iSharkFly-Docs/amazon-bedrock-agentcore-samples
1
0
Fork 0
mirror of https://github.com/awslabs/amazon-bedrock-agentcore-samples.git synced 2025-09-08 20:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
117 Commits 48 Branches 0 Tags
Commit Graph

10 Commits

Author SHA1 Message Date
Eashan Kaushik
ade95b51ca
fix(02-use-cases): Update create-gateway.py (#291) 
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>
 2025-08-25 16:43:30 -04:00
Eashan Kaushik
d9f9dffdf8
fix(agentcore-samples): fix for code scanning: Clear-text logging of sensitive information (#286) 
* Potential fix for code scanning

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 65: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update setup_database_access.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 41: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 40: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update setup_cognito.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 39: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update retrieve_api_key.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 34: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 33: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 32: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update oauth_test.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 29: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update get_customer_profile.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 28: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update deploy_agent_runtime.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 25: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update credentials_manager.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 18: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update create-gateway.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 15: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update config.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 14: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update cognito_oauth_setup.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 13: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update auth.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Potential fix for code scanning alert no. 9: Clear-text logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update deploy_agent_runtime.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update retrieve_api_key.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update retrieve_api_key.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

* Update deploy_agent_runtime.py

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>

---------

Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2025-08-25 16:09:11 -04:00
rohillasandeep
a97b6e6e8b
Update AWS Operations Agent README.md (#235) 
* Update AWS operations agent configuration and documentation - preserve local changes

* Update AWS operations agent README.md

* Update OKTA OpenID PKCE setup documentation

* Update OKTA authentication configuration and nginx setup

* Update OKTA OpenID PKCE setup documentation

* Update static-config.yaml for AWS operations agent

* Update AWS Operations Agent README.md

---------

Signed-off-by: rohillasandeep <31911590+rohillasandeep@users.noreply.github.com>
Co-authored-by: name <alias@amazon.com>
 2025-08-14 14:25:11 -07:00
rohillasandeep
6b02c0c482
fix(02-use-cases): Updated AWS Operations agents Readme.md (#229) 
* Update AWS operations agent configuration and documentation - preserve local changes

* Update AWS operations agent README.md

* Update OKTA OpenID PKCE setup documentation

* Update OKTA authentication configuration and nginx setup

* Update OKTA OpenID PKCE setup documentation

---------

Co-authored-by: name <alias@amazon.com>
 2025-08-11 10:03:46 -04:00
rohillasandeep
01246a98b2
Configuration Management Fixes (#223) 
* feat: Add AWS Operations Agent with AgentCore Runtime

- Complete rewrite of AWS Operations Agent using Amazon Bedrock AgentCore
- Added comprehensive deployment scripts for DIY and SDK runtime modes
- Implemented OAuth2/PKCE authentication with Okta integration
- Added MCP (Model Context Protocol) tool support for AWS service operations
- Sanitized all sensitive information (account IDs, domains, client IDs) with placeholders
- Added support for 17 AWS services: EC2, S3, Lambda, CloudFormation, IAM, RDS, CloudWatch, Cost Explorer, ECS, EKS, SNS, SQS, DynamoDB, Route53, API Gateway, SES, Bedrock, SageMaker
- Includes chatbot client, gateway management scripts, and comprehensive testing
- Ready for public GitHub with security-cleared configuration files

Security: All sensitive values replaced with <YOUR_AWS_ACCOUNT_ID>, <YOUR_OKTA_DOMAIN>, <YOUR_OKTA_CLIENT_ID> placeholders

* Update AWS Operations Agent architecture diagram

* feat: Enhance AWS Operations Agent with improved testing and deployment

- Update README with new local container testing approach using run-*-local-container.sh scripts
- Replace deprecated SAM-based MCP Lambda deployment with ZIP-based deployment
- Add no-cache flag to Docker builds to ensure clean builds
- Update deployment scripts to use consolidated configuration files
- Add comprehensive cleanup scripts for all deployment components
- Improve error handling and credential validation in deployment scripts
- Add new MCP tool deployment using ZIP packaging instead of Docker containers
- Update configuration management to use dynamic-config.yaml structure
- Add local testing capabilities with containerized agents
- Remove outdated test scripts and replace with interactive chat client approach

* fix: Update IAM policy configurations

- Update bac-permissions-policy.json with enhanced permissions
- Update bac-trust-policy.json for improved trust relationships

* fix: Update Docker configurations for agent runtimes

- Update Dockerfile.diy with improved container configuration
- Update Dockerfile.sdk with enhanced build settings

* fix: Update OAuth iframe flow configuration

- Update iframe-oauth-flow.html with improved OAuth handling

* feat: Update AWS Operations Agent configuration and cleanup

- Update IAM permissions policy with enhanced access controls
- Update IAM trust policy with improved security conditions
- Enhance OAuth iframe flow with better UX and error handling
- Improve chatbot client with enhanced local testing capabilities
- Remove cache files and duplicate code for cleaner repository

* docs: Add architecture diagrams and update README

- Add architecture-2.jpg and flow.jpg diagrams for better visualization
- Update README.md with enhanced documentation and diagrams

* Save current work before resolving merge conflicts

* Keep AWS-operations-agent changes (local version takes precedence)

* Fix: Remove merge conflict markers from AWS-operations-agent files - restore clean version

* Fix deployment and cleanup script issues

Major improvements and fixes:

Configuration Management:
- Fix role assignment in gateway creation (use bac-execution-role instead of Lambda role)
- Add missing role_arn cleanup in MCP tool deletion script
- Fix OAuth provider deletion script configuration clearing
- Improve memory deletion script to preserve quote consistency
- Add Lambda invoke permissions to bac-permissions-policy.json

Script Improvements:
- Reorganize deletion scripts: 11-delete-oauth-provider.sh, 12-delete-memory.sh, 13-cleanup-everything.sh
- Fix interactive prompt handling in cleanup scripts (echo -e format)
- Add yq support with sed fallbacks for better YAML manipulation
- Remove obsolete 04-deploy-mcp-tool-lambda-zip.sh script

Architecture Fixes:
- Correct gateway role assignment to use runtime.role_arn (bac-execution-role)
- Ensure proper role separation between gateway and Lambda execution
- Fix configuration cleanup to clear all dynamic config fields consistently

Documentation:
- Update README with clear configuration instructions
- Maintain security best practices with placeholder values
- Add comprehensive deployment and cleanup guidance

These changes address systematic issues with cleanup scripts, role assignments,
and configuration management while maintaining security best practices.

* Update README.md with comprehensive documentation

Enhanced documentation includes:
- Complete project structure with 75 files
- Step-by-step deployment guide with all 13 scripts
- Clear configuration instructions with security best practices
- Dual agent architecture documentation (DIY + SDK)
- Authentication flow and security implementation details
- Troubleshooting guide and operational procedures
- Local testing and container development guidance
- Tool integration and MCP protocol documentation

The README now provides complete guidance for deploying and operating
the AWS Support Agent with Amazon Bedrock AgentCore system.

---------

Co-authored-by: name <alias@amazon.com>
 2025-08-09 13:51:24 -07:00
rohillasandeep
17a75597fe
fix (02-use-cases): AWS Operations Agent updated with AgentCore Runtime (#177) 
* feat: Add AWS Operations Agent with AgentCore Runtime

- Complete rewrite of AWS Operations Agent using Amazon Bedrock AgentCore
- Added comprehensive deployment scripts for DIY and SDK runtime modes
- Implemented OAuth2/PKCE authentication with Okta integration
- Added MCP (Model Context Protocol) tool support for AWS service operations
- Sanitized all sensitive information (account IDs, domains, client IDs) with placeholders
- Added support for 17 AWS services: EC2, S3, Lambda, CloudFormation, IAM, RDS, CloudWatch, Cost Explorer, ECS, EKS, SNS, SQS, DynamoDB, Route53, API Gateway, SES, Bedrock, SageMaker
- Includes chatbot client, gateway management scripts, and comprehensive testing
- Ready for public GitHub with security-cleared configuration files

Security: All sensitive values replaced with <YOUR_AWS_ACCOUNT_ID>, <YOUR_OKTA_DOMAIN>, <YOUR_OKTA_CLIENT_ID> placeholders

* Update AWS Operations Agent architecture diagram

---------

Co-authored-by: name <alias@amazon.com>
 2025-07-31 14:59:30 -04:00
rohillasandeep
ced77e7255
dev (#155) 
* Remove .aws-sam build artifacts

Deleted .aws-sam folder as it contains build artifacts that are generated
during sam build and should not be checked into version control.

* Fix MCP 1.10.0 compatibility and add Docker support

- Fix MCP client for 1.10.0 API changes (streamablehttp_client now returns 3-tuple)
- Add comprehensive .gitignore for AWS Operations Agent project
- Add Dockerfiles for agent-lambda and mcp-tool-lambda
- Update requirements.txt to use mcp==1.10.0
- Add fallback DirectMCPClient class for better error handling

* Update documentation and scripts

- Update SETUP.md with latest deployment instructions
- Modify create-target.py script for improved functionality

* Remove .gitignore files from AgentCore samples repository

- Deleted 6 .gitignore files to prevent conflicts with parent repository
- Includes root .gitignore and use-case specific .gitignore files
- Cleaned up: customer-support-assistant, SRE-agent, AWS-operations-agent, and video-games-sales-assistant directories
- Enables consistent gitignore management at repository level

* Update Okta PKCE setup documentation and nginx configuration

- Added nginx installation instructions for macOS with Homebrew
- Referenced official nginx documentation for other platforms
- Updated OAuth parameter configuration to reflect current HTML form structure
- Removed hardcoded absolute paths from nginx configuration and replaced with placeholders
- Updated token usage instructions to use correct entry point (main.py)
- Added instructions for users to update nginx configuration paths


* Improve setup documentation consistency

- Confirmed virtual environment setup is already covered in Step 1
- No duplication needed in gateway creation section
- Documentation structure remains clear and concise
 2025-07-25 17:14:29 -07:00
rohillasandeep
ccbeae72d8
Rohillao dev (#137) 
* Remove .aws-sam build artifacts

Deleted .aws-sam folder as it contains build artifacts that are generated
during sam build and should not be checked into version control.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Fix MCP 1.10.0 compatibility and add Docker support

- Fix MCP client for 1.10.0 API changes (streamablehttp_client now returns 3-tuple)
- Add comprehensive .gitignore for AWS Operations Agent project
- Add Dockerfiles for agent-lambda and mcp-tool-lambda
- Update requirements.txt to use mcp==1.10.0
- Add fallback DirectMCPClient class for better error handling

* Update documentation and scripts

- Update SETUP.md with latest deployment instructions
- Modify create-target.py script for improved functionality

---------

Co-authored-by: name <alias@amazon.com>
Co-authored-by: Claude <noreply@anthropic.com>
 2025-07-24 09:52:55 -07:00
rohillasandeep
f58e9e362b
Remove .aws-sam build artifacts (#123) 
Deleted .aws-sam folder as it contains build artifacts that are generated
during sam build and should not be checked into version control.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: name <alias@amazon.com>
Co-authored-by: Claude <noreply@anthropic.com>
 2025-07-22 23:00:46 -07:00
Shreyas Subramanian
176ef7bd91
renaming folders (#102) 2025-07-21 10:45:13 -04:00