iSharkFly-Docs/amazon-bedrock-agentcore-samples
1
0
Fork 0
mirror of https://github.com/awslabs/amazon-bedrock-agentcore-samples.git synced 2025-09-08 20:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
amazon-bedrock-agentcore-sa.../02-use-cases/SRE-agent/gateway
History
Dheeraj Oruganty e346e83bf1
fix(02-use-cases): SRE-Agent Deployment (#179) 
* Add missing credential_provider_name parameter to config.yaml.example

* Fix get_config function to properly parse YAML values with inline comments

* Enhanced get_config to prevent copy-paste whitespace errors in AWS identifiers

* Improve LLM provider configuration and error handling with bedrock as default

* Add OpenAPI templating system and fix hardcoded regions

* Add backend template build to Readme

* delete old yaml files

* Fix Cognito setup with automation script and missing domain creation steps

* docs: Add EC2 instance port configuration documentation

- Document required inbound ports (443, 8011-8014)
- Include SSL/TLS security requirements
- Add AWS security group best practices
- Provide port usage summary table

* docs: Add hyperlinks to prerequisites in README

- Link EC2 port configuration documentation
- Link IAM role authentication setup
- Improve navigation to detailed setup instructions

* docs: Add BACKEND_API_KEY to configuration documentation

- Document gateway environment variables section
- Add BACKEND_API_KEY requirement for credential provider
- Include example .env file format for gateway directory
- Explain usage in create_gateway.sh script

* docs: Add BACKEND_API_KEY to deployment guide environment variables

- Include BACKEND_API_KEY in environment variables reference table
- Mark as required for gateway setup
- Provide quick reference alongside other required variables

* docs: Add BedrockAgentCoreFullAccess policy and trust policy documentation

- Document AWS managed policy BedrockAgentCoreFullAccess
- Add trust policy requirements for bedrock-agentcore.amazonaws.com
- Reorganize IAM permissions for better clarity
- Remove duplicate trust policy section
- Add IAM role requirement to deployment prerequisites

* docs: Document role_name field in gateway config example

- Explain that role_name is used to create and manage the gateway
- Specify BedrockAgentCoreFullAccess policy requirement
- Note trust policy requirement for bedrock-agentcore.amazonaws.com
- Improve clarity for gateway configuration setup

* docs: Add AWS IP address ranges for production security enhancement

- Document AWS IP ranges JSON download for restricting access
- Reference official AWS documentation for IP address ranges
- Provide security alternatives to 0.0.0.0/0 for production
- Include examples of restricted security group configurations
- Enable egress filtering and region-specific access control

* style: Format Python code with black

- Reformat 14 Python files for consistent code style
- Apply PEP 8 formatting standards
- Improve code readability and maintainability

* docs: Update SRE agent prerequisites and setup documentation

- Convert prerequisites section to markdown table format
- Add SSL certificate provider examples (no-ip.com, letsencrypt.org)
- Add Identity Provider (IDP) requirement with setup_cognito.sh reference
- Clarify that all prerequisites must be completed before setup
- Add reference to domain name and cert paths needed for BACKEND_DOMAIN
- Remove Managing OpenAPI Specifications section (covered in use-case setup)
- Add Deployment Guide link to Development to Production section

Addresses issues #171 and #174

* fix: Replace 'AWS Bedrock' with 'Amazon Bedrock' in SRE agent files

- Updated error messages in llm_utils.py
- Updated comments in both .env.example files
- Ensures consistent naming convention across SRE agent codebase

---------

Co-authored-by: dheerajoruganty <dheo@amazon.com>
Co-authored-by: Amit Arora <aroraai@amazon.com>
2025-08-01 13:24:58 -04:00
..
.env.example
renaming folders (#102)
2025-07-21 10:45:13 -04:00
config.yaml.example
fix(02-use-cases): SRE-Agent Deployment (#179)
2025-08-01 13:24:58 -04:00
create_credentials_provider.py
renaming folders (#102)
2025-07-21 10:45:13 -04:00
create_gateway.sh
fix(02-use-cases): SRE-Agent Deployment (#179)
2025-08-01 13:24:58 -04:00
generate_token.py
renaming folders (#102)
2025-07-21 10:45:13 -04:00
generate_token.sh
renaming folders (#102)
2025-07-21 10:45:13 -04:00
main.py
fix(02-use-cases): SRE-Agent Deployment (#179)
2025-08-01 13:24:58 -04:00
mcp_cmds.sh
renaming folders (#102)
2025-07-21 10:45:13 -04:00
observability.py
fix(02-use-cases): SRE-Agent Deployment (#179)
2025-08-01 13:24:58 -04:00
README.md
renaming folders (#102)
2025-07-21 10:45:13 -04:00

README.md

Gateway Component

This directory contains the MCP (Model Context Protocol) gateway management tools for SRE Agent.

📁 Files

  • main.py - AgentCore Gateway Management Tool for creating and managing AWS AgentCore Gateways
  • mcp_cmds.sh - Shell script for MCP gateway operations and setup
  • generate_token.py - JWT token generation for gateway authentication
  • openapi_s3_target_cognito.sh - Script for adding OpenAPI targets with S3 and Cognito integration
  • config.yaml - Gateway configuration file
  • config.yaml.example - Example configuration template
  • .env - Environment variables for gateway setup
  • .env.example - Example environment variables template

🚀 Gateway Setup

Step-by-Step Setup

  1. Configure the gateway (copy and edit config):

    cd gateway
cp config.yaml.example config.yaml
cp .env.example .env
# Edit config.yaml and .env with your specific settings

  2. Create the gateway:

    ./create_gateway.sh

  3. Test the gateway:

    ./mcp_cmds.sh

# To capture output to a log file for debugging:
./mcp_cmds.sh 2>&1 | tee mcp_cmds.log

This setup process will:

  • Configure the MCP gateway infrastructure
  • Create the gateway with proper authentication and token management
  • Test the gateway functionality and validate the setup

🔧 Components

Gateway Management (main.py)

The main gateway management tool provides functionality to:

  • Create and manage AWS AgentCore Gateways
  • Support MCP protocol integration
  • Handle JWT authorization
  • Add OpenAPI targets from S3 or inline schemas

MCP Commands (mcp_cmds.sh)

Shell script that orchestrates the gateway setup process including:

  • Gateway creation
  • Configuration validation
  • Service registration
  • Health checking

Token Generation (generate_token.py)

Utility for generating JWT tokens for gateway authentication:

python generate_token.py --config config.yaml

OpenAPI Integration (openapi_s3_target_cognito.sh)

Script for integrating OpenAPI specifications with S3 storage and Cognito authentication.

🔍 Usage

Quick Reference

  1. Configure your settings in config.yaml
  2. Create the gateway: ./create_gateway.sh
  3. Test the gateway: ./mcp_cmds.sh
  4. For debugging, capture output: ./mcp_cmds.sh 2>&1 | tee mcp_cmds.log
  5. Verify gateway is running and accessible
  6. Generate tokens as needed for client authentication

Development Mode

For development and testing, you can also run components individually:

# Generate tokens
python generate_token.py

# Create gateway with specific config
python main.py --config config.yaml

# Add OpenAPI targets
./openapi_s3_target_cognito.sh

⚠️ Important Notes

  • Always run mcp_cmds.sh from the gateway directory
  • Ensure config.yaml is properly configured before setup
  • The gateway must be running before starting SRE Agent investigations
  • Keep authentication tokens secure and rotate them regularly
  • Log files (*.log) are automatically ignored by git - safe to create for debugging

🔗 Integration

Once the gateway is set up and running, it provides the MCP endpoint that the SRE Agent core system connects to for accessing infrastructure APIs and tools.