iSharkFly-Docs/amazon-bedrock-agentcore-samples
1
0
Fork 0
mirror of https://github.com/awslabs/amazon-bedrock-agentcore-samples.git synced 2025-09-08 20:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
amazon-bedrock-agentcore-sa.../02-use-cases/AWS-operations-agent/agentcore-runtime/deployment/06-deploy-diy.sh

110 lines
4.2 KiB
Bash
Raw Permalink Normal View History

fix (02-use-cases): AWS Operations Agent updated with AgentCore Runtime (#177) * feat: Add AWS Operations Agent with AgentCore Runtime - Complete rewrite of AWS Operations Agent using Amazon Bedrock AgentCore - Added comprehensive deployment scripts for DIY and SDK runtime modes - Implemented OAuth2/PKCE authentication with Okta integration - Added MCP (Model Context Protocol) tool support for AWS service operations - Sanitized all sensitive information (account IDs, domains, client IDs) with placeholders - Added support for 17 AWS services: EC2, S3, Lambda, CloudFormation, IAM, RDS, CloudWatch, Cost Explorer, ECS, EKS, SNS, SQS, DynamoDB, Route53, API Gateway, SES, Bedrock, SageMaker - Includes chatbot client, gateway management scripts, and comprehensive testing - Ready for public GitHub with security-cleared configuration files Security: All sensitive values replaced with <YOUR_AWS_ACCOUNT_ID>, <YOUR_OKTA_DOMAIN>, <YOUR_OKTA_CLIENT_ID> placeholders * Update AWS Operations Agent architecture diagram --------- Co-authored-by: name <alias@amazon.com>
2025-07-31 11:59:30 -07:00
#!/bin/bash
# Deploy the manual FastAPI implementation to ECR
echo "🚀 Deploying DIY agent (FastAPI)..."
# Configuration - Get project directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_DIR="$(dirname "$(dirname "$SCRIPT_DIR")")" # Go up two levels to reach AgentCore root
RUNTIME_DIR="$(dirname "$SCRIPT_DIR")" # agentcore-runtime directory
# Load configuration from unified config system
CONFIG_DIR="${PROJECT_DIR}/config"
BASE_SETTINGS="${CONFIG_DIR}/static-config.yaml"
if command -v yq >/dev/null 2>&1; then
REGION=$(yq eval '.aws.region' "${BASE_SETTINGS}")
ACCOUNT_ID=$(yq eval '.aws.account_id' "${BASE_SETTINGS}")
else
echo "⚠️ yq not found, using grep/sed fallback"
# Fallback: extract from YAML using grep/sed
REGION=$(grep "region:" "${BASE_SETTINGS}" | head -1 | sed 's/.*region: *["'\'']*\([^"'\'']*\)["'\'']*$/\1/')
ACCOUNT_ID=$(grep "account_id:" "${BASE_SETTINGS}" | head -1 | sed 's/.*account_id: *["'\'']*\([^"'\'']*\)["'\'']*$/\1/')
fi
ECR_REPO="bac-runtime-repo-diy"
ECR_URI="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/${ECR_REPO}"
# Get AWS credentials from SSO
echo "🔐 Getting AWS credentials..."
if [ -n "$AWS_PROFILE" ]; then
echo "Using AWS profile: $AWS_PROFILE"
else
echo "Using default AWS credentials"
fi
# Use configured AWS profile if specified in static config
AWS_PROFILE_CONFIG=$(grep "aws_profile:" "${CONFIG_DIR}/static-config.yaml" | head -1 | sed 's/.*aws_profile: *["'\'']*\([^"'\''#]*\)["'\'']*.*$/\1/' | xargs 2>/dev/null)
if [[ -n "$AWS_PROFILE_CONFIG" && "$AWS_PROFILE_CONFIG" != "\"\"" && "$AWS_PROFILE_CONFIG" != "''" ]]; then
echo "Using configured AWS profile: $AWS_PROFILE_CONFIG"
export AWS_PROFILE="$AWS_PROFILE_CONFIG"
fi
# Login to ECR
echo "🔑 Logging into ECR..."
aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin ${ECR_URI}
# Check if repository exists, create if not
echo "📦 Checking ECR repository..."
if ! aws ecr describe-repositories --repository-names ${ECR_REPO} --region ${REGION} >/dev/null 2>&1; then
echo "📦 Creating ECR repository: ${ECR_REPO}"
aws ecr create-repository --repository-name ${ECR_REPO} --region ${REGION}
else
echo "✅ ECR repository exists: ${ECR_REPO}"
fi
# Build ARM64 image using DIY Dockerfile
echo "🔨 Building ARM64 image..."
cd "${PROJECT_DIR}"
Configuration Management Fixes (#223) * feat: Add AWS Operations Agent with AgentCore Runtime - Complete rewrite of AWS Operations Agent using Amazon Bedrock AgentCore - Added comprehensive deployment scripts for DIY and SDK runtime modes - Implemented OAuth2/PKCE authentication with Okta integration - Added MCP (Model Context Protocol) tool support for AWS service operations - Sanitized all sensitive information (account IDs, domains, client IDs) with placeholders - Added support for 17 AWS services: EC2, S3, Lambda, CloudFormation, IAM, RDS, CloudWatch, Cost Explorer, ECS, EKS, SNS, SQS, DynamoDB, Route53, API Gateway, SES, Bedrock, SageMaker - Includes chatbot client, gateway management scripts, and comprehensive testing - Ready for public GitHub with security-cleared configuration files Security: All sensitive values replaced with <YOUR_AWS_ACCOUNT_ID>, <YOUR_OKTA_DOMAIN>, <YOUR_OKTA_CLIENT_ID> placeholders * Update AWS Operations Agent architecture diagram * feat: Enhance AWS Operations Agent with improved testing and deployment - Update README with new local container testing approach using run-*-local-container.sh scripts - Replace deprecated SAM-based MCP Lambda deployment with ZIP-based deployment - Add no-cache flag to Docker builds to ensure clean builds - Update deployment scripts to use consolidated configuration files - Add comprehensive cleanup scripts for all deployment components - Improve error handling and credential validation in deployment scripts - Add new MCP tool deployment using ZIP packaging instead of Docker containers - Update configuration management to use dynamic-config.yaml structure - Add local testing capabilities with containerized agents - Remove outdated test scripts and replace with interactive chat client approach * fix: Update IAM policy configurations - Update bac-permissions-policy.json with enhanced permissions - Update bac-trust-policy.json for improved trust relationships * fix: Update Docker configurations for agent runtimes - Update Dockerfile.diy with improved container configuration - Update Dockerfile.sdk with enhanced build settings * fix: Update OAuth iframe flow configuration - Update iframe-oauth-flow.html with improved OAuth handling * feat: Update AWS Operations Agent configuration and cleanup - Update IAM permissions policy with enhanced access controls - Update IAM trust policy with improved security conditions - Enhance OAuth iframe flow with better UX and error handling - Improve chatbot client with enhanced local testing capabilities - Remove cache files and duplicate code for cleaner repository * docs: Add architecture diagrams and update README - Add architecture-2.jpg and flow.jpg diagrams for better visualization - Update README.md with enhanced documentation and diagrams * Save current work before resolving merge conflicts * Keep AWS-operations-agent changes (local version takes precedence) * Fix: Remove merge conflict markers from AWS-operations-agent files - restore clean version * Fix deployment and cleanup script issues Major improvements and fixes: Configuration Management: - Fix role assignment in gateway creation (use bac-execution-role instead of Lambda role) - Add missing role_arn cleanup in MCP tool deletion script - Fix OAuth provider deletion script configuration clearing - Improve memory deletion script to preserve quote consistency - Add Lambda invoke permissions to bac-permissions-policy.json Script Improvements: - Reorganize deletion scripts: 11-delete-oauth-provider.sh, 12-delete-memory.sh, 13-cleanup-everything.sh - Fix interactive prompt handling in cleanup scripts (echo -e format) - Add yq support with sed fallbacks for better YAML manipulation - Remove obsolete 04-deploy-mcp-tool-lambda-zip.sh script Architecture Fixes: - Correct gateway role assignment to use runtime.role_arn (bac-execution-role) - Ensure proper role separation between gateway and Lambda execution - Fix configuration cleanup to clear all dynamic config fields consistently Documentation: - Update README with clear configuration instructions - Maintain security best practices with placeholder values - Add comprehensive deployment and cleanup guidance These changes address systematic issues with cleanup scripts, role assignments, and configuration management while maintaining security best practices. * Update README.md with comprehensive documentation Enhanced documentation includes: - Complete project structure with 75 files - Step-by-step deployment guide with all 13 scripts - Clear configuration instructions with security best practices - Dual agent architecture documentation (DIY + SDK) - Authentication flow and security implementation details - Troubleshooting guide and operational procedures - Local testing and container development guidance - Tool integration and MCP protocol documentation The README now provides complete guidance for deploying and operating the AWS Support Agent with Amazon Bedrock AgentCore system. --------- Co-authored-by: name <alias@amazon.com>
2025-08-09 13:51:24 -07:00
docker build --no-cache --platform linux/arm64 -f agentcore-runtime/deployment/Dockerfile.diy -t ${ECR_REPO}:latest .
fix (02-use-cases): AWS Operations Agent updated with AgentCore Runtime (#177) * feat: Add AWS Operations Agent with AgentCore Runtime - Complete rewrite of AWS Operations Agent using Amazon Bedrock AgentCore - Added comprehensive deployment scripts for DIY and SDK runtime modes - Implemented OAuth2/PKCE authentication with Okta integration - Added MCP (Model Context Protocol) tool support for AWS service operations - Sanitized all sensitive information (account IDs, domains, client IDs) with placeholders - Added support for 17 AWS services: EC2, S3, Lambda, CloudFormation, IAM, RDS, CloudWatch, Cost Explorer, ECS, EKS, SNS, SQS, DynamoDB, Route53, API Gateway, SES, Bedrock, SageMaker - Includes chatbot client, gateway management scripts, and comprehensive testing - Ready for public GitHub with security-cleared configuration files Security: All sensitive values replaced with <YOUR_AWS_ACCOUNT_ID>, <YOUR_OKTA_DOMAIN>, <YOUR_OKTA_CLIENT_ID> placeholders * Update AWS Operations Agent architecture diagram --------- Co-authored-by: name <alias@amazon.com>
2025-07-31 11:59:30 -07:00
# Tag for ECR
echo "🏷️ Tagging image..."
docker tag ${ECR_REPO}:latest ${ECR_URI}:latest
# Push to ECR
echo "📤 Pushing to ECR..."
docker push ${ECR_URI}:latest
# Update dynamic configuration with ECR URI
echo "📝 Updating dynamic config with ECR URI..."
DYNAMIC_CONFIG="${CONFIG_DIR}/dynamic-config.yaml"
if command -v yq >/dev/null 2>&1; then
# Ensure the runtime.diy_agent section exists
yq eval '.runtime.diy_agent.ecr_uri = "'"${ECR_URI}:latest"'"' -i "${DYNAMIC_CONFIG}"
echo " ✅ Dynamic config updated with ECR URI"
else
echo " ⚠️ yq not found. ECR URI will be updated by Python deployment script"
echo " 📝 ECR URI: ${ECR_URI}:latest"
fi
echo "✅ DIY agent deployed to: ${ECR_URI}:latest"
echo ""
# Automatically run the runtime deployment script
echo "🚀 Running runtime deployment script..."
echo " Executing: python3 deploy-diy-runtime.py"
echo ""
cd "${SCRIPT_DIR}"
if python3 deploy-diy-runtime.py; then
echo ""
echo "🎉 DIY Agent Deployment Complete!"
echo "================================="
echo "✅ ECR image deployed: ${ECR_URI}:latest"
echo "✅ AgentCore runtime created and configured"
echo ""
echo "📋 What was deployed:"
echo " • Docker image built and pushed to ECR"
echo " • AgentCore runtime instance created"
echo " • Workload identity associated with runtime"
echo ""
echo "💻 Your DIY agent is now ready to use OAuth2 tokens and MCP gateway!"
echo " Use @requires_access_token decorator in your agent code"
echo " Connect to the MCP gateway for tool access"
else
echo ""
echo "❌ Runtime deployment failed"
echo "Please check the error messages above and try running manually:"
echo " python3 deploy-diy-runtime.py"
exit 1
fi
Reference in New Issue Copy Permalink