aws-samples

Open Source

aws-lex-web-ui

# Sample Amazon Lex Web Interface # Overview This is a sample [Amazon Lex](https://aws.amazon.com/lex/) web interface. It provides a chatbot UI component that can be integrated in your website. The interface allows a user to interact with a Lex bot directly from a browser using text or voice. It can be used as a full page chatbot UI: <img src="./img/webapp-full.gif" width=480> Or embedded into an existing site as a chatbot widget: <img src="./img/webapp-iframe.gif" width=480> ### Features - Mobile ready responsive UI with full page or embeddable widget modes - Support for voice and text with the ability to seamless switch from one mode to the other - Voice support provides automatic silence detection, transcriptions and ability to interrupt responses and replay recordings - Display of Lex response cards - Ability to programmatically configure and interact with the chatbot UI using JavaScript - [Connect interactive messaging](https://docs.aws.amazon.com/connect/latest/adminguide/interactive-messages.html) support # Getting Started The easiest way to test drive the chatbot UI is to deploy it using the [AWS CloudFormation](https://aws.amazon.com/cloudformation/) templates provided by this project. Once you have launched the CloudFormation stack, you will get a fully working demo site hosted in your account. These are the currently supported regions. Click a button to launch it in the desired region. | Region | Launch | CloudFormation Template| |----------|:-------------:|------------------| | Northern Virginia | <a target="_blank" href="https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[us-east-1](https://aws-bigdata-blog.s3.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | Oregon | <a target="_blank" href="https://us-west-2.console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-us-west-2/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-us-west-2"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[us-west-2](https://aws-bigdata-blog-replica-us-west-2.s3-us-west-2.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | Ireland | <a target="_blank" href="https://eu-west-1.console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-eu-west-1/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-eu-west-1"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[eu-west-1](https://aws-bigdata-blog-replica-eu-west-1.s3-eu-west-1.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | Sydney | <a target="_blank" href="https://ap-southeast-2.console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-ap-southeast-2/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-ap-southeast-2"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[ap-southeast-2](https://aws-bigdata-blog-replica-ap-southeast-2.s3-ap-southeast-2.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | Singapore | <a target="_blank" href="https://ap-southeast-1.console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-ap-southeast-1a/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-ap-southeast-1a"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[ap-southeast-1a](https://aws-bigdata-blog-replica-ap-southeast-1a.s3-ap-southeast-1.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | Seoul | <a target="_blank" href="https://ap-northeast-2.console.aws.amazon.com/cloudformation/home?region=ap-northeast-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-ap-northeast-2/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-ap-northeast-2"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[ap-northeast-2](https://aws-bigdata-blog-replica-ap-northeast-2.s3-ap-northeast-2.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | London | <a target="_blank" href="https://eu-west-2.console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-eu-west-2/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-eu-west-2"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[eu-west-2](https://aws-bigdata-blog-replica-eu-west-2.s3.eu-west-2.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | Tokyo | <a target="_blank" href="https://ap-northeast-1.console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-ap-northeast-1/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-ap-northeast-1"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[ap-northeast-1](https://aws-bigdata-blog-replica-ap-northeast-1.s3-ap-northeast-1.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | Frankfurt | <a target="_blank" href="https://eu-central-1.console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-eu-central-1/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-eu-central-1"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[eu-central-1](https://aws-bigdata-blog-replica-eu-central-1.s3.eu-central-1.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| | Canada (Central) | <a target="_blank" href="https://ca-central-1.console.aws.amazon.com/cloudformation/home?region=ca-central-1#/stacks/create/review?templateURL=https://s3.amazonaws.com/aws-bigdata-blog-replica-ca-central-1/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml&stackName=lex-web-ui&param_BootstrapBucket=aws-bigdata-blog-replica-ca-central-1"><span><img height="24px" src="https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png"/></span></a> |[ca-central-1](https://aws-bigdata-blog-replica-ca-central-1.s3.ca-central-1.amazonaws.com/artifacts/aws-lex-web-ui/artifacts/templates/master.yaml)| By default, the CloudFormation template creates a sample Lex bot and a [Amazon Cognito Identity Pool](http://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html) to get you started. It copies the chatbot UI web application to an [Amazon S3](https://aws.amazon.com/s3/) bucket including a dynamically created configuration file. The CloudFormation stack outputs links to the demo and related configuration once deployed. See the [CloudFormation Deployment](#cloudformation-deployment) section for details. You can modify the configuration of the deployed demo site to customize the chatbot UI. It can also be further configured to be embedded it on your web site. See the sections below for code samples and a description of the configuration and deployment options. *New regions supporting Lex only support Lex Version 2. A default install of Lex Web Ui with no target Bot specified attempts to install a sample Lex Version 1 Bot and will fail in these new regions. In regions adding Lex support, a Lex Version 2 Bot should be deployed prior to deploying Lex Web UI.* # Integrating into your Site and Deploying In addition to the CloudFormation deployment mentioned above, there are other methods to integrate and deploy this project. Here is a summary of the various methods: | # | Method | Description | Use Case | | --- | --- | --- | --- | | 1 | [CloudFormation Deployment](#cloudformation-deployment) using the CloudFormation [templates](templates) provided by this project | Fully automated deployment of a hosted web application to an S3 bucket with an optional CI/CD pipeline. By default, it also creates a Cognito Identity Pool and a sample Lex bot | Use when you want to have a infrastructure as code approach that automatically builds and configures the chatbot UI resources | | 2 | Use the pre-built [libraries](#libraries) from the [dist](dist) directory of this repo | We provide a pre-built version of the chatbot UI component and a loader library that you can use on your web site as a [stand alone page](#stand-alone-page) or as an embeddable [iframe](#iframe) | Use when you have an existing site and want to add the chatbot UI to it by simply copying or referencing the library files | See the [Usage](#usage) and [Deployment](#deployment) sections below for details. # Usage This project provides a set of JavaScript libraries used to dynamically insert the chatbot UI in a web page. The chatbot UI is loaded and customized by including these libraries in your code and calling their functions with configuration parameters. The chatbot UI can be displayed either as a full page or embedded in an iframe. In this section, you will find a brief overview of the libraries and configuration parameters. It is useful to get familiar with the concepts described in the [Libraries](#libraries) and [Configuration](#configuration) sections before jumping to the code [examples](#examples). ## Libraries The list below describes the libraries produced by this project. Pre-built versions of the libraries are found under the [dist](/dist) directory of this repository. 1. **Chatbot UI component**. A UI widget packaged as a JavaScript reusable component that can be plugged in a web application. The library is provided by the `lex-web-ui.js` file under the [dist](dist) directory. It is bundled from the source under the [lex-web-ui](lex-web-ui) directory. This library is geared to be used as an import in a modern web application but can also be instantiated directly in a web page provided that you manually load the dependencies and explicitly pass the configuration. See the component's [README](lex-web-ui/README.md) for details 2. **Loader**. A script that adds the chatbot UI component library described in the item above to a web page. It facilitates the configuration and dependency loading process. The library is provided by the `lex-web-ui-loader.js` file under the [dist](dist) directory. It is bundled from the sources under the [src/lex-web-ui-loader](src/lex-web-ui-loader) directory. This library is used by adding a few script tags to an HTML page. See the loader [README](src/README.md) for details ## Configuration The chatbot UI component requires a configuration object pointing to an existing Lex bot and to an [Amazon Cognito Identity Pool](http://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html) to create credentials used to authenticate the Lex API calls from the browser. The configuration object is also used to customize its behavior and UI elements of the chatbot UI component. The CloudFormation deployment method, from this project, help with building a base configuration file. When deploying with it, the base configuration is automatically pointed to the the resources created in the deployment (i.e. Lex and Cognito). You can override the configuration at run time by passing parameters to the library functions or using various dynamic configuration methods provided by the loader library (e.g. JSON file, events). For details, see the [ChatBot UI Configuration Loading](/src/README.md#chatbot-ui-configuration-loading) section of the loader library documentation and the [Configuration and Customization](/lex-web-ui/README.#configuration-and-customization) section of the chatbot UI component documentation. ### Connect Interactive Messaging Lex Web UI supports both [ListPicker and TimePicker templateTypes](https://docs.aws.amazon.com/connect/latest/adminguide/interactive-messages.html) and can be sent using the same JSON structure as utilized by Connect. ListPicker display in Web UI: <img src="./img/interactive-message-listpicker.png" width=400> TimePicker in Web UI: <img src="./img/interactive-message-datepicker.png" width=350> ## Examples The examples below are organized around the following use cases: 1. [Stand-Alone Page](#stand-alone-page) 2. [Iframe](#iframe) 3. [Npm Install and Vue Component Use](#npm-install-and-vue-component-use) ### Stand-Alone Page To render the chatbot UI as a stand-alone full page, you can use two alternatives: 1) directly use the chatbot UI component library or 2) use the loader library. These libraries (see [Libraries](#libraries)) provide pre-built JavaScript and CSS files that are ready to be included directly into an HTML file to display a full page chatbot UI. When you use the chatbot UI component directly, you have to manually load the component's dependencies and provide its configuration as a parameter. The loader library alternative provides more configuration options and automates the process of loading dependencies. It encapsulates the chatbot UI component in an automated load process. #### Stand-Alone Page Using the Loader Library The loader library provides the easiest way to display the chatbot UI. The entry point to this library is the `lex-web-ui-loader.js` script. This script facilitates the process of loading run-time dependencies and configuration. If you deploy using the CloudFormation method, you will get an S3 bucket with the loader library script and related files in a way that is ready to be used. Alternatively, you can copy the files from the `dist` directory of this repository to your web server and include the loader. In its most simple setup, you can use the loader library like this: ```html <!-- include the loader library script --> <script src="./lex-web-ui-loader.js"></script> <script> /* The loader library creates a global object named ChatBotUiLoader It includes the FullPageLoader constructor An instance of FullPageLoader has the load function which kicks off the load process */ // The following statement instantiate FullPageLoader and // calls the load function. // It is assumed that the configuration is present in the // default JSON file: ./lex-web-ui-loader-config.json new ChatBotUiLoader.FullPageLoader().load(); </script> ``` #### Stand-Alone API through the Loader Library Similar to the iFrame loading technique described later, the FullPageComponentLoader now provides an API allowing a subset of events to be sent to the Lex Web UI Component. These events are ping and postText. See the [full page](src/README.md#full-page) for description of this API. #### Stand-Alone details For more details and other code examples about using the loader script in a full page setup, see the [full page](src/README.md#full-page) section of the loader documentation. You can also see the source of the [index.html](src/website/index.html) page used in the demo site. #### Stand-Alone Page Directly Using the ChatBot UI Component Directly loading the chatbot UI component works at a lower level than using the loader library as described above. This approach can be used if you want to manually control the rendering, configuration and dependency loading process. The entry point to the chatbot UI component is the `lex-web-ui.js` JavaScript file. The UI CSS styles are contained in the `lex-web-ui.css` file. The component depends on the [Vue](https://vuejs.org/), [Vuex](https://vuex.vuejs.org/), [Vuetify](https://vuetifyjs.com/) and [AWS SDK](https://aws.amazon.com/sdk-for-browser/) libraries. You should either host these dependencies on your site or load them from a third-party CDN. The HTML code below is an illustration of directly loading the chatbot UI library and its dependencies. **NOTE**: The versions of the links below may need to be pointed to the latest supported versions. ```html <html> <head> <!-- Font Dependencies --> <link href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Icons" rel="stylesheet" type="text/css"> <!-- Vuetify CSS Dependencies --> <link href="https://unpkg.com/[email protected]/dist/vuetify.min.css" rel="stylesheet" type="text/css"> <!-- LexWebUi CSS from dist directory --> <link href="./lex-web-ui.css" rel="stylesheet" type="text/css"> <!-- page specific LexWebUi styling --> <style type="text/css"> #lex-web-ui-app { display: flex; height: 100%; width: 100%; } body, html { overflow-y: auto; overflow-x: hidden; } </style> </head> <body> <!-- application will be dynamically mounted here --> <div id="lex-web-ui"></div> <!-- Vue, Vuex, Vuetifiy and AWS SDK dependencies must be loaded before lex-web-ui.js. Loading from third party CDN for quick testing --> <script src="https://unpkg.com/[email protected]"></script> <script src="https://unpkg.com/[email protected]"></script> <script src="https://unpkg.com/[email protected]"></script> <script src="https://sdk.amazonaws.com/js/aws-sdk-2.149.0.min.js"></script> <!-- LexWebUi Library from dist directory --> <script src="./lex-web-ui.js"></script> <!-- instantiate the web ui with a basic config --> <script> // LexWebUi supports numerous configuration options. Here // is an example using just a couple of the required options. var config = { cognito: { // Your Cognito Pool Id - this is required to provide AWS credentials poolId: '<your cognito pool id>' }, lex: { // Lex Bot Name in your account v2BotId: '<your lex bot id>' } }; // load the LexWebUi component var lexWebUi = new LexWebUi.Loader(config); // instantiate Vue new Vue({ el: '#lex-web-ui', store: lexWebUi.store, template: '<div id="lex-web-ui-app"><lex-web-ui/></div>', }); </script> </body> </html> ``` ### Iframe You can embed the chatbot UI into an existing page using an iframe. This approach provides a self-contained widget that can interact with the parent page hosting the iframe. The `lex-web-ui-loader.js` loader library provides the functionality to add it as an iframe in a page. This loader script dynamically creates the iframe tag and supports passing asynchronous configuration using events and JSON files. It also provides an API between the iframe and the parent page which can be used to pass Lex state and other events. These features are detailed in the [Iframe Embedding](src/README.md#iframe-embedding) section of the library. The HTML code below is a basic example of a parent page that adds the chatbot UI as an iframe. In this scenario, the libraries and related files from the `dist` directory of this repo are hosted in the same directory as the parent page. If hosting the iframe on the same domain as your parent page is desired, you must deploy the iframe code into your own environment to allow the use of SAMEORIGIN configurations. Please note that the `loaderOptions` variable has an `iframeSrcPath` field which defines the path to the full page chatbot UI. This variable can be pointed to a page like the one described in the [stand-alone page](#stand-alone-page) section. ```html <html> <head> <title>My Parent Page</title> </head> <body> <h1>Welcome to my parent page</h1> <!-- loader script --> <script src="./lex-web-ui-loader.js"></script> <script> /* The loader library creates a global object named ChatBotUiLoader It includes the IframeLoader constructor An instance of IframeLoader has the load function which kicks off the load process */ // options for the loader constructor var loaderOptions = { // you can put the chatbot UI config in a JSON file configUrl: './chatbot-ui-loader-config.json', // the full page chatbot UI that will be iframed iframeSrcPath: './chatbot-index.html#/?lexWebUiEmbed=true' }; // The following statement instantiates the IframeLoader var iframeLoader = new ChatBotUiLoader.IframeLoader(loaderOptions); // chatbot UI config // The loader can also obtain these values from other sources such // as a JSON file or events. The configUrl variable in the // loaderOptions above can be used to put these config values in a file // instead of explicitly passing it as an argument. var chatbotUiConfig = { ui: { // origin of the parent site where you are including the chatbot UI // set to window.location.origin since hosting on same site parentOrigin: window.location.origin, }, iframe: { // origin hosting the HTML file that will be embedded in the iframe // set to window.location.origin since hosting on same site iframeOrigin: window.location.origin, }, cognito: { // Your Cognito Pool Id - this is required to provide AWS credentials poolId: '<your cognito pool id>' }, connect: { contactFlowId : '<your contact flow id>', instanceId : '<your instance id>', apiGatewayEndpoint : '<your api gateway endpoint>', }, lex: { // Lex Bot Name in your account v2BotId: '<your lex bot id>' } }; // Call the load function which returns a promise that is resolved // once the component is loaded or is rejected if there is an error iframeLoader.load(chatbotUiConfig) .then(function () { console.log('iframe loaded'); }) .catch(function (err) { console.error(err); }); </script> </body> </html> ``` For more examples showing how to include the chatbot UI as an iframe, see the source of the [parent.html](src/website/parent.html) page and the [Iframe Embedding](src/README.md#iframe-embedding) documentation of the loader library. ### Sample Site This repository provides a sample site that you can use as a base for development. The site is a couple of HTML pages can be found in the [src/website](src/website) directory. The pages includes the [index.html](src/website/index.html) file which loads the chatbot UI in a stand-alone page and the [parent.html](src/website/parent.html) which page loads the chatbot UI in an iframe. These pages are the same ones that are deployed by the CloudFormation deployment method in this project. It uses the `lex-web-ui-loader.js` loader library to display and configure the chatbot UI. You can run a development version of this sample site on your machine. #### Running Locally This project provides a simple HTTP server to serve the sample site. You can run the server using [Node.js](https://nodejs.org) on your local machine or a test server. Please note that running locally is only designed for testing purposes as the localhost only runs on HTTP and does not use a secure HTTPs configuration. The chatbot UI requires proper configuration values in the files located under the [src/config](src/config) directory. Modify the values in the `lex-web-ui-loader-config.json` file under the `src/config` directory. If you deployed the demo site using the CloudFormation templates provided by this project, you can copy the automatically generated config files from the S3 buckets to your development host. As a minimum,you would need to pass an existing Cognito Pool Id and Lex Bot name. For example, set the appropriate values in the `src/config/lex-web-ui-loader-config.json` file: ```JSON ... cognito: { "poolId": "us-east-1:deadbeef-fade-babe-cafe-0123456789ab" }, lex: { "v2BotId": "ABC123" } ... ``` Before you run the local development server, you need to install the development dependencies with the command: ```shell npm install ``` To start the HTTP server web on port `8000`, issue the command: ```shell # serves http://localhost:8000/index.html # and http://localhost:8000/parent.html npm start ``` If you want to hack the libraries under the `src/lex-web-ui-loader` directory, the project provides a hot reloadable [webpack dev server](https://github.com/webpack/webpack-dev-server) setup with the following command: ```shell # runs on port 8000 npm run dev ``` For a more advanced local host development and test environment, see the [Dependencies and Build Setup](lex-web-ui#dependencies-and-build-setup) documentation of the chatbot UI component. # Deploying This project provides [AWS CloudFormation](https://aws.amazon.com/cloudformation/) templates that can be used to launch a fully configured working demo site and related resources (e.g. Lex bot and Cognito Identity Pool). The CloudFormation deployment is the preferred method as it allows to automatically build, configure and deploy the application (including an optional CI/CD pipeline) and it provides a higher degree of flexibility when integrating with an existing environment. ## CloudFormation Deployment The CloudFormation stack creates a web app in an S3 bucket which you can link from your site. The S3 bucket also hosts the configuration, JavaScript and CSS files which can be loaded by your existing web pages. The CloudFormation deployment is documented in the [README](templates/README.md) file under the [templates](templates) directory. ## Building and Deploying your own LexWebUi If you want to modify or change LexWebUi functionality follow this release process once you are satisfied and have tested your code modifications. You'll need to create an S3 bucket to hold the bootstrap artifacts. Replace "yourbootstrapbucketname" with the name of your bucket to complete the upload. ``` npm install cd lex-web-ui npm install cd ../build ./release.sh export BUCKET="yourbootstrapbucketname" ./upload-bootstrap.sh ``` Note that "yourbootstrapbucket" (S3 bucket) must allow objects with public-read acl to be added. This approach is described in the image below. Please be aware of the [security implications](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html) of allowing public-read acl. Do not add any sensitive data into this bucket as it will be publicly readable. Once you've uploaded your distribution to your own bootstrap bucket, you can launch an installation of LexWebUi in the AWS region where this bucket is located by using the master.yaml from your bootstrap bucket. You can also update an existing LexWebUi installation by performing a stack update replacing the current template with the template you just uploaded to your bootstrap bucket. Note that for either a fresh installation or an update, you need to change the BootstrapBucket parameter to be the name of your bootstrap bucket and the BootstrapPrefix parameter to be just "artifacts".  # New Features ### Changes in version 0.19.0 Two changes in version 0.19.0 are the ability to forward chat history as a transcript to an agent when Connect Live Chat is initiated. Details on use of the transcript can be found in [Connect Live Chat Agent Readme](README-connect-live-chat.md). This version also updates the OPTIONS method in the API to configure CORS to only allow requests from the WebAppParentOrigin. ### Changes in version 0.18.2 Add feature for connect live chat. Allow client to optionally interact with an agent via Connect. See [Connect Live Chat Agent Readme](README-connect-live-chat.md) for additional details. ### Notable changes in version 0.18.1 The Lex Web Ui now supports configuration of multiple Lex V2 Bot Locale IDs using a comma separated list in the parameter LexV2BotLocaleId. The default Locale ID is en_US. Other supported values are de_DE, en_AU, en_GB, es_419, es_ES, es_US, fr_CA, fr_FR, it_IT, and ja_JP. See "https://docs.aws.amazon.com/lexv2/latest/dg/lex2.0.pdf" for the current list of supported Locale IDs. When multiple Locale IDs are specified in LexV2BotLocaleId, the Lex Web UI toolbar menu will allow the user to select the locale to use. The user selected locale ID is preserved across page refreshes. The locale selection menu items will be disabled if the user is the middle of completing an intent as the locale ID can't be changed at this time. The selected locale ID will be displayed in the toolbar. Lex Web Ui is now available in the Canada (Central) region - ca-central-1 For a complete list of fixes/changes in this version see CHANGELOG.md. ### Fixes/changes in version 0.18.0 - Move from webpack V3 to webpack V4 in the lex-web-ui component. - Move to npm version 7.10.0. - Update component package versions. - Resolve dependabot alerts. - Fix to resolve update problem where Cognito Supported Identity Providers is reset to just Cognito. An update will now preserve the existing Supported Identity Providers. - Set AWS sdk to version 2.875.0. - Improve Lex V2 support to handle responseCard defined as a session attribute in sessionAttributes.appContext.responseCard. - Removed support for AWS Mobile Hub based distribution. ### Fixes/changes in version 0.17.9 - New support for Lex Version 2 Bots - added template parameters for V2 Bot Id, Bot Alias Id, and Locale Id. When a V1 Bot name is provided, the template will configure resources to use the V1 bot. When the V1 Bot name is left empty and the V2 Bot parameters are specified, the template will configure resources to use the V2 Bot. V1 Bot parameters take precedence over V2 Bot parameters if both are supplied. - The Lex Web Ui can now be configured to send an initial utterance to the bot to get an intent started. A new template parameter named WebAppConfBotInitialUtterance is available. If left empty, no initial utterance is sent to the Bot which is the default behavior. - Changed format of the date message displayed on a message to use "n min ago" to assist with accessibility when displaying this value. - Changed behavior of ShouldLoadIframeMinimized setting. In prior releases, the last known state of the iframe took priority over this setting. In this release, when ShouldLoadIframeMinimized is set to true and the parent page is loaded or refreshed, the Bot iframe will always appear minimized. If this parameter is set to false, the last known state of the Bot is used to either show the iframe or minimize the iframe. - Changed loginutils.js to prevent the parent page or the full page from looping if login fails through cognito. With this change, up to 5 attempts will be performed before failing with an alert message presented to the user. - Support mixed case web ParentOrigin URLs and WebAppPath in Cognito user pool to prevent login failures due to case mismatch. - Support multiple values for WebAppPath. This allows the LexWebUI with login enabled to be deployed on multiple pages on the same site (origin). - Update the Cognito Callback and Signout URLs in the Cognito UserPool when ParentPageOrigin and WebAppPath parameters are updated in CloudFormation. ### Fixes in version 0.17.8 - Fix for pipeline based deployments - issue 264 - template error - Fix to full page web client (index.html) using forceLogin to require a redirect to login page - Fix to move to python 3.8 Lambda Runtime for yaml CloudFormation template embedded functions which remove use of boto3 vendored library - Add ability for Lex Web UI to automatically retry a request if the Lex bot times out after 30 seconds using a configurable number of attempts. By default the timeout retry feature is disabled. When enabled, the default retry count is 1. ### Fixes in version 0.17.7 - Build script fix - Move min button icon to the left of text ### Fixes in version 0.17.6 - Additional fixes to support upgrades. Upgrades from 0.17.1 and above are supported. Older versions will need to perform a fresh install to migrate to this version. ### Fixes in version 0.17.5 - Fix to allow use of CF template upgrade to disable WebAppConfHelp, WebAppConfPositiveFeedback, and WebAppConfNegativeFeedback - Fix to improve resizing of lex-web-ui button at bottom of page when text is used in addition to icon ### Features in version 0.17.4 - Improved upgrade support. * The CloudFormation upgrade stack operation from the AWS Console should now be used to change configuration using the available parameters. After the upgrade is complete, the lex-web-ui-loader-config.json file deployed to the web app S3 bucket will be updated with the values specified in the template. Prior versions of the config file are archived using a date timestamp in the S3 bucket should you need to refer to prior configuration values. * Users can now upgrade to new versions of Lex-Web-Ui using the AWS CloudFormation console by replacing the template and specifying the S3 template location from the original regional S3 bucket. As new releases of Lex-Web-Ui are published to the distribution repositories, you can now upgrade to this version using the CloudFormation Upgrade/replace template process. * After an upgrade, the CloudFront distribution cache will need to be invalidated for the changes to be seen immediately. - Chat history can now be preserved and redisplayed when the user comes back to the original parent page hosting the Lex-Web-Ui. This features is controlled using the SaveHistory template parameter. When this feature is enabled, a new menu is visible in the user interface that allows the user to clear chat history. The following are the methods you can enable this feature. Note that you can toggle this feature on and off using the upgrade process. * During a new deployment, specify true for the Save History parameter * Using the new upgrade feature, specify true for Save History parameter in the CloudFormation console. - Lambda function upgrade to Python 3.7. ### Fixes in version 0.17.3 - Added loader config option (forceLogin) to templates which configures UI to require the user to authenticate through Cognito prior to using the bot. - Added loader config option (minButtonContent) which allows text to be added to the button which appears on the parent page when the iframe is minimized. - Added XRay support to Lambda functions. - Added VPC actions to Lambda IAM Roles to support future deployment of Lambdas in VPC. - Encrypted S3 buckets using AES-256 default KMS key - Prebuilt deployments now available for Singapore, Tokyo, London, and Frankfurt regions ### Fixes in version 0.17.2 - Added option to hide message bubble on button click - Resolved current github dependabot security issues - Use default encryption for all S3 buckets using AES-256 encryption - Added instructions in readme for adding additional vue components ### Fixes in version 0.17.1 - Create uniquely named Cognito UserPool on stack creation - Removed display of Back button in title bar and instead provide a replay button using the text from prior message directly in the message bubble. Back button can be re-enabled though configuration json if desired. - Enhanced css attributes of the minimized chatbot button to help allow clicking on items in the parent window as well as selecting text next the button. ### New Features in version 0.17.0 - Improved screen reader / accessibility features - Added CloudFormation stack outputs for CloudFront and S3 bucket - Use response card defined in session attribute "appContext" over that defined by Lex based response Card - lex web ui now supports greater than 5 buttons when response card is defined in session attributes "appcontext" - Updated dependent packages in package-lock.json identified by Dependabot security alerts - Resolved additional CloudFront CORS issues - See [CHANGELOG](CHANGELOG.md) for additional details ### New Features in version 0.16.0 - Lex-web-ui now ships with cloudfront as the default distribution method * better load times * non public access to S3 bucket * better future integration to cloudfront features such as WAF and Lambda@Edge - Updated package.json dependencies ### New Features in version 0.15.0 - Moved to Webpack 4 - Changed default parameter ShowResponseCardTitle to be false - was default of true - Added back default parameter BotAlias of '$LATEST'. The '$LATEST' alias should only be used for manual testing. Amazon Lex limits the number of runtime requests that you can make to the $LATEST version of the bot. <img src="./img/feedbackButtons.png" width="480"> Toolbar Buttons <img src="./img/toolbar.png" width="480"> - Help Button </br> Sends a help message to the bot - Back Button </br> Resends the previous message

LLM Tools & Chat UIs Live Chat & Chatbots

822 Github Stars

Read more

Open Source

aws-serverless-workshop-innovator-island

## Welcome to the Innovator Island workshop!  For workshop instructions, visit [AWS Workshop Studio](https://catalog.us-east-1.prod.workshops.aws/workshops/74d0f3be-7108-4bba-8136-00617a988535) ### Have an idea for this workshop? Found a bug? ### If you have an idea for a module or feature in this workshop, or you have found a bug or need to report a problem, let us know! - [Request a feature](https://github.com/aws-samples/aws-serverless-workshop-innovator-island/issues/new?assignees=&labels=&template=workshop-feature-request.md&title=) - [Report an issue](https://github.com/aws-samples/aws-serverless-workshop-innovator-island/issues/new?assignees=&labels=&template=bug_report.md&title=)

Education & Learning FaaS & Serverless

574 Github Stars

Read more

Open Source

amazon-bedrock-samples

# Amazon Bedrock Samples To leverage this repository please use our website powered by this GitHub: [Website](https://aws-samples.github.io/amazon-bedrock-samples/) This repository contains pre-built examples to help customers get started with the Amazon Bedrock service. ## Contents - [Introduction to Bedrock](introduction-to-bedrock) - Learn the basics of the Bedrock service - [Prompt Engineering ](articles-guides) - Tips for crafting effective prompts - [Agents](agents-and-function-calling) - Ways to implement Generative AI Agents and its components. - [Custom Model Import](custom-models) - Import custom models into Bedrock - [Multimodal](multi-modal) - Working with multimodal data using Amazon Bedrock - [Generative AI Use cases](genai-use-cases) - Example use cases for generative AI - [Retrival Augmented Generation (RAG)](rag) - Implementing RAG - [Responsible AI](responsible_ai) - Use Bedrock responsibly and ethically - [Workshop](workshops) - Example for Amazon Bedrock Workshop - [POC to Prod](poc-to-prod) - Productionize workloads using Bedrock - [Embeddings](embeddings) - Learn how to use Embedding Models available on Amazon Bedrock - [Observability & Evaluation](evaluation-observe) - Learn how Amazon Bedrock helps with improving observability and evalution of Models, Gen AI Applications. ## Getting Started To get started with the code examples, ensure you have access to [Amazon Bedrock](https://aws.amazon.com/bedrock/). Then clone this repo and navigate to one of the folders above. Detailed instructions are provided in each folder's README. ### Enable AWS IAM permissions for Bedrock The AWS identity you assume from your environment (which is the [*Studio/notebook Execution Role*](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html) from SageMaker, or could be a role or IAM User for self-managed notebooks or other use-cases), must have sufficient [AWS IAM permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) to call the Amazon Bedrock service. To grant Bedrock access to your identity, you can: - Open the [AWS IAM Console](https://us-east-1.console.aws.amazon.com/iam/home?#) - Find your [Role](https://us-east-1.console.aws.amazon.com/iamv2/home?#/roles) (if using SageMaker or otherwise assuming an IAM Role), or else [User](https://us-east-1.console.aws.amazon.com/iamv2/home?#/users) - Select *Add Permissions > Create Inline Policy* to attach new inline permissions, open the *JSON* editor and paste in the below example policy: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "BedrockFullAccess", "Effect": "Allow", "Action": ["bedrock:*"], "Resource": "*" } ] } ``` > ⚠️ **Note 1:** With Amazon SageMaker, your notebook execution role will typically be *separate* from the user or role that you log in to the AWS Console with. If you'd like to explore the AWS Console for Amazon Bedrock, you'll need to grant permissions to your Console user/role too. > ⚠️ **Note 2:** For top level folder changes, please reach out to the GitHub mainterners. For more information on the fine-grained action and resource permissions in Bedrock, check out the Bedrock Developer Guide. ## Contributing We welcome community contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the [LICENSE](LICENSE) file.

AI Tools ML Frameworks

1.4K Github Stars

Read more

Open Source

aws-genai-llm-chatbot

# AWS GenAI LLM Chatbot Enterprise-ready generative AI chatbot with RAG capabilities. ## Overview The AWS GenAI LLM Chatbot is a production-ready solution that enables organizations to deploy a secure, feature-rich chatbot powered by large language models (LLMs) with Retrieval Augmented Generation (RAG) capabilities. ## Key Features - **Multiple LLM Support**: Amazon Bedrock (Claude, Llama 2), SageMaker, and custom model endpoints - **GenAIEH Gateway Integration**: Connect to GenAIEH Gateway for additional model access - **Comprehensive RAG Implementation**: Connect to various data sources for context-aware responses - **Enterprise Security**: Fine-grained access controls, audit logging, and data encryption - **Conversation Memory**: Full conversation history with persistent storage - **Web UI and API Access**: Modern React interface and API endpoints for integration - **Cost Optimization**: Token usage tracking and cost management features - **Deployment Flexibility**: Multiple deployment options to fit your needs ## Getting Started This blueprint deploys the complete AWS GenAI LLM Chatbot solution in your AWS account. ### Prerequisites - AWS Account with appropriate permissions - AWS CLI configured with credentials - Node.js 18+ and npm - Python 3.8+ - AWS CDK CLI version compatible with aws-cdk-lib 2.206.0 or later ```bash # Install or update the CDK CLI globally npm install -g aws-cdk@latest # Verify the installed version cdk --version ``` > **Important**: The CDK CLI version must be compatible with the aws-cdk-lib version used in this project (currently 2.206.0). If you encounter a "Cloud assembly schema version mismatch" error during deployment, update your CDK CLI to the latest version using the command above. ### Deployment The deployment process is fully automated using AWS CDK and SeedFarmer. ## Architecture The solution architecture includes: - Amazon Bedrock for LLM access - Amazon OpenSearch for vector storage - Amazon S3 for document storage - Amazon Cognito for authentication - AWS Lambda for serverless processing - Amazon API Gateway for API access - React-based web interface ## Documentation For complete documentation, visit the [GitHub repository](https://github.com/aws-samples/aws-genai-llm-chatbot). ## License This project is licensed under the MIT-0 License.

LLM Tools & Chat UIs PaaS & Self-hosting

1.4K Github Stars

Read more

Open Source

generative-ai-cdk-constructs-samples

# Sample Apps for AWS Generative AI CDK Constructs This repo provides samples to demonstrate how to build your own Generative AI solutions using [AWS Generative AI CDK Constructs](https://github.com/awslabs/generative-ai-cdk-constructs). ## Getting started |Use Case|Description|Type|Language| |-|-|-|-| |[SageMaker JumpStart model](samples/sagemaker_jumpstart_model/)| This sample provides a sample application which deploys a SageMaker real-time endpoint hosting a Llama 2 foundation model developed by Meta from Amazon JumpStart, and an AWS Lambda function to run inference requests against that endpoint.|Backend|TypeScript| |[SageMaker Hugging Face model](samples/sagemaker_huggingface_model/)| This sample provides a sample application which deploys a SageMaker real-time endpoint hosting a model (Mistral 7B) from Hugging Face, and an AWS Lambda function to run inference requests against that endpoint.|Backend|TypeScript| |[SageMaker Hugging Face model on AWS Inferentia2](samples/sagemaker_huggingface_inferentia/)| This sample provides a sample application which deploys a SageMaker real-time endpoint hosting a model (Zephyr 7B) from Hugging Face, and an AWS Lambda function to run inference requests against that endpoint. This sample uses Inferentia 2 as the hardware accelerator.|Backend|TypeScript| |[SageMaker custom endpoint](samples/sagemaker_custom_endpoint/)| This sample provides a sample application which deploys a SageMaker real-time endpoint hosting a model with artifacts stored in an Amazon Simple Storage Service (S3) bucket, and an AWS Lambda function to run inference requests against that endpoint. This sample uses Inferentia2 as the hardware accelerator. |Backend|TypeScript| |[SageMaker multimodal custom endpoint](samples/sagemaker_huggingface_model_llava/)| This sample provides a sample application which deploys a SageMaker real-time endpoint hosting llava-1.5-7b, with artifacts stored in an Amazon Simple Storage Service (S3) bucket, a custom inference script, and an AWS Lambda function to run inference requests against that endpoint. |Backend|TypeScript| |[SageMaker image to video endpoint](samples/sagemaker_huggingface_model_svd/)| This sample provides a sample application which deploys a SageMaker async endpoint hosting stable-video-diffusion-img2vid-xt-1-1, with artifacts stored in an Amazon Simple Storage Service (S3) bucket, a custom inference script, and an AWS Lambda function to run inference requests against that endpoint. |Backend|TypeScript| |[LLM on SageMaker in GovCloud PDT](samples/llm-on-govcloud-sagemaker/)| This sample provides a sample application which deploys a SageMaker real-time endpoint hosting Falcon-40b on GovCloud PDT. |Backend|TypeScript| |[Amazon Bedrock Agents](samples/bedrock-agent/)| This sample provides a sample application which deploys an Amazon Bedrock Agent and Knowledge Base backed by an OpenSearch Serverless Collection and documents in S3. It demonstrates how to use the [Amazon Bedrock CDK construct](https://github.com/awslabs/generative-ai-cdk-constructs/tree/main/src/cdk-lib/bedrock). |Backend|TypeScript| |[Python Samples](samples/python-samples/)| This project showcases the utilization of the 'generative-ai-cdk-constructs' package from the Python Package Index (PyPI).| Backend | Python| |[.NET Samples](samples/dotnet-samples/)| This project showcases the utilization of the 'Cdklabs.GenerativeAiCdkConstructs' package from nuget library.| Backend | .NET| |[Contract Compliance Analysis](samples/contract-compliance-analysis/)| This prototype can potentially help you make your contract compliance process more efficient, leveraging Generative Artificial Intelligence (GenAI) to evaluate contract clauses against predefined guidelines and to provide feedback on adherence to standards applicable to you, based on your instructions. This is achieved through workflows that leverages Large Language Models via Amazon Bedrock. | Backend + Frontend | Python for Backend, TypeScript (React) for Frontend | |[Multimodal RAG solution](samples/multimodal-rag)| This project showcases Amazon Bedrock multimodal features using [Amazon Bedrock Data Automation](https://aws.amazon.com/bedrock/bda/) (BDA) combined with Amazon Bedrock Knowledge Bases for a RAG-based chatbot. | Backend + Frontend | Python for Backend, TypeScript (React) for Frontend | |[RFP Answers with GenAI](samples/rfp-answer-generation/)| This project automates RFP (Request for Proposal) responses by using Amazon Bedrock's LLMs to generate answers based on your company's existing knowledge base. Key features include direct Excel file processing for questions and answers, Bedrock AgentCore Runtime with agents and tools for sophisticated question answering, and S3 Vectors for simplified vector storage. | Backend + Frontend | Python for Backend, TypeScript (React) for Frontend | | [Code Expert](samples/code-expert/) | This project addresses the scalability limitations of manual code reviews by leveraging artificial intelligence to perform expert code reviews automatically. It leverages the [Bedrock Batch Step Functions CDK construct](https://github.com/awslabs/generative-ai-cdk-constructs/blob/main/src/patterns/gen-ai/aws-bedrock-batch-stepfn/README.md). | Backend | Python for Backend and Demo, TypeScript for CDK | |[Bedrock Agent UI Wrapper](samples/bedrock-agent-ui-wrapper/)| This sample provides a CDK construct that creates an API layer and frontend application for Amazon Bedrock Agents. It includes authentication with Amazon Cognito, agent trace streaming, and can be deployed locally or on ECS Fargate. | API layer + Frontend | Python| |[Stateless MCP Server on AWS Lambda](samples/mcp-stateless-lambda/)| Sample MCP Server running natively on AWS Lambda and API Gateway without any extra bridging components or custom transports and a test MCP client. | API layer | TypeScript | |[Stateless MCP Server on ECS](samples/mcp-stateless-ecs/)| Sample stateless MCP Server running natively on ECS Fargate and ALB without any extra bridging components or custom transports and a test MCP client. | API layer | TypeScript | |[Stateful MCP Server on ECS](samples/mcp-stateful-ecs/)| Sample stateful MCP Server running natively on ECS Fargate and ALB without any extra bridging components or custom transports and a test MCP client. | API layer | TypeScript | |[Speech to speech](samples/speech-to-speech/)| Real-time Speech to Speech solution with Amazon Nova Sonic, featuring a Java WebSocket server and React frontend. | Backend + Frontend | Python for Backend, TypeScript (React) for Frontend | | [Strands Lambda Durable](samples/cdk-lambda-strands-durable/) | This folder contains demos showcasing the [Strands Agents Python SDK](https://strandsagents.com/latest/) integrated with [AWS Lambda durable execution](https://docs.aws.amazon.com/lambda/latest/dg/durable-functions.html). | Backend | Python for Lambda, Ts for IaC | ## Contributing Please refer to the [CONTRIBUTING](CONTRIBUTING.md) document for further details on contributing to this repository.

DevOps & Infrastructure AI Agents

170 Github Stars

Read more

Open Source

generative-ai-use-cases

<div markdown="1" align="center"> <h1>Generative AI Use Cases (GenU)</h1> [](https://aws-samples.github.io/generative-ai-use-cases/index.html) [](https://github.com/aws-samples/generative-ai-use-cases/blob/main/LICENSE) [](https://github.com/aws-samples/generative-ai-use-cases/actions/workflows/node.js.yml) [](https://github.com/aws-samples/generative-ai-use-cases/actions/workflows/browser-extension.yml) English | [日本語](./README_ja.md) | [한국어](./README_ko.md) Well-architected application implementation with business use cases for utilizing generative AI in business operations <img src="./docs/assets/images/sc_lp_en.png" alt="Well-architected application implementation with business use cases for utilizing generative AI in business operations" width="68%"> </div> > [!IMPORTANT] > GenU has supported multiple languages since v4. > > GenU は v4 から多言語対応しました。日本語ドキュメントは[こちら](./README_ja.md) ## GenU Usage Patterns Here we introduce GenU's features and options by usage pattern. For comprehensive deployment options, please refer to [this document](docs/en/DEPLOY_OPTION.md). > [!TIP] > Click on a usage pattern to see details <details markdown="1"> <summary><strong><ins>I want to experience generative AI use cases</ins></strong></summary> GenU provides a variety of standard use cases leveraging generative AI. These use cases can serve as seeds for ideas on how to utilize generative AI in business operations, or they can be directly applied to business as-is. We plan to continuously add more refined use cases in the future. If unnecessary, you can also [hide specific use cases](docs/en/DEPLOY_OPTION.md#hiding-specific-use-cases) with an option. Here are the use cases provided by default. <br/> <br/> <table width="100%"> <thead> <tr> <td width="20%">Use Case</td> <td width="80%">Description</td> </tr> </thead> <tbody> <tr> <td>Chat</td> <td>You can interact with large language models (LLMs) in a chat format. The existence of platforms that allow direct dialogue with LLMs enables quick responses to specific and new use cases. It's also effective as a testing environment for prompt engineering.</td> </tr> <tr> <td>Text Generation</td> <td>Generating text in any context is one of the tasks LLMs excel at. It generates all kinds of text including articles, reports, and emails.</td> </tr> <tr> <td>Summarization</td> <td>LLMs are good at summarizing large amounts of text. Beyond simple summarization, they can also extract necessary information in a conversational format after being given text as context. For example, after reading a contract, you can ask questions like "What are the conditions for XXX?" or "What is the amount for YYY?"</td> </tr> <tr> <td>Meeting Minutes</td> <td>Automatically generate meeting minutes from audio recordings or real-time transcription. Choose from Transcription, News Paper, or FAQ style with zero prompt engineering required. </td> </tr> <tr> <td>Writing</td> <td>LLMs can suggest improvements from a more objective perspective, considering not only typos but also the flow and content of the text. You can expect to improve quality by having the LLM objectively check points you might have missed before showing your work to others.</td> </tr> <tr> <td>Translation</td> <td>LLMs trained in multiple languages can perform translations. Beyond simple translation, they can incorporate various specified contextual information such as casualness and target audience into the translation.</td> </tr> <tr> <td>Web Content Extraction</td> <td>Extracts necessary information from web content such as blogs and documents. The LLM removes unnecessary information and formats it into well-structured text. Extracted content can be used in other use cases such as summarization and translation.</td> </tr> <tr> <td>Image Generation</td> <td>Image generation AI can create new images based on text or existing images. It allows for immediate visualization of ideas, potentially improving efficiency in design work. In this feature, LLMs can assist in creating prompts.</td> </tr> <tr> <td>Video Generation</td> <td>Video generation AI creates short videos from text. The generated videos can be used as materials in various scenarios.</td> </tr> <tr> <td>Video Analysis</td> <td>With multimodal models, it's now possible to input not only text but also images. In this feature, you can ask the LLM to analyze video frames and text inputs.</td> </tr> <tr> <td>Diagram Generation</td> <td>Diagram generation visualizes text and content on any topic using optimal diagrams. It allows for easy text-based diagram creation, enabling efficient creation of flowcharts and other diagrams even for non-programmers and non-designers.</td> </tr> <tr> <td>Voice Chat</td> <td>In Voice Chat, you can have a bidirectional voice chat with generative AI. Similar to natural conversation, you can also interrupt and speak while the AI is talking. Also, by setting a system prompt, you can have voice conversations with AI that has specific roles.</td> </tr> </tbody> </table> </details> <details markdown="1"> <summary><strong><ins>I want to do RAG</ins></strong></summary> RAG is a technique that allows LLMs to answer questions they normally couldn't by providing external up-to-date information or domain knowledge that LLMs typically struggle with. PDF, Word, Excel, and other files accumulated within your organization can serve as information sources. RAG also has the effect of preventing LLMs from providing "plausible but incorrect information" by only allowing answers based on evidence. GenU provides a RAG Chat use case. Two types of information sources are available for RAG Chat: [Amazon Kendra](docs/en/DEPLOY_OPTION.md) and [Knowledge Base](docs/en/DEPLOY_OPTION.md#enabling-rag-chat-knowledge-base-use-case). When using Amazon Kendra, you can [use manually created S3 Buckets or Kendra Indexes as they are](docs/en/DEPLOY_OPTION.md#using-an-existing-amazon-kendra-index). When using Knowledge Base, advanced RAG features such as [Advanced Parsing](docs/en/DEPLOY_OPTION.md#enabling-advanced-parsing), [Chunk Strategy Selection](docs/en/DEPLOY_OPTION.md#changing-chunking-strategy), [Query Decomposition](docs/en/DEPLOY_OPTION.md#enabling-rag-chat-knowledge-base-use-case), and [Reranking](docs/en/DEPLOY_OPTION.md#enabling-rag-chat-knowledge-base-use-case) are available. Knowledge Base also allows for [Metadata Filter Settings](docs/en/DEPLOY_OPTION.md#metadata-filter-configuration). For example, you can meet requirements such as "switching accessible data sources by organization" or "allowing users to set filters from the UI." Additionally, it is possible to build a RAG that references data outside of AWS by [enabling MCP chat](docs/en/DEPLOY_OPTION.md#enabling-mcp-chat-use-case) and adding an external service's MCP server to [packages/cdk/mcp-api/mcp.json](/packages/cdk/mcp-api/mcp.json). </details> <details markdown="1"> <summary><strong><ins>I want to use custom Bedrock Agents or AgentCore or Bedrock Flows within my organization</ins></strong></summary> When you [enable agents](docs/en/DEPLOY_OPTION.md#enabling-agent-chat-use-case) in GenU, Web Search Agent and Code Interpreter Agent are created. The Web Search Agent searches the web for information to answer user questions. For example, it can answer "What is AWS GenU?" The Code Interpreter Agent can execute code to respond to user requests. For example, it can respond to requests like "Draw a scatter plot with some dummy data." While Web Search Agent and Code Interpreter Agent are basic agents, you might want to use more practical agents tailored to your business needs. GenU provides a feature to [import agents](docs/en/DEPLOY_OPTION.md#adding-manually-created-agents) that you've created manually or with other assets. By using GenU as a platform for agent utilization, you can leverage GenU's [rich security options](docs/en/DEPLOY_OPTION.md#security-related-settings) and [SAML authentication](docs/en/DEPLOY_OPTION.md#saml-authentication) to spread practical agents within your organization. Additionally, you can [hide unnecessary standard use cases](docs/en/DEPLOY_OPTION.md#hiding-specific-use-cases) or [display agents inline](docs/en/DEPLOY_OPTION.md#displaying-agents-inline) to use GenU as a more agent-focused platform. Similarly, there is an [import feature](docs/en/DEPLOY_OPTION.md#enabling-agentcore-use-cases) for AgentCore Runtime, so please make use of it. Similarly, there is an [import feature](docs/en/DEPLOY_OPTION.md#enabling-flow-chat-use-case) for Bedrock Flows, so please make use of it. Additionally, you can create agents that perform actions on services outside AWS by [enabling MCP chat](docs/en/DEPLOY_OPTION.md#enabling-mcp-chat-use-case) and adding external MCP servers to [packages/cdk/mcp-api/mcp.json](/packages/cdk/mcp-api/mcp.json). </details> <details markdown="1"> <summary><strong><ins>I want to create custom use cases</ins></strong></summary> GenU provides a feature called "Use Case Builder" that allows you to create custom use cases by describing prompt templates in natural language. Custom use case screens are automatically generated just from prompt templates, so no code changes to GenU itself are required. Created use cases can be shared with all users who can log into the application, not just for personal use. Use Case Builder can be [disabled](docs/en/DEPLOY_OPTION.md#use-case-builder-configuration) if not needed. Use cases can also be exported as .json files and shared with third parties. When sharing use cases, please be careful not to include any confidential information in prompts or usage examples. Use cases shared by third parties can be imported by uploading the .json file from the new use case creation screen. For more details about Use Case Builder, please check <a href="https://aws.amazon.com/jp/blogs/news/genu-use-cases-builder/">this blog</a>. <br/> <br/> While Use Case Builder can create use cases where you input text into forms or attach files, depending on your requirements, a chat UI might be more suitable. In such cases, please utilize the system prompt saving feature of the "Chat" use case. By saving system prompts, you can create business-necessary "bots" with just one click. For example, you can create "a bot that thoroughly reviews source code when input" or "a bot that extracts email addresses from input content." Additionally, chat conversation histories can be shared with logged-in users, and system prompts can be imported from shared conversation histories. <br/> <br/> Since GenU is OSS, you can also customize it to add your own use cases. In that case, please be careful about conflicts with GenU's main branch. </details> ## Deployment > [!IMPORTANT] > Please enable the `modelIds` (text generation), `imageGenerationModelIds` (image generation), and `videoGenerationModelIds` (video generation) in the `modelRegion` region listed in [`/packages/cdk/cdk.json`](/packages/cdk/cdk.json). ([Amazon Bedrock Model access screen](https://us-east-1.console.aws.amazon.com/bedrock/home?region=us-east-1#/modelaccess)) GenU deployment uses [AWS Cloud Development Kit](https://aws.amazon.com/jp/cdk/) (CDK). If you cannot prepare a CDK execution environment, refer to the following deployment methods: - [Deployment method using AWS CloudShell (if preparing your own environment is difficult)](docs/en/DEPLOY_ON_CLOUDSHELL.md) - Workshop ([English](https://catalog.workshops.aws/generative-ai-use-cases) / [Japanese](https://catalog.workshops.aws/generative-ai-use-cases-jp)) First, run the following command. All commands should be executed at the repository root. ```bash npm ci ``` If you've never used CDK before, you need to [Bootstrap](https://docs.aws.amazon.com/ja_jp/cdk/v2/guide/bootstrapping.html) for the first time only. The following command is unnecessary if your environment is already bootstrapped. ```bash npx -w packages/cdk cdk bootstrap ``` Next, deploy AWS resources with the following command. Please wait for the deployment to complete (it may take about 20 minutes). ```bash # Normal deployment npm run cdk:deploy # Fast deployment (quickly deploy without pre-checking created resources) npm run cdk:deploy:quick ``` ## Architecture  ## Other Information - [Deployment Options](docs/en/DEPLOY_OPTION.md) - [Update Method](docs/en/UPDATE.md) - [Local Development Environment Setup](docs/en/DEVELOPMENT.md) - [Resource Deletion Method](docs/en/DESTROY.md) - [How to Use as a Native App](docs/en/PWA.md) - [Using Browser Extensions](docs/en/EXTENSION.md) ## Cost Estimation We have published configuration and cost estimation examples for using GenU. (The service is pay-as-you-go, and actual costs will vary depending on your usage.) - [Simple Version (without RAG) Estimation](https://aws.amazon.com/jp/cdp/ai-chatbot/) - [With RAG (Amazon Kendra) Estimation](https://aws.amazon.com/jp/cdp/ai-chatapp/) - [With RAG (Knowledge Base) Estimation](https://aws.amazon.com/jp/cdp/genai-chat-app/) ## Customer Case Studies | Customer | Quote | | :-------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | <a href="https://www.yasashiite.com/" target="_blank"><img src="./docs/assets/images/cases/yasashiite_logo.png"></a> | **Yasashiite Co., Ltd.** <br/> _Thanks to GenU, we were able to provide added value to users and improve employee work efficiency. We continue to evolve from "smooth operation" to "exciting work" as employees' "previous work" transforms into enjoyable work!_ <br/> ・[See case details](./docs/assets/images/cases/yasashiite_case.png) <br/> ・[See case page](https://aws.amazon.com/jp/solutions/case-studies/yasashii-te/) | | <a href="https://www.takihyo.co.jp/" target="_blank"><img src="./docs/assets/images/cases/TAKIHYO_logo.png"></a> | **TAKIHYO Co., Ltd.** <br/> _Achieved internal business efficiency and reduced over 450 hours of work by utilizing generative AI. Applied Amazon Bedrock to clothing design, etc., and promoted digital talent development._ <br/> ・[See case page](https://aws.amazon.com/jp/solutions/case-studies/takihyo/) | | <a href="https://salsonido.com/" target="_blank"><img src="./docs/assets/images/cases/salsonido_logo.png"></a> | **Salsonido Inc.** <br/> _By utilizing GenU, which is provided as a solution, we were able to quickly start improving business processes with generative AI._ <br/> ・[See case details](./docs/assets/images/cases/salsonido_case.png) <br/> ・[Applied service](https://kirei.ai/) | | <a href="https://www.tamura-ss.co.jp/jp/index.html" target="_blank"><img src="./docs/assets/images/cases/tamura-ss_logo.png"></a> | **TAMURA CORPORATION** <br/> _The application samples that AWS publishes on Github have a wealth of immediately testable functions, and by using them as they are, we were able to easily select functions that suited us and shorten the development time of the final system._<br/> ・[See case details](./docs/assets/images/cases/tamura-ss_case.png)<br/> | | <a href="https://jdsc.ai/" target="_blank"><img src="./docs/assets/images/cases/jdsc_logo.png"></a> | **JDSC Inc.** <br/> _Amazon Bedrock allows us to securely use LLMs with our data. Also, we can switch to the optimal model depending on the purpose, allowing us to improve speed and accuracy while keeping costs down._ <br/> ・[See case details](./docs/assets/images/cases/jdsc_case.png) | | <a href="https://www.iret.co.jp/" target="_blank"><img src="./docs/assets/images/cases/iret_logo.png"></a> | **iret, Inc.** <br/> _To accumulate and systematize internal knowledge for BANDAI NAMCO Amusement Inc.'s generative AI utilization, we developed a use case site using Generative AI Use Cases JP provided by AWS. iret, Inc. supported the design, construction, and development of this project._ <br/> ・[BANDAI NAMCO Amusement Inc.'s cloud utilization case study](https://cloudpack.jp/casestudy/302.html?_gl=1*17hkazh*_gcl_au*ODA5MDk3NzI0LjE3MTM0MTQ2MDU) | | <a href="https://idealog.co.jp" target="_blank"><img src="./docs/assets/images/cases/idealog_logo.jpg"></a> | **IDEALOG Inc.** <br/> _I feel that we can achieve even greater work efficiency than with conventional generative AI tools. Using Amazon Bedrock, which doesn't use input/output data for model training, gives us peace of mind regarding security._ <br/> ・[See case details](./docs/assets/images/cases/idealog_case.png) <br/> ・[Applied service](https://kaijosearch.com/) | | <a href="https://estyle.co.jp/" target="_blank"><img src="./docs/assets/images/cases/estyle_logo.png"></a> | **eStyle Inc.** <br/> _By utilizing GenU, we were able to build a generative AI environment in a short period and promote knowledge sharing within the company._ <br/> ・[See case details](./docs/assets/images/cases/estyle_case.png) | | <a href="https://meidensha.co.jp/" target="_blank"><img src="./docs/assets/images/cases/meidensha_logo.svg"></a> | **Meidensha Corporation** <br/> _By using AWS services such as Amazon Bedrock and Amazon Kendra, we were able to quickly and securely build a generative AI usage environment. It contributes to employee work efficiency through automatic generation of meeting minutes and searching internal information._ <br/> ・[See case details](./docs/assets/images/cases/meidensha_case.png) | | <a href="https://www.st-grp.co.jp/" target="_blank"><img src="./docs/assets/images/cases/st-grp_logo.jpg"></a> | **Sankyo Tateyama, Inc.** <br/> _Information buried within the company became quickly searchable with Amazon Kendra. By referring to GenU, we were able to promptly provide the functions we needed, such as meeting minutes generation._ <br/> ・[See case details](./docs/assets/images/cases/st-grp_case.png) | | <a href="https://www.oisixradaichi.co.jp/" target="_blank"><img src="./docs/assets/images/cases/oisixradaichi_logo.png"></a> | **Oisix ra daichi Inc.** <br/> _Through the use case development project using GenU, we were able to grasp the necessary resources, project structure, external support, and talent development, which helped us clarify our image for the internal deployment of generative AI._ <br/> ・[See case page](https://aws.amazon.com/jp/solutions/case-studies/oisix/) | | <a href="https://www.san-a.co.jp/" target="_blank"><img src="./docs/assets/images/cases/san-a_logo.png"></a> | **SAN-A CO., LTD.** <br/> _By utilizing Amazon Bedrock, our engineers' productivity has dramatically improved, accelerating the migration of our company-specific environment, which we had built in-house, to the cloud._ <br/> ・[See case details](./docs/assets/images/cases/san-a_case.png)<br/> ・[See case page](https://aws.amazon.com/jp/solutions/case-studies/san-a/) | | <a href="https://onecompath.com/" target="_blank"><img src="./docs/assets/images/cases/onecompath_logo.png"></a> | **ONE COMPATH CO., LTD.** <br/> _By utilizing GenU, we were able to quickly establish a company-wide generative AI foundation. This made it possible for the planning department to develop PoCs independently, which accelerated the business creation cycle and allowed the development department to concentrate resources on more important business initiatives._ <br/> ・[See case details](./docs/assets/images/cases/onecompath_case.png)<br/> | | <a href="https://www.mee.co.jp/" target="_blank"><img src="./docs/assets/images/cases/mee_logo.jpg"></a> | **Mitsubishi Electric Engineering CO., LTD.** <br/> _Team members with no prior experience in generative AI development successfully built a RAG system in just 3 months using GenU with ServerWorks’ guidance. By leveraging GenU’s architecture as a reference, they achieved improved efficiency in helpdesk manual search operations and realized in-house development capabilities._ <br/> ・[See case details](https://www.serverworks.co.jp/case/mee.html?utm_source=github&utm_medium=external-media&utm_campaign=github_external-media_GenU)<br/> | | <a href="https://www.orbitics.co.jp/" target="_blank"><img src="./docs/assets/images/cases/orbitics_logo.png"></a> | **Orbitics Inc.** <br/> _We were able to develop it in an astonishingly short period of time. We will strategically deploy the acquired development technology across various business domains to enhance operational efficiency throughout the entire organization._ <br/> ・[See case details](./docs/assets/images/cases/orbitics_case.png)<br/> | If you would like to have your use case featured, please contact us via [Issue](https://github.com/aws-samples/generative-ai-use-cases/issues). ## References - [GitHub (Japanese): How to deploy GenU by one click](https://github.com/aws-samples/sample-one-click-generative-ai-solutions) - [Blog (Japanese): GenU Use Case Builder for Creating and Distributing Generative AI Apps with No Code](https://aws.amazon.com/jp/blogs/news/genu-use-cases-builder/) - [Blog (Japanese): How to Make RAG Projects Successful #1 ~ Or How to Fail Fast ~](https://aws.amazon.com/jp/builders-flash/202502/way-to-succeed-rag-project/) - [Blog (Japanese): Debugging Methods to Improve Accuracy in RAG Chat](https://qiita.com/sugimount-a/items/7ed3c5fc1eb867e28566) - [Blog (Japanese): Customizing GenU with No Coding Using Amazon Q Developer CLI](https://qiita.com/wadabee/items/659e189018ad1a08e152) - [Blog (Japanese): How to Customize Generative AI Use Cases JP](https://aws.amazon.com/jp/blogs/news/how-to-generative-ai-use-cases-jp/) - [Blog (Japanese): Generative AI Use Cases JP ~ First Contribution Guide](https://aws.amazon.com/jp/builders-flash/202504/genu-development-guide/) - [Blog (Japanese): Let Generative AI Decline Unreasonable Requests ~ Integrating Generative AI into Browsers ~](https://aws.amazon.com/jp/builders-flash/202405/genai-sorry-message/) - [Blog (Japanese): Developing an Interpreter with Amazon Bedrock!](https://aws.amazon.com/jp/builders-flash/202311/bedrock-interpreter/) - [Blog (Japanese): Using GenU's Metadata Filter for Department-based Filtering](https://qiita.com/sugimount-a/items/f08c1a7a777d5dece386) - [Blog (Japanese): Running Bedrock Inference on GenU with Different AWS Account](https://qiita.com/sugimount-a/items/e7d2fb94abacebec40d1) - [Video (Japanese): The Appeal and Usage of Generative AI Use Cases JP (GenU) for Thoroughly Considering Generative AI Use Cases](https://www.youtube.com/live/s1P5A2SIWgc?si=PBQ4ZHQXU4pDhL8A) ## Security See [CONTRIBUTING](/CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file.

HR, CRM & Support AI Agents Knowledge Bases & RAG

1.4K Github Stars

Read more

Open Source

bedrock-engineer

[](https://deepwiki.com/aws-samples/bedrock-engineer) [](https://catalog.us-east-1.prod.workshops.aws/workshops/57e0af6e-41a5-42cc-98e0-1f1a3fd0c6c4/ja-JP) Language: [English](./README.md) / [Japanese](./README-ja.md) # 🧙 Bedrock Engineer Bedrock Engineer is Autonomous software development agent apps using [Amazon Bedrock](https://aws.amazon.com/bedrock/), capable of customize to create/edit files, execute commands, search the web, use knowledge base, use multi-agents, generative images and more. ## 💻 Demo https://github.com/user-attachments/assets/f6ed028d-f3c3-4e2c-afff-de2dd9444759 ## Deck - [English](https://speakerdeck.com/gawa/introducing-bedrock-engineer-en) - [Japanese](https://speakerdeck.com/gawa/introducing-bedrock-engineer) ## 🍎 Getting Started Bedrock Engineer is a native app, you can download the app or build the source code to use it. ### Download MacOS: [<img src="https://img.shields.io/badge/Download_FOR_MAC-Latest%20Release-blue?style=for-the-badge&logo=apple" alt="Download Latest Release" height="40">](https://github.com/aws-samples/bedrock-engineer/releases/latest/download/bedrock-engineer-1.21.0.pkg) Windows: [<img src="https://img.shields.io/badge/Download_FOR_WINDOWS-Latest%20Release-blue?style=for-the-badge" alt="Download Latest Release" height="40">](https://github.com/aws-samples/bedrock-engineer/releases/latest/download/bedrock-engineer-1.21.0-setup.exe) It is optimized for MacOS, but can also be built and used on Windows and Linux OS. If you have any problems, please report an issue. <details> <summary>Tips for Installation</summary> ### Installation 1. Download the latest release (PKG file) 2. Double-click the PKG file to start installation 3. If you see a security warning, follow the steps below 4. Launch the app and configure your AWS credentials ### macOS Security Warning When opening the PKG file, you may see this security warning:  **To resolve this:** 1. Click "Done" to dismiss the warning dialog 2. Open System Preferences → Privacy & Security 3. Scroll down to the Security section 4. Find "bedrock-engineer-1.19.2.pkg was blocked to protect your Mac" 5. Click "Open Anyway" button This security warning appears because the application is not distributed through the Mac App Store.  ### macOS Code Signing (Required) Due to macOS security restrictions, you must run the following command after installation to properly sign the application: ```bash sudo codesign --force --deep --sign - "/Applications/Bedrock Engineer.app" ``` This ad-hoc code signing is required to ensure the application functions correctly on macOS, including proper handling of system permission dialogs. ### Configuration Issues If a configuration file error occurs when starting the application, please check the following configuration files. If you cannot start the application even after deleting the configuration files and restarting it, please file an issue. `/Users/{{username}}/Library/Application Support/bedrock-engineer/config.json` </details> ### Build First, install the npm modules: ```bash npm ci ``` Then, build application package ```bash npm run build:mac ``` or ```bash npm run build:win ``` or ```bash npm run build:linux ``` Use the application stored in the `dist` directory. ## Agent Chat The autonomous AI agent capable of development assists your development process. It provides functionality similar to AI assistants like [Cline](https://github.com/cline/cline), but with its own UI that doesn't depend on editors like VS Code. This enables richer diagramming and interactive experiences in Bedrock Engineer's agent chat feature. Additionally, with agent customization capabilities, you can utilize agents for use cases beyond development. - 💬 Interactive chat interface with human-like Amazon Nova, Claude, and Meta llama models - 📁 File system operations (create folders, files, read/write files) - 🔍 Web search capabilities using Tavily API - 🏗️ Project structure creation and management - 🧐 Code analysis and improvement suggestions - 📝 Code generation and execution - 📊 Data analysis and visualization - 💡 Agent customization and management - 🛠️ Tool customization and management - 🔄 Chat history management - 🌐 Multi-language support - 🛡️ Guardrail support - 💡 Light processing model for cost optimization |  |  | | :----------------------------------------------------: | :--------------------------------------------------: | | Code analysis and diagramming | Web search capabilities using Tavily API | ### Select an Agent Choose an agent from the menu in the top left. By default, it includes a Software Developer specialized in general software development, a Programming Mentor that assists with programming learning, and a Product Designer that supports the conceptual stage of services and products.  ### Customize Agents Enter the agent's name, description, and system prompt. The system prompt is a crucial element that determines the agent's behavior. By clearly defining the agent's purpose, regulations, role, and when to use available tools, you can obtain more appropriate responses.  ### Select Tools / Customize Tools Click the Tools icon in the bottom left to select the tools available to the agent. Tools can be configured separately for each agent.  The supported tools are: #### 📂 File System Operations | Tool Name | Description | | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `createFolder` | Creates a new directory within the project structure. Creates a new folder at the specified path. | | `writeToFile` | Writes content to a file. Creates a new file if it doesn't exist or updates content if the file exists. | | `readFiles` | Reads contents from multiple files simultaneously. Supports text files and Excel files (.xlsx, .xls), automatically converting Excel files to CSV format. | | `listFiles` | Displays directory structure in a hierarchical format. Provides comprehensive project structure including all subdirectories and files, following configured ignore patterns. | | `moveFile` | Moves a file to a different location. Used for organizing files within the project structure. | | `copyFile` | Duplicates a file to a different location. Used when file duplication is needed within the project structure. | #### 🌐 Web & Search Operations | Tool Name | Description | | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `tavilySearch` | Performs web searches using the Tavily API. Used when current information or additional context is needed. Requires an API key. | | `fetchWebsite` | Retrieves content from specified URLs. Large content is automatically split into manageable chunks. Initial call provides chunk overview, with specific chunks retrievable as needed. Supports GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS methods with custom headers and body configuration. | #### 🤖 Amazon Bedrock Integration | Tool Name | Description | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `generateImage` | Generates images using Amazon Bedrock LLMs. Uses stability.sd3-5-large-v1:0 by default and supports both Stability.ai and Amazon models. Supports specific aspect ratios and sizes for Titan models, with PNG, JPEG, and WebP output formats. Allows seed specification for deterministic generation and negative prompts for exclusion elements. | | `recognizeImage` | Analyzes images using Amazon Bedrock's image recognition capabilities. Supports various analysis types including object detection, text detection, scene understanding, and image captioning. Can process images from local files. Provides detailed analysis results that can be used for content moderation, accessibility features, automated tagging, and visual search applications. | | `generateVideo` | Generates videos using Amazon Nova Reel. Creates realistic, studio-quality videos from text prompts or images. Supports TEXT_VIDEO (6 seconds), MULTI_SHOT_AUTOMATED (12-120 seconds), and MULTI_SHOT_MANUAL modes. Returns immediately with job ARN for status tracking. Requires S3 configuration. | | `checkVideoStatus` | Checks the status of video generation jobs using invocation ARN. Returns current status, completion time, and S3 location when completed. Use this to monitor progress of video generation jobs. | | `downloadVideo` | Downloads completed videos from S3 using invocation ARN. Automatically retrieves S3 location from job status and downloads to specified local path or project directory. Only use when checkVideoStatus shows status as "Completed". | | `retrieve` | Searches information using Amazon Bedrock Knowledge Base. Retrieves relevant information from specified knowledge bases. | | `invokeBedrockAgent` | Interacts with specified Amazon Bedrock Agents. Initiates dialogue using agent ID and alias ID, with session ID for conversation continuity. Provides file analysis capabilities for various use cases including Python code analysis and chat functionality. | | `invokeFlow` | Executes Amazon Bedrock Flows for custom data processing pipelines. Supports agent-specific flow configurations and multiple input data types (string, number, boolean, object, array). Enables automation of complex workflows and customized data processing sequences with flexible input/output handling. Ideal for data transformation, multi-step processing, and integration with other AWS services. | #### 💻 System Command & Code Execution | Tool Name | Description | | ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `executeCommand` | Manages command execution and process input handling. Features two operational modes: 1) initiating new processes with command and working directory specification, 2) sending standard input to existing processes using process ID. For security reasons, only allowed commands can be executed, using the configured shell. Unregistered commands cannot be executed. The agent's capabilities can be extended by registering commands that connect to databases, execute APIs, or invoke other AI agents. | | `codeInterpreter` | Executes Python code in a secure Docker environment with pre-installed data science libraries. Provides isolated code execution with no internet access for security. Supports two environments: "basic" (numpy, pandas, matplotlib, requests) and "datascience" (full ML stack including scikit-learn, scipy, seaborn, etc.). Input files can be mounted read-only at /data/ directory for analysis. Generated files are automatically detected and reported. Perfect for data analysis, visualization, and ML experimentation. | | `screenCapture` | Captures the current screen and saves as PNG image file. Optionally analyzes the captured image with AI using vision models (Claude/Nova) to extract text content, identify UI elements, and provide detailed visual descriptions for debugging and documentation purposes. Platform-specific permissions required (macOS: Screen Recording permission in System Preferences required). | | `cameraCapture` | Captures images from PC camera using HTML5 getUserMedia API and saves as an image file. Supports different quality settings (low, medium, high) and formats (JPG, PNG). Optionally analyzes the captured image with AI to extract text content, identify objects, and provide detailed visual descriptions for analysis and documentation purposes. Camera access permission is required in your browser settings. | <details> <summary>Tips for Integrate Bedrock Agents</summary> ### Agent Preparation Toolkit (APT) You can get up and running quickly with Amazon Bedrock Agents by using the [Agent Preparation Toolkit](https://github.com/aws-samples/agent-preparation-toolkit). </details> ### MCP (Model Context Protocol) Client Integration Model Context Protocol (MCP) client integration allows Bedrock Engineer to connect to external MCP servers and dynamically load and use powerful external tools. This integration extends the capabilities of your AI assistant by allowing it to access and utilize the tools provided by the MCP server. For detailed information about MCP server configuration, see the [MCP Server Configuration Guide](./docs/mcp-server/MCP_SERVER_CONFIGURATION.md). ## Background Agent Schedule AI agent tasks to run automatically at specified intervals using cron expressions. Background Agent enables continuous workflow automation with real-time execution notifications.  ### Key Features - 🕒 **Scheduled Execution**: Automate tasks using cron expressions (hourly, daily, weekly, etc.) - 🔄 **Session Continuity**: Maintain conversation context across task executions - ⚡ **Manual Execution**: Run tasks immediately when needed - 📊 **Execution Tracking**: Monitor task history and performance - 🔔 **Real-time Notifications**: Get instant feedback on task results ## Agent Directory The Agent Directory is a content hub where you can discover and immediately use AI agents created by skilled contributors. It offers a curated collection of pre-configured agents designed for various tasks and specialties.  ### Features - **Browse the Collection** - Explore a growing library of specialized agents created by the community - **Search & Filter** - Quickly find agents using the search function or filter by tags to discover agents that match your needs - **Detailed Information** - View comprehensive information about each agent including author, system prompt, supported tools, and usage scenarios - **One-Click Addition** - Add any agent to your personal collection with a single click and start using it immediately - **Contribute Your Agents** - Share your custom agents with the community by becoming a contributor ### Using the Agent Directory 1. **Browse and Search** - Use the search bar to find specific agents or browse the entire collection 2. **Filter by Tags** - Click on tags to filter agents by categories, specialties, or capabilities 3. **View Details** - Select any agent to view its complete system prompt, supported tools, and usage scenarios 4. **Add to Your Collection** - Click "Add to My Agents" to add the agent to your personal collection ### Organization Sharing Share agents within your team or organization using AWS S3 storage. This feature enables: - **Team Collaboration** - Share custom agents with specific teams or departments - **Centralized Management** - Manage organization-specific agents through S3 buckets For detailed setup instructions, see the [Organization Sharing Guide](./docs/agent-directory-organization/). ### Contribute Your Agents Become a contributor and share your custom agents with the community: 1. Export your custom agent as a shared file 2. Add your GitHub username as the author 3. Submit your agent via Pull Request or GitHub Issue By contributing to the Agent Directory, you help build a valuable resource of specialized AI agents that enhance the capabilities of Bedrock Engineer for everyone. ## Nova Sonic Voice Chat Real-time voice conversation feature powered by Amazon Nova Sonic. Engage in natural voice interactions with AI agents.  ### Key Features - 🎤 **Real-time Voice Input**: Natural conversation with AI using your microphone - 🗣️ **Multiple Voice Selection**: Choose from 3 voice characteristics - Tiffany: Warm and friendly - Amy: Calm and composed - Matthew: Confident and authoritative - 🤖 **Agent Customization**: Custom agents available just like Agent Chat - 🛠️ **Tool Execution**: Agents can execute tools during voice conversations - 🌐 **Multi-language Support**: Currently supports English only, with plans for other languages Nova Sonic Voice Chat provides a more natural and intuitive AI interaction experience, different from traditional text-based exchanges. Voice communication enables efficient and approachable AI assistant experiences. ### Resolving Duplicate Permission Dialogs If you experience duplicate OS permission dialogs (such as microphone access), you can resolve this issue by running the following command after building and installing the application to add an ad-hoc signature: ```bash sudo codesign --force --deep --sign - "/Applications/Bedrock Engineer.app" ``` This command applies an ad-hoc code signature to the application, which helps prevent duplicate system permission dialogs. ## Website Generator Generate and preview website source code in real-time. Currently supports the following libraries, and you can interactively generate code by providing additional instructions: - React.js (w/ Typescript) - Vue.js (w/ Typescript) - Svelte.js - Vanilla.js Here are examples of screens generated by the Website Generator: |  |  |  | | :--------------------------------------------: | :--------------------------------------------------------------------: | :------------------------------------------------------------------: | | House Plant E-commerce Site | Data Visualization | Healthcare Blog | The following styles are also supported as presets: - Inline styling - Tailwind.css - Material UI (React mode only) ### Agentic-RAG (Connect to Design System Data Source) By connecting to Amazon Bedrock's Knowledge Base, you can generate websites referencing any design system, project source code, or website styles. You need to store source code and crawled web pages in the knowledge base in advance. When registering source code in the knowledge base, it is recommended to convert it into a format that LLM can easily understand using methods such as [gpt-repository-loader](https://github.com/mpoon/gpt-repository-loader). Figma design files can be referenced by registering HTML and CSS exported versions to the Knowledge Base. Click the "Connect" button at the bottom of the screen and enter your knowledge base ID. ### Web Search Agent Website Generator integrates a code generation agent that utilizes web search capabilities. This feature allows you to generate more sophisticated websites by referencing the latest library information, design trends, and coding best practices. To use the search functionality, click the "Search" button at the bottom of the screen to enable it. ## Step Functions Generator Generate AWS Step Functions ASL definitions and preview them in real-time.  ## Diagram Generator Create AWS architecture diagrams with ease using natural language descriptions. The Diagram Generator leverages Amazon Bedrock's powerful language models to convert your text descriptions into professional AWS architecture diagrams. Key features: - 🏗️ Generate AWS architecture diagrams from natural language descriptions - 🔍 Web search integration to gather up-to-date information for accurate diagrams - 💾 Save diagram history for easy reference and iteration - 🔄 Get intelligent recommendations for diagram improvements - 🎨 Professional diagram styling using AWS architecture icons - 🌐 Multi-language support The diagrams are created using draw.io compatible XML format, allowing for further editing and customization if needed.  ## Application Inference Profiles Bedrock Engineer supports AWS Bedrock Application Inference Profiles for detailed cost tracking and allocation. You can create custom inference profiles with tags to track costs by project, department, or use case. For detailed setup instructions and examples, see: - [Application Inference Profile Guide (English)](./docs/inference-profile/INFERENCE_PROFILE.md) ## Documentation Detailed documentation is available for advanced features and configuration methods of Bedrock Engineer: - [Custom Model Import Configuration Guide](./docs/custom-model-import/README.md) - How to configure custom models imported using Amazon Bedrock's Custom Model Import feature for use with Bedrock Engineer - [MCP Server Configuration Guide](./docs/mcp-server/MCP_SERVER_CONFIGURATION.md) - How to configure Model Context Protocol (MCP) servers - [Organization Sharing Guide](./docs/agent-directory-organization/README.md) - How to set up agent sharing within organizations in Agent Directory ## Star History [](https://star-history.com/#aws-samples/bedrock-engineer&Date) ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file. This software uses [Lottie Files](https://lottiefiles.com/free-animation/robot-futuristic-ai-animated-xyiArJ2DEF).

AI Agents Knowledge Bases & RAG

480 Github Stars

Read more

Open Source

rag-with-amazon-opensearch-and-sagemaker

# QA with LLM and RAG (Retrieval Augmented Generation) This project is a Question Answering application with Large Language Models (LLMs) and Amazon OpenSearch Service. An application using the RAG(Retrieval Augmented Generation) approach retrieves information most relevant to the user’s request from the enterprise knowledge base or content, bundles it as context along with the user’s request as a prompt, and then sends it to the LLM to get a GenAI response. LLMs have limitations around the maximum word count for the input prompt, therefore choosing the right passages among thousands or millions of documents in the enterprise, has a direct impact on the LLM’s accuracy. In this project, Amazon OpenSearch Service is used for knowledge base. The overall architecture is like this:  ### Overall Workflow 1. Deploy the cdk stacks (For more information, see [here](./cdk_stacks/README.md)). - A SageMaker Endpoint for text generation. - A SageMaker Endpoint for generating embeddings. - An Amazon OpenSearch cluster for storing embeddings. - Opensearch cluster's access credentials (username and password) stored in AWS Secrets Mananger as a name such as `OpenSearchMasterUserSecret1-xxxxxxxxxxxx`. 2. Open JupyterLab in SageMaker Studio and then open a new terminal. 3. Run the following commands on the terminal to clone the code repository for this project: ``` git clone --depth=1 https://github.com/aws-samples/rag-with-amazon-opensearch-and-sagemaker.git ``` 4. Open `data_ingestion_to_opensearch` notebook and Run it. (For more information, see [here](./data_ingestion_to_vectordb/data_ingestion_to_opensearch.ipynb)) 5. Run Streamlit application. (For more information, see [here](./app/README.md)) ### References * [Build a powerful question answering bot with Amazon SageMaker, Amazon OpenSearch Service, Streamlit, and LangChain (2023-05-25)](https://aws.amazon.com/blogs/machine-learning/build-a-powerful-question-answering-bot-with-amazon-sagemaker-amazon-opensearch-service-streamlit-and-langchain/) * [Use proprietary foundation models from Amazon SageMaker JumpStart in Amazon SageMaker Studio (2023-06-27)](https://aws.amazon.com/blogs/machine-learning/use-proprietary-foundation-models-from-amazon-sagemaker-jumpstart-in-amazon-sagemaker-studio/) * [Build Streamlit apps in Amazon SageMaker Studio (2023-04-11)](https://aws.amazon.com/blogs/machine-learning/build-streamlit-apps-in-amazon-sagemaker-studio/) * [Quickly build high-accuracy Generative AI applications on enterprise data using Amazon Kendra, LangChain, and large language models (2023-05-03)](https://aws.amazon.com/blogs/machine-learning/quickly-build-high-accuracy-generative-ai-applications-on-enterprise-data-using-amazon-kendra-langchain-and-large-language-models/) * [(github) Amazon Kendra Retriver Samples](https://github.com/aws-samples/amazon-kendra-langchain-extensions/tree/main/kendra_retriever_samples) * [Question answering using Retrieval Augmented Generation with foundation models in Amazon SageMaker JumpStart (2023-05-02)](https://aws.amazon.com/blogs/machine-learning/question-answering-using-retrieval-augmented-generation-with-foundation-models-in-amazon-sagemaker-jumpstart/) * [Amazon OpenSearch Service’s vector database capabilities explained](https://aws.amazon.com/blogs/big-data/amazon-opensearch-services-vector-database-capabilities-explained/) * [LangChain](https://python.langchain.com/docs/get_started/introduction.html) - A framework for developing applications powered by language models. * [Streamlit](https://streamlit.io/) - A faster way to build and share data apps * [Improve search relevance with ML in Amazon OpenSearch Service Workshop](https://catalog.workshops.aws/semantic-search/en-US) - Module 7. Retrieval Augmented Generation * [rag-with-amazon-kendra](https://github.com/ksmin23/rag-with-amazon-kendra) - Question Answering application with Large Language Models (LLMs) and Amazon Kendra * [rag-with-postgresql-pgvector](https://github.com/ksmin23/rag-with-postgresql-pgvector) - Question Answering application with Large Language Models (LLMs) and Amazon Aurora Postgresql ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file.

Knowledge Bases & RAG

31 Github Stars

Read more

Open Source

opensearch-serverless-common-usage-patterns

# Amazon OpenSearch Serverless Common Usage Patterns This repository contains a set of example projects for [Amazon OpenSearch Serverless](https://aws.amazon.com/opensearch-service/features/serverless/) | Usage Pattern | Architecture | Description | |---------|-------------|------| | [Opensearch Serverless for Search usecases](./search) |  | opensearch serverless for search usecases | | [Opensearch Serverless for Time-series data](./time-series) |  | opensearch serverless for time series analysis | | [Opensearch Serverless for Vector Search usecases](./vector-search) |  | opensearch serverless for vector search usecases | | [Opensearch Serverless in VPC](./vpc-endpoint) |  | opensearch serverless in VPC | | [Opensearch Serverless Streaming ingestion from Kinesis Data Firehose](./kinesis-firehose) |  | data ingestion to opensearch serverless using kinesis firehose | Enjoy! ## References * [Amazon OpenSearch Serverless](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless.html) * [(Hands-on) Getting started with Amazon OpenSearch Serverless](https://catalog.us-east-1.prod.workshops.aws/workshops/f8d2c175-634d-4c5d-94cb-d83bbc656c6a/en-US) ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file.

Vector Databases Search Engines

19 Github Stars

Read more

Open Source

aws-machine-learning-university-accelerated-cv

 ## Machine Learning University: Accelerated Computer Vision Class This repository contains __slides__, __notebooks__, and __datasets__ for the __Machine Learning University (MLU) Computer Vision__ class. Our mission is to make Machine Learning accessible to everyone. We have courses available across many topics of machine learning and believe knowledge of ML can be a key enabler for success. This class is designed to help you get started with Computer Vision, learn about widely used Machine Learning techniques, and apply them to real-world problems. ## YouTube Watch all Computer Vision class video recordings in this [YouTube playlist](https://www.youtube.com/playlist?list=PL8P_Z6C4GcuU4knhhCouJujFZ2tTqU-Ta) from our [YouTube channel](https://www.youtube.com/channel/UC12LqyqTQYbXatYS9AA7Nuw/playlists). [](https://www.youtube.com/playlist?list=PL8P_Z6C4GcuU4knhhCouJujFZ2tTqU-Ta) ## Course Overview There are three lectures and one final project for this class. Lecture 1 | title | studio lab | | :---: | ---: | | Intro to ML | - | | Intro to Computer Vision | - | | Neural Networks | [](https://studiolab.sagemaker.aws/import/github/aws-samples/aws-machine-learning-university-accelerated-cv/blob/main/notebooks/MLA-CV-DAY1-NN.ipynb)| | Convolutional Neural Networks | [](https://studiolab.sagemaker.aws/import/github/aws-samples/aws-machine-learning-university-accelerated-cv/blob/main/notebooks/MLA-CV-DAY1-CNN.ipynb)| | Final Project | [](https://studiolab.sagemaker.aws/import/github/aws-samples/aws-machine-learning-university-accelerated-cv/blob/main/notebooks/MLA-CV-DAY1-Final-Project.ipynb)| Lecture 2 | title | studio lab | | :---: | ---: | | Image Datasets | - | | Training Neural Networks | - | | Modern CNNs: LeNet and AlexNet | [](https://studiolab.sagemaker.aws/import/github/aws-samples/aws-machine-learning-university-accelerated-cv/blob/main/notebooks/MLA-CV-DAY2-Transfer-Learning.ipynb)| Lecture 3 | title | studio lab | | :---: | ---: | | Advanced CNNs: VGGNet and ResNet | [](https://studiolab.sagemaker.aws/import/github/aws-samples/aws-machine-learning-university-accelerated-cv/blob/main/notebooks/MLA-CV-DAY3-ResNet.ipynb) | | Object Detection | [](https://studiolab.sagemaker.aws/import/github/aws-samples/aws-machine-learning-university-accelerated-cv/blob/main/notebooks/MLA-CV-DAY3-YOLO.ipynb)| | Semantic Segmentation | - | __Final Project:__ Practice working with a "real-world" computer vision dataset for the final project. Final project dataset is in the [data/final_project_dataset folder](https://github.com/aws-samples/aws-machine-learning-university-accelerated-cv/tree/main/data/final_project_dataset). For more details on the final project, check out [this notebook](https://github.com/aws-samples/aws-machine-learning-university-accelerated-cv/blob/main/notebooks/MLA-CV-DAY1-Final-Project.ipynb). ## Interactives/Visuals Interested in visual, interactive explanations of core machine learning concepts? Check out our [MLU-Explain articles](https://mlu-explain.github.io/) to learn at your own pace! ## Contribute If you would like to contribute to the project, see [CONTRIBUTING](CONTRIBUTING.md) for more information. ## License The license for this repository depends on the section. Data set for the course is being provided to you by permission of Amazon and is subject to the terms of the [Amazon License and Access](https://www.amazon.com/gp/help/customer/display.html?nodeId=201909000). You are expressly prohibited from copying, modifying, selling, exporting or using this data set in any way other than for the purpose of completing this course. The lecture slides are released under the CC-BY-SA-4.0 License. The code examples are released under the MIT-0 License. See each section's LICENSE file for details.

LMS

1.6K Github Stars

Read more

Open Source

sagemaker-custom-project-templates

# Custom Project Templates in Amazon SageMaker AI Projects This repository contains custom [SageMaker AI Project](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-projects-whatis.html) templates. You can be deploy custom templates with two different methods: - **Amazon S3**: Deploy custom templates directly from Amazon S3 buckets ⭐ $${\color{red}(Recommended)}$$ - **AWS Service Catalog**: Deploy custom templates through AWS Service Catalog. > [!Important] > You can find instructions about SageMaker AI projects based on S3 templates provisioning method in this repository's folder - [s3_templates](./s3_templates/README.md) along with S3 based custom templates samples. Each other folder contains a custom project template with details on what it achieves and setup instructions. ## Getting Started You have two deployment options to deploy the custom MLOps templates using SageMaker AI Projects: - **SageMaker AI projects based on S3 templates** Allows you to provision custom templates directly from S3 buckets. See [Method 1](#method-1-provision-via-amazon-s3--recommended) for details. - **Provision via Service Catalog** Provisioning custom templates through AWS Service Catalog. See [Method 2](#method-2-provisioning-via-service-catalog) for details. ## Provisioning Methods supported in Amazon SageMaker AI Projects ### Method 1: Provision via Amazon S3 (⭐ Recommended) The SageMaker AI projects based on S3 templates is a [newly released support](https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-sagemaker-ai-projects-custom-template-s3-provisioning/) in SageMaker AI projects allowing for provisioning custom machine learning (ML) project templates directly from Amazon S3.  > [!CAUTION] > Proceed to this repository's folder - [s3_templates](./s3_templates/README.md) for information on SageMaker AI projects based on S3 templates provisioning and S3 based custom templates samples. ### Method 2: Provisioning via AWS Service Catalog Provisioning custom templates through AWS Service Catalog. #### Step 1: Create a Service Catalog Portfolio (only needs to be done the first time) 1. Download the __sagemaker-projects-portfolio.yaml__ CloudFormation template from the root of this repo to your local machine. 1. Open the CloudFormation console at https://console.aws.amazon.com/cloudformation 1. Choose on __Create stack__, then __With new resources (standard)__. 1. On the Create Stack screen, under __Template source__, choose __Upload a template file__. 1. Choose __Choose file__ then select the __sagemaker-projects-portfolio.yaml__ from your machine. 1. Choose __Next__  1. On the __Parameters__ screen, under __Stack Name__, enter a unique name for this CloudFormation stack. 1. Next, you will need to enter either your SageMaker Domain Execution Role, or the Role that your Studio users are assuming if you have defined a custom one. You can find your SageMaker Domain Execution Role ARN in the Studio Dashboard: https://console.aws.amazon.com/sagemaker/home?#/studio under the __Domain__ section, then __Execution Role__. Paste that value into the __SageMaker Domain Execution Role ARN__ parameter. 1. Choose __Next__.  1. On the __Configure stack options__ screen, no changes are necessary. Scroll to the bottom and choose __Next__. 1. On the __Review__ screen, scroll to the bottom and choose __Create Stack__. 1. After a few seconds, the stack should move to a __CREATE_COMPLETE__ stage, and will be ready to add products into. ### Step 2: Add your SageMaker Projects product to the portfolio 1. In the project you wish to use in SageMaker studio, download the product CloudFormation template to your machine. There is a unique one in each project, and the filename ends in "-product.yaml" 1. Similar to the way you created the portfolio, open the CloudFormation console at https://console.aws.amazon.com/cloudformation, upload that template, fill in the necessary parameters, and create the stack. Each project may have different parameters, which will be outlined in their README.md files. Every template will require your Service Catalog portfolio id, which can be found in the __Outputs__ tab of your deployed portfolio stack or in the Service Catalog portfolio list: https://console.aws.amazon.com/servicecatalog/home?#/portfolios 1. Once your product stack is in a __CREATE_COMPLETE__ stage, you can then go to SageMaker Studio for deployment. ### Step 3: Deploy your SageMaker Projects project template 1. Open SageMaker Studio and sign in to your user profile. 1. Choose the SageMaker __components and registries__ icon on the left, and choose the __Create project__ button. 1. The default view displays SageMaker templates. Switch to the __Organization__ templates tab to see custom project templates. 1. The template you created will be displayed in the template list. (If you do not see it yet, make sure the correct execution role is added to the product and the __sagemaker:studio-visibility__ tag with a value of __true__ is added to the Service Catalog product). 1. Choose the template and click Select project template.  1. Enter a name and optional description for the project. If additional parameters or tags are required, enter the appropriate values, and choose Create project.

AI Agents CI / CD

233 Github Stars

Read more

Open Source

awesome-sagemaker

<div align="center"> <a href="https://aws.amazon.com/sagemaker/"> <img width="250" height="250" src="img/awesome-sagemaker-intro.svg" alt="SageMaker"></a> </div> <h1 align="center"> AWSome SageMaker </h1> <div align="center"> <a href="https://github.com/sindresorhus/awesome"> <img src="https://awesome.re/badge.svg" alt="Awesome"> </a> <img src="https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fsofianhamiti%2Fawesome-sagemaker&count_bg=%23198ED5&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=hits&edge_flat=false" alt="hits"> </div> > A curated list of awesome references for Amazon SageMaker. :ledger: The curated list consists of the following sections. * [**Getting Started**](./getting_started.md) - Start here if you are setting up Sagemaker (including studio) - [Introduction](./getting_started.md#introduction) - [Developer Experience](./getting_started.md#developer-experience) - [Architecture Best Practices](./getting_started.md#architecture-best-practices) - [ML Platform Setup](./getting_started.md#ml-platform-setup) * [**Data Preparation**](./data_preparation.md) - Understand the options to prepare data for machine learning - [Data Processing](./data_preparation.md#data-processing) - [Large Scale Data Processing](./data_preparation.md#large-scale-data-processing) - [Data Labeling](./data_preparation.md#data-labeling) * [**Building ML Models**](building_ml_models.md) - Contains resources for running notebooks and training models - [SDKs and Infrastructure-as-code](./building_ml_models.md#sdks--infrastructure-as-code) - [Training](./building_ml_models.md#training) * [**Deploying ML Models**](deploying_ml_models.md) - Different ways to deploy models and their best practices - [Inference](./deploying_ml_models.md#inference) - [Hardware Acceleration](./deploying_ml_models.md#hardware-acceleration) - [Edge Deployments](./deploying_ml_models.md#edge-deployments) - [Debugging](./deploying_ml_models.md#debugging) * [**MLOps**](mlops.md) - Machine Learning Operations - [MLOps Foundations](./mlops.md#mlops-foundations) - [SageMaker Pipelines](./mlops.md#sagemaker-pipelines) - [Third-Party](./mlops.md#using-third-party) - [Experiment Tracking and Model Registry](./mlops.md#experiment-tracking--model-registry) - [Data Versioning and Feature store](./mlops.md#data-versioning--feature-store) - [Model Monitoring](./mlops.md#model-monitoring) * [**Low Code / No Code ML**](low_code_no_code_ml.md) - Low code approach to date preparation and model building - [Low Code - No Code](./low_code_no_code_ml.md#low-code-no-code) - [AutoML](./low_code_no_code_ml.md#automl) - [Data Wrangler](./low_code_no_code_ml.md#data-wrangler) * [**Generative AI**](generative_ai.md) - deploy and use generative AI models - [Train and deploy Foundational Models](./generative_ai.md#train-and-deploy-foundational-models) - [prompt engineering and few shot/zero shot learning](./generative_ai.md#prompt-engineering-and-few-shotzero-shot-learning) - [Fine tune Foundational Models](https://github.com/aws-samples/awesome-sagemaker/blob/main/generative_ai.md#fine-tune-foundational-models) - [Building Generative AI applications](./generative_ai.md#building-generative-ai-applications) * [**ML Domains**](ml_domains.md) - Deep dive on domains such as NLP, CV, Tabular, Audio and Reinforcement Learning - [Responsible AI](./ml_domains.md#responsible-ai) - [ML Governance](./ml_domains.md#ml-governance) ([Model Management](./ml_domains.md#model-management), [Security](./ml_domains.md#security), [Cost Tracking & Control](./ml_domains.md#cost-tracking--control)) - [Computer Vision](./ml_domains.md#computer-vision) - [Natural Language Processing](./ml_domains.md#natural-language-processing) - [R](./ml_domains.md#r) - [Audio](./ml_domains.md#audio) * [**Learning Sagemaker**](learning_sagemaker.md) - Trainings, certifications, books and community - [Certification](learning_sagemaker.md#certification) - [MOOCs](learning_sagemaker.md#moocs) - [Digital & Classroom](learning_sagemaker.md#digital--classroom) - [Tutorials](learning_sagemaker.md#tutorials) - [Community](learning_sagemaker.md#community) - [Books](learning_sagemaker.md#books) - [News](learning_sagemaker.md#news) ## :handshake: Contributing If you'd like to open an issue, for having a defunct link removed or corrected, or you want to propose interesting content and share it into the list through a pull request, please read our [contributing guidelines](./CONTRIBUTING.md). The pull request will be evaluated by the project owners and incorporated into the list. Please ensure that you add the link to the appropriate sub-page and the link points to unique content that is not already covered by one of the other links. We're extremely excited to receive contributions from the community, and we're still working on the best mechanism to take in examples from external sources.

Education & Learning

178 Github Stars

Read more

Open Source

aws-ml-jp

# AWS ML JP AWS で機械学習をはじめる方法を学ぶことができるリポジトリです。 ## :books: リポジトリの構成 * `ai-services` * AWS の AI サービスの使い方を学ぶためのコンテンツ。 * `sagemaker` * 機械学習モデルの開発効率化やパイプライン化を検討している方が、 Amazon SageMaker をどう使えば実現できるか学ぶためのコンテンツ。 * `frameworks` * すでに TensorFlow や PyTorch で開発している方が、モデルを SageMaker 上で学習、推論させるための移行方法を学ぶためのコンテンツ。 * `aws-neuron` AWSが設計した機械学習アクセラレーター AWS Trainium、AWS Inferentia を活用する方法を学ぶためのコンテンツ。 * `tasks` * 画像のセグメンテーションや物体検知、自然言語処理のQAや要約など、個別具体的なタスクを SageMaker でどのように解けるか学ぶためのコンテンツ。 * `solutions` * 製造業での異常検知モニタリングやコールセンターの問合せ分析など、特定の業務プロセスを効率化/差別化したい方が、 SageMaker と他のサービスを組み合わせどのようにソリューションを構築できるか学ぶためのコンテンツ。 ## :hamburger: AWSの機械学習サービス AWS の機械学習サービスは **AI Services** 、 **ML Services** 、 **ML Frameworks/Infrastructure** の 3 層構成になっています。リポジトリの構成はサービスの構成を踏襲しています。  * [AI Services](https://aws.amazon.com/jp/machine-learning/ai-services/) * アプリケーション開発者の方がWeb API形式で簡単に機械学習機能を扱えるサービスです。代表的なサービスを以下に 2 つ紹介しますが、 20 を超える AI サービスを提供しています。 * [Amazon Personalize](https://aws.amazon.com/jp/personalize/) は推薦機能が実装できるサービス ([BASE様の事例](https://devblog.thebase.in/entry/2021/12/17/110000)) * [Amazon Rekognition](https://aws.amazon.com/jp/rekognition/) は顔やブランドロゴの検出といった画像認識機能を実装できるサービス([千株式会社様の顔検索事例](https://sencorp.co.jp/4713/), [TRUSTDOCK 社の本人確認事例](https://aws.amazon.com/jp/blogs/startup/tech-interview-trustdock-2023/))です。 * [ML Servies](https://aws.amazon.com/jp/machine-learning/) * データサイエンティストの方が機械学習モデルを開発する時、前処理、計算資源の調達、学習結果の管理やモデルのデプロイなど面倒な作業を代行するとともにスケールしやすくするサービスです。 * [Amazon SageMaker](https://aws.amazon.com/jp/sagemaker/) は機械学習モデル開発を行うための統合開発環境で、 JupyterLab をベースにした環境からデータの前処理、学習、デプロイなどに必要なサービスを簡単に呼び出せます([三菱 UFJ 様の事例](https://pages.awscloud.com/rs/112-TZM-766/images/20210408_AIML_Tokyo_MTEC.pdf)、 [Denso 様の事例](https://aws.amazon.com/jp/solutions/case-studies/denso/)、 [SyntheticGestalt](https://aws.amazon.com/jp/blogs/startup/syntheticgestalt_2022casestudy/)(創薬)、)。 * [Amazon SageMaker Studio Lab](https://studiolab.sagemaker.aws/) は無料で利用できるエントリー版ですが、 GPU やストレージなど機械学習の学びから価値検証に十分なスペックを備えています。 * [Amazon SageMaker Canvas](https://aws.amazon.com/jp/sagemaker/canvas/) は機械学習の専門知識がない業務部門の方でも表計算ソフトの延長線の感覚で機械学習モデルの構築と予測が行えるサービスです。 * [ML Frameworks/Infrastructure](https://aws.amazon.com/jp/machine-learning/infrastructure/?nc1=h_ls) * データサイエンティストの方が機械学習モデルを開発する時、利用したい機械学習フレームワークやデバイスに合わせた環境をセットアップしやすくするサービスです。 * [AWS Deep Learning Containers](https://aws.amazon.com/jp/machine-learning/containers/) は各種フレームワークごとに最適化されたコンテナイメージで学習・推論が高速化されます。 * [AWS Inferentia](https://aws.amazon.com/jp/machine-learning/inferentia/) は推論 ([MoneyForward 様の事例](https://youtu.be/dVlNobmvoTg) )、 [AWS Trainium](https://aws.amazon.com/jp/machine-learning/trainium/) は学習にそれぞれ特化したチップで、高スループットかつ高コスト効率な推論、学習を可能にします。 ## ✏️ 学習の準備 本リポジトリのコンテンツは主に Jupyter Notebook で作成されています。コンテンツを動かすため、次の準備をしておいてください。セットアップの詳細は、コンテンツ本体の記載も参照してください。 * [AWS アカウントの作成](https://aws.amazon.com/jp/register-flow/) * [SageMaker Studio Domainの作成](https://docs.aws.amazon.com/ja_jp/sagemaker/latest/dg/onboard-quick-start.html) * [S3 bucketの作成](https://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/create-bucket-overview.html) * [IAM ユーザー、ロールの作成](https://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/introduction.html) * 必要に応じ、コンテンツで動かすサービスにとって適切なユーザー、ロールを作成します。 ## 🎥 学習コンテンツ ### AI Service * Amazon Forecast * [Amazon Forecast による電気使用量の予測](./ai-services/forecast/amazon_forecast_tutorial/forecast_electricityusagedata.ipynb) * Amazon Personalize * [Amazon Personalize による映画の推薦](./ai-services/personalize/personalize-tutorial/personalize_handson.ipynb) ### Amazon SageMaker AI/ML の BlackBelt シリーズである [AI/ML DarkPart](https://www.youtube.com/playlist?list=PLAOq15s3RbuL32mYUphPDoeWKUiEUhcug) で SageMaker の使い方を解説しています！ そもそも機械学習のプロジェクトはどうやって始めればいいのかに疑問をお持ちの方は、 [AI/ML LightPart](https://www.youtube.com/playlist?list=PLAOq15s3RbuJ81DBtH66tQL2_9H519ODQ) の動画や [ML Enablement Workshop](https://github.com/aws-samples/aws-ml-enablement-workshop) の資料をご参考ください。 |No |Process|Title|Content|Video| |:----|:------|:----|:----|:----| |1 |Train|Amazon SageMaker Training で機械学習のモデル開発を楽にする| - |[](https://youtu.be/byEawTm4O4E)| |2 |Train|Amazon SageMaker Training ハンズオン編|[](./sagemaker/sagemaker-training/tutorial)|[](https://youtu.be/tgo2F2OY5bU)| |3 |Train|Amazon SageMaker による実験管理|[](./sagemaker/sagemaker-experiments/pytorch_mnist/pytorch_mnist.ipynb)|[](https://youtu.be/VK9UJ8haRF0)| |4 |Deploy|Amazon SageMaker 推論 Part1 推論の頻出課題とSageMakerによる解決方法| - |[](https://youtu.be/Ea2c4wG0-EI)| |5 |Deploy|Amazon SageMaker 推論 Part2すぐにプロダクション利用できる！モデルをデプロイして推論する方法 |[](./sagemaker/sagemaker-inference/inference-tutorial)|[](https://youtu.be/sngNd79GpmE)| |6 |Deploy|Amazon SageMaker 推論 Part3（前編）もう悩まない！機械学習モデルのデプロイパターンと戦略 | - |[](https://youtu.be/eapwYF7ARBk)| |7 |Deploy|Amazon SageMaker 推論 Part3（後編）もう悩まない！機械学習モデルのデプロイパターンと戦略 | - |[](https://youtu.be/7pScGkPped8)| |8 |Monitor|Amazon SageMaker モニタリング Part1 | - |[](https://youtu.be/Q-vTO1_QjMs)| |9 |Monitor|Amazon SageMaker モニタリング Part2 |[](./sagemaker/sagemaker-model-monitor/black-belt-part2)|[](https://youtu.be/_pIU4F9VH-Q)| |10 |Monitor|Amazon SageMaker モニタリング Part3 |[](./sagemaker/sagemaker-model-monitor/black-belt-part3)|[](https://youtu.be/phRStwVufQc)| [Amazon SageMakerの概要](./sagemaker/) では Amazon SageMaker の全体像と動画で解説しているコードも含めたコンテンツの詳細を確認できます。 ## 📝 実践コンテンツ AWS で機械学習を実践する時の参考となるサンプルコードなどを紹介します。 ※本サンプルコードは [MIT-0](./LICENSE) で公開していますが、サンプルコードで使用されるモデルやデータセットはそれぞれライセンスが付与されています。サンプルコードを参考に独自の実装をする場合、用途がモデルやデータセットのライセンスに違反しないか別途確認してください。 ### Amazon SageMaker Amazon SageMaker で機械学習の構築、学習、デプロイをスケールする。 #### 📯 MLOps * [Amazon SageMaker Neo で学習したモデルをコンパイルし、 AWS IoT Greengrass V2 でエッジにデプロイする](sagemaker/mlops/edge-deploy/sagemaker-neo-greengrass-v2-deploy.ipynb) * [Amazon SageMaker Pipelines で離反予測を題材にモデルの学習・評価・更新プロセスを構築する](./sagemaker/mlops/sagemaker-pipelines/sagemaker-pipelines-sample/sagemaker-pipelines-sample.ipynb) * [Amazon SageMaker Processing と AWS Step Functions でモデルの学習・評価・更新プロセスを構築する](./sagemaker/mlops/step-functions-data-science-sdk/step_functions_mlworkflow_scikit_learn_data_processing_and_model_evaluation_with_experiments.ipynb) * [Amazon SageMaker Processing と AWS Step Functions でモデルの学習・評価・更新プロセスを構築する (Studio 版 )](./sagemaker/mlops/step-functions-data-science-sdk/studio_step_functions_mlworkflow_scikit_learn_data_processing_and_model_evaluation_with_experiments.ipynb) ### 🚚 ML Frameworks 機械学習フレームワークの実装を SageMaker へ移行する。 * PyTorch * [学習済みモデルの推論](frameworks/pytorch/inference/pytorch-deeplab.ipynb) * TensorFlow * [モデルの学習](frameworks/tensorflow/training/tensorflow2_training_and_serving.ipynb) * [学習済みモデルの推論](frameworks/tensorflow/inference/TF2-model-deploy.ipynb) ### Tasks AWS で画像処理や自然言語処理などの機械学習のタスクを解く方法を解説します。 #### 👁 画像処理 * 物体検知 * [Detectron2 を用いた物体検知](./tasks/vision/object_detection/amazon-sagemaker-pytorch-detectron2/README.md) * 画像分類 * [SageMaker のビルトインアルゴリズム (Image Classification) を用いた肺 CT 画像からの COVID-19 診断](./tasks/vision/image_classification/covid19-built-in-image-classification.ipynb) * OCR * [PaddleOCR を用いた文字読み取り](./tasks/vision/ocr/paddleocr.ipynb) #### 💬 自然言語処理 * テキスト分類 * [SageMaker のビルトインアルゴリズム (BlazingText) を用いた商品レビューセットの感情分析](./tasks/nlp/BlazingText/blazingtext.ipynb) * [Gluon NLP で BERT を用いた感情分析](./tasks/nlp/text_classification/GluonNLP/gluonnlp_bert.ipynb) #### 🔈 音声処理 * 自動発話認識 * [Wav2Vec / Whisper を用いた自動発話認識](./tasks/audio/automatic_speech_recognition/studio-lab-wav2vec-whisper/wav2vec.ipynb) #### 📄 テーブルデータ * 回帰 * [AutoGluon を用いたダイレクトマーケティングの成功可否予測](./tasks/tabular/regression/AutoGluon-Tabular-with-SageMaker/AutoGluon_Tabular_SageMaker.ipynb) * [XGBoost による顧客の解約率予測](./tasks/tabular/regression/customer_churn/xgboost_customer_churn.ipynb) * 分類 * [細胞診 (FNA) 結果からの乳がん診断](./tasks/tabular/classification/BreastCancerPrediction_R.ipynb) #### 🤖 生成系 AI ##### `text-to-image` | サンプルコード | 詳細 | |:-------| :-----------| | [Stable Diffusion Web UI](./tasks/generative-ai/text-to-image/inference/stable-diffusion-webui/) | Stable Diffusion の GUI として人気の [AUTOMATIC1111/stable-diffusion-webui](https://github.com/AUTOMATIC1111/stable-diffusion-webui) を EC2 インスタンスに立てて利用できるようにする CloudFormation です。モデルのトレーニングに [bmaltais/kohya_ss](https://github.com/bmaltais/kohya_ss)、GUI ベースのファイル操作に [filebrowser/filebrowser](https://github.com/filebrowser/filebrowser) を立ち上げる構成も含まれています。SageMaker JumpStart を利用した Fine Tuning については [たった数枚の画像で Stable Diffusion をファインチューニングできる効率的な Amazon SageMaker JumpStart の使い方](https://aws.amazon.com/jp/blogs/news/machine-learning-inpaint-images-with-stable-diffusion-using-amazon-sagemaker-jumpstart/) をご参照ください。 | | [Inpainting](./tasks/generative-ai/text-to-image/inference/Transformers/StableDiffusionInpainting_Inference_with_ClipSeg.ipynb) | 画像の一部を生成した画像で差し替えるサンプルです。差し替える箇所 ( マスク ) の作成には [CLIPSeg](https://huggingface.co/docs/transformers/model_doc/clipseg) を使用しています。詳細は [Stable Diffusion で画像の部分的な差し替えを行う環境を、 Amazon SageMaker JumpStart で簡単に構築する](https://aws.amazon.com/jp/blogs/news/machine-learning-inpaint-images-with-stable-diffusion-using-amazon-sagemaker-jumpstart/) をご参照ください。| #### `text-to-text` | サンプルコード | 詳細 | |:-------| :-----------| | [Instruction Tuning](./tasks/generative-ai/text-to-text/fine-tuning/instruction-tuning/README.md) | `text-to-text` の基盤モデルである [StableLM](https://huggingface.co/stabilityai/stablelm-base-alpha-3b) や [OpenCALM](https://huggingface.co/cyberagent/open-calm-7b) をインストラクションチューニングする方法を解説します。対応しているモデルとサンプルコードはフォルダ内の `README.md` を参照してください。 OpenCALM については [日本語大規模言語モデル OpenCALM の知識でクイズ王に挑戦する](https://aws.amazon.com/jp/blogs/news/open-calm-and-openai-chatgpt-accuracy-on-jaqket-experiment-in-amazon-sagemaker/) をご参考ください。| | [LangChain Inference](./tasks/generative-ai/text-to-text/inference/langchain/langchain-sagemaker-intro.ipynb) | [LangChain](https://github.com/hwchase17/langchain) から SageMaker でホスティングした `text-to-text` の基盤モデルを扱うサンプルです。| ### Solutions SageMaker と他のサービスを組み合わせ、業務プロセスの効率化や差別化を行うためのソリューションを格納/紹介します。 * [JP RAG SOLUTION](https://github.com/aws-samples/jp-rag-sample) * カスタマーサポートなどで生成系 AI を利用する場合、自然な応答による顧客体験の改善が期待できるものの、誤った発言 ( ハルシネーション ) が発生する恐れがあります。生成元のドキュメントを指定することで誤った発言を抑止することができ、検索エンジンから生成系 AI にドキュメントを与え生成する仕組みを RAG と呼びます。本ソリューションでは、検索エンジンとして `Amazon Kendra` 、生成系 AI として `Anthropic Claude` / [`rinna/japanese-gpt-neox-3.6b-instruction-ppo`](https://huggingface.co/rinna/japanese-gpt-neox-3.6b-instruction-ppo) を用いて RAG を実現します。 * 参考記事: [高精度な生成系 AI アプリケーションを Amazon Kendra、LangChain、大規模言語モデルを使って作る](https://aws.amazon.com/jp/blogs/news/quickly-build-high-accuracy-generative-ai-applications-on-enterprise-data-using-amazon-kendra-langchain-and-large-language-models/) * [コールセンターのリアルタイム会話分析](https://aws.amazon.com/jp/blogs/news/live-call-analytics-and-agent-assist-for-your-contact-center-with-amazon-language-ai-services/) * コールセンターで会話の文字起こし、翻訳、感情分析、会話内容の要約、オペレーターへのアドバイスをリアルタイムで行うソリューションです。文字起こしは `Amazon Transcribe` 、翻訳は `Amazon Translate` 、 感情分析は `Amazon Comprehend` 、 要約は `Amazon SageMaker` 、 アドバイスは `Amazon Lex` と `Amazon Kendra` で実装しています。 * [Simple Lex Kendra JP](https://github.com/aws-samples/simple-lex-kendra-jp) * 情報システム部門のヘルプデスクへの問い合わせ件数を削減するため、問い合わせを受け付けるチャットボットを設置するソリューションです。社内文書の検索を行う `Amazon Kendra` と問い合わせを受け付けるチャットボットの `Amazon Lex v2` を組み合わせて実装しています。 `AWS CDK` で構成されているため、シンプルにデプロイ可能です。 * [SBI 生命様のコールセンターでの導入事例](https://xtech.nikkei.com/atcl/nxt/news/18/15545/?ST=ch_businessAI) * [レビューコメント分析ダッシュボード](./review_analysis_dashboard/) * 自然言語処理でレビューを分析した結果を `Amazon Quicksight` でダッシュボードとして表示するソリューションです。オープンソースの形態素解析ツールである [GiNZA](https://megagonlabs.github.io/ginza/) を用いて時系列のレビュー数に加え頻出単語・係り受け関係を参照できます。[ブログ記事](https://aws.amazon.com/jp/blogs/news/amazon-sagemaker-amazon-quicksight-nlp-dashboard/)では、評価の低い DVD に対し 「まだ」「届く」の発生が多いことから発送遅延が原因ではないかといった分析例を示しています。 ## Contribution 本リポジトリへの Contribution を歓迎します！ Contribution の方法は [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) をご参照ください。 ## License This library is licensed under the MIT-0 License. See the [LICENSE](LICENSE) file.

Education & Learning Mobile Development

168 Github Stars

Read more

Open Source

mlops-e2e

# MLOps End-to-End Example using Amazon SageMaker Pipeline, AWS CodePipeline and AWS CDK This sample project uses a sample machine learning project to showcase how we can implement MLOps - CI/CD for Machine Learning using [Amazon SageMaker](https://aws.amazon.com/sagemaker/), [AWS CodePipeline](https://aws.amazon.com/codepipeline/) and [AWS CDK](https://aws.amazon.com/cdk/) ## Pre-requisite * [Python](https://www.python.org/) (version 3.10 or higher) * [NodeJS](https://nodejs.org/en/) (version 18 or higher) * [Yarn](https://yarnpkg.com/) (installed via `npm install -g yarn`) * [Typescript](https://www.typescriptlang.org/) (installed via `npm install -g typescript`) * [AWS CDK v2](https://aws.amazon.com/cdk/) CLI (installed via `npm install -g aws-cdk`) * [AWS CLI](https://aws.amazon.com/cli/) (version 2 or higher) * [AWS CLI Configuration](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html) (configured via `aws configure`) ## Configuration ### Source Repo #### Option 1: Use GitHub Repo 1. Fork this repo in your GitHub account 1. [Create a GitHub connection using the CodePipeline console](https://docs.aws.amazon.com/codepipeline/latest/userguide/connections-github.html) to provide CodePipeline with access to your Github repositories *(See session Create a connection to GitHub (CLI))* 1. Update the GitHub related configuration in the `./configuration/projectConfig.json` file * Set the value of *repoType* to *git* * Update the value of *githubConnectionArn*, *githubRepoOwner* and *githubRepoName* #### Option 2: Create a CodeCommit Repo in your AWS account Alternatively, the CDK Infrastructure code can provision a CodeCommit Repo as Source Repo for you. To switch to this option, set the value of *repoType* to *codecommit* in the `./configuration/projectConfig.json` file. ### IP Permit List Please note that for simplicity, the API endpoint for the online model consumers is not protected by any authentication process. By default, it can be accessed by anyone from the internet. Please update the value of *ipPermitList* in the `./configuration/projectConfig.json` to include only the CIDR block of your network. ## Usage **Important**: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the AWS Pricing page for details. You are responsible for any AWS costs incurred. Please follow the **Cleanup** Section to clean up resources after your usage. No warranty is implied in this example. ### Bootstrap Run the command below to provision all the required infrastructure. ``` ./scripts/bootstrap.sh ``` The command can be run repatedly to deploy any changes in this folder. #### Clodformation Output If the script is run successfully, a list of Cloudformation Output will be printed out in the console as shown in the screenshot below:  You can find the name of the newly created Cloudformation Stack, CodePipeline, Data S3 Bucket, Data Manifest S3 Bucket, SageMaker Artifact S3 Bucket and SageMaker Execution Role. If you navigate to the CodePipeline console, you should see the newly created CodePipeline, as shown in the screenshot below:  If you are using *CodeCommit Repo*, Refer to *Source Code* Section on how to push the source code to the newly created CodeCommit Repo. If you are using *Github Repo*, the CodePipeline should be connected to your Github Repo already. Refer to *Testing Data Set* Section on how to upload the testing data set to trigger the pipeline. #### Source Code If **repoType** is *codecommit*, after the cloudformation stack is created, follow [this page to connect to the CodeCommit Repo](https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-connect.html) and push the content of this folder to the **main** branch of the repo. **Note**: The default branch may not be **main** depending on your Git setting. Once the source code is pushed to the repo, the CodePipeline will be triggered, but the CI stage will fail given that the testing data set has not been uploaded yet. Refer to *Testing Data Set* Section on how to upload the testing data set. #### Testing Data Set Download a copy of testing data set from `https://archive.ics.uci.edu/ml/datasets/abalone`, and upload it to the Data Source S3 Bucket (The bucket name starts with *mlopsinfrastracturestack-datasourcedatabucket...*) under your prefered folder path, e.g. *yyyy/mm/dd/abalone.csv*. Alternatively, you can run the scripts below to download a copy of testing data set and upload to the **Empty** data bucket. ``` ./scripts/uploadTestingDataset.sh ``` Once the data is uploaded to data bucket, the CodePipeline should be triggered automatically. #### SageMaker Pipeline During the CodePipeline run, a SageMaker Pipeline named `mlops-e2e` (The projectName in the `configuration/projectConfig.json` file) will be created or updated. To inspect the newly created SageMaker Pipeline, you can [setup SageMaker Studio](https://docs.aws.amazon.com/sagemaker/latest/dg/studio.html) and Navigate to the SageMaker Pipeline list from the SageMaker Studio, as shown in the screenshow below:  When there are any issues during the MLPipeline stage of the CodePipeline run, the best way to troubleshoot is to navigate to the SageMaker Pipeline details page in the SageMaker Studio for the logging information. #### Model Consumer After the CodePipeline run is completed (including the Manual-approval-gated Deploy stage), the Model Consumer example can be deployed. See section *ML Model Consumers* for more details. ### Cleanup To clean up all the infrastructure, run the command below: ``` ./scripts/cleanup.sh ``` **Note**: If you have bootstraped the model consumer example, you will need to clean up the model consumer infrastructure resources first. Refer to the [README file](./consumers/online/README.md) for more details and instructions on how to clean up the example infrastructure. ## Sample Machine Learning Project The project is created based on the [SageMaker Project Template - MLOps template for model building, training and deployment](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-projects-templates-sm.html#sagemaker-projects-templates-code-commit). In this example, we are solving the abalone age prediction problem using a sample dataset. The dataset used is the [UCI Machine Learning Abalone Dataset](https://archive.ics.uci.edu/ml/datasets/abalone). The aim for this task is to determine the age of an abalone (a kind of shellfish) from its physical measurements. At the core, it's a regression problem. ## Project Layout * `buildspecs`: Build specification files used by CodeBuild projects * `configuration`: Project and Pipeline configuration * `consumers`: Examples how to consume the inference model * `docs`: Images used in the documentation * `infrastructure`: [AWS CDK](https://docs.aws.amazon.com/cdk/latest/guide/home.html) app for provisioning the end-to-end MLOps infrastructure * `ml_pipeline`: The SageMaker pipeline definition expressing the ML steps involved in generating an ML model and helper scripts * `model_deploy`: [AWS CDK](https://docs.aws.amazon.com/cdk/latest/guide/home.html) app for deploying the model on SageMaker endpoint * `scripts`: Bash scripts used in the CI/CD pipeline * `src`: Machine learning code for peprocessing and evaluating the ML model * `tests`: Unit testing code for testing machine learning code ## Overall Architecture The overall archiecture of the sample project is shown below:  ### Code Pipeline When there is a new version of source code or there is a new version of data, the CodePipeline (serving as MLOps pipeline) is triggered to run CI step to test the ML Code and build the infrastruture code, followed by the MLPipeline step. In the MLPipeline step, a SageMaker Pipeline is created/updated to preprocess the raw data, train and evaluate the ML model. In the Deploy Step, the trained model is deployed as SageMaker endpoint after manual approval. The CodePipeline is defined as CDK construct in the `./infrastructure/codePipelineConstructure.ts` file. ### Training Data When a new data file is uploaded into the Data Source S3 Bucket, a lambda function defined in the `./infrastructure/functions/dataSourceMonitor` folder is triggered to generate a new data manifest file to specify what raw data should be included in the training and then upload it into the Data Manifest s3 Bucket. And the new version of this file triggers the CodePipeline. By default, all the files inside the Data Source S3 Bucket are used in the training job. The source code can be updated to only include data files within certain date range. ### SageMaker Pipeline The SageMaker Pipeline is defined by the python code in the `./ml_pipeline` folder. The source code for preprocessing and evaluating data is located in the `./src` folder. ### Inference Pipeline Model In the preprocessing job (specified in the `./src/preprocess.py` file), we leverages sklearn-kit to transform the data. During the inference, the same preprocessor is expected to be used to transform the inference data. So in the SageMaker Pipeline, we build a inference pipeline model including the preprossor and the inference model to create a pipeline model package so that an inference pipeline can be deployed to process the raw data and send it to the prediction model for predication. A transform step defined in the file `./src/transform.py` is used to map the input and output of the preprossor during the inference. ### Model Deploy The Model Deployment is managed by the CDK stack defined in the `./model_deploy` folder. The model is deployed into **persistent** [SageMaker Real-time Inference endpoint](https://docs.aws.amazon.com/sagemaker/latest/dg/realtime-endpoints.html). ## ML Model Consumers ### Online Inference An example on how to consume the inference model is available in the `consumers/online` folder. Refer to the [README file](./consumers/online/README.md) for more details and instructions on how to deploy the example. ## License This project is licensed under the [MIT-0](./LISENSE). ## Contributing Refer to [CONTRIBUTING](./CONTRIBUTING) for more details on how to contribute to this project. ## References * [SageMaker Project Template - MLOps template for model building, training and deployment](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-projects-templates-sm.html#sagemaker-projects-templates-code-commit) * [Preprocess input data before making predictions using Amazon SageMaker inference pipelines and Scikit-learn](https://aws.amazon.com/blogs/machine-learning/preprocess-input-data-before-making-predictions-using-amazon-sagemaker-inference-pipelines-and-scikit-learn/)

AI & Machine Learning Team Whiteboard

160 Github Stars

Read more

Open Source

mlops-multi-account-terraform

# Build an enterprise grade MLOps platfrom on AWS using Github and Terraform ## Introduction As enterprise businesses embrace Machine Learning (ML) across their organisations, manual workflows for building, training, and deploying ML models tend to become bottlenecks to innovation. To overcome this, enterprises need to shape a clear operating model defining how multiple personas, such as Data Scientists, Data Engineers, ML Engineers, IT, and Business stakeholders, should collaborate and interact, how to separate the concerns, responsibilities and skills, and how to leverage AWS services optimally. This combination of ML and Operations, so-called MLOps, is helping companies streamline their end-to-end ML lifecycle and boost productivity of data scientists while maintaining high model accuracy and enhancing security and compliance. ## High level architecture In this repository, we show how to use **Terraform** with **GitHub and GitHub Actions** to build a baseline infrastructure for secure MLOps. The solution can be broken down into three parts: **Base Infrastructure** The necessary infrastructure components for your accounts including SageMaker Studio, Networking, Permissions and SSM Parameters. <img src="./architecture/base-infra.png" alt="drawing" width="500"/> **Shared Template Repositories** GitHub template repositories that are cloned when a custom SageMaker Project is deployed by a Data Scientist or ML Engineer. <img src="./architecture/template-repos.png" alt="drawing" width="500"/> **User Experience** This is how the end-users (Data Scientists or ML Engineers) use SageMaker projects. Typically, when a SageMaker project is deployed: - GitHub private repos are created from templates that Data Scientists need to customize as per their use-case. - These variables show best practices such as testing, approvals, and dashboards. They can be fully customized once deployed. - Depending on the chosen SageMaker project, other project specific resources might also be created such as a dedicated S3 bucket for the project and automation to trigger ML deployment from model registry. An architecture for the `Building, training, and deployment` project is shown below. <img src="./architecture/user-exp.png" alt="drawing" width="700"/> Currently, four example project template are available. 1. **MLOps Template for Model Building, Training, and Deployment**: ML Ops pattern to train models using SageMaker pipelines and to deploy the trained model into preproduction and production accounts. This template supports Real-time inference, Batch Inference Pipeline, and BYOC containers. 2. **MLOps Template for promoting the full ML pipeline across environments**: ML Ops pattern to shows how to take the same SageMaker pipeline across environments from dev to prod. 3. **MLOps Template for Model Building and Training**: MLOps pattern that shows a simple one-account SageMaker Pipeline setup. 4. **MLOps Template for LLM Model Building, Training and Evaluation**: MLOps pattern that shows a simple one-account SageMaker Pipeline setup for LLM models. Based on the selected project and its setting, SageMaker projects clones GitHub repos using templates. It also sets the secrets, environment variables, and deployment environments. <img src="./architecture/project-list.png" alt="drawing" width="700"/> ## Prerequisites The instructions here assume the following prerequisites. Make a note of these details to use in following sections. 1. AWS Account(s) with sufficient permissions to deploy base infrastructure. We recommended using at least three AWS accounts for a Dev, Preprod, and Prod environment for one business-unit. However, you can deploy the infrastructure using one account for testing purposes. 2. A GitHub Organization. 3. Personal Access Token (PAT) for GitHub organization. It is recommended to create a service/platform account and use it's PAT. ## How to use: ### Bootstrap you AWS Accounts This section explains the steps required to bootstrap your accounts for GitHub and Terraform. > **_NOTE:_** You can skip directly to [CloudFormation template](#option-1-cloudformation-template-for-bootstrapping) section to avoid manual bootstrapping. > **_NOTE:_** You can skip directly to [Bash Script](#option-2-bash-script-for-bootstrapping) section to avoid manual bootstrapping. #### GitHub Actions using OpenId Connect To avoid using long-term [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/) user access keys, we can configure an [OpenID Connect (OIDC)](https://openid.net/connect/) identity provider (idP) inside an AWS account which allows the use of IAM roles and short-term credentials. Follow detailed instructions at [Use IAM roles to connect GitHub Actions to actions in AWS](https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/) or use the CloudFormation template provided below. #### Terraform S3 and DynamoDB Backend Terraform backend supports [Amazon S3 and DynamoDB](https://developer.hashicorp.com/terraform/language/settings/backends/s3) for storing states and locking consistency checking. Create the following resources in each AWS account or use the CloudFormation template provided below. 1. S3 Bucket: `${Prefix}-${Environment}-${AWS::Region}-${AWS::AccountId}` 2. DynamoDB Table: `${Prefix}-${Environment}` Where, `Prefix`: Common name for resources. e.g. `mlops` `Environment`: dev or preprod or prod #### (Option 1) CloudFormation Template for bootstrapping A [bootstrap.yaml](bootstrap.yaml) CloudFormation template has been provided. This can be deployed to each AWS account. Later, bootstrapping can be standardised and automated via [CloudFormation StackSets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html) for an [AWS Organization](https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudformation.html). You can get started with one account but we recommend creating at least 3 AWS accounts: a dev, preprod, and prod account. Deploy the provided `bootstrap.yaml` CloudFormation template in your account(s) either using the AWS console or using AWS CLI as shown below, from the root of the repo. 1. Ensure AWS CLI is [installed](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) and [credentials are loaded](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) for the target account that you want to bootstrap. 2. Identify the following: a. Environment Type of the account: `dev`, `preprod`, or `prod` b. Name of your GitHub Organization c. (Optional) Customize S3 bucket name for Terraform state files by choosing a prefix. d. (Optional) Customize DynamoDB Table Name for State Locking. 3. Run the following command updating the details from step 2. ```bash # Update export ENV=xxx export GITHUB_ORG=xxx # Optional export TerraformStateBucketPrefix=terraform-state export TerraformStateLockTableName=terraform-state-locks aws cloudformation create-stack \ --stack-name YourStackName \ --template-body file://bootstrap.yaml \ --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \ --parameters ParameterKey=Environment,ParameterValue=$ENV \ ParameterKey=GitHubOrg,ParameterValue=$GITHUB_ORG \ ParameterKey=OIDCProviderArn,ParameterValue="" \ ParameterKey=TerraformStateBucketPrefix,ParameterValue=$TerraformStateBucketPrefix \ ParameterKey=TerraformStateLockTableName,ParameterValue=$TerraformStateLockTableName ``` #### (Option 2) Bash script for bootstrapping A [bootstrap.sh](bootstrap.sh) script has been provided. This can be run against each AWS account. You can get started with one account but we recommend creating at least 3 AWS accounts: a dev, preprod, and prod account. 1. Ensure AWS CLI is [installed](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) and [credentials are loaded](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) for the target account that you want to bootstrap. 2. Identify the following: a. Environment Type of the account: `dev`, `preprod`, or `prod` b. Name of your GitHub Organization c. (Optional) Customize S3 bucket name for Terraform state files by choosing a prefix. d. (Optional) Customize DynamoDB Table Name for State Locking. 3. Run the script (`bash ./bootstrap.sh`) and input the details from step 2 when prompted. You can leave most of these options default. > **_NOTE:_** if you change the TerraformStateBucketPrefix or TerraformStateLockTableName parameters, you must update the environment variables (`S3_PREFIX`, `DYNAMODB_PREFIX`) in the [deploy.yml](base-infrastructure/.github/workflows/deploy.yml) to match. This one-time deployment creates the following resources in your AWS account: - For Terraform Backend: - S3 Bucket to store state files. - DynamoDB table to store state locking. - AWS Identity provider for GitHub actions using OIDC (as explained above) - IAM Role to assume from GitHub Actions using the identity provider. Once this is deployed, you're ready to move on to the next step. ### Set up repositories in you GitHub Organization We will move the code from this example to your GitHub Organization. 1. [base-infrastructure](./base-infrastructure/): An internal repository for Base Infrastructure which wil contain all code from `./sagemaker-mlops-terraform` folder. 2. [template-repos](./template-repos/): GitHub [template repositories](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-template-repository) with code from `./template-repos/**`. Make sure to use the same name as the folder name. > **_Note_:** This is an important step to be able to deploy infrastructure. All further steps should be performed directly in your GitHub Organization. ## You are now ready! Follow the [instructions in the base-infra repository](./base-infrastructure/README.md) to deploy MLOps infrastructure to your bootstrapped AWS accounts. ## Contacts If you have any comments or questions, please contact: The team who created the repo: - Jordan Grubb <[email protected]> - Anirudh Gangwal <[email protected]> - Irene Arroyo Delgado <[email protected]> ## AWS MLOps accelerators - Terraform and GitHub solution: https://github.com/aws-samples/mlops-multi-account-terraform - AWS CDK solution: https://github.com/aws-samples/aws-enterprise-mlops-framework - CloudFormation Solution: https://github.com/aws-samples/amazon-sagemaker-secure-mlops - SageMaker Projects Examples: https://github.com/aws-samples/sagemaker-custom-project-templates

Infrastructure as Code PaaS & Self-hosting

46 Github Stars

Read more

Open Source

fine-tuning-llm-with-domain-knowledge

# Fine-tuning HuggingFace GPTJ-6B with U.K. Supreme Court Case documents for domain specific fine-tuning ### Overview This repo contains a notebook that will walk you through how to fine-tune a pre-trained large language model with domain specific knowledge. The domain specific dataset that we will be using to fine-tune this model will be from United Kingdom (U.K.) Supreme Court case documents. We will tune the model on roughly 693 legal documents. ### Prereqs To run this notebook we assume you have knowledge about running a SageMaker Notebook instance or SageMaker Studio Notebook instance. ### SageMaker Studio Resources [Introduction to Amazon SageMaker Studio - Video](https://www.youtube.com/watch?v=YcJAc-x8XLQ) [Build ML models using SageMaker Studio Notebooks - Workshop](https://www.youtube.com/watch?v=1iSiN4sVMjE) ## Dataset info The stats. below are if you were to use all 693 case documents to tune the model. * <strong>Page count:</strong> ~17,718 * <strong>Word count:</strong> 10,015,333 * <strong>Characters (no spaces):</strong> 49,897,639 The entire dataset is available to be downloaded [here](https://zenodo.org/record/7152317#.ZCSfaoTMI2y) ## Considerations when fine-tuning the model The notebook has been configured to allow you to use only a subset of the entire dataset to fine-tune the model if desired. In the Data Prep section, there is a variable called *doc_count*. You can set this number to your preference, and the model will be fine-tuned based on that specific number of cases from the dataset. The smaller the value you set for this variable, the faster the model will fine-tune. ## Training/Tuning Time estimates Here are the estimated training times based on total number of case documents in the training dataset. Note the training time is based on training for 3 epochs. #### All training was ran on 1 - *ml.p3dn.24xlarge* instance #### <strong>Training dataset document count </strong> 250 Training time: 1 hour 41 minutes #### <strong>Training document count</strong> 500 Training time: 2 hours 57 minutes #### <strong>Training document count</strong> 693 Training time: 4 hours ## GPTJ-6B base model Steps you will go through in the notebook to test the base model 1. Clone this repo in a SageMaker Studio Jupyter notebook 2. Install needed notebook libraries 3. Configure the notebook to use SageMaker 4. Retrieve base model container 5. Deploy the model inference endpoint 6. Call inference endpoint to retrieve results from the LLM ## Fine-tuned model Steps you will go through in the notebook to test the fine-tuned model 1. Download dataset 2. Prep the dataset and upload it to S3 3. Retrieve the base model container 4. Set hyperparameters for fine-tuning 5. Start training/tuning job 6. Deploy inference endpoint for the fine-tuned model 7. Call inference endpoint for the fine-tuned model 8. Parse endpoint results ### Final Step * Be sure you delete all models and endpoints to avoid incurring unneeded spend. ### Disclaimer This notebook demos how you can fine-tune an LLM using transfer learning. Even though this notebook is fine-tuned using actual (U.K.) Supreme Court case documents you should not use this notebook for legal advise. ## Running notebook To run the notebook clone this repo in a SageMaker Notebook instance or SageMaker Studio Notebook. [Go to Notebook](src/fine_tuning.ipynb)

AI Tools ML Frameworks

45 Github Stars

Read more

Open Source

sample-well-architected-skills-and-steering

# 🏗️ Well-Architected Skills & Steering for AI Coding Agents Reusable skills and steering that teach AI coding agents how to apply the [AWS Well-Architected Framework](https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html). One set of playbooks, **13 supported tools**. <div align="center"> **Kiro** · **Claude Code** · **Cursor** · **Codex** · **Windsurf** · **GitHub Copilot** · **Gemini CLI** · **Antigravity** · **Junie** · **Amp** · **OpenClaw** · **Cline** · **AWS DevOps Agent** </div> > [!IMPORTANT] > This sample is provided for educational and demonstrative purposes. It is not intended for production use without additional review and testing appropriate to your environment. --- ## 🎯 Why this exists Developers don't stop to consult documentation — they ask their AI assistant. If the assistant doesn't know the Well-Architected Framework, the guidance never reaches the code. This project embeds WA best practices **where development actually happens**: in the IDE, at the moment code is being written. Instead of treating architecture reviews as a separate gate, teams get continuous, contextual guidance that: - ✅ Reduces rework by catching misalignments early - ✅ Works across 13 AI coding tools with a single source of truth - ✅ Requires no AWS credentials, no API calls — everything runs locally - ✅ Follows the open [Agent Skills specification](https://agentskills.io/) --- ## 📦 What's inside ```text steering/ Always-on context (Kiro) well-architected.md Pillars, design principles, review process wa-review.md Deep multi-step WA review (evidence-based, constrained) skills/ Step-by-step playbooks (tool-agnostic) wa-review/ Full review across all 6 pillars security-assessment/ IAM, detection, data protection, incident response reliability-improvement-plan/ SPOFs, recovery, scaling, change management cost-optimization-review/ Waste, right-sizing, pricing models performance-efficiency/ Resource selection, scaling, caching sustainability-optimization/ Utilization, managed services, data lifecycle operational-excellence/ CI/CD, observability, incidents, automation migration-readiness/ 7 Rs assessment with migration plan architecture-decision-record/ WA-aligned ADRs with pillar impact wa-builder/ Learn WA + produce visual artifacts (diagrams, trees, roadmaps) assets/ Shared reference material well-architected-best-practices.md Per-pillar investigation checklists cloudwatch-metrics-reference.md Metric thresholds + composite alarm patterns incident-investigation-patterns.md Triage, RCA, mitigation playbooks skill-authoring-guide.md DevOps Agent skill authoring guide adapters/ Tool-specific configuration claude-code/ CLAUDE.md + slash commands cursor/ .cursor/rules/*.md codex/ AGENTS.md windsurf/ .windsurfrules github-copilot/ .github/copilot-instructions.md cline/ .clinerules gemini-cli/ GEMINI.md antigravity/ .agents/rules/*.md junie/ .junie/guidelines + .junie/skills amp/ .agents/skills/*.md openclaw/ AGENTS.md + .agents/skills/*.md devops-agent/ Packaging for AWS DevOps Agent powers/ Kiro Powers (coming soon) evals/ Automated evaluation runner (Bedrock) run.py CLI entry point grade.py LLM-as-judge grader report.py Scoring and terminal output config.yaml Bedrock region and model config pyproject.toml Dependencies (use uv sync) install.sh One-command setup (macOS/Linux) install.ps1 One-command setup (Windows PowerShell) ``` --- ## 🚀 Quick start ### One-liner (no clone needed) #### Via [skills.sh](https://skills.sh) ```bash npx skills add aws-samples/sample-well-architected-skills-and-steering ``` Auto-detects your AI agent and installs skills directly. Use `--list` to preview available skills, or `--skill <name>` to install a specific one: ```bash # List available skills npx skills add aws-samples/sample-well-architected-skills-and-steering --list # Install a specific skill npx skills add aws-samples/sample-well-architected-skills-and-steering --skill wa-review # Install globally (user-level, applies to all projects) npx skills add aws-samples/sample-well-architected-skills-and-steering -g ``` #### Via bootstrap script **macOS / Linux:** ```bash curl -sL https://raw.githubusercontent.com/aws-samples/sample-well-architected-skills-and-steering/main/bootstrap.sh | bash ``` **Windows (PowerShell):** ```powershell & ([scriptblock]::Create((irm https://raw.githubusercontent.com/aws-samples/sample-well-architected-skills-and-steering/main/bootstrap.ps1))) ``` Auto-detects your AI tools (`.cursor/`, `.claude/`, `.kiro/`, `.junie/`, `.openclaw/`, etc.), installs for all of them, and cleans up. To install for a specific tool instead: ```bash # macOS / Linux curl -sL .../bootstrap.sh | bash -s -- --tool kiro # Windows (PowerShell) & ([scriptblock]::Create((irm .../bootstrap.ps1))) -Tool kiro ``` ### Install script (from local clone) **macOS / Linux:** ```bash # Auto-detect tools in your project ./install.sh ~/my-project --tool auto # Install for a specific tool ./install.sh ~/my-project --tool claude-code # Install for multiple tools at once ./install.sh ~/my-project --tool kiro --tool claude-code --tool cursor # Install for all supported tools ./install.sh ~/my-project --tool all # Use symlinks for automatic updates ./install.sh ~/my-project --tool claude-code --symlink # Install globally (applies to all projects) ./install.sh --global --tool claude-code ``` **Windows (PowerShell):** ```powershell # Auto-detect tools in your project .\install.ps1 -TargetDir C:\Projects\my-app -Tool auto # Install for a specific tool .\install.ps1 -TargetDir C:\Projects\my-app -Tool claude-code # Install for multiple tools at once .\install.ps1 -Tool kiro, claude-code, cursor # Install for all supported tools .\install.ps1 -Tool all -Force # Install globally (applies to all projects) .\install.ps1 -Global -Tool claude-code ``` > [!TIP] > Use `--symlink` (bash) or `-Symlink` (PowerShell) to create symbolic links instead of copies. When this repo updates, your project gets the changes automatically without reinstalling. On Windows, symlinks require elevated permissions. > [!NOTE] > **Global installs** place files in your home directory (`~/CLAUDE.md`, `~/.kiro/`, `~/.cursor/`, etc.) and apply to all projects without their own config. Use project-level installation (the default) if you only want WA guidance for specific projects. > > **Existing files** — the installer prompts before overwriting. Use `--force` to skip confirmation. --- ### Manual installation <details> <summary><strong>🔹 Kiro</strong></summary> macOS / Linux: ```bash mkdir -p .kiro/steering .kiro/skills cp path/to/this-repo/steering/well-architected.md .kiro/steering/ cp -r path/to/this-repo/skills/* .kiro/skills/ ``` Windows (PowerShell): ```powershell New-Item -ItemType Directory -Force -Path .kiro\steering, .kiro\skills Copy-Item path\to\this-repo\steering\well-architected.md .kiro\steering\ Copy-Item -Recurse path\to\this-repo\skills\* .kiro\skills\ ``` </details> <details> <summary><strong>🔹 Claude Code</strong></summary> macOS / Linux: ```bash cp path/to/this-repo/adapters/claude-code/CLAUDE.md ./CLAUDE.md cp -r path/to/this-repo/adapters/claude-code/commands .claude/commands ``` Windows (PowerShell): ```powershell Copy-Item path\to\this-repo\adapters\claude-code\CLAUDE.md .\CLAUDE.md Copy-Item -Recurse path\to\this-repo\adapters\claude-code\commands .claude\commands ``` </details> <details> <summary><strong>🔹 Cursor</strong></summary> macOS / Linux: ```bash cp -r path/to/this-repo/adapters/cursor/rules .cursor/rules ``` Windows (PowerShell): ```powershell Copy-Item -Recurse path\to\this-repo\adapters\cursor\rules .cursor\rules ``` </details> <details> <summary><strong>🔹 Codex (OpenAI)</strong></summary> macOS / Linux: ```bash cp path/to/this-repo/adapters/codex/AGENTS.md ./AGENTS.md cp -r path/to/this-repo/skills ./skills ``` Windows (PowerShell): ```powershell Copy-Item path\to\this-repo\adapters\codex\AGENTS.md .\AGENTS.md Copy-Item -Recurse path\to\this-repo\skills .\skills ``` </details> <details> <summary><strong>🔹 Windsurf</strong></summary> macOS / Linux: ```bash cp path/to/this-repo/adapters/windsurf/.windsurfrules ./.windsurfrules ``` Windows (PowerShell): ```powershell Copy-Item path\to\this-repo\adapters\windsurf\.windsurfrules .\.windsurfrules ``` </details> <details> <summary><strong>🔹 GitHub Copilot</strong></summary> macOS / Linux: ```bash mkdir -p .github cp path/to/this-repo/adapters/github-copilot/.github/copilot-instructions.md .github/ ``` Windows (PowerShell): ```powershell New-Item -ItemType Directory -Force -Path .github Copy-Item path\to\this-repo\adapters\github-copilot\.github\copilot-instructions.md .github\ ``` </details> <details> <summary><strong>🔹 Gemini CLI</strong></summary> macOS / Linux: ```bash cp path/to/this-repo/adapters/gemini-cli/GEMINI.md ./GEMINI.md cp -r path/to/this-repo/skills ./skills ``` Windows (PowerShell): ```powershell Copy-Item path\to\this-repo\adapters\gemini-cli\GEMINI.md .\GEMINI.md Copy-Item -Recurse path\to\this-repo\skills .\skills ``` </details> <details> <summary><strong>🔹 Antigravity</strong></summary> macOS / Linux: ```bash mkdir -p .agents/rules .agents/skills cp -r path/to/this-repo/adapters/antigravity/rules/* .agents/rules/ for skill_dir in path/to/this-repo/skills/*/; do skill_name=$(basename "$skill_dir") mkdir -p ".agents/skills/$skill_name" cp "$skill_dir/SKILL.md" ".agents/skills/$skill_name/SKILL.md" done ``` Windows (PowerShell): ```powershell New-Item -ItemType Directory -Force -Path .agents\rules, .agents\skills Copy-Item -Recurse path\to\this-repo\adapters\antigravity\rules\* .agents\rules\ Get-ChildItem path\to\this-repo\skills -Directory | ForEach-Object { New-Item -ItemType Directory -Force -Path ".agents\skills\$($_.Name)" Copy-Item "$($_.FullName)\SKILL.md" ".agents\skills\$($_.Name)\SKILL.md" } ``` </details> <details> <summary><strong>🔹 Junie (JetBrains)</strong></summary> macOS / Linux: ```bash mkdir -p .junie/guidelines .junie/skills cp path/to/this-repo/adapters/junie/guidelines.md .junie/guidelines/well-architected.md cp -r path/to/this-repo/skills/* .junie/skills/ ``` Windows (PowerShell): ```powershell New-Item -ItemType Directory -Force -Path .junie\guidelines, .junie\skills Copy-Item path\to\this-repo\adapters\junie\guidelines.md .junie\guidelines\well-architected.md Copy-Item -Recurse path\to\this-repo\skills\* .junie\skills\ ``` </details> <details> <summary><strong>🔹 Amp</strong></summary> macOS / Linux: ```bash cp path/to/this-repo/adapters/amp/AGENTS.md ./AGENTS.md mkdir -p .agents/skills cp -r path/to/this-repo/skills/* .agents/skills/ ``` Windows (PowerShell): ```powershell Copy-Item path\to\this-repo\adapters\amp\AGENTS.md .\AGENTS.md New-Item -ItemType Directory -Force -Path .agents\skills Copy-Item -Recurse path\to\this-repo\skills\* .agents\skills\ ``` </details> <details> <summary><strong>🔹 OpenClaw</strong></summary> macOS / Linux: ```bash cp path/to/this-repo/adapters/openclaw/AGENTS.md ./AGENTS.md mkdir -p .agents/skills cp -r path/to/this-repo/skills/* .agents/skills/ ``` Windows (PowerShell): ```powershell Copy-Item path\to\this-repo\adapters\openclaw\AGENTS.md .\AGENTS.md New-Item -ItemType Directory -Force -Path .agents\skills Copy-Item -Recurse path\to\this-repo\skills\* .agents\skills\ ``` </details> <details> <summary><strong>🔹 Cline</strong></summary> macOS / Linux: ```bash cp path/to/this-repo/adapters/cline/.clinerules ./.clinerules ``` Windows (PowerShell): ```powershell Copy-Item path\to\this-repo\adapters\cline\.clinerules .\.clinerules ``` </details> <details> <summary><strong>🔹 AWS DevOps Agent</strong></summary> macOS / Linux: ```bash # Package all skills as zip files for upload to your Agent Space ./install.sh ~/output-dir --tool devops-agent # Then upload each .zip from ~/output-dir/devops-agent-skills/ via the Operator Web App ``` Windows (PowerShell): ```powershell # Package all skills as zip files for upload to your Agent Space .\install.ps1 -TargetDir C:\output-dir -Tool devops-agent # Then upload each .zip from C:\output-dir\devops-agent-skills\ via the Operator Web App ``` </details> --- ## ⚙️ How it works ```mermaid graph LR S[skills/] --> A[adapters/] ST[steering/] --> A A --> K[Kiro] A --> CC[Claude Code] A --> CU[Cursor] A --> CO[Codex] A --> W[Windsurf] A --> GH[GitHub Copilot] A --> G[Gemini CLI] A --> AG[Antigravity] A --> J[Junie] A --> AM[Amp] A --> OC[OpenClaw] A --> CL[Cline] A --> DA[DevOps Agent] ``` | Component | What it does | | --------- | ------------ | | **Skills** (`skills/*/SKILL.md`) | Self-contained, tool-agnostic playbooks. Any AI agent can follow them step-by-step. They don't depend on steering or on each other. | | **Steering** (`steering/*.md`) | Always-on context loaded into every Kiro conversation. Other tools use equivalent mechanisms via adapters. | | **Powers** (`powers/*/`) | Bundled, installable units for Kiro. Package steering + MCP tools + hooks into a single activatable power. | | **Adapters** (`adapters/`) | Translate steering into each tool's native config format and wire up skills as commands or rules. | | **Assets** (`assets/`) | Shared reference material (metrics, patterns, best practices) bundled with skills for tools that support it. | ### Tool compatibility matrix | Tool | Steering mechanism | Skills mechanism | | ---- | ------------------ | ---------------- | | Kiro | `.kiro/steering/*.md` | `.kiro/skills/*/SKILL.md` | | Claude Code | `CLAUDE.md` | `.claude/commands/*.md` (slash commands) | | Cursor | `.cursor/rules/*.md` | Rules with conditional activation | | Codex | `AGENTS.md` | References `skills/` directory | | Windsurf | `.windsurfrules` | References `skills/` directory | | GitHub Copilot | `.github/copilot-instructions.md` | Inline (no separate skill mechanism) | | Cline | `.clinerules` | References `skills/` directory | | Gemini CLI | `GEMINI.md` | References `skills/` directory | | Antigravity | `.agents/rules/*.md` | `.agents/skills/*/SKILL.md` | | Junie | `.junie/guidelines/*.md` | `.junie/skills/*/SKILL.md` | | Amp | `AGENTS.md` | `.agents/skills/*/SKILL.md` | | OpenClaw | `AGENTS.md` | `.agents/skills/*/SKILL.md` | | AWS DevOps Agent | N/A (skills are self-contained) | `SKILL.md` zip upload to Agent Space | --- ## 📋 Skills overview | Skill | Pillar(s) | Use when you need to... | | ----- | --------- | ----------------------- | | `wa-review` | All 6 | Run a full Well-Architected review | | `security-assessment` | 🔒 Security | Assess IAM, detection, data protection, incident response | | `reliability-improvement-plan` | 🔄 Reliability | Find and eliminate single points of failure | | `cost-optimization-review` | 💰 Cost Optimization | Identify waste and right-sizing opportunities | | `performance-efficiency` | ⚡ Performance Efficiency | Evaluate resource selection, scaling, and caching | | `sustainability-optimization` | 🌱 Sustainability | Reduce carbon footprint and resource waste | | `operational-excellence` | 🛠️ Operational Excellence | Assess CI/CD, observability, incident management | | `migration-readiness` | All 6 | Assess readiness to migrate a workload to AWS | | `architecture-decision-record` | All 6 | Document a design decision with WA pillar impact | | `wa-builder` | All 6 | Learn WA for your project + produce visual artifacts (diagrams, decision trees, roadmaps) | --- ## ✅ Verifying it works Ask your AI coding agent: ```text What Well-Architected pillars should I consider for this architecture? ``` If configured correctly, it will reference all six pillars with specific guidance rather than giving a generic answer. > [!TIP] > **Claude Code users**: try `/wa-review` to invoke the full review skill as a slash command. > > **Kiro users**: the steering loads automatically — just start discussing architecture and the agent applies WA principles. --- ## 🧪 Evaluating skills Each skill includes structured evaluations in `skills/*/evals/evals.json` following the [Agent Skills eval spec](https://agentskills.io/skill-creation/evaluating-skills). Evals let you measure whether the skills produce better outputs than a bare agent. Each test case includes: - A realistic user prompt - Expected output description - 5-7 concrete assertions (gradable as PASS/FAIL) ### Automated eval runner The `evals/` directory contains an automated evaluation runner powered by **Amazon Bedrock**. **Prerequisites:** - Python 3.13+ and [uv](https://docs.astral.sh/uv/) - AWS credentials configured with Bedrock access (`aws configure` or SSO) - Bedrock model access enabled for Claude Sonnet and Haiku in your region **Setup:** ```bash cd evals uv sync ``` **Run evaluations:** macOS / Linux / Windows (PowerShell): ```bash # List available skills uv run python run.py --list # Evaluate a single skill uv run python run.py --skill wa-review --verbose # Evaluate all skills with parallel case execution uv run python run.py --parallel --verbose # Save results for historical tracking uv run python run.py --parallel --save ``` > [!NOTE] > On Windows, ensure your AWS credentials are configured via `aws configure` or environment variables (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`). If using AWS IAM Identity Center (SSO), run `aws sso login --profile your-profile` first. **How it works:** 1. For each test case, generates two responses via Bedrock Converse API: - **Baseline** — prompt only, no skill context - **With skill** — prompt + SKILL.md injected as system context 2. An LLM-as-judge grades each assertion as PASS/FAIL against both outputs 3. Reports a score comparison showing the skill's impact **Configuration** (`evals/config.yaml`): ```yaml provider: bedrock region: us-east-1 generation_model: us.anthropic.claude-opus-4-8 grading_model: us.anthropic.claude-opus-4-8 max_tokens: 16384 ``` **Estimated cost per run:** | Scope | Generation calls | Grading calls | Estimated cost | | ----- | ---------------- | ------------- | -------------- | | Single skill (3 cases) | 6 (Opus) | 6 (Opus) | ~$1.50 – $2.50 | | All 9 skills (27 cases) | 54 (Opus) | 54 (Opus) | ~$12 – $20 | Cost breakdown assumes ~1K input tokens and ~8K output tokens per generation call (16k max), and ~9K input / ~500 output per grading call. Actual cost depends on response length and Bedrock pricing in your region. Use `--parallel` for ~3x faster wall-clock time. You can use cheaper models (Sonnet, Haiku) by updating `config.yaml`. > [!TIP] > **Experiment with other models!** The eval runner works with any model available in Bedrock — try Amazon Nova, Meta Llama, Mistral, or others to see how different foundation models respond to skill guidance. Use the discovery utility to see what's available in your region: > > `uv run python list_models.py` > > Then update `generation_model` in `config.yaml` to try a different model. The grading model should remain a strong model (Claude Opus/Sonnet) for reliable assertion grading. Note: Opus 4.8 does not support the `temperature` parameter — the runner handles this automatically. > [!TIP] > Start by running a single skill eval (`--skill wa-review --verbose`) to see detailed per-assertion grading. The delta between baseline and with-skill scores quantifies the value each skill adds. --- ## 📈 Effectiveness All skills are evaluated using an automated LLM-as-judge framework with paired comparison (same prompt, with and without skill context). Results with Claude Opus 4.8 (generation and grading), 16k token output: | Skill | Baseline | With Skill | Delta | |-------|----------|-----------|-------| | `wa-review` | 82% | **100%** | +18% | | `architecture-decision-record` | 81% | **100%** | +19% | | `cost-optimization-review` | 93% | **100%** | +7% | | `migration-readiness` | 85% | **100%** | +15% | | `operational-excellence` | 90% | **100%** | +10% | | `performance-efficiency` | 90% | **100%** | +10% | | `reliability-improvement-plan` | 95% | **100%** | +5% | | `security-assessment` | 94% | **100%** | +6% | | `sustainability-optimization` | 85% | **100%** | +15% | | `wa-builder` | 61% | **94%** | +33% | | **Average** | **86%** | **99%** | **+14%** | - **9 of 10 skills** score 100% on behavioral assertions; `wa-builder` scores 94% - **Average +14% improvement** over the same model without skill guidance - Skills never produce worse output than baseline — they improve or match The evaluation framework is included in [`evals/`](./evals) so you can reproduce results on your own models and prompts. Use `--parallel` for ~3x faster runs. --- ## 🤝 Contributing We welcome contributions from the community! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on adding skills, modifying steering files, or adding new tool adapters. > [!NOTE] > This is a community-driven project. Anyone can collaborate and improve the skills and steering docs through Pull Requests. Adapt them to your domain, add new patterns, and share back. --- ## 🔒 Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. --- ## 📄 License This project is licensed under the [MIT-0 License](LICENSE). --- ## 📚 Related Resources - [AWS Well-Architected Framework](https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html) - [Kiro — AI-powered IDE](https://kiro.dev) - [AWS DevOps Agent](https://docs.aws.amazon.com/devopsagent/latest/userguide/) - [Agent Skills Specification](https://agentskills.io/) - [skills.sh — Skills directory for AI agents](https://skills.sh)

DevOps & Infrastructure AI Tools

171 Github Stars

Read more

Open Source

sample-strands-agent-with-agentcore

# Strands Agent Chatbot with Amazon Bedrock AgentCore An end-to-end reference architecture for building **agentic workflows** using **Strands Agents** and **Amazon Bedrock AgentCore**. This repository demonstrates how to design and deploy a multi-agent chatbot that combines tool execution, memory, browser automation, and agent-to-agent collaboration. It is intended as a realistic, extensible sample for teams exploring advanced agent architectures on AWS. --- ## Demo https://github.com/user-attachments/assets/11b383c2-2e14-4135-833f-b0b2bce62953 > **[Full demo (6 min)](https://drive.google.com/file/d/1Hk4hgiqqMntNRUN1xDkwcbJUA8MVEJEA/view?usp=sharing)** ### Mobile App <table> <tr> <td align="center"><img src="docs/images/claude-code-agent.png" width="180"><br>_{Coding Agent}</td> <td align="center"><img src="docs/images/finance-analysis.png" width="180"><br>_{Financial Analysis}</td> <td align="center"><img src="docs/images/browser-automation.png" width="180"><br>_{Browser Automation}</td> <td align="center"><img src="docs/images/browser-automation-2.png" width="180"><br>_{Web Search}</td> </tr> </table> --- ## What this repository demonstrates - Multi-agent orchestration with **Strands Agents** - Integration with **Amazon Bedrock AgentCore** - Tool-enabled agents (search, finance, weather, browser, code interpreter) - Autonomous browser, documentation, and analysis workflows - Modular architecture adaptable to real customer use cases - Infrastructure-as-Code (Terraform) for repeatable deployment If you are building **agentic AI applications on AWS** and want a concrete, end-to-end example, this repository is designed to be read, run, and extended. **Quick links:** [Architecture](#architecture-overview) · [Key Features](#key-features) · [Quick Start](#quick-start) --- ## Architecture Overview This sample combines **Strands Agent orchestration** with **Amazon Bedrock AgentCore services**: | Component | Role | |-----------|------| | **Strands Agents** | Multi-turn reasoning and tool orchestration | | **AgentCore Runtime** | Managed, containerized agent execution | | **AgentCore Memory** | Persistent conversation state and summarization | | **AgentCore Gateway** | MCP-based tool integration with JWT authentication | | **AgentCore Code Interpreter** | Secure Python execution for analysis and document generation | | **AgentCore Browser** | Headless browser automation with live view | | **AgentCore Identity** | End-user authentication and 3LO OAuth delegation | | **AgentCore Registry** | Central catalog for agent skills, MCP servers, and A2A agents | | **AgentCore Observability** | Trace collection and agent execution monitoring | | **Amazon Nova Act** | Visual reasoning model for browser automation | <img src="docs/images/architecture-overview.png" alt="Architecture Overview" width="1200"> --- ## Key Features - Strands-based agent orchestration - Amazon Bedrock AgentCore Runtime, Gateway, and Memory - MCP Gateway tools (Google, Wikipedia, ArXiv, Yahoo Finance, Tavily, Open-Meteo) - Agent-to-Agent (A2A) collaboration — including remote **Claude Agent SDK (Claude Code)** for agentic coding tasks - Built-in Code Interpreter for charts and documents - Multimodal input and output (vision, charts, documents, screenshots) - Real-time voice interaction with Amazon Nova Sonic 2 --- ## Skill System (Progressive Disclosure) Tools are organized into **skills** — grouped units with SKILL.md instructions that the agent loads on demand. Instead of injecting all tool documentation into every prompt, the agent activates only the skills it needs: 1. **L1 Catalog** — Skill names and one-line descriptions (always in system prompt) 2. **L2 Instructions** — Full SKILL.md loaded via `skill_dispatcher` when activated 3. **L3 Execution** — Tool calls via `skill_executor` This keeps prompt size small while giving the agent access to detailed instructions when needed. Design notes: - https://medium.com/towards-artificial-intelligence/agent-skills-part-2-bridging-skills-with-production-tool-ecosystems-422e4a63fcad ``` skills/ ├── visual-design/ # Charts, posters, infographics (Code Interpreter) ├── code-interpreter/ # General code execution ├── browser-automation/ # Nova Act browser tools ├── word-documents/ # Word document generation ├── excel-spreadsheets/ # Excel spreadsheet generation ├── powerpoint-presentations/ # PowerPoint generation ├── gmail/ # Gmail read/search/delete (3LO OAuth) ├── google-calendar/ # Calendar events (3LO OAuth) ├── notion/ # Notion pages and databases (3LO OAuth) ├── github/ # GitHub repos, issues, PRs, code (3LO OAuth) └── ... # 20+ skills (web search, finance, maps, weather, and more) ``` --- ## Claude Desktop 3P (Cowork) Integration Claude Desktop in 3P mode can connect directly to the AgentCore Gateway as an MCP connector, giving Cowork access to the same 23 Gateway tools (web search, arXiv, finance, weather, maps, Wikipedia, etc.) used by the chatbot agents. Authentication uses Cognito user identity (authorization_code + PKCE flow) with automatic token refresh, so per-user identity propagates to Lambda tools. <img src="docs/images/cowork-ac-gateway.png" alt="Cowork AgentCore Gateway" width="800"> ```bash cd cowork ./setup.sh # Cognito login + configure managedMcpServers # Restart Cowork ``` See [cowork/README.md](cowork/README.md) for setup modes, token lifecycle, and known limitations. --- ## Multi-Protocol Tool Architecture | Tool Category | Protocol | Examples | Authentication | |--------------|----------|----------|----------------| | Local Tools | Direct Python | Web Search, URL Fetcher, Visualization | None | | Built-in Tools | AWS SDK / WebSocket | Code Interpreter, Browser (Nova Act) | IAM | | Gateway Tools | MCP | Google Search, Maps, Wikipedia, ArXiv, Finance | SigV4 | | Private API Tools | MCP (3LO OAuth) | Gmail, Google Calendar, Notion, GitHub | OAuth 2.0 | | A2A Tools | A2A | Research Agent, Browser-Use Agent | JWT | Total: **100+ tools across 20 tool groups** See [docs/guides/TOOLS.md](docs/guides/TOOLS.md) for full details. --- ## Voice Mode Real-time voice interaction using **Amazon Nova Sonic 2**, **Strands BidiAgent**, and **AgentCore Runtime WebSocket**. - Seamless switching between voice and text within a single session - Shared conversation history across both modes - Full tool execution support during voice conversations --- ## Memory Architecture and Long-Context Management The system uses **AgentCore Memory** with: - Short-term session memory - Long-term summarized memory Long conversations are compacted using a context summarization strategy to retain key information while controlling token growth. Design notes: - https://medium.com/@revoir07/long-context-compaction-for-ai-agents-part-1-design-principles-2bf4a5748154 --- ## Token Optimization via Prompt Caching Prompt caching reduces input token usage by reusing system prompts, stable instruction blocks, and repeated conversation context across agent loop iterations. This project originally implemented caching via custom Strands hooks. The approach has since been upstreamed into the Strands SDK as a built-in feature ([strands-agents/sdk-python#1438](https://github.com/strands-agents/sdk-python/pull/1438)): ```python from strands.models import BedrockModel, CacheConfig model = BedrockModel( model_id="us.anthropic.claude-sonnet-4-6-v1", cache_config=CacheConfig(strategy="auto") ) ``` Design notes: - https://medium.com/@revoir07/agent-loop-caching-the-missing-optimization-for-agent-workflows-230cc530eb72 --- ## Multi-Agent Architecture Agent-to-Agent communication is handled via the **A2A protocol**, allowing the supervisor agent to delegate tasks to specialized worker agents such as a deep research agent. Multiple agents collaborating in sequence — each handling its own role — are coordinated using the **Swarm** pattern. This architecture also includes a **Claude Agent SDK (Claude Code)** instance deployed as a remote A2A agent on **AgentCore Runtime**. The supervisor delegates agentic coding tasks — multi-file implementation, refactoring, test suites — to this agent over A2A, with an S3-backed workspace that persists files across sessions. Design notes: - https://medium.com/@revoir07/extend-your-chatbot-with-deep-research-using-a2a-ba4de3ed23e9 --- ## Use Cases - Financial research agents - Technical research assistants using multi-agent patterns - Autonomous web automation agents - Memory-backed conversational assistants - Hybrid research workflows using MCP, A2A, and AWS SDK tools --- ## Quick Start ### Prerequisites - AWS account with Bedrock access - AWS CLI configured - Docker installed - Node.js 18+ and Python 3.13+ --- ### Local Development ```bash git clone https://github.com/aws-samples/sample-strands-agent-with-agentcore.git cd sample-strands-agent-with-agentcore cd chatbot-app ./setup.sh # Create chatbot-app/.env with deployment outputs (Cognito IDs, API URL, etc.) # — typically populated from terraform output after `infra/scripts/deploy.sh apply`. ./start.sh ``` Frontend will be available at http://localhost:3000. --- ### Cloud Deployment ```bash # Configure cp infra/environments/dev/terraform.tfvars.example infra/environments/dev/terraform.tfvars # Edit terraform.tfvars with your settings # Deploy all ./infra/scripts/deploy.sh apply # Deploy specific modules ./infra/scripts/deploy.sh apply -target=module.chat ./infra/scripts/deploy.sh apply -target=module.runtime_orchestrator ``` See [DEPLOYMENT.md](DEPLOYMENT.md) for full instructions. ### Project Structure ``` sample-strands-agent-chatbot/ ├── chatbot-app/ │ ├── frontend/ # Next.js UI + BFF │ └── agentcore/ # Python backend (Strands Agent) ├── agentcore/ # AgentCore workloads (built/deployed by Terraform) │ ├── gateway-tools/ # Lambda MCP tools (arxiv, weather, tavily, ...) │ ├── a2a-agents/ # A2A runtimes (code-agent, research-agent) │ └── mcp-runtime/ # MCP 3LO runtime (Gmail, GitHub, Notion, ...) ├── cowork/ # Claude Desktop 3P ↔ AgentCore Gateway connector └── infra/ # Terraform infrastructure ├── modules/ # Reusable modules (auth, runtime, gateway, chat, ...) ├── environments/dev/ # Environment configuration └── scripts/ # Deploy orchestrator ``` ## Documentation - DEPLOYMENT.md - docs/guides/TROUBLESHOOTING.md --- ## License MIT License. See LICENSE for details.

Communication AI Agents

169 Github Stars

Read more

Open Source

sample-browser-order-automation-agentcore

# Browser Order Automation with Amazon Bedrock AgentCore A sample e-commerce order automation application built on Amazon Bedrock AgentCore Browser with Nova Act, Strands Agent, and Playwright MCP for secure browser automation and intelligent agent orchestration capabilities.  **Note**: This is a sample application for demonstration purposes. Review and modify security settings, resource configurations, and access policies according to your organization's requirements before deploying to production environments. ## Key Features - **AI-Powered Automation**: Nova Act or Amazon Bedrock models (e.g. Sonnet 4, Opus 4.1) for intelligent order processing - **Secure Browser Automation**: Amazon Bedrock AgentCore Browser Tool provides isolated, managed browser environment - **Web Bot Auth (Preview)**: Cryptographic authentication to reduce CAPTCHA challenges using IETF Web Bot Auth protocol - **Multi-Agent Architecture**: Strands Agent orchestrates Nova Act and Playwright MCP agents for complex workflows - **Real-time Monitoring**: WebSocket connections for live order tracking and browser session viewing - **Human-in-the-Loop**: Manual intervention with live browser view, session replay, and manual control takeover - **Batch Processing**: CSV upload support for bulk order automation with priority queuing - **Secure Credential Management**: AWS Secrets Manager for encrypted credential storage with KMS encryption - **High Availability**: Multi-AZ deployment with auto-scaling ECS Fargate tasks - **Enterprise Security**: VPC isolation, WAF protection, encrypted storage, and IAM-based access control ## Architecture Overview  This solution demonstrates a modern, cloud-native approach to e-commerce order automation using AWS services including Amazon Bedrock, AgentCore Browser Tool, ECS Fargate, and CloudFront. The system processes orders through an AI pipeline that automates web interactions, validates data, and provides real-time monitoring with human-in-the-loop capabilities. ### System Components **Frontend Layer** - React 18 application with AWS Cloudscape Design System - CloudFront distribution for global content delivery - Real-time WebSocket connections for order status updates - Live browser view with DCV streaming and session replay **Backend Layer** - Python FastAPI application with asynchronous job processing - ARM64-optimized ECS Fargate containers - Priority-based job queue with concurrent workers (1-10 configurable) - WebSocket server for real-time updates **AI & Automation Layer** - Amazon Bedrock for Claude model access - AgentCore Browser Tool for secure web automation - Strands Agent for workflow orchestration - Nova Act for AI-powered browser intelligence - Playwright MCP Agent for browser actuation **Data & Security Layer** - Amazon RDS PostgreSQL for production, SQLite for development - AWS Secrets Manager for credential storage with KMS encryption - S3 for file uploads and session recordings - CloudWatch for metrics, logging, and monitoring ## Application Logic Flow ### Order Processing Pipeline ```mermaid graph TD A[User Upload] --> B[Order Validation] B --> C[Job Creation] C --> D[Priority Queue] D --> E[Agent Selection] E --> F[Browser Automation] F --> G[Real-time Monitoring] G --> H{Success?} H -->|Yes| I[Order Complete] H -->|Issues| J[Human Review] J --> K[Manual Resolution] K --> I ``` **Processing Flow:** 1. **Order Creation**: User uploads single order or CSV batch with priority assignment 2. **Queue Management**: Priority-based FIFO processing with configurable workers 3. **Agent Orchestration**: Strands Agent coordinates Nova Act (AI) and Playwright MCP (browser control) 4. **Browser Automation**: AgentCore Browser Tool provides isolated sessions with live monitoring 5. **Human Review**: Complex cases routed for manual intervention with live browser control ### System Interaction Flow ```mermaid sequenceDiagram participant U as User participant F as Frontend participant A as FastAPI participant Q as Job Queue participant S as Strands Agent participant B as AgentCore Browser participant SM as Secrets Manager U->>F: Upload order/CSV F->>A: POST /api/orders A->>Q: Add to priority queue A->>F: Return job ID loop Background Processing Q->>S: Get next job S->>SM: Retrieve credentials S->>B: Start browser session B->>S: Live view URL S->>A: Progress updates A->>F: WebSocket updates F->>U: Real-time status end ``` ### Agent Architecture **Strands Agent** - Main orchestrator - Workflow coordination and state management - Credential retrieval from AWS Secrets Manager - Browser session lifecycle management - Progress tracking and error handling **Nova Act** - AI-powered browser intelligence - Natural language to browser actions - Visual understanding of web pages - Adaptive navigation strategies - CAPTCHA detection and human escalation **Playwright MCP** - Browser actuation - Low-level browser control and element interaction - Form filling and submission - Network request monitoring ## Quick Start ### Prerequisites **Local Development** - Python 3.9+ - Node.js 16+ - AWS CLI configured with appropriate permissions **AWS Deployment** - AWS Account with Bedrock and AgentCore access - Terraform 1.0+ - Domain registered in Route 53 (optional) **Security Setup** - Set admin password for web interface authentication (required) ### Local Development ```bash # Clone the repository git clone <repository-url> cd browser-order-automation-agentcore # Set up environment variables cp .env.example backend/.env # Edit backend/.env and set ADMIN_PASSWORD # Backend setup cd backend pip install -r requirements.txt python app.py # Starts on port 8000 # Frontend setup (new terminal) cd frontend npm install npm start # Starts on port 3000 ``` Access the application at `http://localhost:3000` and login with your admin password. ### Environment Configuration **Backend** (create `backend/.env` from `.env.example`): ```bash AWS_REGION=us-west-2 FLASK_ENV=development ALLOWED_ORIGINS=http://localhost:3000 # REQUIRED: Set admin password for web interface ADMIN_PASSWORD=your-strong-password-here # Optional - uses SQLite if not set # DATABASE_URL=postgresql://user:pass@host:5432/dbname ``` **Frontend** (create `frontend/.env`): ```bash REACT_APP_API_URL=http://localhost:8000 ``` ### AWS Deployment ```bash cd terraform cp terraform.tfvars.example terraform.tfvars # IMPORTANT: Edit terraform.tfvars and set admin_password # Or set via environment variable: export TF_VAR_admin_password="your-strong-password-here" terraform init terraform plan terraform apply # Note: JWT_SECRET is automatically generated by Terraform - no manual setup needed ``` See [terraform/README_AUTH.md](terraform/README_AUTH.md) for detailed authentication setup instructions. ## Core Features ### Order Management - **Single Orders**: Create individual orders with product URL, customer details, and automation method - **Batch Processing**: CSV upload for bulk orders with priority assignment - **Queue Management**: Priority-based processing (Low, Normal, High, Urgent) - **Status Tracking**: Real-time updates via WebSocket connections ### Browser Automation - **Live View**: Real-time browser session viewing with DCV streaming - **Session Replay**: Recorded sessions for completed orders - **Manual Control**: Human takeover capability during automation - **Screenshot Capture**: Automatic screenshots at each automation step - **Web Bot Auth (Preview)**: Cryptographic request signing to reduce CAPTCHA friction - Verifiable agent identity using IETF HTTP Message Signatures protocol - Automatic integration with Cloudflare, HUMAN Security, and Akamai Technologies - Enabled by default for all browser sessions - Configurable in Settings → Browser Security & Authentication ### Secret Management - **AWS Secrets Manager**: Encrypted credential storage with KMS - **Web UI**: Secret Vault interface for managing retailer credentials - **Automatic Retrieval**: Seamless credential access during automation - **Audit Logging**: Full CloudTrail integration for compliance ### Monitoring & Observability - **Real-time Dashboard**: Order status, queue metrics, and system health - **WebSocket Updates**: Live progress tracking and notifications - **CloudWatch Integration**: Metrics, logs, and alarms - **Health Checks**: Application and infrastructure monitoring## AP I Reference ### Order Management ```http POST /api/orders Content-Type: application/json { "retailer": "sample_retailer", "automation_method": "nova_act", "product": { "url": "https://example.com/product", "name": "Product Name", "size": "M", "color": "Blue", "price": 99.99 }, "customer_name": "John Doe", "customer_email": "[email protected]", "shipping_address": {...}, "priority": "normal" } ``` ```http GET /api/orders/{order_id} GET /api/orders?status=processing&limit=50 DELETE /api/orders/{order_id} # Cancel order ``` ### Batch Processing ```http POST /api/orders/upload-csv Content-Type: multipart/form-data file: CSV file automation_method: "nova_act" | "strands" ai_model: "nova_act" | "claude-sonnet-4" ``` ### Live Monitoring ```http GET /api/orders/{order_id}/live-view GET /api/orders/{order_id}/session-replay POST /api/orders/{order_id}/take-control POST /api/orders/{order_id}/release-control ``` ### Secret Management ```http GET /api/secrets POST /api/secrets GET /api/secrets/{site_name} PUT /api/secrets/{site_name} DELETE /api/secrets/{site_name} ``` ### WebSocket Events ```javascript // Connect to real-time updates const ws = new WebSocket('ws://localhost:8000/ws'); // Order status updates { "type": "order_updated", "order_id": "uuid", "status": "processing", "progress": 45 } // Live browser screenshots { "type": "screenshot", "order_id": "uuid", "image_url": "/api/screenshots/image.png" } ``` ## Security Considerations ### AWS Secrets Manager Integration - **Encryption**: Automatic KMS encryption for all stored credentials - **Access Control**: IAM-based permissions with least privilege - **Audit Trail**: CloudTrail logging for all secret access - **Rotation**: Built-in support for automatic credential rotation ### Network Security - **VPC Isolation**: Private subnets for application and database tiers - **WAF Protection**: Application firewall with common attack prevention - **TLS Encryption**: HTTPS/TLS for all data in transit - **Security Groups**: Least-privilege network access rules ### Browser Security - **Isolated Sessions**: AgentCore Browser Tool provides containerized environments - **Session Cleanup**: Automatic cleanup after order completion - **Access Logging**: Detailed audit logs for all browser interactions - **Web Bot Auth**: Cryptographic authentication reduces CAPTCHA challenges - Based on draft IETF Web Bot Auth protocol - Provides verifiable agent identity to websites - Works with Cloudflare, HUMAN Security, and Akamai Technologies - Domain owners retain full control over bot policies - Learn more: [AWS Blog Post](https://aws.amazon.com/blogs/machine-learning/reduce-captchas-for-ai-agents-browsing-the-web-with-web-bot-auth-preview-in-amazon-bedrock-agentcore-browser/) ## Deployment ### Terraform Configuration Key variables in `terraform.tfvars`: ```hcl project_name = "order-automation" environment = "prod" aws_region = "us-west-2" # Optional custom domain domain_name = "orders.yourdomain.com" # ECS Configuration ecs_task_cpu = 512 ecs_task_memory = 1024 ecs_desired_count = 2 enable_auto_scaling = true ``` ### Infrastructure Components - **ECS Fargate**: Containerized application with auto-scaling - **Application Load Balancer**: Traffic distribution with health checks - **RDS PostgreSQL**: Managed database with encryption - **CloudFront**: Global content delivery network - **S3**: Static assets and file storage - **Secrets Manager**: Encrypted credential storage ## Monitoring ### CloudWatch Metrics - ECS service metrics (CPU, memory, task count) - Application Load Balancer metrics (requests, latency) - Custom application metrics (order processing, queue depth) ### Health Checks - Application health endpoint: `GET /health` - ECS container health checks - ALB target group health monitoring ### Logging - Structured JSON logging with multiple levels - CloudWatch Logs integration - Real-time log streaming and filtering ## Development ### Local Development 1. **Database**: Automatic SQLite when `DATABASE_URL` not set 2. **AWS Services**: Configure AWS CLI with development credentials 3. **Hot Reload**: Both frontend and backend support hot reload ### Testing ```bash # Backend tests cd backend && python -m pytest tests/ # Frontend tests cd frontend && npm test # Integration tests npm run test:integration ``` ## License This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details. ## Support For questions, issues, or contributions: 1. Check existing [Issues](../../issues) 2. Create a new issue with detailed description 3. Review [CONTRIBUTING.md](CONTRIBUTING.md) for contribution guidelines ## Additional Resources - [Amazon Bedrock Documentation](https://docs.aws.amazon.com/bedrock/) - [Amazon Bedrock AgentCore Browser Tool](https://docs.aws.amazon.com/bedrock/latest/userguide/agentcore-browser.html) - [AWS Secrets Manager Best Practices](https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html) - [ECS Fargate Best Practices](https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/) - [React Cloudscape Design System](https://cloudscape.design/) --- **Note**: This is a sample application for demonstration purposes. Review and modify security settings, resource configurations, and access policies according to your organization's requirements before deploying to production environments.

AI Agents Browser Automation

18 Github Stars

Read more

Open Source

partner-crm-integration-samples

# AWS Partner CRM Integration Samples Welcome to the AWS Partner CRM Integration Samples repository. This repository contains a collection of sample files and code snippets designed to assist AWS partners in building custom integration solutions with AWS services. The samples are specifically tailored for integrating with Customer Relationship Management (CRM) systems. You can explore a live demo of the [AWS Partner Central API Opportunity Management application in Sandbox Environemnt](https://aws-samples.github.io/partner-crm-integration-samples/) showcasing AWS Partner Central API integration. You can also see a [video demo](https://partnercentral.awspartner.com/partnercentral2/s/resources?Id=a1Gaq000001UYjeEAG) of the application (Parnter Central Login is required), ## Repository Structure The repository is organized into three main folders: ### opportunity-samples This folder includes samples related to opportunities, such as standard value sets, field mappings, and sample JSON payloads for creating opportunities and processing outbound results: - `Opportunity - StandardValues.csv`: Standard values for opportunity fields in CSV format. - `Opportunity-Create-Inbound-Sample.json`: A JSON sample for creating an opportunity in the CRM. - `Opportunity-Fields.csv`: Field details for opportunities in CSV format. - `Opportunity-Outbound-Sample.json`: A JSON sample representing an opportunity sent from the CRM. - `Opportunity-Results_With-Errors-Sample.json`: A JSON sample showing the results of an opportunity sync with errors. - `Opportunity-Results-Success-Sample.json`: A JSON sample showing the results of a successful opportunity sync. - `Opportunity - Testing Scenarios.xlsx`: An Excel spreadsheet detailing the scenarios for testing the opportunity sharing. - `Opportunity-FieldsAndStandardValues-DiffWithPrevVersion-V14.3`: An excel spreadsheet that has both, the list of fields and the standard values along with the indications of what has changed from the previous verison. This is ideal for partners who are moving from a previous version to a new version. ### lead-samples This folder contains samples related to leads, which include standard value sets, field mappings, and sample JSON payloads for managing lead data: - `Lead - StandardValues.csv`: Standard values for lead fields in CSV format. - `Lead-Outbound-Sample.json`: A JSON sample representing a lead sent from the CRM. - `Lead-Results_With-Errors-Sample.json`: A JSON sample showing the results of a lead sync with errors. - `Lead-Results-Success-Sample.json`: A JSON sample showing the results of a successful lead sync. - `Lead-Update-Inbound-Sample.json`: A JSON sample for updating a lead in the CRM. - `Leads-Fields.csv`: Field details for leads in CSV format. - `Leads - Testing Scenarios.xlsx`: An Excel spreadsheet detailing the scenarios for testing the lead sharing. ### code-snippets This folder contains various code snippets for interacting with AWS services such as Amazon S3 and Salesforce (SFDC) Apex samples for AWS integration: - `SFDC apex s3 sample.txt`: A Salesforce Apex code sample for integrating with Amazon S3. - `ace_read_s3.py`: A Python script for reading files from Amazon S3. - `Apex_get_files_from_s3_ace_partner_test.cls`: An Apex code snippet for retrieving files from an S3 bucket for ACE partners. - `IAMAnywhere_Setup.yaml`: A Cloudformation template to help with IAM Anywhere set up for ACE CRM Integration via AWS Partner CRM Connector. - `Apex_Sample_REST_API_Code.cls`: A Salesforce Apex sample for making REST API calls. - `s3_ace_partner_test.cls`: An Apex code snippet for testing Amazon S3 integration with ACE partners. - `S3_Authentication.cls`: An Apex snippet for authenticating with Amazon S3. - `Sample_AceOutboundBatch.cls`: An Apex code snippet for handling outbound batch processing with ACE. ### resources - `aws_products.json`: JSON format of the Products offered by AWS. Use the values in this file to use in the opportunity - `SampleAWSProducts.csv`: A CSV file listing sample AWS products. - `Sample AWSProductsAndSolutions.xlsx`: An Excel spreadsheet listing sample AWS products and solutions. - `SamplePartnerSolutions.csv`: A CSV file listing sample partner solutions. ### partner-central-api-sample-codes - `java_preview`: Contains sample codes in Java - `python_preview`: Contains sample codes in Python - `go_preview`: Contains sample codes in Go - `dotnet_preview`: Contains sample codes in C# - [`opportunityManagement`](partner-central-api-sample-codes/opportunityManagement): React-based web application with a [live demo](https://aws-samples.github.io/partner-crm-integration-samples/) demonstrating AWS Partner Central API integration ## Getting Started To begin using these samples, clone the repository to your local machine or download the files directly from GitHub using the following command: ```bash git clone https://github.com/aws-samples/partner-crm-integration-samples.git ```

iPaaS & API Integration API Tools

17 Github Stars

Read more

Open Source

amazon-ivs-chat-web-demo

# Amazon IVS Chat Web Demo A demo web application intended as an educational tool to demonstrate how you can build a simple live video and chat application with [Amazon IVS](https://aws.amazon.com/ivs/). <img src="app-screenshot.png" alt="Amazon IVS Chat Web Demo" /> **This project is intended for education purposes only and not for production usage.** This is a serverless web application, leveraging [Amazon IVS](https://aws.amazon.com/ivs/) for video streaming and chat, [AWS Lambda](https://aws.amazon.com/lambda/), and [Amazon API Gateway](https://aws.amazon.com/api-gateway/). The web user interface is written in Javascript and built on React. The demo showcases how you can implement a simple live streaming application with video and chat using Amazon IVS. Viewers are asked to enter their name the first time they begin chatting. Chat users can send plain text messages, text links, emojis, and stickers. Chat moderators can delete messages and kick users. ## Getting Started This demo is comprised of two parts: `serverless` (the demo backend) and `web-ui` (the demo frontend). 1. If you do not have an AWS account, you can create one by following this guide: [How do I create and activate a new Amazon Web Services account?](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) 2. Log into the [AWS console](https://console.aws.amazon.com/) if you are not already. Note: If you are logged in as an IAM user, ensure your account has permissions to create and manage the necessary resources and components for this application. 3. Deploy the [serverless backend](./serverless/README.md) to your AWS account. The CloudFormation template will automate the deployment process. ## Known issues and limitations * The application is meant for demonstration purposes and **not** for production use. * This application is only tested in the us-west-2 (Oregon) region. Additional regions may be supported depending on service availability. ## About Amazon IVS Amazon Interactive Video Service (Amazon IVS) is a managed live streaming and stream chat solution that is quick and easy to set up, and ideal for creating interactive video experiences. [Learn more](https://aws.amazon.com/ivs/). * [Amazon IVS docs](https://docs.aws.amazon.com/ivs/) * [User Guide](https://docs.aws.amazon.com/ivs/latest/userguide/) * [API Reference](https://docs.aws.amazon.com/ivs/latest/APIReference/) * [Setting Up for Streaming with Amazon Interactive Video Service](https://aws.amazon.com/blogs/media/setting-up-for-streaming-with-amazon-ivs/) * [Learn more about Amazon IVS on IVS.rocks](https://ivs.rocks/) * [View more demos like this](https://ivs.rocks/examples) ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file.

Communication Live Chat & Chatbots

34 Github Stars

Read more

Open Source

amazon-ivs-real-time-collaboration-web-demo

# Amazon IVS Real-time Collaboration Web Demo A demo web application intended as an educational tool to demonstrate how you can build a compelling video collaboration experience powered by [Amazon IVS Real-time](https://docs.aws.amazon.com/ivs/latest/RealTimeUserGuide/what-is.html). This demo uses [AWS Cloud Development Kit](https://aws.amazon.com/cdk/) (AWS CDK v2). <img src="images/app-screenshot.png" alt="A web browser showing the demo application. Webcam videos from multiple participants are shown on screen in a grid formation, with controls for broadcasting, microphone, camera, screen-sharing, settings and leave meeting. A side panel containing a chat conversation is displayed next to the video grid." /> >[!CAUTION] > **Use at Your Own Risk**: This is a code sample designed to help developers get started with Amazon IVS. It is not production-ready and will require additional development work to be suitable for production use. It is **not** intended for production use as-is. Its primary goal is to help developers understand the concepts and capabilities of Amazon IVS. By using this solution, you understand and accept its risks and limitations. **This project is intended to demonstrate Amazon IVS capabilities and should be adapted and optimized for your specific production requirements. Use this code as a foundation for learning and initial development only.** ## 🔗 Quick links - [Deploying the application to AWS](#deploying-the-application-to-aws) - [Prerequisites](#prerequisites) - [Configuration](#configuration) - [Initialization](#initialization) - [Deploy the backend](#deploy-the-backend) - [Deploy the website](#deploy-the-website) - [Running the application locally](#running-the-application-locally) - [Managing the key-pair for participant stage tokens](#managing-the-key-pair-for-participant-stage-tokens) - [Subscribe-only participants architecture (experimental)](#subscribe-only-participants-architecture-experimental) - [Teardown and clean-up](#teardown-and-clean-up) - [About Amazon IVS](#about-amazon-ivs) - [Security](#security) - [License](#license) ## Deploying the application to AWS _IMPORTANT NOTE: Deploying this demo application in your AWS account will create and consume AWS resources, which will cost money._ ### Prerequisites Before continuing, ensure you have installed the following tools: - [AWS CLI Version 2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) - [NodeJS](https://nodejs.org/en/) v20 and `npm` (npm is usually installed with NodeJS) - If you have [node version manager](https://github.com/nvm-sh/nvm) installed, run `nvm use` to sync your node version with this project For configuration specifics, refer to the [AWS CLI User Guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html). ### Configuration Prior to deploying the backend and website CloudFormation stacks to an AWS account, there are a few configurable settings that you have the option of customizing. These settings allow you to tailor the deployment to your specific needs, such as using custom domains, managing SSL certificates, and controlling user sign-up permissions. The configuration options are defined in the following TypeScript interface: ```typescript interface Config { readonly domain?: string; readonly subdomain?: string; readonly certificateAlternativeDomains?: string[] | null; readonly sslCertificateARN?: string | null; readonly allowedSignUpDomains?: string[] | null; } ``` The following table outlines these configurable options in detail: | **Option** | **Type** | **Required** | **Description** | **Example** | | ------------------------------- | ------------------ | ------------ | ---------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | | `domain` | `string` | Yes\* | Specifies the custom domain name for the frontend application deployment. | "example.com" | | `subdomain` | `string` | No | Specifies the custom subdomain name for the frontend application deployment. | "staging" | | `certificateAlternativeDomains` | `string[] \| null` | No | List of additional domains to register under the SSL certificate. Use asterisk (`*`) for wildcard domains. | ["*.example.com", "other.example.com"] | | `sslCertificateARN` | `string \| null` | No | ARN of an existing certificate in Amazon Certificate Manager (must be in `us-east-1` region). | "arn:aws:acm:us-east-1:123456789012:certificate/1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p" | | `allowedSignUpDomains` | `string[] \| null` | No | List of email domains allowed for user account creation. | ["example.com", "company.com"] | \* `domain` is **required** only for custom domain deployments. 1. If `sslCertificateARN` is provided, `certificateAlternativeDomains` will be ignored, and no new SSL certificate will be created during deployment 2. For `allowedSignUpDomains`: - An empty array (`[]`) blocks all user sign-ups - `null` or omitting the property allows all email domains for account creation 3. The SSL certificate created or specified must be in the `us-east-1` region for compatibility with CloudFront distributions 4. Using a wildcard domain (e.g., `*.example.com`) in `certificateAlternativeDomains` is recommended for multi-environment deployments under the same host domain to reuse the same certificate The deployment settings for this application can be customized using the [`infra/cdk.json`](/infra/cdk.json) file. This file allows for both global settings that apply to all deployments and environment-specific settings that override global settings for particular environments. The `cdk.json` file uses the following structure: ```javascript { "global": { // Settings applied to all environments unless overridden }, "test": { // Settings specific to the test environment }, "staging": { // Settings specific to the staging environment }, "production": { // Settings specific to the production environment }, "development": { // Settings specific to the development environment } } ``` Environment-specific settings take precedence over global settings. This allows for fine-grained control over each deployment environment while maintaining common settings across all environments. Here's an expanded example of a deployment configuration: ```json { "global": { "domain": "example.com", "certificateAlternativeDomains": ["*.example.com"], "sslCertificateARN": null, "allowedSignUpDomains": ["example.com", "other-example.com"] }, "test": { "subdomain": "test", "allowedSignUpDomains": null }, "staging": { "subdomain": "staging" }, "production": { "sslCertificateARN": "arn:aws:acm:us-east-1:123456789:certificate/abc-123-xyz-def", "allowedSignUpDomains": ["example.com"] }, "development": { "allowedSignUpDomains": [] } } ``` In this configuration: 1. All environments use `example.com` as the base domain 2. A wildcard SSL certificate is created for `*.example.com`, used by all environments except production 3. The production environment uses a custom SSL certificate 4. Subdomains are specified for test, staging, and development environments 5. Sign-up domains are restricted differently for each environment: - Global: allows sign-ups from `example.com` and `other-example.com` - Test: allows sign-ups from any domain (overrides global setting) - Staging: uses global settings (example.com and other-example.com) - Production: restricts sign-ups to only `example.com` - Development: blocks all sign-ups This configuration demonstrates how to: - Apply common settings across all environments - Override specific settings for individual environments - Use different subdomains for non-production environments - Apply varying levels of sign-up restrictions per environment - Use a custom SSL certificate for the production environment Additional resource-level configuration options can be found in the [`infra/lambdas/constants.ts`](/infra/lambdas/constants.ts) file. These values only pertain to resources created by the Lambda functions, such as Stages and Chat Rooms. ### Initialization Before deploying the backend and website CloudFormation stacks to your AWS account, you need to initialize the application for deployment. This process involves installing dependencies and creating a CDK bootstrap stack. Follow these steps: 1. **Install dependencies and bootstrap the main region:** ```bash npm run deploy:init ``` This command installs the `infra` dependencies and creates a CDK bootstrap stack in your default AWS region if it doesn't already exist. 2. **Bootstrap the us-east-1 region (if needed):** If you plan to create an SSL certificate as part of the website deployment, you must ensure that the `us-east-1` region is also bootstrapped. This is because Amazon CloudFront requires SSL certificates to reside in the `us-east-1` region. To bootstrap the `us-east-1` region, run: ```bash AWS_REGION=us-east-1 npm run deploy:bootstrap ``` Note: If your default region is already `us-east-1`, you can skip this step. **Additional notes** - These initialization steps only need to be completed once per AWS account - If you're deploying to multiple regions, make sure to bootstrap each region you'll be using - The `us-east-1` bootstrap is specifically required for SSL certificate handling with CloudFront, regardless of your primary deployment region - If you encounter any permission-related errors during bootstrapping, ensure that your AWS credentials have the necessary permissions to create resources in the respective regions After completing these initialization steps, your AWS environment will be prepared for deploying the application stacks. You can proceed with the actual deployment process as outlined in the subsequent sections of this README. ### Deploy the backend After completing all deployment prerequisites, you're ready to deploy the backend stack. This step is crucial whether you plan to run the application locally or deploy it through the website stack. The backend stack creates several essential resources in your AWS account: - API Gateway REST API (`MeetingsAPI`) - AppSync GraphQL API (`MessagesAPI`) - DynamoDB Table (for meeting data storage) - Lambda functions - Cognito user pool - SQS FIFO queue - KMS symmetric key - SSM parameter (for public key ARN storage) - Secrets Manager secret value (for private key storage) - AWS Step Functions State Machine - Multiple EventBridge Rules (scheduled and event-driven) To deploy the backend stack, use the command corresponding to your desired application environment: | **Environment** | **Command** | | --------------- | -------------------------------- | | development | `npm run deploy:backend:dev` | | test | `npm run deploy:backend:test` | | staging | `npm run deploy:backend:staging` | | production | `npm run deploy:backend:prod` | **Additional notes** - For local application development, deploy to the `development` environment - The stack outputs, including API endpoints and other configuration details, are automatically retrieved when running the app locally. This is done using the CloudFormation SDK when starting the development server. - No additional frontend configuration is required after deployment, as the necessary information is fetched dynamically ### Deploy the website **Note**: if you only intend to run the application locally and do not plan to host it, you can skip this section and proceed directly to the [Running the Application Locally](#running-the-application-locally) section. **Prerequisite**: you must have successfully deployed the backend stack before proceeding with the website deployment. Once the backend stack is in place, you're ready to deploy the website stack. This stack creates a CloudFront distribution to serve a static Single Page Application (SPA) hosted on Amazon S3. The website deployment process differs slightly depending on the target environment: - For the `development` environment: - The application bundle is deployed to a CloudFront distribution - It's served from the public CloudFront distribution domain only - No custom domain is used - For other environments (`test`, `staging`, `production`): - The deployment can utilize custom domains if configured - SSL certificates are managed as per the configuration settings When deploying to a custom domain without providing an existing SSL certificate: - A separate CloudFormation stack is created in the `us-east-1` region - This stack provisions a DNS certificate in the `us-east-1` region, which is required for CloudFront distributions - The newly created certificate is then imported back into the main website stack **Note**: This additional stack creation only occurs if you've configured a custom domain in your deployment settings and haven't specified an existing `sslCertificateARN`. To deploy the website stack, use the command corresponding to your desired application environment: | **Environment** | **Command** | | --------------- | -------------------------------- | | development | `npm run deploy:website:dev` | | test | `npm run deploy:website:test` | | staging | `npm run deploy:website:staging` | | production | `npm run deploy:website:prod` | **Additional notes** - Ensure that you've properly configured any custom domains or SSL certificates as described in the [Configuration](#configuration) section before deploying to non-development environments - The website deployment process automatically bundles and optimizes your frontend application prior to deployment - After deployment, CDK will output the URL where your application is accessible. For custom domain deployments, it may take some time for DNS changes to propagate - Remember that the website stack depends on the backend stack, so any major changes to the backend might require a redeployment of the website stack as well ## Running the Application Locally Before running the application locally, ensure that you have completed the following prerequisite: **Prerequisite**: [Deploy the backend stack](#deploy-the-backend) to the `development` environment. Once you have the backend infrastructure in place, you can run the application on your local machine for development and testing purposes. This process will start a development server that connects to the deployed backend resources. To run the application locally, run the following command: ```bash npm start ``` This command does the following: - Retrieves the necessary configuration from the CloudFormation stack outputs of the backend stack deployed to the `development` environment - Sets up the development environment with the correct API endpoints, user pool details, and other required configurations - Starts the development server, typically on `http://localhost:3000` (unless configured otherwise) ## Managing the key-pair for participant stage tokens This demo application uses a public/private key-pair to create and verify participant stage tokens. - The application generates an ECDSA public/private key pair - The private key is used to sign JSON Web Tokens (JWTs) on the server - The public key is imported to Amazon IVS for token verification during stage join - For more details, see the [Amazon IVS documentation on distributing tokens](https://docs.aws.amazon.com/ivs/latest/RealTimeUserGuide/getting-started-distribute-tokens.html) While the initial key-pair is created automatically when deploying the backend stack, you may need to rotate these keys periodically or immediately if you suspect the private key has been compromised. To manually rotate the key-pair, run the following command: ```bash npm run rotateKeyPair -- --appEnv {APP_ENV} ``` Replace `{APP_ENV}` with the environment of your deployed backend stack (e.g. `development`, `test`, `staging` or `production`). When you run the key rotation command: 1. A new ECDSA public/private key pair is generated 2. The new public key is imported to IVS 3. The old public key is deleted from IVS 4. The new private key replaces the old one in AWS Secrets Manager 5. The new public key ARN is updated in AWS Systems Manager Parameter Store ## Teardown and clean-up When you're finished with your deployment or want to remove all created resources, you should tear down the stacks to avoid unexpected charges to your AWS account. This process involves destroying both the backend and website stacks, followed by some manual clean-up steps. ### Destroying the Stacks 1. **Destroy the Website Stack** To tear down the website stack, use the following command: ```bash APP_ENV={APP_ENV} npm run destroy:website {STACK_NAME} ``` Replace `{APP_ENV}` with the appropriate environment (e.g., `development`, `test`, `staging`, or `production`). Replace `{STACK_NAME}` with the name of your website stack. **For Custom Domain Deployments:** If you deployed with a custom domain, an additional certificate stack was created in the `us-east-1` region. To destroy both the website and certificate stacks, use: ``` APP_ENV={APP_ENV} npm run destroy:website --all ``` **Important:** Before running this command, you may need to disable termination protection on the certificate stack: 1. Go to the AWS CloudFormation console in the `us-east-1` region 2. Select the certificate stack 3. Choose "Edit termination protection" from the "Stack actions" dropdown 4. Disable termination protection 2. **Destroy the Backend Stack** After the website stack is destroyed, tear down the backend stack using this command: ```bash APP_ENV={APP_ENV} npm run destroy:backend ``` Again, replace `{APP_ENV}` with the appropriate environment. ### Manual Clean-up Steps After destroying the stacks, some resources may still remain and need manual cleanup. These resources don't incur charges when inactive but should be removed for completeness: - **IVS Stages** - **IVS Chat Rooms** - **IVS Imported Public Keys** To perform these clean-up steps: 1. Log in to the AWS Management Console 2. Navigate to the Amazon IVS service 3. Check for and delete any remaining Stages, Chat Rooms, and imported public keys associated with your application ## Subscribe-only participants architecture (experimental) This demo implements a custom-built, experimental architecture that keeps track of subscribe-only participants for each Stage and displays this information in the application. Below is a detailed view of the architecture that makes this experimental feature possible:  ## About Amazon IVS Amazon Interactive Video Service (Amazon IVS) is a managed live streaming and stream chat solution that is quick and easy to set up, and ideal for creating interactive video experiences. [Learn more](https://aws.amazon.com/ivs/). - [Amazon IVS docs](https://docs.aws.amazon.com/ivs/) - [User Guide](https://docs.aws.amazon.com/ivs/latest/userguide/) - [API Reference](https://docs.aws.amazon.com/ivs/latest/APIReference/) - [Setting Up for Streaming with Amazon Interactive Video Service](https://aws.amazon.com/blogs/media/setting-up-for-streaming-with-amazon-ivs/) - [Learn more about Amazon IVS on IVS.rocks](https://ivs.rocks/) - [View more demos like this](https://ivs.rocks/examples) ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the [LICENSE](LICENSE) file.

Communication Web Components & Widgets

15 Github Stars

Read more

Open Source

amazon-ivs-chat-for-android-demo

# Amazon IVS Chat for Android Demo A demo Android phone application intended for use as an educational tool to demonstrate how a simple live video and chat application can be built with Amazon IVS video and chat. <img src="app-screenshot.png" alt="Amazon IVS Chat for Android Demo" /> **This project is intended for education purposes only and not for production usage.** The demo showcases how you can implement a simple live streaming application with video and chat using Amazon IVS. Viewers are asked to enter their name the first time they begin chatting. Chat users can send plain text messages, emojis, and stickers. Chat moderators can delete messages and kick users. ## Prerequisites * The `ApiUrl` from a deployed [Amazon IVS Chat Demo Backend](https://github.com/aws-samples/amazon-ivs-chat-web-demo/tree/main/serverless). ## Setup To open the demo Android app, follow these instructions: 1. Clone this repository to your local machine 2. Open `app/build.gradle` file and set constants for: * Amazon IVS Playback URL `STREAM_URL` * A sample playback url for a 24/7 livestream is pre-filled. You may add a playback url to use a custom livestream in this demo. * Amazon IVS Chat Demo backend endpoint `API_URL` * You must deploy the [Amazon IVS Chat Demo Backend](https://github.com/aws-samples/amazon-ivs-chat-web-demo/tree/main/serverless) to get this value. * The Api URL must end with a trailing slash "/". For example, "https://1234567890.execute-api.REGION.amazonaws.com/Prod/". * Chat room id `CHAT_ROOM_ID` * The ID (or ARN) of the Amazon IVS Chat Room that the app should use. * You must create an Amazon IVS Chat Room to get a chat room ID/ARN. Refer to [Getting Started with Amazon IVS Chat](https://docs.aws.amazon.com/ivs/latest/userguide/getting-started-chat.html) for a detailed guide. 3. Open the constants file at `app/java/com/amazon/ivs/chatdemo/common/Constants.kt` and set constants for: * The AWS region of your chat room `REGION_URL` * This is set to `us-west-2` by default. 4. Build and install the `.apk` on your device / emulator ## Known issues and limitations * The application is meant for demonstration purposes and **not** for production use. * This application is only tested in the us-west-2 (Oregon) region. Additional regions may be supported depending on service availability. ## About Amazon IVS Amazon Interactive Video Service (Amazon IVS) is a managed live streaming and stream chat solution that is quick and easy to set up, and ideal for creating interactive video experiences. [Learn more](https://aws.amazon.com/ivs/). * [Amazon IVS docs](https://docs.aws.amazon.com/ivs/) * [User Guide](https://docs.aws.amazon.com/ivs/latest/userguide/) * [API Reference](https://docs.aws.amazon.com/ivs/latest/APIReference/) * [Setting Up for Streaming with Amazon Interactive Video Service](https://aws.amazon.com/blogs/media/setting-up-for-streaming-with-amazon-ivs/) * [Learn more about Amazon IVS on IVS.rocks](https://ivs.rocks/) * [View more demos like this](https://ivs.rocks/examples) ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file.

Mobile Development Live Chat & Chatbots

13 Github Stars

Read more

Open Source

bedrock-chat

<h1 align="center">Bedrock Chat (BrChat)</h1> <p align="center"> <img src="https://img.shields.io/github/v/release/aws-samples/bedrock-chat?style=flat-square" /> <img src="https://img.shields.io/github/license/aws-samples/bedrock-chat?style=flat-square" /> <img src="https://img.shields.io/github/actions/workflow/status/aws-samples/bedrock-chat/cdk.yml?style=flat-square" /> <a href="https://github.com/aws-samples/bedrock-chat/issues?q=is%3Aissue%20state%3Aopen%20label%3Aroadmap"> <img src="https://img.shields.io/badge/roadmap-view-blue?style=flat-square" /> </a> </p> [English](https://github.com/aws-samples/bedrock-chat/blob/v3/README.md) | [日本語](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_ja-JP.md) | [한국어](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_ko-KR.md) | [中文](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_zh-CN.md) | [Français](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_fr-FR.md) | [Deutsch](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_de-DE.md) | [Español](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_es-ES.md) | [Italian](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_it-IT.md) | [Norsk](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_nb-NO.md) | [ไทย](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_th-TH.md) | [Bahasa Indonesia](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_id-ID.md) | [Bahasa Melayu](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_ms-MY.md) | [Tiếng Việt](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_vi-VN.md) | [Polski](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_pl-PL.md) | [Português Brasil](https://github.com/aws-samples/bedrock-chat/blob/v3/docs/README_pt-BR.md) A multilingual generative AI platform powered by [Amazon Bedrock](https://aws.amazon.com/bedrock/). Supports chat, custom bots with knowledge (RAG), bot sharing via a bot store, and task automation using agents.  > [!Warning] > > **V3 released. To update, please carefully review the [migration guide](./docs/migration/V2_TO_V3.md).** Without any care, **BOTS FROM V2 WILL BECOME UNUSABLE.** ### Bot Personalization / Bot store Add your own instruction and knowledge (a.k.a [RAG](https://aws.amazon.com/what-is/retrieval-augmented-generation/). The bot can be shared among application users via bot store market place. The customized bot also can be published as stand-alone API (See the [detail](./docs/PUBLISH_API.md)). <details> <summary>Screenshots</summary>     You can also import existing [Amazon Bedrock's KnowledgeBase](https://aws.amazon.com/bedrock/knowledge-bases/).  </details> > [!Important] > For governance reasons, only allowed users are able to create customized bots. To allow the creation of customized bots, the user must be a member of group called `CreatingBotAllowed`, which can be set up via the management console > Amazon Cognito User pools or aws cli. Note that the user pool id can be referred by accessing CloudFormation > BedrockChatStack > Outputs > `AuthUserPoolIdxxxx`. ### Multi-Tenant Usage of Knowledge Base In Amazon Bedrock Knowledge Bases, by default, the number of Knowledge Bases that can be created in a single AWS account is limited to 100. To work around this limitation, you can use 'multi-tenant' mode, where a Knowledge Base with common settings is shared among multiple bots, and files uploaded by each bot are filtered by attaching the Bot ID as metadata. Newly created bots will have multi-tenant mode enabled by default. To migrate existing bots to multi-tenant mode, change the bot's knowledge settings to "Create a tenant in a shared Knowledge Base." To migrate multiple bots to multi-tenant mode in bulk, execute commands like the following: ```bash aws dynamodb execute-statement --statement "UPDATE \"$BotTableNameV3\" SET BedrockKnowledgeBase.type='shared' SET SyncStatus='QUEUED' WHERE PK='$UserID' AND SK='BOT#$BotID'" # Execute for all target bots aws stepfunctions start-execution --state-machine-arn $EmbeddingStateMachineArn ``` ### Administrative features API Management, Mark bots as essential, Analyze usage for bots. [detail](./docs/ADMINISTRATOR.md) <details> <summary>Screenshots</summary>    ) </details> ### Agent By using the [Agent functionality](./docs/AGENT.md), your chatbot can automatically handle more complex tasks. For example, to answer a user's question, the Agent can retrieve necessary information from external tools or break down the task into multiple steps for processing. <details> <summary>Screenshots</summary>   </details> ## 🎓Workshop A comprehensive workshop is available [here](https://catalog.us-east-1.prod.workshops.aws/workshops/4bf8d30b-f7c9-440a-a853-9394a41909d2/en-US). <details> <summary>Screenshot</summary>  </details> ## 🚀 Super-easy Deployment - In the us-east-1 region, open [Bedrock Model access](https://us-east-1.console.aws.amazon.com/bedrock/home?region=us-east-1#/modelaccess) > `Manage model access` > Check all of models you wish to use and then `Save changes`. <details> <summary>Screenshot</summary>  </details> ### Supported regions Please make sure that you deploy Bedrock Chat in a region [where OpenSearch Serverless and Ingestion APIs are available](https://docs.aws.amazon.com/general/latest/gr/opensearch-service.html), if you want to use bots and create knowledge bases (OpenSearch Serverless is the default choice). As of August 2025, the following regions are supported: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-south-2, eu-north-1, sa-east-1 For the **bedrock-region** parameter you need to choose a region [where Bedrock is available](https://docs.aws.amazon.com/general/latest/gr/bedrock.html). - Open [CloudShell](https://console.aws.amazon.com/cloudshell/home) at the region where you want to deploy - Run deployment via following commands. If you want to specify the version to deploy or need to apply security policies, please specify the appropriate parameters from [Optional Parameters](#optional-parameters). ```sh git clone https://github.com/aws-samples/bedrock-chat.git cd bedrock-chat chmod +x bin.sh ./bin.sh ``` - You will be asked if a new user or using v3. If you are not a continuing user from v0, please enter `y`. ### Optional Parameters You can specify the following parameters during deployment to enhance security and customization: - **--disable-self-register**: Disable self-registration (default: enabled). If this flag is set, you will need to create all users on cognito and it will not allow users to self register their accounts. - **--enable-lambda-snapstart**: Enable [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) (default: disabled). If this flag is set, improves cold start times for Lambda functions, providing faster response times for better user experience. - **--ipv4-ranges**: Comma-separated list of allowed IPv4 ranges. (default: allow all ipv4 addresses) - **--ipv6-ranges**: Comma-separated list of allowed IPv6 ranges. (default: allow all ipv6 addresses) - **--disable-ipv6**: Disable connections over IPv6. (default: enabled) - **--allowed-signup-email-domains**: Comma-separated list of allowed email domains for sign-up. (default: no domain restriction) - **--bedrock-region**: Define the region where bedrock is available. (default: us-east-1) - **--repo-url**: The custom repo of Bedrock Chat to deploy, if forked or custom source control. (default: https://github.com/aws-samples/bedrock-chat.git) - **--version**: The version of Bedrock Chat to deploy. (default: latest version in development) - **--cdk-json-override**: You can override any CDK context values during deployment using the override JSON block. This allows you to modify the configuration without editing the cdk.json file directly. Example usage: ```bash ./bin.sh --cdk-json-override '{ "context": { "selfSignUpEnabled": false, "enableLambdaSnapStart": true, "allowedIpV4AddressRanges": ["192.168.1.0/24"], "allowedCountries": ["US", "CA"], "allowedSignUpEmailDomains": ["example.com"], "globalAvailableModels": [ "claude-v3.7-sonnet", "claude-v3.5-sonnet", "amazon-nova-pro", "amazon-nova-lite", "llama3-3-70b-instruct" ] } }' ``` The override JSON must follow the same structure as cdk.json. You can override any context values including: - `selfSignUpEnabled` - `enableLambdaSnapStart` - `allowedIpV4AddressRanges` - `allowedIpV6AddressRanges` - `allowedCountries` - `allowedSignUpEmailDomains` - `bedrockRegion` - `enableRagReplicas` - `enableBedrockCrossRegionInference` - `globalAvailableModels`: accepts a list of model IDs to enable. The default value is an empty list, which enables all models. - `logoPath`: relative path to the logo asset within the frontend `public/` directory that appears at the top of the navigation drawer. - And other context values defined in cdk.json > [!Note] > The override values will be merged with the existing cdk.json configuration during the deployment time in the AWS code build. Values specified in the override will take precedence over the values in cdk.json. #### Example command with parameters: ```sh ./bin.sh --disable-self-register --ipv4-ranges "192.0.2.0/25,192.0.2.128/25" --ipv6-ranges "2001:db8:1:2::/64,2001:db8:1:3::/64" --allowed-signup-email-domains "example.com,anotherexample.com" --bedrock-region "us-west-2" --version "v1.2.6" ``` - After about 35 minutes, you will get the following output, which you can access from your browser ``` Frontend URL: https://xxxxxxxxx.cloudfront.net ```  The sign-up screen will appear as shown above, where you can register your email and log in. > [!Important] > Without setting the optional parameter, this deployment method allows anyone who knows the URL to sign up. For production use, it is strongly recommended to add IP address restrictions and disable self-signup to mitigate security risks (you can define allowed-signup-email-domains to restrict users so that only email addresses from your company's domain can sign up). Use both ipv4-ranges and ipv6-ranges for IP address restrictions, and disable self-signup by using disable-self-register when executing ./bin. > [!TIP] > If the `Frontend URL` does not appear or Bedrock Chat does not work properly, it may be a problem with the latest version. In this case, please add `--version "v3.0.0"` to the parameters and try deployment again. ## Architecture It's an architecture built on AWS managed services, eliminating the need for infrastructure management. Utilizing Amazon Bedrock, there's no need to communicate with APIs outside of AWS. This enables deploying scalable, reliable, and secure applications. - [Amazon DynamoDB](https://aws.amazon.com/dynamodb/): NoSQL database for conversation history storage - [Amazon API Gateway](https://aws.amazon.com/api-gateway/) + [AWS Lambda](https://aws.amazon.com/lambda/): Backend API endpoint ([AWS Lambda Web Adapter](https://github.com/awslabs/aws-lambda-web-adapter), [FastAPI](https://fastapi.tiangolo.com/)) - [Amazon CloudFront](https://aws.amazon.com/cloudfront/) + [S3](https://aws.amazon.com/s3/): Frontend application delivery ([React](https://react.dev/), [Tailwind CSS](https://tailwindcss.com/)) - [AWS WAF](https://aws.amazon.com/waf/): IP address restriction - [Amazon Cognito](https://aws.amazon.com/cognito/): User authentication - [Amazon Bedrock](https://aws.amazon.com/bedrock/): Managed service to utilize foundational models via APIs - [Amazon Bedrock Knowledge Bases](https://aws.amazon.com/bedrock/knowledge-bases/): Provides a managed interface for Retrieval-Augmented Generation ([RAG](https://aws.amazon.com/what-is/retrieval-augmented-generation/)), offering services for embedding and parsing documents - [Amazon EventBridge Pipes](https://aws.amazon.com/eventbridge/pipes/): Receiving deletion event of bots from DynamoDB stream and delete CloudFormation stack related to the bot - [AWS Step Functions](https://aws.amazon.com/step-functions/): Orchestrating ingestion pipeline to embed external knowledge into Bedrock Knowledge Bases - [Amazon OpenSearch Serverless](https://aws.amazon.com/opensearch-service/features/serverless/): Serves as the backend database for Bedrock Knowledge Bases, providing full-text search and vector search capabilities, enabling accurate retrieval of relevant information - [Amazon Athena](https://aws.amazon.com/athena/): Query service to analyze S3 bucket  ## Deploy using CDK Super-easy Deployment uses [AWS CodeBuild](https://aws.amazon.com/codebuild/) to perform deployment by CDK internally. This section describes the procedure for deploying directly with CDK. - Please have UNIX, Docker and a Node.js runtime environment. > [!Important] > If there is insufficient storage space in the local environment during deployment, CDK bootstrapping may result in an error. We recommend expanding the volume size of the instance before deploying. - Clone this repository ``` git clone https://github.com/aws-samples/bedrock-chat ``` - Install npm packages ``` cd bedrock-chat cd cdk npm ci ``` - If necessary, edit the following entries in [cdk.json](./cdk/cdk.json). - `bedrockRegion`: Region where Bedrock is available. **NOTE: Bedrock does NOT support all regions for now.** - `allowedIpV4AddressRanges`, `allowedIpV6AddressRanges`: Allowed IP Address range. - `enableLambdaSnapStart`: Defaults to true. Set to false if deploying to a [region that doesn't support Lambda SnapStart for Python functions](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html#snapstart-supported-regions). - `globalAvailableModels`: Defaults to all. If set (list of model IDs), allows to globally control which models appear in dropdown menus across chats for all users and during bot creation in the Bedrock Chat application. - `logoPath`: Relative path under `frontend/public` that points to the image displayed at the top of the application drawer. The following model IDs are supported (please make sure that they are also enabled in the Bedrock console under Model access in your deployment region): - **Claude Models:** `claude-v4-opus`, `claude-v4.1-opus`, `claude-v4.5-opus`, `claude-v4.6-opus`, `claude-v4-sonnet`, `claude-v4.5-sonnet`, `claude-v4.6-sonnet`, `claude-v3.5-sonnet`, `claude-v3.5-sonnet-v2`, `claude-v3.7-sonnet`, `claude-v3.5-haiku`, `claude-v3-haiku`, `claude-v3-opus` - **Amazon Nova Models:** `amazon-nova-pro`, `amazon-nova-lite`, `amazon-nova-micro` - **Mistral Models:** `mistral-7b-instruct`, `mixtral-8x7b-instruct`, `mistral-large`, `mistral-large-2` - **DeepSeek Models:** `deepseek-r1` - **Meta Llama Models:** `llama3-3-70b-instruct`, `llama3-2-1b-instruct`, `llama3-2-3b-instruct`, `llama3-2-11b-instruct`, `llama3-2-90b-instruct` The full list can be found in [index.ts](./frontend/src/constants/index.ts). - Before deploying the CDK, you will need to work with Bootstrap once for the region you are deploying to. ``` npx cdk bootstrap ``` - Deploy this sample project ``` npx cdk deploy --require-approval never --all ``` - You will get output similar to the following. The URL of the web app will be output in `BedrockChatStack.FrontendURL`, so please access it from your browser. ```sh ✅ BedrockChatStack ✨ Deployment time: 78.57s Outputs: BedrockChatStack.AuthUserPoolClientIdXXXXX = xxxxxxx BedrockChatStack.AuthUserPoolIdXXXXXX = ap-northeast-1_XXXX BedrockChatStack.BackendApiBackendApiUrlXXXXX = https://xxxxx.execute-api.ap-northeast-1.amazonaws.com BedrockChatStack.FrontendURL = https://xxxxx.cloudfront.net ``` ### Defining Parameters You can define parameters for your deployment in two ways: using `cdk.json` or using the type-safe `parameter.ts` file. #### Using cdk.json (Traditional Method) The traditional way to configure parameters is by editing the `cdk.json` file. This approach is simple but lacks type checking: ```json { "app": "npx ts-node --prefer-ts-exts bin/bedrock-chat.ts", "context": { "bedrockRegion": "us-east-1", "allowedIpV4AddressRanges": ["0.0.0.0/1", "128.0.0.0/1"], "selfSignUpEnabled": true, "globalAvailableModels": [ "claude-v3.7-sonnet", "claude-v3.5-sonnet", "amazon-nova-pro", "amazon-nova-lite", "llama3-3-70b-instruct" ] } } ``` #### Using parameter.ts (Recommended Type-Safe Method) For better type safety and developer experience, you can use the `parameter.ts` file to define your parameters: ```typescript // Define parameters for the default environment bedrockChatParams.set("default", { bedrockRegion: "us-east-1", allowedIpV4AddressRanges: ["192.168.0.0/16"], selfSignUpEnabled: true, globalAvailableModels: [ "claude-v3.7-sonnet", "claude-v3.5-sonnet", "amazon-nova-pro", "amazon-nova-lite", "llama3-3-70b-instruct", ], }); // Define parameters for additional environments bedrockChatParams.set("dev", { bedrockRegion: "us-west-2", allowedIpV4AddressRanges: ["10.0.0.0/8"], enableRagReplicas: false, // Cost-saving for dev environment enableBotStoreReplicas: false, // Cost-saving for dev environment }); bedrockChatParams.set("prod", { bedrockRegion: "us-east-1", allowedIpV4AddressRanges: ["172.16.0.0/12"], enableLambdaSnapStart: true, enableRagReplicas: true, // Enhanced availability for production enableBotStoreReplicas: true, // Enhanced availability for production }); ``` > [!Note] > Existing users can continue using `cdk.json` without any changes. The `parameter.ts` approach is recommended for new deployments or when you need to manage multiple environments. ### Deploying Multiple Environments You can deploy multiple environments from the same codebase using the `parameter.ts` file and the `-c envName` option. #### Prerequisites 1. Define your environments in `parameter.ts` as shown above 2. Each environment will have its own set of resources with environment-specific prefixes #### Deployment Commands To deploy a specific environment: ```bash # Deploy the dev environment npx cdk deploy --all -c envName=dev # Deploy the prod environment npx cdk deploy --all -c envName=prod ``` If no environment is specified, the "default" environment is used: ```bash # Deploy the default environment npx cdk deploy --all ``` #### Important Notes 1. **Stack Naming**: - The main stacks for each environment will be prefixed with the environment name (e.g., `dev-BedrockChatStack`, `prod-BedrockChatStack`) - However, custom bot stacks (`BrChatKbStack*`) and API publishing stacks (`ApiPublishmentStack*`) do not receive environment prefixes as they are created dynamically at runtime 2. **Resource Naming**: - Only some resources receive environment prefixes in their names (e.g., `dev_ddb_export` table, `dev-FrontendWebAcl`) - Most resources maintain their original names but are isolated by being in different stacks 3. **Environment Identification**: - All resources are tagged with a `CDKEnvironment` tag containing the environment name - You can use this tag to identify which environment a resource belongs to - Example: `CDKEnvironment: dev` or `CDKEnvironment: prod` 4. **Default Environment Override**: If you define a "default" environment in `parameter.ts`, it will override the settings in `cdk.json`. To continue using `cdk.json`, don't define a "default" environment in `parameter.ts`. 5. **Environment Requirements**: To create environments other than "default", you must use `parameter.ts`. The `-c envName` option alone is not sufficient without corresponding environment definitions. 6. **Resource Isolation**: Each environment creates its own set of resources, allowing you to have development, testing, and production environments in the same AWS account without conflicts. ## Others You can define parameters for your deployment in two ways: using `cdk.json` or using the type-safe `parameter.ts` file. #### Using cdk.json (Traditional Method) The traditional way to configure parameters is by editing the `cdk.json` file. This approach is simple but lacks type checking: ```json { "app": "npx ts-node --prefer-ts-exts bin/bedrock-chat.ts", "context": { "bedrockRegion": "us-east-1", "allowedIpV4AddressRanges": ["0.0.0.0/1", "128.0.0.0/1"], "selfSignUpEnabled": true } } ``` #### Using parameter.ts (Recommended Type-Safe Method) For better type safety and developer experience, you can use the `parameter.ts` file to define your parameters: ```typescript // Define parameters for the default environment bedrockChatParams.set("default", { bedrockRegion: "us-east-1", allowedIpV4AddressRanges: ["192.168.0.0/16"], selfSignUpEnabled: true, }); // Define parameters for additional environments bedrockChatParams.set("dev", { bedrockRegion: "us-west-2", allowedIpV4AddressRanges: ["10.0.0.0/8"], enableRagReplicas: false, // Cost-saving for dev environment }); bedrockChatParams.set("prod", { bedrockRegion: "us-east-1", allowedIpV4AddressRanges: ["172.16.0.0/12"], enableLambdaSnapStart: true, enableRagReplicas: true, // Enhanced availability for production }); ``` > [!Note] > Existing users can continue using `cdk.json` without any changes. The `parameter.ts` approach is recommended for new deployments or when you need to manage multiple environments. ### Deploying Multiple Environments You can deploy multiple environments from the same codebase using the `parameter.ts` file and the `-c envName` option. #### Prerequisites 1. Define your environments in `parameter.ts` as shown above 2. Each environment will have its own set of resources with environment-specific prefixes #### Deployment Commands To deploy a specific environment: ```bash # Deploy the dev environment npx cdk deploy --all -c envName=dev # Deploy the prod environment npx cdk deploy --all -c envName=prod ``` If no environment is specified, the "default" environment is used: ```bash # Deploy the default environment npx cdk deploy --all ``` #### Important Notes 1. **Stack Naming**: - The main stacks for each environment will be prefixed with the environment name (e.g., `dev-BedrockChatStack`, `prod-BedrockChatStack`) - However, custom bot stacks (`BrChatKbStack*`) and API publishing stacks (`ApiPublishmentStack*`) do not receive environment prefixes as they are created dynamically at runtime 2. **Resource Naming**: - Only some resources receive environment prefixes in their names (e.g., `dev_ddb_export` table, `dev-FrontendWebAcl`) - Most resources maintain their original names but are isolated by being in different stacks 3. **Environment Identification**: - All resources are tagged with a `CDKEnvironment` tag containing the environment name - You can use this tag to identify which environment a resource belongs to - Example: `CDKEnvironment: dev` or `CDKEnvironment: prod` 4. **Default Environment Override**: If you define a "default" environment in `parameter.ts`, it will override the settings in `cdk.json`. To continue using `cdk.json`, don't define a "default" environment in `parameter.ts`. 5. **Environment Requirements**: To create environments other than "default", you must use `parameter.ts`. The `-c envName` option alone is not sufficient without corresponding environment definitions. 6. **Resource Isolation**: Each environment creates its own set of resources, allowing you to have development, testing, and production environments in the same AWS account without conflicts. ## Others ### Remove resources If using cli and CDK, please `npx cdk destroy`. If not, access [CloudFormation](https://console.aws.amazon.com/cloudformation/home) and then delete `BedrockChatStack` and `FrontendWafStack` manually. Please note that `FrontendWafStack` is in `us-east-1` region. ### Language Settings This asset automatically detects the language using [i18next-browser-languageDetector](https://github.com/i18next/i18next-browser-languageDetector). You can switch languages from the application menu. Alternatively, you can use Query String to set the language as shown below. > `https://example.com?lng=ja` ### Disable self sign up This sample has self sign up enabled by default. To disable self sign up, open [cdk.json](./cdk/cdk.json) and switch `selfSignUpEnabled` as `false`. If you configure [external identity provider](#external-identity-provider), the value will be ignored and automatically disabled. ### Restrict Domains for Sign-Up Email Addresses By default, this sample does not restrict the domains for sign-up email addresses. To allow sign-ups only from specific domains, open `cdk.json` and specify the domains as a list in `allowedSignUpEmailDomains`. ```ts "allowedSignUpEmailDomains": ["example.com"], ``` ### External Identity Provider This sample supports external identity provider. Currently we support [Google](./docs/idp/SET_UP_GOOGLE.md) and [custom OIDC provider](./docs/idp/SET_UP_CUSTOM_OIDC.md). ### Optional Frontend WAF For CloudFront distributions, AWS WAF WebACLs must be created in the us-east-1 region. In some organizations, creating resources outside the primary region is restricted by policy. In such environments, CDK deployment can fail when attempting to provision the Frontend WAF in us-east-1. To accommodate these restrictions, the Frontend WAF stack is optional. When disabled, the CloudFront distribution is deployed without a WebACL. This means you won’t have IP allow/deny controls at the frontend edge. Authentication and all other application controls continue to work as usual. Note that this setting only affects the Frontend WAF (CloudFront scope); the Published API WAF (regional) remains unaffected. To disable the Frontend WAF set the following in `parameter.ts` (Recommended Type-Safe Method): ```ts bedrockChatParams.set("default", { enableFrontendWaf: false, }); ``` Or if using the legacy `cdk/cdk.json` set the following: ```json "enableFrontendWaf": false ``` ### Add new users to groups automatically This sample has the following groups to give permissions to users: - [`Admin`](./docs/ADMINISTRATOR.md) - [`CreatingBotAllowed`](#bot-personalization) - [`PublishAllowed`](./docs/PUBLISH_API.md) If you want newly created users to automatically join groups, you can specify them in [cdk.json](./cdk/cdk.json). ```json "autoJoinUserGroups": ["CreatingBotAllowed"], ``` By default, newly created users will be joined to the `CreatingBotAllowed` group. ### Configure RAG Replicas `enableRagReplicas` is an option in [cdk.json](./cdk/cdk.json) that controls the replica settings for the RAG database, specifically the Knowledge Bases using Amazon OpenSearch Serverless. - **Default**: true - **true**: Enhances availability by enabling additional replicas, making it suitable for production environments but increasing costs. - **false**: Reduces costs by using fewer replicas, making it suitable for development and testing. This is an account/region-level setting, affecting the entire application rather than individual bots. > [!Note] > As of June 2024, Amazon OpenSearch Serverless supports 0.5 OCU, lowering entry costs for small-scale workloads. Production deployments can start with 2 OCUs, while dev/test workloads can use 1 OCU. OpenSearch Serverless automatically scales based on workload demands. For more detail, visit [announcement](https://aws.amazon.com/jp/about-aws/whats-new/2024/06/amazon-opensearch-serverless-entry-cost-half-collection-types/). ### Configure Bot Store The bot store feature allows users to share and discover custom bots. You can configure the bot store through the following settings in [cdk.json](./cdk/cdk.json): ```json { "context": { "enableBotStore": true, "enableBotStoreReplicas": false, "botStoreLanguage": "en" } } ``` - **enableBotStore**: Controls whether the bot store feature is enabled (default: `true`) - **botStoreLanguage**: Sets the primary language for bot search and discovery (default: `"en"`). This affects how bots are indexed and searched in the bot store, optimizing text analysis for the specified language. - **enableBotStoreReplicas**: Controls whether standby replicas are enabled for the OpenSearch Serverless collection used by bot store (default: `false`). Setting it to `true` improves availability but increases costs, while `false` reduces costs but may affect availability. > **Important**: You can't update this property after the collection is already created. If you attempt to modify this property, the collection continues to use the original value. ### Cross-region and Global inference [Cross-region and Global inference](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-profiles-support.html) allows Amazon Bedrock to dynamically route model inference requests across multiple AWS regions, enhancing throughput and resilience during peak demand periods. Global inference routes the requests to the optimal region based on latency and availability anywhere in the world, while cross-region inference routes requests within the same AWS region, for example, within the US. Some SCPs may restrict on or the other or both and therefore you can configure them independently. By default both are enabled. To configure change the following settings in `cdk.json` or `parameters.ts`: ```json "enableBedrockGlobalInference": false, "enableBedrockCrossRegionInference": false, ``` ### Configure Default Models By default, the application uses `claude-v3.7-sonnet` as the default model for new chat conversations and `claude-v3-haiku` for generating conversation titles. However, some AWS accounts may not have access to these specific models, or you may prefer to use different models as defaults. You can configure the default models using the following parameters in `parameter.ts`: ```typescript bedrockChatParams.set("default", { // Model selected by default when users start a new chat defaultModel: "claude-v3.7-sonnet", // Model used for generating conversation titles (cost optimization) titleModel: "claude-v3-haiku", }); ``` - **defaultModel** (optional): The model pre-selected in the chat UI when users start a new conversation. If not set, defaults to `claude-v3.7-sonnet`. - **titleModel** (optional): The model used to automatically generate conversation titles. If not set, falls back to `defaultModel`, then to `claude-v3-haiku`. **When to configure these settings:** - Your AWS account doesn't have access to the default models (`claude-v3.7-sonnet` or `claude-v3-haiku`) - You want to use a different model as the default for your users - You want to optimize costs by using a cheaper model (like `claude-v3-haiku` or `amazon-nova-lite`) for title generation - You want to use the same model for both chat and title generation for consistency > [!Note] > The `titleModel` is only used internally for generating short conversation titles. Using a smaller, cheaper model for this purpose is recommended as it reduces costs without affecting the user's chat experience. ### Lambda SnapStart [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) improves cold start times for Lambda functions, providing faster response times for better user experience. On the other hand, for Python functions, there is a [charge depending on cache size](https://aws.amazon.com/lambda/pricing/#SnapStart_Pricing) and [not available in some regions](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html#snapstart-supported-regions) currently. To disable SnapStart, edit `cdk.json`. ```json "enableLambdaSnapStart": false ``` ### Configure Custom Domain You can configure a custom domain for the CloudFront distribution by setting the following parameters in [cdk.json](./cdk/cdk.json): ```json { "alternateDomainName": "chat.example.com", "hostedZoneId": "Z0123456789ABCDEF" } ``` - `alternateDomainName`: The custom domain name for your chat application (e.g., chat.example.com) - `hostedZoneId`: The ID of your Route 53 hosted zone where the domain records will be created When these parameters are provided, the deployment will automatically: - Create an ACM certificate with DNS validation in us-east-1 region - Create the necessary DNS records in your Route 53 hosted zone - Configure CloudFront to use your custom domain > [!Note] > The domain must be managed by Route 53 in your AWS account. The hosted zone ID can be found in the Route 53 console. ### Configure allowed countries (geo restriction) You can restrict access to Bedrock-Chat based on the country the client is accessing it from. Use the `allowedCountries` parameter in [cdk.json](./cdk/cdk.json) which takes a list of [ISO-3166 Country Codes](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). For example a New Zealand based business may decide that only IP addresses from New Zealand (NZ) and Australia (AU) can access the portal and everyone else should be denied access. To configure this behaviour use the following setting in [cdk.json](./cdk/cdk.json): ```json { "allowedCountries": ["NZ", "AU"] } ``` Or, using `parameter.ts` (Recommended Type-Safe Method): ```ts // Define parameters for the default environment bedrockChatParams.set("default", { allowedCountries: ["NZ", "AU"], }); ``` ### Disable IPv6 support The frontend gets both IP and IPv6 addresses by default. In some rare circumstances, you may need to disable IPv6 support explicitly. To do this, set the following parameter in [parameter.ts](./cdk/parameter.ts) or similarly in [cdk.json](./cdk/cdk.json): ```ts "enableFrontendIpv6": false ``` If left unset the IPv6 support will be enabled by default. ### Local Development See [LOCAL DEVELOPMENT](./docs/LOCAL_DEVELOPMENT.md). ### Contribution Thank you for considering contributing to this repository! We welcome bug fixes, language translations (i18n), feature enhancements, [agent tools](./docs/AGENT.md#how-to-develop-your-own-tools), and other improvements. For feature enhancements and other improvements, **before creating a Pull Request, we would greatly appreciate it if you could create a Feature Request Issue to discuss the implementation approach and details. For bug fixes and language translations (i18n), proceed with creating a Pull Request directly.** Please also take a look at the following guidelines before contributing: - [Local Development](./docs/LOCAL_DEVELOPMENT.md) - [CONTRIBUTING](./CONTRIBUTING.md) ## Contacts - [Takehiro Suzuki](https://github.com/statefb) - [Yusuke Wada](https://github.com/wadabee) - [Yukinobu Mine](https://github.com/Yukinobu-Mine) ## 🏆 Significant Contributors - [fsatsuki](https://github.com/fsatsuki) - [k70suK3-k06a7ash1](https://github.com/k70suK3-k06a7ash1) ## Contributors [](https://github.com/aws-samples/bedrock-chat/graphs/contributors) ## License This library is licensed under the MIT-0 License. See [the LICENSE file](./LICENSE).

Developer Tools LLM Tools & Chat UIs

1.3K Github Stars

Read more

Open Source

sample-serverless-digital-asset-payments

# Processing Digital Asset Payments on AWS **Authored by: Simon Goldberg and David Dornseifer** This solution supports native (i.e ETH) and ERC20 token payments on _any_ EVM-compatible blockchain with automated payment detection and fund sweeping capabilities. > **Note:** Looking for non-EVM support? Check out the > [Solana](non-evm-deployments/solana/) or [Sui](non-evm-deployments/sui/) > implementations. ## Table of Contents - [Architecture](#architecture) - [Deployment](#deployment) - [Prerequisites](#prerequisites) - [Quick Start](#quick-start--automated-installation) - [Manual Installation](#manual-installation) - [Using the Payment System](#using-the-payment-system) - [API Reference](#api-reference) - [Development and Testing](#development-and-testing) - [Clean Up](#clean-up-instructions) - [Troubleshooting](#troubleshooting) ## Architecture  ### Payment Flow Overview The numbers of each of the steps in the payment flow correspond with the numbers in the architecture diagram above. 1. **Invoice Creation** - Merchant creates an invoice via the `/create-invoice` REST API (Amazon API Gateway). 2. **Fetch seed phrase** - The Invoice Generator Lambda is triggered and retrieves the mnemonic from AWS Secrets Manager. 3. **Increment atomic counter** - An atomic counter is incremented in DynamoDB. This is used to deterministically derive a new HD wallet address. 4. **Invoice Storage** - The Lambda creates a new invoice with payment `status: pending` and stores it in DynamoDB. 5. **QR Code Delivery** - A QR code containing the target address, currency, and amount is generated and returned to the merchant for sharing with the customer. 6. **Payment Monitoring** - A watcher Lambda, triggered every minute via EventBridge, fetches all pending invoices and checks for payments via the RPC endpoint. Paid invoices are updated accordingly. 7. **Payment Confirmation** - The watcher Lambda can send payment confirmations via Amazon SNS, which can trigger email notifications or push updates. 8. **Sweeper Trigger** - When a payment is detected, a DynamoDB Stream event triggers the Sweeper Lambda process. 9. **Gas Top-up** - The Sweeper calculates required gas and sends additional native gas tokens to an invoice's address if necessary (ie for ERC20 invoices). 10. **Sweeping Funds** - Once sufficient gas is available to make a transaction, funds are "swept" to the offline treasury wallet. The invoice is then marked as swept. 11. **Invoice Management** - Merchants can manage invoices (view status, update payments) via REST endpoints exposed by API Gateway. ### Technical Payment Flow  ## Deployment ### Prerequisites To deploy this solution, complete the following prerequisite steps to set up your environment: 1. AWS Account 2. Node.js 18.x or later. 3. AWS CDK CLI installed (npm install -g aws-cdk) 4. Ethereum or EVM-compatible node access (Infura or similar) ### Clone the Repository and Install Dependencies Run the following commands to clone the GitHub repo: ```bash git clone https://github.com/aws-samples/sample-serverless-digital-asset-payments.git && cd sample-serverless-digital-asset-payments ``` ### Configure Environment Variables For straightforward deployment and to support the development or extension of this payment solution, parameters are sourced from an `.env` file during deployment. Copy the sample configuration: ```bash cp .env-sample .env ``` Update the `.env` file with the following values: - `RPC_URL`: The HTTPS RPC URL for your blockchain network (for example, Ethereum) - `TREASURY_PUBLIC_ADDRESS`: The cold storage wallet address where collected funds will be automatically transferred (swept). This should be a secure wallet, such as a hardware wallet (e.g., Ledger, Trezor), to ensure maximum security for your accumulated funds. - `HOT_WALLET_PK`: A funded wallet used to cover gas payments for sweeping operations. The key must be provided as a 64-character representation, for example as exported from a development or test MetaMask wallet. Make sure this wallet holds enough native tokens (ETH) to cover transaction fees. You can obtain testnet ether from a faucet. - `PAYER_PRIVATE_KEY`: Test payer private key (optional variable for execute_payment script) ### Quick Start - Automated Installation For complete automated setup: ```bash # 1. Make sure you have copied and configured your .env file # 2. Run the complete setup npm run setup ``` This script handles all installation, deployment, and configuration steps automatically. **Ready to test?** [Use the payment system](#using-the-payment-system) ### Manual Installation If you prefer to set up manually: 1. **Install dependencies:** ```bash npm install ``` 2. **Deploy the CDK stack:** ```bash cdk deploy ``` 3. **Generate and store secrets:** ```bash npm run setup-secrets ``` The script will securely store the following: - The generated seed phrase (for deterministic address generation) - The hot wallet private key you defined in your .env file Both values are encrypted and stored in Secrets Manager. 4. **Set up payment notifications (Optional):** To receive email alerts when payments are detected or errors with sweeping occur, complete the following steps: - Navigate to AWS Console → SNS topic created by the stack - Click "Create subscription" → Select "Email" protocol - Enter your email address and confirm subscription - Open your inbox and choose the confirmation link to activate the subscription Optionally, you can integrate Slack, Lambda consumers, or webhooks as needed. ## Using the Payment System ### Create a Test Invoice and Send a Payment Now that the crypto invoice system is deployed, you can test it by creating an invoice and making a payment. First, retrieve the API Gateway URL and API key from the deployed stack and expose these values as environment variables: ```bash export STACK_NAME="CryptoInvoiceStack" export API_URL=$(aws cloudformation describe-stacks --stack-name "$STACK_NAME" \ --query "Stacks[0].Outputs[?OutputKey=='InvoiceApiBaseUrl'].OutputValue" --output text) export API_KEY_ID=$(aws cloudformation describe-stacks --stack-name "$STACK_NAME" \ --query "Stacks[0].Outputs[?OutputKey=='InvoiceApiKeyId'].OutputValue" --output text) export API_KEY=$(aws apigateway get-api-key --api-key "$API_KEY_ID" --include-value \ --query 'value' --output text 2>/dev/null) echo "API URL: $API_URL" ``` Make a request to your API Gateway endpoint and create a sample invoice. For example, the following curl request creates a $5 USDC invoice on Ethereum's Sepolia testnet: ```bash curl -X POST "${API_URL}generateInvoice" \ -H "Content-Type: application/json" \ -H "X-API-Key: $API_KEY" \ -d '{ "currency": "ERC20", "tokenAddress": "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238", "tokenSymbol": "USDC", "amount": "5.00", "decimals": 6 }' ``` You will receive a unique deposit address and a representation of a QR code in the response: ```json { "invoiceId": "524dd9e8-82c3-4f70-8540-74c693111dbe", "address": "0x...", "index": "number", "qrcodeBase64": "string" } ``` The QR code is returned as a Base64-encoded Data URL, which can be directly embedded in HTML. This format allows you to use it as the src attribute of an `<img>` tag without additional processing. You can also enter the qrcodeBase64 value into your web browser's address bar to display the image. The following code shows an example of how to extract the QR code from the invoice generator's response and save it in an HTML file: ```bash RESPONSE='{ ... your JSON Invoice response here ... }' echo "$RESPONSE" | jq -r '.qrcodeBase64' | awk '{ print "<img src=\"" $0 "\">" }' > qrcode.html ``` Open `qrcode.html` in your browser to view the QR code. ### Send Testnet USDC Send testnet USDC to the invoice's address to trigger the payment flow. You can obtain testnet USDC for Ethereum Sepolia through [Circle's Testnet Faucet](https://faucet.circle.com/). ### Request a Specific Invoice To request a specific invoice, replace the {invoiceID} placeholder with the invoiceId value received earlier: ```bash curl -X GET "${API_URL}invoices/{invoiceId}" \ -H "X-API-Key: $API_KEY" ``` You will receive a result similar to the following: ```json { "currency": "ETH", "tokenAddress": null, "path": "m/44'/60'/0'/0/8", "sweptAt": "2025-07-07T15:50:40.245Z", "status": "swept", "tokenSymbol": "ETH", "amount": "0.00001", "createdAt": "2025-07-07T15:49:41.981Z", "address": "0xF67e4b8078d837822b8E602F12af76B228a0c1f5", "invoiceId": "ed4880c6-ae2f-4400-ac45-9c263e109caf", "paidAt": "2025-07-07T15:50:07.551Z" } ``` The status field of an invoice will change throughout the transaction lifecycle: - `pending`: Invoice created, awaiting payment - `paid`: Payment detected and confirmed - `swept`: Funds successfully transferred to treasury wallet After it's marked as swept, you can verify that the balance of the paid invoice appears in the cold wallet balance to confirm the successful transfer of funds. ## API Reference ### Generate Invoice Endpoint **POST** `/generateInvoice` **Headers:** - Content-Type: application/json - X-API-Key: `<your-api-key>` (Get your API Key from AWS Console → API Gateway → API Keys) **Request Body Parameters:** - `currency` (required): "ETH" or "ERC20" - `amount` (required): Payment amount as string - `tokenAddress` (required for ERC20): Contract address - `tokenSymbol` (required for ERC20): Token symbol - `decimals` (required for ERC20): Token decimals **Retrieving API Endpoint and Key:** Use the environment variables set up in the usage section above (`$API_URL` and `$API_KEY`). **Example Requests:** 1. ERC20 Token Invoice (Sepolia Testnet): ```bash curl -X POST "${API_URL}generateInvoice" \ -H "Content-Type: application/json" \ -H "X-API-Key: $API_KEY" \ -d '{ "currency": "ERC20", "tokenAddress": "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238", "tokenSymbol": "USDC", "amount": "5.00", "decimals": 6 }' ``` 2. Native ETH Invoice: ```bash curl -X POST "${API_URL}generateInvoice" \ -H "Content-Type: application/json" \ -H "X-API-Key: $API_KEY" \ -d '{ "currency": "ETH", "amount": "0.01" }' ``` **Response:** ```json { "invoiceId": "uuid", "address": "0x...", "index": "number", "qrcodeBase64": "string" } ``` After creating an invoice, payment must be sent to the designated invoice address to initiate the payment process. **Security Note:** For production environments, do not accept `tokenAddress` and `decimals` directly from the client-side. Maintain a pre-approved list of tokens on the server/admin side to prevent security risks from spoofed contract addresses. ### Invoice Management API Additional endpoints for invoice administration: - **GET** `/invoices` - Get all invoices (with optional status filtering and pagination) - **GET** `/invoices/{invoiceId}` - Get specific invoice details - **PUT** `/invoices/{invoiceId}` - Update invoice status (limited to security-safe operations) - **DELETE** `/invoices/{invoiceId}` - Delete pending invoices **Query Parameters for GET /invoices:** - `status` (optional): Filter by invoice status (`pending`, `paid`, `swept`, `cancelled`) - `limit` (optional): Number of invoices to return (default: 50, max: 100) - `lastKey` (optional): Pagination key for retrieving next page **Status Update Rules:** - `pending` ↔ `cancelled` (bidirectional for unpaid invoices) - `paid` and `swept` statuses are **immutable** to prevent payment manipulation **Example Requests:** ```bash # Get all pending invoices curl -X GET "${API_URL}invoices?status=pending" \ -H "X-API-Key: $API_KEY" # Cancel a pending invoice curl -X PUT "${API_URL}invoices/{invoiceId}" \ -H "Content-Type: application/json" \ -H "X-API-Key: $API_KEY" \ -d '{"status": "cancelled"}' # Delete a pending invoice curl -X DELETE "${API_URL}invoices/{invoiceId}" \ -H "X-API-Key: $API_KEY" ``` ## Development and Testing **Prerequisites for testing:** - Deployed CDK stack - Test wallet with testnet funds - `jq`, `bc`,`curl` and `eth-cli` installed ### Integration Test Features 1. **`npm run setup`**: Complete deployment with prerequisite checks 2. **`npm run test-invoice-management`**: API endpoint testing 3. **`npm run execute-payment`**: End-to-end payment execution with gas optimization ## Clean Up Instructions To avoid incurring unnecessary charges: 1. **Delete the CDK stack:** ```bash cdk destroy ``` 2. **Clean up local files:** ```bash rm -rf node_modules/ cdk.out/ ``` ## Troubleshooting ### Common Issues 1. **Invoice Generation Fails:** - Verify seed phrase is stored in Secrets Manager (`npm run setup-secrets`) - Check RPC_URL configuration - Review Lambda function logs in CloudWatch 2. **Payments Not Detected:** - Ensure Watcher function is running - Verify RPC node connectivity - Wait 1-2 minutes for detection cycle 3. **Sweeping Issues:** - Check hot wallet has sufficient ETH for gas - Verify treasury address configuration - Monitor Sweeper function logs - If there is an error and an invoice gets stuck in the "paid" state, navigate to the CryptoInvoices DynamoDB Table in the AWS Console and change the status of the invoice back to "pending". Then, change it back to "paid". This state transition will reinvoke the Sweeper function. 4. **API Authentication:** - Retrieve API key from AWS Console → API Gateway → API Keys - Or use AWS CLI: `aws apigateway get-api-key --api-key <api-key-id> --include-value` 5. **Testing Issues:** - Ensure test wallet has sufficient testnet funds - Verify all required tools are installed (`jq`, `bc`, `curl`) - Check environment variables are properly configured ## Security See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. ## License This library is licensed under the MIT-0 License. See the LICENSE file.

Crypto & Blockchain Payment & Checkout

22 Github Stars

Read more