
|
|
|
|
|
|
|
# Security headers for OIDC
|
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
|
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
|
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
|
|
|
|
|
|
|
|
# CORS headers for Okta integration
|
|
|
|
|
add_header Access-Control-Allow-Origin "https://*.okta.com" always;
|
|
|
|
|
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
|
|
|
|
|
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept" always;
|
|
|
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
|
|
|
|
|
|
|
|
# Main location - serve iframe-oauth-flow.html
|
|
|
|
|
location / {
|
|
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
|
|
|
|
|
|
# Cache static assets
|
|
|
|
|
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
|
|
|
|
|
expires 1y;
|
|
|
|
|
add_header Cache-Control "public, immutable";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Location block for okta-auth route
|
|
|
|
|
location /okta-auth {
|
fix (02-use-cases): AWS Operations Agent updated with AgentCore Runtime (#177)
* feat: Add AWS Operations Agent with AgentCore Runtime
- Complete rewrite of AWS Operations Agent using Amazon Bedrock AgentCore
- Added comprehensive deployment scripts for DIY and SDK runtime modes
- Implemented OAuth2/PKCE authentication with Okta integration
- Added MCP (Model Context Protocol) tool support for AWS service operations
- Sanitized all sensitive information (account IDs, domains, client IDs) with placeholders
- Added support for 17 AWS services: EC2, S3, Lambda, CloudFormation, IAM, RDS, CloudWatch, Cost Explorer, ECS, EKS, SNS, SQS, DynamoDB, Route53, API Gateway, SES, Bedrock, SageMaker
- Includes chatbot client, gateway management scripts, and comprehensive testing
- Ready for public GitHub with security-cleared configuration files
Security: All sensitive values replaced with <YOUR_AWS_ACCOUNT_ID>, <YOUR_OKTA_DOMAIN>, <YOUR_OKTA_CLIENT_ID> placeholders
* Update AWS Operations Agent architecture diagram
---------
Co-authored-by: name <alias@amazon.com>
2025-07-31 11:59:30 -07:00
|
|
|
# UPDATE THIS PATH: Replace with your actual project path + /okta-auth
|
|
|
|
|
alias /path/to/your/AgentCore/okta-auth;
|
2025-07-16 14:07:30 -04:00
|
|
|
try_files $uri $uri/ /okta-auth/iframe-oauth-flow.html;
|
|
|
|
|
|
|
|
|
|
# Set index for this location
|
|
|
|
|
location = /okta-auth {
|
|
|
|
|
return 301 /okta-auth/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location = /okta-auth/ {
|
|
|
|
|
try_files /iframe-oauth-flow.html =404;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Health check
|
|
|
|
|
location /health {
|
|
|
|
|
access_log off;
|
|
|
|
|
return 200 "healthy\n";
|
|
|
|
|
add_header Content-Type text/plain;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Error pages
|
|
|
|
|
error_page 404 /404.html;
|
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
|
|
|
|
|
|
location = /404.html {
|
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location = /50x.html {
|
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Logging
|
|
|
|
|
access_log /var/log/nginx/okta-local.access.log;
|
|
|
|
|
error_log /var/log/nginx/okta-local.error.log;
|
|
|
|
|
}
|
