mirror of
https://github.com/awslabs/amazon-bedrock-agentcore-samples.git
synced 2025-09-08 20:50:46 +00:00
d9f9dffdf8
* Potential fix for code scanning Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 65: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update setup_database_access.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 41: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 40: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update setup_cognito.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 39: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update retrieve_api_key.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 34: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 33: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 32: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update oauth_test.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 29: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update get_customer_profile.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 28: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update deploy_agent_runtime.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 25: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update credentials_manager.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 18: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update create-gateway.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 15: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update config.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 14: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update cognito_oauth_setup.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 13: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update auth.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Potential fix for code scanning alert no. 9: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update deploy_agent_runtime.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update retrieve_api_key.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update retrieve_api_key.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> * Update deploy_agent_runtime.py Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> --------- Signed-off-by: Eashan Kaushik <50113394+EashanKaushik@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Gateway Module
This module handles the creation and configuration of the Amazon Bedrock Gateway and Gateway Target for the Device Management MCP server.
Components
cognito_oauth_setup.py: Script to set up Cognito OAuth and automatically update .env with credentialscreate_gateway.py: Script to create a gateway in Amazon Bedrock with Cognito authenticationdevice-management-target.py: Script to create a gateway target that connects to the Lambda function
Setup
- Create a
.envfile in this directory with the following variables:
# AWS and endpoint configuration
AWS_REGION=us-west-2
ENDPOINT_URL=https://bedrock-agentcore-control.us-west-2.amazonaws.com
# Lambda configuration (from device-management module)
LAMBDA_ARN=arn:aws:lambda:us-west-2:your-account-id:function:DeviceManagementLambda
# Target configuration
GATEWAY_IDENTIFIER=your-gateway-identifier
TARGET_NAME=device-management-target
TARGET_DESCRIPTION=List, Update device management activities
# Gateway creation configuration
COGNITO_USERPOOL_ID=your-cognito-userpool-id
COGNITO_APP_CLIENT_ID=your-cognito-app-client-id
GATEWAY_NAME=Device-Management-Gateway
ROLE_ARN=arn:aws:iam::your-account-id:role/YourGatewayRole
GATEWAY_DESCRIPTION=Device Management Gateway
Usage
Setup Cognito OAuth (First Time)
Before creating the gateway, set up Cognito OAuth configuration:
python cognito_oauth_setup.py
This will:
- Create a Cognito OAuth authorizer
- Automatically update your
.envfile with:COGNITO_USERPOOL_IDCOGNITO_CLIENT_IDCOGNITO_CLIENT_SECRETCOGNITO_DOMAIN
Create Gateway
python create_gateway.py
This will create a new gateway in Amazon Bedrock and output the Gateway ID.
Create Gateway Target
After creating the gateway and deploying the Lambda function (from the device-management module), run:
python device-management-target.py
This will create a gateway target that connects to the Lambda function and configure the tool schema.
Setup Gateway Observability
After creating the gateway, enable observability logging:
python gateway_observability.py
This will:
- Create a CloudWatch log group for gateway logs
- Set up log delivery from the gateway to CloudWatch
- Enable monitoring of gateway operations
Note: Ensure your .env file contains GATEWAY_ARN and GATEWAY_ID before running this script.
IAM Permissions
The IAM role used for gateway creation should have the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:PassRole",
"bedrock-agentcore:*"
],
"Resource": "*"
}
]
}
Integration with Other Modules
- Device Management Module: The gateway target connects to the Lambda function defined in the device-management module.
- Frontend Module: The frontend will use the gateway URL to communicate with the MCP server.