mirror of
https://github.com/awslabs/amazon-bedrock-agentcore-samples.git
synced 2025-09-08 20:50:46 +00:00
ff5fdffd42
* Add multi-region support for SRE-Agent - Add AWS region configuration parameter to agent_config.yaml - Update gateway main.py to validate region matches endpoint URL - Modify SRE agent to read region from config and pass through function chain - Update memory client and LLM creation to use configurable region - Fixes hardcoded us-east-1 region dependencies Closes #245 * Move architecture file to docs/ and improve setup instructions - Move sre_agent_architecture.md to docs/ folder for better organization - Update graph export code to generate architecture file in docs/ folder - Add automatic docs directory creation if it doesn't exist - Improve README setup instructions: - Fix .env.example copy path to use sre_agent folder - Add note that Amazon Bedrock users don't need to modify .env - Add START_API_BACKEND variable to conditionally start backend servers - Useful for workshop environments where backends are already running * Improve gateway configuration documentation and setup instructions - Update config.yaml.example to use REGION placeholder instead of hardcoded us-east-1 - Add gateway configuration step to README setup instructions - Document .cognito_config file in auth.md automated setup section - Remove duplicate credential_provider_name from config.yaml.example - Update configuration.md to include .cognito_config in files overview - Add clear instructions to copy and edit gateway/config.yaml before creating gateway * Improve IAM role guidance and region handling - Add clear guidance about IAM role options in gateway/config.yaml.example - Explain that testing can use current EC2/notebook role - Recommend dedicated role for production deployments - Add aws sts get-caller-identity command to help users find their role - Update deployment scripts to use AWS_REGION env var as fallback - Scripts now follow: CLI arg -> AWS_REGION env var -> us-east-1 default * Remove unnecessary individual Cognito ID files - Remove creation of .cognito_user_pool_id file - Remove creation of .cognito_client_id file - Keep only .cognito_config as the single source of truth - Simplifies configuration management * Implement region fallback logic for SRE Agent - Added region fallback chain: agent_config.yaml -> AWS_REGION env -> us-east-1 - Modified agent_config.yaml to comment out region parameter to enable fallback - Updated multi_agent_langgraph.py with comprehensive fallback implementation - Added logging to show which region source is being used - Ensures flexible region configuration without breaking existing deployments - Maintains backward compatibility while adding multi-region support
Gateway Component
This directory contains the MCP (Model Context Protocol) gateway management tools for SRE Agent.
📁 Files
main.py- AgentCore Gateway Management Tool for creating and managing AWS AgentCore Gatewaysmcp_cmds.sh- Shell script for MCP gateway operations and setupgenerate_token.py- JWT token generation for gateway authenticationopenapi_s3_target_cognito.sh- Script for adding OpenAPI targets with S3 and Cognito integrationconfig.yaml- Gateway configuration fileconfig.yaml.example- Example configuration template.env- Environment variables for gateway setup.env.example- Example environment variables template
🚀 Gateway Setup
Step-by-Step Setup
-
Configure the gateway (copy and edit config):
cd gateway cp config.yaml.example config.yaml cp .env.example .env # Edit config.yaml and .env with your specific settings -
Create the gateway:
./create_gateway.sh -
Test the gateway:
./mcp_cmds.sh # To capture output to a log file for debugging: ./mcp_cmds.sh 2>&1 | tee mcp_cmds.log
This setup process will:
- Configure the MCP gateway infrastructure
- Create the gateway with proper authentication and token management
- Test the gateway functionality and validate the setup
🔧 Components
Gateway Management (main.py)
The main gateway management tool provides functionality to:
- Create and manage AWS AgentCore Gateways
- Support MCP protocol integration
- Handle JWT authorization
- Add OpenAPI targets from S3 or inline schemas
MCP Commands (mcp_cmds.sh)
Shell script that orchestrates the gateway setup process including:
- Gateway creation
- Configuration validation
- Service registration
- Health checking
Token Generation (generate_token.py)
Utility for generating JWT tokens for gateway authentication:
python generate_token.py --config config.yaml
OpenAPI Integration (openapi_s3_target_cognito.sh)
Script for integrating OpenAPI specifications with S3 storage and Cognito authentication.
🔍 Usage
Quick Reference
- Configure your settings in
config.yaml - Create the gateway:
./create_gateway.sh - Test the gateway:
./mcp_cmds.sh - For debugging, capture output:
./mcp_cmds.sh 2>&1 | tee mcp_cmds.log - Verify gateway is running and accessible
- Generate tokens as needed for client authentication
Development Mode
For development and testing, you can also run components individually:
# Generate tokens
python generate_token.py
# Create gateway with specific config
python main.py --config config.yaml
# Add OpenAPI targets
./openapi_s3_target_cognito.sh
⚠️ Important Notes
- Always run
mcp_cmds.shfrom the gateway directory - Ensure
config.yamlis properly configured before setup - The gateway must be running before starting SRE Agent investigations
- Keep authentication tokens secure and rotate them regularly
- Log files (*.log) are automatically ignored by git - safe to create for debugging
🔗 Integration
Once the gateway is set up and running, it provides the MCP endpoint that the SRE Agent core system connects to for accessing infrastructure APIs and tools.