iSharkFly-Docs/amazon-bedrock-agentcore-samples
1
0
Fork 0
mirror of https://github.com/awslabs/amazon-bedrock-agentcore-samples.git synced 2025-09-08 20:50:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
amazon-bedrock-agentcore-sa.../02-use-cases/SRE-agent/gateway
History
rohillasandeep 01246a98b2
Configuration Management Fixes (#223) 
* feat: Add AWS Operations Agent with AgentCore Runtime

- Complete rewrite of AWS Operations Agent using Amazon Bedrock AgentCore
- Added comprehensive deployment scripts for DIY and SDK runtime modes
- Implemented OAuth2/PKCE authentication with Okta integration
- Added MCP (Model Context Protocol) tool support for AWS service operations
- Sanitized all sensitive information (account IDs, domains, client IDs) with placeholders
- Added support for 17 AWS services: EC2, S3, Lambda, CloudFormation, IAM, RDS, CloudWatch, Cost Explorer, ECS, EKS, SNS, SQS, DynamoDB, Route53, API Gateway, SES, Bedrock, SageMaker
- Includes chatbot client, gateway management scripts, and comprehensive testing
- Ready for public GitHub with security-cleared configuration files

Security: All sensitive values replaced with <YOUR_AWS_ACCOUNT_ID>, <YOUR_OKTA_DOMAIN>, <YOUR_OKTA_CLIENT_ID> placeholders

* Update AWS Operations Agent architecture diagram

* feat: Enhance AWS Operations Agent with improved testing and deployment

- Update README with new local container testing approach using run-*-local-container.sh scripts
- Replace deprecated SAM-based MCP Lambda deployment with ZIP-based deployment
- Add no-cache flag to Docker builds to ensure clean builds
- Update deployment scripts to use consolidated configuration files
- Add comprehensive cleanup scripts for all deployment components
- Improve error handling and credential validation in deployment scripts
- Add new MCP tool deployment using ZIP packaging instead of Docker containers
- Update configuration management to use dynamic-config.yaml structure
- Add local testing capabilities with containerized agents
- Remove outdated test scripts and replace with interactive chat client approach

* fix: Update IAM policy configurations

- Update bac-permissions-policy.json with enhanced permissions
- Update bac-trust-policy.json for improved trust relationships

* fix: Update Docker configurations for agent runtimes

- Update Dockerfile.diy with improved container configuration
- Update Dockerfile.sdk with enhanced build settings

* fix: Update OAuth iframe flow configuration

- Update iframe-oauth-flow.html with improved OAuth handling

* feat: Update AWS Operations Agent configuration and cleanup

- Update IAM permissions policy with enhanced access controls
- Update IAM trust policy with improved security conditions
- Enhance OAuth iframe flow with better UX and error handling
- Improve chatbot client with enhanced local testing capabilities
- Remove cache files and duplicate code for cleaner repository

* docs: Add architecture diagrams and update README

- Add architecture-2.jpg and flow.jpg diagrams for better visualization
- Update README.md with enhanced documentation and diagrams

* Save current work before resolving merge conflicts

* Keep AWS-operations-agent changes (local version takes precedence)

* Fix: Remove merge conflict markers from AWS-operations-agent files - restore clean version

* Fix deployment and cleanup script issues

Major improvements and fixes:

Configuration Management:
- Fix role assignment in gateway creation (use bac-execution-role instead of Lambda role)
- Add missing role_arn cleanup in MCP tool deletion script
- Fix OAuth provider deletion script configuration clearing
- Improve memory deletion script to preserve quote consistency
- Add Lambda invoke permissions to bac-permissions-policy.json

Script Improvements:
- Reorganize deletion scripts: 11-delete-oauth-provider.sh, 12-delete-memory.sh, 13-cleanup-everything.sh
- Fix interactive prompt handling in cleanup scripts (echo -e format)
- Add yq support with sed fallbacks for better YAML manipulation
- Remove obsolete 04-deploy-mcp-tool-lambda-zip.sh script

Architecture Fixes:
- Correct gateway role assignment to use runtime.role_arn (bac-execution-role)
- Ensure proper role separation between gateway and Lambda execution
- Fix configuration cleanup to clear all dynamic config fields consistently

Documentation:
- Update README with clear configuration instructions
- Maintain security best practices with placeholder values
- Add comprehensive deployment and cleanup guidance

These changes address systematic issues with cleanup scripts, role assignments,
and configuration management while maintaining security best practices.

* Update README.md with comprehensive documentation

Enhanced documentation includes:
- Complete project structure with 75 files
- Step-by-step deployment guide with all 13 scripts
- Clear configuration instructions with security best practices
- Dual agent architecture documentation (DIY + SDK)
- Authentication flow and security implementation details
- Troubleshooting guide and operational procedures
- Local testing and container development guidance
- Tool integration and MCP protocol documentation

The README now provides complete guidance for deploying and operating
the AWS Support Agent with Amazon Bedrock AgentCore system.

---------

Co-authored-by: name <alias@amazon.com>
2025-08-09 13:51:24 -07:00
..
.env.example
renaming folders (#102)
2025-07-21 10:45:13 -04:00
config.yaml.example
Configuration Management Fixes (#223)
2025-08-09 13:51:24 -07:00
create_credentials_provider.py
feat(02-use-cases): integrate AgentCore Memory with SRE Agent for intelligent context-aware incident response (#210)
2025-08-06 17:49:56 -04:00
create_gateway.sh
feat(02-use-cases): integrate AgentCore Memory with SRE Agent for intelligent context-aware incident response (#210)
2025-08-06 17:49:56 -04:00
generate_token.py
feat(02-use-cases): integrate AgentCore Memory with SRE Agent for intelligent context-aware incident response (#210)
2025-08-06 17:49:56 -04:00
generate_token.sh
renaming folders (#102)
2025-07-21 10:45:13 -04:00
main.py
feat(02-use-cases): integrate AgentCore Memory with SRE Agent for intelligent context-aware incident response (#210)
2025-08-06 17:49:56 -04:00
mcp_cmds.sh
renaming folders (#102)
2025-07-21 10:45:13 -04:00
observability.py
fix(02-use-cases): SRE-Agent Deployment (#179)
2025-08-01 13:24:58 -04:00
README.md
renaming folders (#102)
2025-07-21 10:45:13 -04:00

README.md

Gateway Component

This directory contains the MCP (Model Context Protocol) gateway management tools for SRE Agent.

📁 Files

  • main.py - AgentCore Gateway Management Tool for creating and managing AWS AgentCore Gateways
  • mcp_cmds.sh - Shell script for MCP gateway operations and setup
  • generate_token.py - JWT token generation for gateway authentication
  • openapi_s3_target_cognito.sh - Script for adding OpenAPI targets with S3 and Cognito integration
  • config.yaml - Gateway configuration file
  • config.yaml.example - Example configuration template
  • .env - Environment variables for gateway setup
  • .env.example - Example environment variables template

🚀 Gateway Setup

Step-by-Step Setup

  1. Configure the gateway (copy and edit config):

    cd gateway
cp config.yaml.example config.yaml
cp .env.example .env
# Edit config.yaml and .env with your specific settings

  2. Create the gateway:

    ./create_gateway.sh

  3. Test the gateway:

    ./mcp_cmds.sh

# To capture output to a log file for debugging:
./mcp_cmds.sh 2>&1 | tee mcp_cmds.log

This setup process will:

  • Configure the MCP gateway infrastructure
  • Create the gateway with proper authentication and token management
  • Test the gateway functionality and validate the setup

🔧 Components

Gateway Management (main.py)

The main gateway management tool provides functionality to:

  • Create and manage AWS AgentCore Gateways
  • Support MCP protocol integration
  • Handle JWT authorization
  • Add OpenAPI targets from S3 or inline schemas

MCP Commands (mcp_cmds.sh)

Shell script that orchestrates the gateway setup process including:

  • Gateway creation
  • Configuration validation
  • Service registration
  • Health checking

Token Generation (generate_token.py)

Utility for generating JWT tokens for gateway authentication:

python generate_token.py --config config.yaml

OpenAPI Integration (openapi_s3_target_cognito.sh)

Script for integrating OpenAPI specifications with S3 storage and Cognito authentication.

🔍 Usage

Quick Reference

  1. Configure your settings in config.yaml
  2. Create the gateway: ./create_gateway.sh
  3. Test the gateway: ./mcp_cmds.sh
  4. For debugging, capture output: ./mcp_cmds.sh 2>&1 | tee mcp_cmds.log
  5. Verify gateway is running and accessible
  6. Generate tokens as needed for client authentication

Development Mode

For development and testing, you can also run components individually:

# Generate tokens
python generate_token.py

# Create gateway with specific config
python main.py --config config.yaml

# Add OpenAPI targets
./openapi_s3_target_cognito.sh

⚠️ Important Notes

  • Always run mcp_cmds.sh from the gateway directory
  • Ensure config.yaml is properly configured before setup
  • The gateway must be running before starting SRE Agent investigations
  • Keep authentication tokens secure and rotate them regularly
  • Log files (*.log) are automatically ignored by git - safe to create for debugging

🔗 Integration

Once the gateway is set up and running, it provides the MCP endpoint that the SRE Agent core system connects to for accessing infrastructure APIs and tools.