# Static Configuration - Manual edits only # This file contains all configuration values that are manually set and do not change during deployment # AWS Settings (used by ALL deployment scripts and agents) aws: region: "us-east-1" account_id: "" # Model Settings (used by agents via get_model_settings()) agents: modelid: "us.anthropic.claude-3-7-sonnet-20250219-v1:0" max_concurrent: 2 payload_formats: diy: "direct" sdk: "direct" streaming: true # Okta OAuth2 Configuration (used by deployment scripts and gateway creation) okta: domain: "" # OAuth2 authorization server configuration (recommended to keep default authorization server. otherwise change the configuration urls accordingly) authorization_server: "default" # Client configuration for user authentication (PKCE flow) - Okta App ClientID - 'aws-support-agent-client' user_auth: client_id: "" audience: "" redirect_uri: "http://localhost:8080/callback" scope: "openid profile email" # JWT token configuration for M2M flow jwt: audience: "" issuer: "https:///oauth2/default" discovery_url: "https:///oauth2/default/.well-known/openid-configuration" cache_duration: 300 refresh_threshold: 60 # AgentCore JWT Authorizer Configuration for Runtime agentcore: jwt_authorizer: discovery_url: "https:///oauth2/default/.well-known/openid-configuration" allowed_audience: - "" # Client Settings (used by chatbot client) client: default_agent: "sdk" interface: "cli" log_level: "INFO" session_timeout: 480 # Container Settings (used by deployment scripts) container: health_path: "/ping" memory_size: 3008 platform: "linux/arm64" port: 8080 timeout: 900 # Runtime Base Settings (used by deployment scripts) runtime: name_prefix: "bac-runtime" role_arn: "arn:aws:iam:::role/bac-execution-role" diy_agent: name: "bac_runtime_diy" sdk_agent: name: "bac_runtime_sdk" # Gateway Base Settings gateway: name: "bac-gtw" protocol: "MCP" # MCP Lambda Settings (used by deployment scripts) mcp_lambda: ecr_repository_name: "bac-mcp-tool-repo" stack_name: "bac-mcp-stack" # Memory Settings (used by deployment scripts and agents) memory: name: "bac_agent_memory" description: "BAC Agent conversation memory storage" event_expiry_days: 90 # Deployment Settings (used by deployment scripts) deployment: aws_profile: "" # Leave empty to use default AWS credentials # Development settings development: local_callback_port: 8080 debug_token_validation: true log_token_claims: false mock_auth: false mock_token: "" # Production settings production: require_https: true validate_token_expiry: true strict_audience_validation: true token_request_rate_limit: 10 log_auth_events: true metrics_enabled: true # Bedrock agent tools schema for gateway target creation tools_schema: - name: "hello_world" description: "Returns a friendly hello world message" inputSchema: type: "object" properties: name: type: "string" description: "Name to greet (optional)" required: [] - name: "get_time" description: "Returns current server time" inputSchema: type: "object" properties: {} required: [] - name: "ec2_read_operations" description: "Perform read-only operations on EC2 resources. Accepts natural language queries about EC2 instances, security groups, VPCs, subnets, and key pairs." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about EC2 resources (e.g., 'list running instances', 'show security groups', 'count instances by region')" required: ["query"] - name: "s3_read_operations" description: "Perform read-only operations on S3 resources. Accepts natural language queries about S3 buckets, policies, and configurations." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about S3 resources (e.g., 'list all buckets', 'show bucket policies', 'find large buckets')" required: ["query"] - name: "lambda_read_operations" description: "Perform read-only operations on Lambda resources. Accepts natural language queries about Lambda functions, layers, and configurations." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about Lambda resources (e.g., 'list all functions', 'show function runtimes', 'find functions with high memory')" required: ["query"] - name: "cloudformation_read_operations" description: "Perform read-only operations on CloudFormation resources. Accepts natural language queries about stacks, resources, and templates." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about CloudFormation resources (e.g., 'list all stacks', 'show failed stacks', 'find stack resources')" required: ["query"] - name: "iam_read_operations" description: "Perform read-only operations on IAM resources. Accepts natural language queries about users, roles, policies, and groups." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about IAM resources (e.g., 'list all users', 'show admin roles', 'find unused policies')" required: ["query"] - name: "rds_read_operations" description: "Perform read-only operations on RDS resources. Accepts natural language queries about database instances, clusters, and configurations." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about RDS resources (e.g., 'list all databases', 'show database engines', 'find large instances')" required: ["query"] - name: "cloudwatch_read_operations" description: "Perform read-only operations on CloudWatch resources. Accepts natural language queries about metrics, alarms, and logs." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about CloudWatch resources (e.g., 'show active alarms', 'list log groups', 'find high CPU metrics')" required: ["query"] - name: "cost_explorer_read_operations" description: "Perform read-only operations on Cost Explorer. Accepts natural language queries about costs, billing, and usage." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about costs and billing (e.g., 'show monthly costs', 'find expensive services', 'compare last 3 months')" required: ["query"] - name: "ecs_read_operations" description: "Perform read-only operations on ECS resources. Accepts natural language queries about clusters, services, and tasks." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about ECS resources (e.g., 'list all clusters', 'show running services', 'find failed tasks')" required: ["query"] - name: "eks_read_operations" description: "Perform read-only operations on EKS resources. Accepts natural language queries about Kubernetes clusters and node groups." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about EKS resources (e.g., 'list all clusters', 'show node groups', 'find cluster versions')" required: ["query"] - name: "sns_read_operations" description: "Perform read-only operations on SNS resources. Accepts natural language queries about topics and subscriptions." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about SNS resources (e.g., 'list all topics', 'show subscriptions', 'find topic policies')" required: ["query"] - name: "sqs_read_operations" description: "Perform read-only operations on SQS resources. Accepts natural language queries about queues and messages." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about SQS resources (e.g., 'list all queues', 'show queue attributes', 'find queues with messages')" required: ["query"] - name: "dynamodb_read_operations" description: "Perform read-only operations on DynamoDB resources. Accepts natural language queries about tables and indexes." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about DynamoDB resources (e.g., 'list all tables', 'show table indexes', 'find large tables')" required: ["query"] - name: "route53_read_operations" description: "Perform read-only operations on Route53 resources. Accepts natural language queries about DNS zones and records." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about Route53 resources (e.g., 'list hosted zones', 'show DNS records', 'find domain configurations')" required: ["query"] - name: "apigateway_read_operations" description: "Perform read-only operations on API Gateway resources. Accepts natural language queries about APIs and deployments." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about API Gateway resources (e.g., 'list all APIs', 'show API stages', 'find API methods')" required: ["query"] - name: "ses_read_operations" description: "Perform read-only operations on SES resources. Accepts natural language queries about email identities and configurations." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about SES resources (e.g., 'list verified emails', 'show sending statistics', 'find configuration sets')" required: ["query"] - name: "bedrock_read_operations" description: "Perform read-only operations on Bedrock resources. Accepts natural language queries about foundation models and jobs." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about Bedrock resources (e.g., 'list available models', 'show model capabilities', 'find customization jobs')" required: ["query"] - name: "sagemaker_read_operations" description: "Perform read-only operations on SageMaker resources. Accepts natural language queries about ML endpoints and models." inputSchema: type: "object" properties: query: type: "string" description: "Natural language query about SageMaker resources (e.g., 'list all endpoints', 'show training jobs', 'find model artifacts')" required: ["query"]