mirror of
https://github.com/awslabs/amazon-bedrock-agentcore-samples.git
synced 2025-09-08 20:50:46 +00:00
05ada44c3f
* updated the cognito setup, gateway creation using agentcore sdk * added the config directory with test file * updated the automation scripts and simplified the approach to install and test it * updated the tool description in the target creation and updated readme file * added agentcore observability for agentcore gateway * updated architecture diagram * Update observability section in README.md with more concise information * removed old folder directory * updated the tool description in the targets
321 lines
11 KiB
Bash
Executable File
321 lines
11 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# Parse command line arguments
|
|
DELETE_SECRETS=false
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
key="$1"
|
|
case $key in
|
|
--delete-secrets)
|
|
DELETE_SECRETS=true
|
|
shift
|
|
;;
|
|
*)
|
|
echo "Unknown option: $1"
|
|
echo "Usage: $0 [--delete-secrets]"
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
echo "Cleaning up resources..."
|
|
|
|
# Load configurations if they exist
|
|
if [ -f config/gateway_config.env ]; then
|
|
source config/gateway_config.env
|
|
fi
|
|
if [ -f config/target_config.env ]; then
|
|
source config/target_config.env
|
|
fi
|
|
if [ -f config/cognito_config.env ]; then
|
|
source config/cognito_config.env
|
|
fi
|
|
|
|
# Set default region if not set
|
|
AWS_REGION=${AWS_REGION:-"us-west-2"}
|
|
|
|
# Delete Gateway Targets
|
|
if [ ! -z "$GATEWAY_IDENTIFIER" ]; then
|
|
echo "Listing and deleting all Gateway Targets..."
|
|
python3 -c "
|
|
import boto3
|
|
import os
|
|
|
|
agentcore_client = boto3.client(
|
|
'bedrock-agentcore-control',
|
|
region_name=os.getenv('AWS_REGION', 'us-west-2')
|
|
)
|
|
|
|
try:
|
|
# List all targets for the gateway
|
|
response = agentcore_client.list_gateway_targets(
|
|
gatewayIdentifier=os.getenv('GATEWAY_IDENTIFIER')
|
|
)
|
|
|
|
# Delete each target
|
|
for target in response.get('items', []):
|
|
target_id = target['targetId']
|
|
print(f'Deleting target: {target_id}')
|
|
agentcore_client.delete_gateway_target(
|
|
gatewayIdentifier=os.getenv('GATEWAY_IDENTIFIER'),
|
|
targetId=target_id
|
|
)
|
|
print(f'Target {target_id} deleted successfully')
|
|
|
|
# Also delete the specific target if provided
|
|
if os.getenv('TARGET_ID') and os.getenv('TARGET_ID') not in [t['targetId'] for t in response.get('items', [])]:
|
|
print(f'Deleting specific target: {os.getenv("TARGET_ID")}')
|
|
agentcore_client.delete_gateway_target(
|
|
gatewayIdentifier=os.getenv('GATEWAY_IDENTIFIER'),
|
|
targetId=os.getenv('TARGET_ID')
|
|
)
|
|
print(f'Target {os.getenv("TARGET_ID")} deleted successfully')
|
|
|
|
except Exception as e:
|
|
print(f'Error with targets: {e}')
|
|
"
|
|
|
|
# Wait for target deletion
|
|
echo "Waiting for target deletion..."
|
|
sleep 10
|
|
fi
|
|
|
|
# Delete Gateway
|
|
echo "Deleting Gateway..."
|
|
python3 -c "
|
|
import boto3
|
|
import os
|
|
import sys
|
|
|
|
agentcore_client = boto3.client(
|
|
'bedrock-agentcore-control',
|
|
region_name=os.getenv('AWS_REGION', 'us-west-2')
|
|
)
|
|
|
|
# Try with the environment variable first
|
|
gateway_id = os.getenv('GATEWAY_IDENTIFIER')
|
|
|
|
# If not found, try to list all gateways and find one with a matching name
|
|
if not gateway_id:
|
|
try:
|
|
response = agentcore_client.list_gateways()
|
|
for gateway in response.get('items', []):
|
|
if 'DB-Performance-Analyzer-Gateway' in gateway.get('name', ''):
|
|
gateway_id = gateway['gatewayId']
|
|
print(f'Found gateway with ID: {gateway_id}')
|
|
break
|
|
except Exception as e:
|
|
print(f'Error listing gateways: {e}')
|
|
|
|
if gateway_id:
|
|
try:
|
|
# List all targets for the gateway
|
|
try:
|
|
response = agentcore_client.list_gateway_targets(
|
|
gatewayIdentifier=gateway_id
|
|
)
|
|
|
|
# Delete each target
|
|
for target in response.get('items', []):
|
|
target_id = target['targetId']
|
|
print(f'Deleting target: {target_id}')
|
|
agentcore_client.delete_gateway_target(
|
|
gatewayIdentifier=gateway_id,
|
|
targetId=target_id
|
|
)
|
|
print(f'Target {target_id} deleted successfully')
|
|
except Exception as e:
|
|
print(f'Error deleting targets: {e}')
|
|
|
|
# Now delete the gateway
|
|
agentcore_client.delete_gateway(
|
|
gatewayIdentifier=gateway_id
|
|
)
|
|
print(f'Gateway {gateway_id} deleted successfully')
|
|
except Exception as e:
|
|
print(f'Error deleting gateway: {e}')
|
|
else:
|
|
print('No gateway identifier found')
|
|
"
|
|
|
|
# Wait for gateway deletion
|
|
echo "Waiting for gateway deletion..."
|
|
sleep 10
|
|
|
|
# Delete Lambda functions
|
|
echo "Deleting Lambda functions..."
|
|
aws lambda delete-function \
|
|
--function-name DBPerformanceAnalyzer \
|
|
--region $AWS_REGION || echo "Failed to delete DBPerformanceAnalyzer Lambda function, continuing..."
|
|
|
|
aws lambda delete-function \
|
|
--function-name PGStatAnalyzeDatabase \
|
|
--region $AWS_REGION || echo "Failed to delete PGStatAnalyzeDatabase Lambda function, continuing..."
|
|
|
|
# Delete Lambda layer
|
|
echo "Deleting Lambda layer..."
|
|
if [ -f config/layer_config.env ]; then
|
|
source config/layer_config.env
|
|
if [ ! -z "$PSYCOPG2_LAYER_ARN" ]; then
|
|
LAYER_NAME=$(echo $PSYCOPG2_LAYER_ARN | cut -d':' -f7)
|
|
LAYER_VERSION=$(echo $PSYCOPG2_LAYER_ARN | cut -d':' -f8)
|
|
aws lambda delete-layer-version \
|
|
--layer-name $LAYER_NAME \
|
|
--version-number $LAYER_VERSION \
|
|
--region $AWS_REGION || echo "Failed to delete Lambda layer, continuing..."
|
|
fi
|
|
fi
|
|
|
|
# Delete Lambda security group
|
|
echo "Cleaning up VPC resources..."
|
|
if [ -f config/vpc_config.env ]; then
|
|
source config/vpc_config.env
|
|
|
|
if [ ! -z "$LAMBDA_SECURITY_GROUP_ID" ] && [ ! -z "$DB_SECURITY_GROUP_IDS" ]; then
|
|
# Remove inbound rules from DB security groups
|
|
IFS=',' read -ra DB_SG_ARRAY <<< "$DB_SECURITY_GROUP_IDS"
|
|
for DB_SG_ID in "${DB_SG_ARRAY[@]}"; do
|
|
echo "Removing inbound rule from DB security group $DB_SG_ID"
|
|
aws ec2 revoke-security-group-ingress \
|
|
--group-id $DB_SG_ID \
|
|
--protocol tcp \
|
|
--port 5432 \
|
|
--source-group $LAMBDA_SECURITY_GROUP_ID \
|
|
--region $AWS_REGION || echo "Failed to remove inbound rule, continuing..."
|
|
done
|
|
|
|
# Delete Lambda security group
|
|
# Clean up VPC endpoints first
|
|
echo "Cleaning up VPC endpoints..."
|
|
./scripts/cleanup_vpc_endpoints.sh || echo "Failed to clean up VPC endpoints, continuing..."
|
|
|
|
echo "Deleting Lambda security group $LAMBDA_SECURITY_GROUP_ID"
|
|
aws ec2 delete-security-group \
|
|
--group-id $LAMBDA_SECURITY_GROUP_ID \
|
|
--region $AWS_REGION || echo "Failed to delete Lambda security group, continuing..."
|
|
fi
|
|
fi
|
|
|
|
# Delete Cognito domain
|
|
if [ ! -z "$COGNITO_USERPOOL_ID" ] && [ ! -z "$COGNITO_DOMAIN_NAME" ]; then
|
|
echo "Deleting Cognito domain..."
|
|
aws cognito-idp delete-user-pool-domain \
|
|
--domain $COGNITO_DOMAIN_NAME \
|
|
--user-pool-id $COGNITO_USERPOOL_ID \
|
|
--region $AWS_REGION || echo "Failed to delete domain, continuing..."
|
|
fi
|
|
|
|
# Delete Cognito user pool client
|
|
if [ ! -z "$COGNITO_USERPOOL_ID" ] && [ ! -z "$COGNITO_APP_CLIENT_ID" ]; then
|
|
echo "Deleting Cognito user pool client..."
|
|
aws cognito-idp delete-user-pool-client \
|
|
--user-pool-id $COGNITO_USERPOOL_ID \
|
|
--client-id $COGNITO_APP_CLIENT_ID \
|
|
--region $AWS_REGION || echo "Failed to delete client, continuing..."
|
|
fi
|
|
|
|
# Delete Cognito user pool
|
|
if [ ! -z "$COGNITO_USERPOOL_ID" ]; then
|
|
echo "Deleting Cognito user pool..."
|
|
aws cognito-idp delete-user-pool \
|
|
--user-pool-id $COGNITO_USERPOOL_ID \
|
|
--region $AWS_REGION || echo "Failed to delete user pool, continuing..."
|
|
fi
|
|
|
|
# Delete IAM roles
|
|
echo "Deleting IAM roles..."
|
|
|
|
# Delete Lambda role
|
|
echo "Detaching policies from DBAnalyzerLambdaRole..."
|
|
# List and delete all inline policies
|
|
POLICIES=$(aws iam list-role-policies --role-name DBAnalyzerLambdaRole --query 'PolicyNames' --output json 2>/dev/null || echo "[]")
|
|
for POLICY in $(echo $POLICIES | jq -r '.[]'); do
|
|
echo "Deleting inline policy: $POLICY"
|
|
aws iam delete-role-policy --role-name DBAnalyzerLambdaRole --policy-name "$POLICY" || echo "Failed to delete policy $POLICY, continuing..."
|
|
done
|
|
|
|
# List and detach all managed policies
|
|
MANAGED_POLICIES=$(aws iam list-attached-role-policies --role-name DBAnalyzerLambdaRole --query 'AttachedPolicies[].PolicyArn' --output json 2>/dev/null || echo "[]")
|
|
for POLICY_ARN in $(echo $MANAGED_POLICIES | jq -r '.[]'); do
|
|
echo "Detaching managed policy: $POLICY_ARN"
|
|
aws iam detach-role-policy --role-name DBAnalyzerLambdaRole --policy-arn "$POLICY_ARN" || echo "Failed to detach policy $POLICY_ARN, continuing..."
|
|
done
|
|
|
|
# Now try to delete the role
|
|
echo "Deleting role: DBAnalyzerLambdaRole"
|
|
aws iam delete-role --role-name DBAnalyzerLambdaRole || echo "Failed to delete Lambda role, continuing..."
|
|
|
|
# Delete Gateway role
|
|
echo "Detaching policies from AgentCoreGatewayRole..."
|
|
# List and delete all inline policies
|
|
POLICIES=$(aws iam list-role-policies --role-name AgentCoreGatewayRole --query 'PolicyNames' --output json 2>/dev/null || echo "[]")
|
|
for POLICY in $(echo $POLICIES | jq -r '.[]'); do
|
|
echo "Deleting inline policy: $POLICY"
|
|
aws iam delete-role-policy --role-name AgentCoreGatewayRole --policy-name "$POLICY" || echo "Failed to delete policy $POLICY, continuing..."
|
|
done
|
|
|
|
# List and detach all managed policies
|
|
MANAGED_POLICIES=$(aws iam list-attached-role-policies --role-name AgentCoreGatewayRole --query 'AttachedPolicies[].PolicyArn' --output json 2>/dev/null || echo "[]")
|
|
for POLICY_ARN in $(echo $MANAGED_POLICIES | jq -r '.[]'); do
|
|
echo "Detaching managed policy: $POLICY_ARN"
|
|
aws iam detach-role-policy --role-name AgentCoreGatewayRole --policy-arn "$POLICY_ARN" || echo "Failed to detach policy $POLICY_ARN, continuing..."
|
|
done
|
|
|
|
# Now try to delete the role
|
|
echo "Deleting role: AgentCoreGatewayRole"
|
|
aws iam delete-role --role-name AgentCoreGatewayRole || echo "Failed to delete Gateway role, continuing..."
|
|
|
|
# Remove configuration files
|
|
echo "Removing configuration files..."
|
|
rm -f config/*.env
|
|
|
|
# Delete secrets and SSM parameters if requested
|
|
if [ "$DELETE_SECRETS" = true ]; then
|
|
echo "Deleting secrets and SSM parameters..."
|
|
|
|
# Load database configurations if they exist
|
|
DB_SECRETS_TO_DELETE=()
|
|
SSM_PARAMS_TO_DELETE=()
|
|
|
|
if [ -f config/db_prod_config.env ]; then
|
|
source config/db_prod_config.env
|
|
if [ ! -z "$DB_SECRET_NAME" ]; then
|
|
DB_SECRETS_TO_DELETE+=("$DB_SECRET_NAME")
|
|
fi
|
|
if [ ! -z "$DB_SSM_PARAMETER" ]; then
|
|
SSM_PARAMS_TO_DELETE+=("$DB_SSM_PARAMETER")
|
|
fi
|
|
fi
|
|
|
|
if [ -f config/db_dev_config.env ]; then
|
|
source config/db_dev_config.env
|
|
if [ ! -z "$DB_SECRET_NAME" ]; then
|
|
DB_SECRETS_TO_DELETE+=("$DB_SECRET_NAME")
|
|
fi
|
|
if [ ! -z "$DB_SSM_PARAMETER" ]; then
|
|
SSM_PARAMS_TO_DELETE+=("$DB_SSM_PARAMETER")
|
|
fi
|
|
fi
|
|
|
|
# Delete secrets
|
|
for SECRET_NAME in "${DB_SECRETS_TO_DELETE[@]}"; do
|
|
echo "Deleting secret: $SECRET_NAME"
|
|
aws secretsmanager delete-secret \
|
|
--secret-id "$SECRET_NAME" \
|
|
--force-delete-without-recovery \
|
|
--region $AWS_REGION || echo "Failed to delete secret $SECRET_NAME, continuing..."
|
|
done
|
|
|
|
# Delete SSM parameters
|
|
for PARAM_NAME in "${SSM_PARAMS_TO_DELETE[@]}"; do
|
|
echo "Deleting SSM parameter: $PARAM_NAME"
|
|
aws ssm delete-parameter \
|
|
--name "$PARAM_NAME" \
|
|
--region $AWS_REGION || echo "Failed to delete parameter $PARAM_NAME, continuing..."
|
|
done
|
|
|
|
# Database configuration files are removed with other config files
|
|
fi
|
|
|
|
echo "Cleanup completed" |