iSharkFly-Docs/amazon-bedrock-agentcore-samples
1
0
Fork 0
mirror of https://github.com/awslabs/amazon-bedrock-agentcore-samples.git synced 2025-09-08 20:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
amazon-bedrock-agentcore-sa.../02-use-cases/SRE-agent/gateway/observability.py
Dheeraj Oruganty e346e83bf1
fix(02-use-cases): SRE-Agent Deployment (#179) 
* Add missing credential_provider_name parameter to config.yaml.example

* Fix get_config function to properly parse YAML values with inline comments

* Enhanced get_config to prevent copy-paste whitespace errors in AWS identifiers

* Improve LLM provider configuration and error handling with bedrock as default

* Add OpenAPI templating system and fix hardcoded regions

* Add backend template build to Readme

* delete old yaml files

* Fix Cognito setup with automation script and missing domain creation steps

* docs: Add EC2 instance port configuration documentation

- Document required inbound ports (443, 8011-8014)
- Include SSL/TLS security requirements
- Add AWS security group best practices
- Provide port usage summary table

* docs: Add hyperlinks to prerequisites in README

- Link EC2 port configuration documentation
- Link IAM role authentication setup
- Improve navigation to detailed setup instructions

* docs: Add BACKEND_API_KEY to configuration documentation

- Document gateway environment variables section
- Add BACKEND_API_KEY requirement for credential provider
- Include example .env file format for gateway directory
- Explain usage in create_gateway.sh script

* docs: Add BACKEND_API_KEY to deployment guide environment variables

- Include BACKEND_API_KEY in environment variables reference table
- Mark as required for gateway setup
- Provide quick reference alongside other required variables

* docs: Add BedrockAgentCoreFullAccess policy and trust policy documentation

- Document AWS managed policy BedrockAgentCoreFullAccess
- Add trust policy requirements for bedrock-agentcore.amazonaws.com
- Reorganize IAM permissions for better clarity
- Remove duplicate trust policy section
- Add IAM role requirement to deployment prerequisites

* docs: Document role_name field in gateway config example

- Explain that role_name is used to create and manage the gateway
- Specify BedrockAgentCoreFullAccess policy requirement
- Note trust policy requirement for bedrock-agentcore.amazonaws.com
- Improve clarity for gateway configuration setup

* docs: Add AWS IP address ranges for production security enhancement

- Document AWS IP ranges JSON download for restricting access
- Reference official AWS documentation for IP address ranges
- Provide security alternatives to 0.0.0.0/0 for production
- Include examples of restricted security group configurations
- Enable egress filtering and region-specific access control

* style: Format Python code with black

- Reformat 14 Python files for consistent code style
- Apply PEP 8 formatting standards
- Improve code readability and maintainability

* docs: Update SRE agent prerequisites and setup documentation

- Convert prerequisites section to markdown table format
- Add SSL certificate provider examples (no-ip.com, letsencrypt.org)
- Add Identity Provider (IDP) requirement with setup_cognito.sh reference
- Clarify that all prerequisites must be completed before setup
- Add reference to domain name and cert paths needed for BACKEND_DOMAIN
- Remove Managing OpenAPI Specifications section (covered in use-case setup)
- Add Deployment Guide link to Development to Production section

Addresses issues #171 and #174

* fix: Replace 'AWS Bedrock' with 'Amazon Bedrock' in SRE agent files

- Updated error messages in llm_utils.py
- Updated comments in both .env.example files
- Ensures consistent naming convention across SRE agent codebase

---------

Co-authored-by: dheerajoruganty <dheo@amazon.com>
Co-authored-by: Amit Arora <aroraai@amazon.com>
2025-08-01 13:24:58 -04:00

62 lines
2.2 KiB
Python
Raw Permalink Blame History

import boto3
def enable_observability_for_resource(
resource_arn: str, resource_id: str, account_id: str, region: str = "us-east-1"
):
"""
Enable observability for a Bedrock AgentCore resource (e.g., Memory Store)
"""
logs_client = boto3.client("logs", region_name=region)
# Step 0: Create new log group for vended log delivery
log_group_name = f"/aws/vendedlogs/bedrock-agentcore/{resource_id}"
logs_client.create_log_group(logGroupName=log_group_name)
log_group_arn = f"arn:aws:logs:{region}:{account_id}:log-group:{log_group_name}"
# Step 1: Create delivery source for logs
logs_source_response = logs_client.put_delivery_source(
name=f"{resource_id}-logs-source",
logType="APPLICATION_LOGS",
resourceArn=resource_arn,
)
# Step 2: Create delivery source for traces
traces_source_response = logs_client.put_delivery_source(
name=f"{resource_id}-traces-source", logType="TRACES", resourceArn=resource_arn
)
# Step 3: Create delivery destinations
logs_destination_response = logs_client.put_delivery_destination(
name=f"{resource_id}-logs-destination",
deliveryDestinationType="CWL",
deliveryDestinationConfiguration={
"destinationResourceArn": log_group_arn,
},
)
# Traces required for memory only
traces_destination_response = logs_client.put_delivery_destination(
name=f"{resource_id}-traces-destination", deliveryDestinationType="XRAY"
)
# Step 4: Create deliveries (connect sources to destinations)
logs_delivery = logs_client.create_delivery(
deliverySourceName=logs_source_response["deliverySource"]["name"],
deliveryDestinationArn=logs_destination_response["deliveryDestination"]["arn"],
)
# Traces required for memory only
traces_delivery = logs_client.create_delivery(
deliverySourceName=traces_source_response["deliverySource"]["name"],
deliveryDestinationArn=traces_destination_response["deliveryDestination"][
"arn"
],
)
print(f"Observability enabled for {resource_id}")
return {
"logs_delivery_id": logs_delivery["id"],
"traces_delivery_id": traces_delivery["id"],
}
Reference in New Issue View Git Blame Copy Permalink