diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/README.md b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/README.md index fe36950d1cdb0..eb8b0c6ba6081 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/README.md +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/README.md @@ -80,6 +80,7 @@ This construct library facilitates the deployment of Bedrock AgentCore primitive - [Creating a Runtime](#creating-a-runtime) - [Option 1: Use an existing image in ECR](#option-1-use-an-existing-image-in-ecr) - [Option 2: Use a local asset](#option-2-use-a-local-asset) + - [Option 3: Use direct code deployment](#option-3-use-direct-code-deployment) - [Granting Permissions to Invoke Bedrock Models or Inference Profiles](#granting-permissions-to-invoke-bedrock-models-or-inference-profiles) - [Runtime Versioning](#runtime-versioning) - [Managing Endpoints and Versions](#managing-endpoints-and-versions) @@ -163,6 +164,8 @@ to production by simply updating the endpoint to point to the newer version. | `authorizerConfiguration` | `RuntimeAuthorizerConfiguration` | No | Authorizer configuration for the agent runtime. Use `RuntimeAuthorizerConfiguration` static methods to create configurations for IAM, Cognito, JWT, or OAuth authentication | | `environmentVariables` | `{ [key: string]: string }` | No | Environment variables for the agent runtime. Maximum 50 environment variables | | `tags` | `{ [key: string]: string }` | No | Tags for the agent runtime. A list of key:value pairs of tags to apply to this Runtime resource | +| `lifecycleConfiguration` | LifecycleConfiguration | No | The life cycle configuration for the AgentCore Runtime. Defaults to 900 seconds (15 minutes) for idle, 28800 seconds (8 hours) for max life time | +| `requestHeaderConfiguration` | RequestHeaderConfiguration | No | Configuration for HTTP request headers that will be passed through to the runtime. Defaults to no configuration | ### Runtime Endpoint Properties @@ -180,7 +183,7 @@ to production by simply updating the endpoint to point to the newer version. Reference an image available within ECR. -```typescript +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -201,7 +204,7 @@ Reference a local directory containing a Dockerfile. Images are built from a local Docker context directory (with a Dockerfile), uploaded to Amazon Elastic Container Registry (ECR) by the CDK toolkit,and can be naturally referenced in your CDK app. -```typescript +```typescript fixture=default const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromAsset( path.join(__dirname, "path to agent dockerfile directory") ); @@ -212,6 +215,40 @@ const runtime = new agentcore.Runtime(this, "MyAgentRuntime", { }); ``` +#### Option 3: Use direct code deployment + +With the container deployment method, developers create a Dockerfile, build ARM-compatible containers, manage ECR repositories, and upload containers for code changes. This works well where container DevOps pipelines have already been established to automate deployments. + +However, customers looking for fully managed deployments can benefit from direct code deployment, which can significantly improve developer time and productivity. Direct code deployment provides a secure and scalable path forward for rapid prototyping agent capabilities to deploying production workloads at scale. + +With direct code deployment, developers create a zip archive of code and dependencies, upload to Amazon S3, and configure the bucket in the agent configuration. A ZIP archive containing Linux arm64 dependencies needs to be uploaded to S3 as a pre-requisite to Create Agent Runtime. + +For more information, please refer to the [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started-code-deploy.html). + +```typescript fixture=default +// S3 bucket containing the agent core +const codeBucket = new s3.Bucket(this, "AgentCode", { + bucketName: "my-code-bucket", + removalPolicy: RemovalPolicy.DESTROY, // For demo purposes +}); + +// the bucket above needs to contain the agent code + +const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromS3( + { + bucketName: codeBucket.bucketName, + objectKey: 'deployment_package.zip', + }, + agentcore.AgentCoreRuntime.PYTHON_3_12, + ['opentelemetry-instrument', 'main.py'] +); + +const runtimeInstance = new agentcore.Runtime(this, "MyAgentRuntime", { + runtimeName: "myAgent", + agentRuntimeArtifact: agentRuntimeArtifact, +}); +``` + ### Granting Permissions to Invoke Bedrock Models or Inference Profiles To grant the runtime permissions to invoke Bedrock models or inference profiles: @@ -254,7 +291,7 @@ the steps below to understand how to use versioning with runtime for controlled When you first create an agent runtime, AgentCore automatically creates Version 1 of your runtime. At this point, a DEFAULT endpoint is automatically created that points to Version 1. This DEFAULT endpoint serves as the main access point for your runtime. -```ts +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -271,7 +308,7 @@ After the initial deployment, you can create additional endpoints for different endpoint that explicitly points to Version 1. This allows you to maintain stable access points for specific environments while keeping the flexibility to test newer versions elsewhere. -```ts +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -296,7 +333,7 @@ configurations), AgentCore automatically creates a new version (Version 2). Upon - The DEFAULT endpoint automatically updates to point to Version 2 - Any explicitly pinned endpoints (like the production endpoint) remain on their specified versions -```ts +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -315,7 +352,7 @@ Once Version 2 exists, you can create a staging endpoint that points to the new new version in a controlled environment before promoting it to production. This separation ensures that production traffic continues to use the stable version while you validate the new version. -```ts +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -338,7 +375,7 @@ const stagingEndpoint = runtime.addEndpoint("staging", { After thoroughly testing the new version through the staging endpoint, you can update the production endpoint to point to Version 2. This controlled promotion process ensures that you can validate changes before they affect production traffic. -```ts +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -362,7 +399,7 @@ RuntimeEndpoint can also be created as a standalone resource. #### Example: Creating an endpoint for an existing runtime -```typescript +```typescript fixture=default // Reference an existing runtime by its ID const existingRuntimeId = "abc123-runtime-id"; // The ID of an existing runtime @@ -387,7 +424,7 @@ IAM authentication is the default mode, when no authorizerConfiguration is set t To configure AWS Cognito User Pool authentication: -```typescript +```typescript fixture=default declare const userPool: cognito.UserPool; declare const userPoolClient: cognito.UserPoolClient; declare const anotherUserPoolClient: cognito.UserPoolClient; @@ -411,7 +448,7 @@ const runtime = new agentcore.Runtime(this, "MyAgentRuntime", { To configure custom JWT authentication with your own OpenID Connect (OIDC) provider: -```typescript +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -434,7 +471,7 @@ const runtime = new agentcore.Runtime(this, "MyAgentRuntime", { To configure OAuth 2.0 authentication: -```typescript +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -463,7 +500,7 @@ The AgentCore Runtime supports two network modes for deployment: By default, runtimes are deployed in PUBLIC network mode, which provides internet access suitable for less sensitive or open-use scenarios: -```typescript +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -481,7 +518,7 @@ const runtime = new agentcore.Runtime(this, "MyAgentRuntime", { For enhanced security and network isolation, you can deploy your runtime within a VPC: -```typescript +```typescript fixture=default const repository = new ecr.Repository(this, "TestRepository", { repositoryName: "test-agent-runtime", }); @@ -510,8 +547,7 @@ const runtime = new agentcore.Runtime(this, "MyAgentRuntime", { When using VPC mode, the Runtime implements `ec2.IConnectable`, allowing you to manage network access using the `connections` property: -```typescript - +```typescript fixture=default const vpc = new ec2.Vpc(this, 'MyVpc', { maxAzs: 2, }); @@ -544,6 +580,58 @@ runtime.connections.allowTo(databaseSecurityGroup, ec2.Port.tcp(5432), 'Allow Po runtime.connections.allowToAnyIpv4(ec2.Port.tcp(443), 'Allow HTTPS outbound'); ``` +### Other configuration + +#### Lifecycle configuration + +The LifecycleConfiguration input parameter to CreateAgentRuntime lets you manage the lifecycle of runtime sessions and resources in Amazon Bedrock AgentCore Runtime. This configuration helps optimize resource utilization by automatically cleaning up idle sessions and preventing long-running instances from consuming resources indefinitely. + +You can configure: + +- idleRuntimeSessionTimeout: Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will trigger termination. Termination can last up to 15 seconds due to logging and other process completion. Default: 900 seconds (15 minutes) +- maxLifetime: Maximum lifetime for the instance in seconds. Once reached, instances will initialize termination. Termination can last up to 15 seconds due to logging and other process completion. Default: 28800 seconds (8 hours) + +For additional information, please refer to the [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-lifecycle-settings.html). + +```typescript fixture=default +const repository = new ecr.Repository(this, "TestRepository", { + repositoryName: "test-agent-runtime", +}); + +const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromEcrRepository(repository, "v1.0.0"); + +new agentcore.Runtime(this, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + lifecycleConfiguration: { + idleRuntimeSessionTimeout: Duration.minutes(10), + maxLifetime: Duration.hours(4), + }, +}); +``` + +#### Request header configuration + +Custom headers let you pass contextual information from your application directly to your agent code without cluttering the main request payload. This includes authentication tokens like JWT (JSON Web Tokens, which contain user identity and authorization claims) through the Authorization header, allowing your agent to make decisions based on who is calling it. You can also pass custom metadata like user preferences, session identifiers, or trace context using headers prefixed with X-Amzn-Bedrock-AgentCore-Runtime-Custom-, giving your agent access to up to 20 pieces of runtime context that travel alongside each request. This information can be also used in downstream systems like AgentCore Memory that you can namespace based on those characteristics like user_id or aud in claims like line of business. + +For additional information, please refer to the [documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-header-allowlist.html). + +```typescript fixture=default +const repository = new ecr.Repository(this, "TestRepository", { + repositoryName: "test-agent-runtime", +}); + +const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromEcrRepository(repository, "v1.0.0"); + +new agentcore.Runtime(this, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: ['X-Amzn-Bedrock-AgentCore-Runtime-Custom-H1'], + }, +}); +``` + ## Browser The Amazon Bedrock AgentCore Browser provides a secure, cloud-based browser that enables AI agents to interact with websites. It includes security features such as session isolation, built-in observability through live viewing, CloudTrail logging, and session replay capabilities. @@ -583,6 +671,7 @@ For more information on VPC connectivity for Amazon Bedrock AgentCore Browser, p | `recordingConfig` | `RecordingConfig` | No | Recording configuration for browser. Defaults to no recording | | `executionRole` | `iam.IRole` | No | The IAM role that provides permissions for the browser to access AWS services. A new role will be created if not provided | | `tags` | `{ [key: string]: string }` | No | Tags to apply to the browser resource | +| `browserSigning` | BrowserSigning | No | Browser signing configuration. Defaults to DISABLED | ### Basic Browser Creation @@ -709,6 +798,21 @@ const browser = new agentcore.BrowserCustom(this, "MyBrowser", { // when recording is enabled, so no additional IAM configuration is needed ``` +### Browser with Browser signing + +AI agents need to browse the web on your behalf. When your agent visits a website to gather information, complete a form, or verify data, it encounters the same defenses designed to stop unwanted bots: CAPTCHAs, rate limits, and outright blocks. + +Amazon Bedrock AgentCore Browser supports Web Bot Auth. Web Bot Auth is a draft IETF protocol that gives agents verifiable cryptographic identities. When you enable Web Bot Auth in AgentCore Browser, the service issues cryptographic credentials that websites can verify. The agent presents these credentials with every request. The WAF may now additionally check the signature, confirm it matches a trusted directory, and allow the request through if verified bots are allowed by the domain owner and other WAF checks are clear. + +To enable the browser to sign requests using the Web Bot Auth protocol, create a browser tool with the browserSigning configuration: + +```typescript fixture=default +const browser = new agentcore.BrowserCustom(this, 'test-browser', { + browserCustomName: 'test_browser', + browserSigning: agentcore.BrowserSigning.ENABLED +}); +``` + ### Browser IAM Permissions The Browser construct provides convenient methods for granting IAM permissions: diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts index 646136e9f8c6e..5f3f5035831d5 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts @@ -18,6 +18,32 @@ import { md5hash } from 'aws-cdk-lib/core/lib/helpers-internal'; import { Construct } from 'constructs'; import { Runtime } from './runtime'; import { ValidationError } from './validation-helpers'; +import { Location } from 'aws-cdk-lib/aws-s3'; +import { Stack, Token } from 'aws-cdk-lib'; +import * as s3 from 'aws-cdk-lib/aws-s3'; + +/** + * Bedrock AgentCore runtime environment for code execution + * Allowed values: PYTHON_3_10 | PYTHON_3_11 | PYTHON_3_12 | PYTHON_3_13 + */ +export enum AgentCoreRuntime { + /** + * Python 3.10 runtime + */ + PYTHON_3_10 = 'PYTHON_3_10', + /** + * Python 3.11 runtime + */ + PYTHON_3_11 = 'PYTHON_3_11', + /** + * Python 3.12 runtime + */ + PYTHON_3_12 = 'PYTHON_3_12', + /** + * Python 3.13 runtime + */ + PYTHON_3_13 = 'PYTHON_3_13', +} /** * Abstract base class for agent runtime artifacts. @@ -40,6 +66,16 @@ export abstract class AgentRuntimeArtifact { return new AssetImage(directory, options); } + /** + * Reference an agent runtime artifact that's constructed directly from an S3 object + * @param s3Location The source code location and configuration details. + * @param runtime The runtime environment for executing the code. Allowed values: PYTHON_3_10 | PYTHON_3_11 | PYTHON_3_12 | PYTHON_3_13 + * @param entrypoint The entry point for the code execution, specifying the function or method that should be invoked when the code runs. + */ + public static fromS3(s3Location: Location, runtime: AgentCoreRuntime, entrypoint: string[]): AgentRuntimeArtifact { + return new S3Image(s3Location, runtime, entrypoint); + } + /** * Called when the image is used by a Runtime to handle side effects like permissions */ @@ -113,3 +149,45 @@ class AssetImage extends AgentRuntimeArtifact { } as any; } } + +class S3Image extends AgentRuntimeArtifact { + private bound = false; + + constructor(private readonly s3Location: Location, private readonly runtime: AgentCoreRuntime, private readonly entrypoint: string[]) { + super(); + } + + public bind(scope: Construct, runtime: Runtime): void { + // Handle permissions (only once) + if (!this.bound && runtime.role) { + if (!Token.isUnresolved(this.s3Location.bucketName)) { + Stack.of(scope).resolve(this.s3Location.bucketName); + } + const bucket = s3.Bucket.fromBucketName( + scope, + `${this.s3Location.bucketName}CodeArchive`, + this.s3Location.bucketName, + ); + // Ensure the policy is applied before the browser resource is created + bucket.grantRead(runtime.role); + this.bound = true; + } + } + + public _render(): CfnRuntime.AgentRuntimeArtifactProperty { + const s3Config: any = { + bucket: this.s3Location.bucketName, + prefix: this.s3Location.objectKey, + }; + if (this.s3Location.objectVersion) { + s3Config.versionId = this.s3Location.objectVersion; + } + return { + code: { + s3: s3Config, + }, + runtime: this.runtime, + entryPoint: this.entrypoint, + } as any; + } +} diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts index 7693e15859f5f..5f0a12c214fee 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts @@ -20,9 +20,24 @@ import { RuntimeAuthorizerConfiguration } from './runtime-authorizer-configurati import { RuntimeBase, IBedrockAgentRuntime, AgentRuntimeAttributes } from './runtime-base'; import { RuntimeEndpoint } from './runtime-endpoint'; import { RuntimeNetworkConfiguration } from '../network/network-configuration'; -import { ProtocolType } from './types'; +import { LifecycleConfiguration, ProtocolType, RequestHeaderConfiguration } from './types'; import { validateStringField, ValidationError, validateFieldPattern } from './validation-helpers'; +/****************************************************************************** + * Constants + *****************************************************************************/ +/** + * Minimum timeout for idle runtime sessions + * @internal + */ +const LIFECYCLE_MIN_TIMEOUT = Duration.seconds(60); + +/** + * Maximum lifetime for the instance + * @internal + */ +const LIFECYCLE_MAX_LIFETIME = Duration.seconds(28800); + /****************************************************************************** * Props *****************************************************************************/ @@ -93,6 +108,18 @@ export interface RuntimeProps { * @default {} - no tags */ readonly tags?: { [key: string]: string }; + + /** + * Configuration for HTTP request headers that will be passed through to the runtime. + * @default - No request headers configured + */ + readonly requestHeaderConfiguration?: RequestHeaderConfiguration; + + /** + * The life cycle configuration for the AgentCore Runtime. + * @default - No lifecycle configuration + */ + readonly lifecycleConfiguration?: LifecycleConfiguration; } /** @@ -226,6 +253,7 @@ export class Runtime extends RuntimeBase { private readonly networkConfiguration: RuntimeNetworkConfiguration ; private readonly protocolConfiguration: ProtocolType; private readonly authorizerConfiguration?: RuntimeAuthorizerConfiguration; + private readonly lifecycleConfiguration?: LifecycleConfiguration; constructor(scope: Construct, id: string, props: RuntimeProps) { super(scope, id); @@ -249,6 +277,16 @@ export class Runtime extends RuntimeBase { this.validateTags(props.tags); } + if (props.requestHeaderConfiguration) { + this.validateRequestHeaderConfiguration(props.requestHeaderConfiguration); + } + + this.lifecycleConfiguration = { + idleRuntimeSessionTimeout: props.lifecycleConfiguration?.idleRuntimeSessionTimeout ?? LIFECYCLE_MIN_TIMEOUT, + maxLifetime: props.lifecycleConfiguration?.maxLifetime ?? LIFECYCLE_MAX_LIFETIME, + }; + this.validateLifecycleConfiguration(this.lifecycleConfiguration); + if (props.executionRole) { this.role = props.executionRole; if (!Token.isUnresolved(props.executionRole.roleArn)) { @@ -292,7 +330,11 @@ export class Runtime extends RuntimeBase { produce: () => this.renderEnvironmentVariables(props.environmentVariables), }), tags: props.tags ?? {}, + lifecycleConfiguration: this.renderLifecycleConfiguration(), }; + if (props.requestHeaderConfiguration) { + cfnProps.requestHeaderConfiguration = this.renderRequestHeaderConfiguration(props.requestHeaderConfiguration); + } if (props.authorizerConfiguration) { cfnProps.authorizerConfiguration = Lazy.any({ produce: () => this.authorizerConfiguration!._render(), @@ -398,17 +440,106 @@ export class Runtime extends RuntimeBase { // set permission with bind this.agentRuntimeArtifact.bind(this, this); const config = this.agentRuntimeArtifact._render(); - const containerUri = (config as any).containerUri; - if (containerUri) { - this.validateContainerUri(containerUri); + if ((config as any).code) { // S3Image + return { + codeConfiguration: { + code: (config as any).code, + runtime: (config as any).runtime, + entryPoint: (config as any).entryPoint, + }, + }; + } else { + // EcrImage or AssetImage + const containerUri = (config as any).containerUri; + if (containerUri) { + this.validateContainerUri(containerUri); + } + return { + containerConfiguration: { + containerUri: containerUri, + }, + }; + } + } + + /** + * Renders the request header configuration for CloudFormation + * @internal + */ + private renderRequestHeaderConfiguration(requestHeaderConfiguration?: RequestHeaderConfiguration): any { + if (!requestHeaderConfiguration?.allowlistedHeaders) { + return undefined; } return { - containerConfiguration: { - containerUri: containerUri, - }, + requestHeaderAllowlist: requestHeaderConfiguration.allowlistedHeaders, + }; + } + + /** + * Renders the lifecycle configuration for CloudFormation + * @internal + */ + private renderLifecycleConfiguration(): any { + return { + idleRuntimeSessionTimeout: this.lifecycleConfiguration?.idleRuntimeSessionTimeout?.toSeconds(), + maxLifetime: this.lifecycleConfiguration?.maxLifetime?.toSeconds(), }; } + /** + * Validates the request header configuration + * @throws Error if validation fails + */ + private validateRequestHeaderConfiguration(requestHeaderConfiguration: RequestHeaderConfiguration): void { + const allErrors: string[] = []; + if (requestHeaderConfiguration.allowlistedHeaders) { + if (requestHeaderConfiguration.allowlistedHeaders.length < 1 || requestHeaderConfiguration.allowlistedHeaders.length > 20) { + allErrors.push('Request header allow list contain between 1 and 20 headers'); + } + + for (const header of requestHeaderConfiguration.allowlistedHeaders) { + // Validate length + const lengthErrors = validateStringField({ + value: header, + fieldName: 'Request header', + minLength: 1, + maxLength: 256, + }); + allErrors.push(...lengthErrors); + + const patternErrors = validateFieldPattern( + header, + 'Request header', + /(Authorization|X-Amzn-Bedrock-AgentCore-Runtime-Custom-[a-zA-Z0-9-]+)/, + 'Request header must contain only letters, numbers, and hyphens', + ); + allErrors.push(...patternErrors); + } + } + if (allErrors.length > 0) { + throw new ValidationError(allErrors.join('\n')); + } + } + + /** + * Validates the lifecycle configuration + * @throws Error if validation fails + */ + private validateLifecycleConfiguration(lifecycleConfiguration: LifecycleConfiguration): void { + if (lifecycleConfiguration.idleRuntimeSessionTimeout) { + if (lifecycleConfiguration.idleRuntimeSessionTimeout.toSeconds() < LIFECYCLE_MIN_TIMEOUT.toSeconds() + || lifecycleConfiguration.idleRuntimeSessionTimeout.toSeconds() > LIFECYCLE_MAX_LIFETIME.toSeconds()) { + throw new ValidationError(`Idle runtime session timeout must be between ${LIFECYCLE_MIN_TIMEOUT.toSeconds()} seconds and ${LIFECYCLE_MAX_LIFETIME.toSeconds()} seconds`); + } + } + if (lifecycleConfiguration.maxLifetime) { + if (lifecycleConfiguration.maxLifetime.toSeconds() < LIFECYCLE_MIN_TIMEOUT.toSeconds() + || lifecycleConfiguration.maxLifetime.toSeconds() > LIFECYCLE_MAX_LIFETIME.toSeconds()) { + throw new ValidationError(`Maximum lifetime must be between ${LIFECYCLE_MIN_TIMEOUT.toSeconds()} seconds and ${LIFECYCLE_MAX_LIFETIME.toSeconds()} seconds`); + } + } + } + /** * Validates the runtime name format * Pattern: ^[a-zA-Z][a-zA-Z0-9_]{0,47}$ diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/types.ts b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/types.ts index 7f47074afd2f6..c4dab6c76a898 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/types.ts +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/types.ts @@ -3,6 +3,8 @@ * Enums *****************************************************************************/ +import { Duration } from 'aws-cdk-lib'; + /** * Protocol configuration for Agent Runtime */ @@ -22,3 +24,35 @@ export enum ProtocolType { */ A2A = 'A2A', } + +/** + * Configuration for HTTP request headers that will be passed through to the runtime. + */ +export interface RequestHeaderConfiguration { + /** + * A list of HTTP request headers that are allowed to be passed through to the runtime. + * @default - No request headers allowed + */ + readonly allowlistedHeaders?: string[]; +} + +/** + * LifecycleConfiguration lets you manage the lifecycle of runtime sessions and resources in AgentCore Runtime. + * This configuration helps optimize resource utilization by automatically cleaning up idle sessions and preventing + * long-running instances from consuming resources indefinitely. + */ +export interface LifecycleConfiguration { + /** + * Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, + * it will be automatically terminated. Default: 900 seconds (15 minutes). + * @default - 900 seconds (15 minutes) + */ + readonly idleRuntimeSessionTimeout?: Duration; + + /** + * Maximum lifetime for the instance in seconds. Once reached, instances will be automatically + * terminated and replaced. Default: 28800 seconds (8 hours). + * @default - 28800 seconds (8 hours) + */ + readonly maxLifetime?: Duration; +} diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/tools/browser.ts b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/tools/browser.ts index 6fc1ae4b90e08..03f3674c4ed04 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/tools/browser.ts +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/agentcore/tools/browser.ts @@ -55,9 +55,29 @@ const BROWSER_TAG_MIN_LENGTH = 1; */ const BROWSER_TAG_MAX_LENGTH = 256; +/****************************************************************************** + * Enums + *****************************************************************************/ +/** + * Browser signing. Specifies whether browser signing is enabled. + * When enabled, the browser will cryptographically sign HTTP requests to identify + * itself as an AI agent to bot control vendors. + */ +export enum BrowserSigning { + /** + * Browser signing is enabled. + */ + ENABLED = 'ENABLED', + /** + * Browser signing is disabled. + */ + DISABLED = 'DISABLED', +} + /****************************************************************************** * Interface *****************************************************************************/ + /** * Interface for Browser resources */ @@ -528,6 +548,14 @@ export interface BrowserCustomProps { * @required - No */ readonly tags?: { [key: string]: string }; + + /** + * Specifies whether browser signing is enabled. + * When enabled, the browser will cryptographically sign + * HTTP requests to identify itself as an AI agent to bot control vendors. + * @default - BrowserSigning.DISABLED + */ + readonly browserSigning?: BrowserSigning; } /****************************************************************************** @@ -684,7 +712,10 @@ export class BrowserCustom extends BrowserCustomBase { * The recording configuration of the browser */ public readonly recordingConfig?: RecordingConfig; - + /** + * The browser signing configuration of the browser + */ + public readonly browserSigning?: BrowserSigning; // ------------------------------------------------------ // Internal Only // ------------------------------------------------------ @@ -708,6 +739,7 @@ export class BrowserCustom extends BrowserCustomBase { this.executionRole = props.executionRole ?? this._createBrowserRole(); this.grantPrincipal = this.executionRole; this.tags = props.tags; + this.browserSigning = props.browserSigning ?? BrowserSigning.DISABLED; // Validate browser name throwIfInvalid(this._validateBrowserName, this.name); @@ -737,6 +769,7 @@ export class BrowserCustom extends BrowserCustomBase { recordingConfig: this._renderRecordingConfig(), executionRoleArn: this.executionRole?.roleArn, tags: this.tags, + browserSigning: this._renderBrowserSigning(), }; // L1 instantiation @@ -783,6 +816,21 @@ export class BrowserCustom extends BrowserCustomBase { } : undefined; } + /** + * Render the browser signing configuration. + * + * @returns BrowserSigningProperty object in CloudFormation format, or undefined if no browser signing configuration is defined + * @default - undefined if no browser signing configuration is provided + * @internal This is an internal core function and should not be called directly. + */ + private _renderBrowserSigning(): agent_core.CfnBrowserCustom.BrowserSigningProperty { + return this.browserSigning === BrowserSigning.ENABLED ? { + enabled: true, + } : { + enabled: false, + }; + } + /** * Creates execution role needed for the browser to access AWS services * @returns The created role diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/aws-cdk-bedrock-agentcore-runtime-cognito.assets.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/aws-cdk-bedrock-agentcore-runtime-cognito.assets.json index e4e7f60135313..842d3985ec180 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/aws-cdk-bedrock-agentcore-runtime-cognito.assets.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/aws-cdk-bedrock-agentcore-runtime-cognito.assets.json @@ -1,16 +1,16 @@ { "version": "48.0.0", "files": { - "7dc2d733a6eb443a09d5d29dcba1fd24568f7d52fa9db40b06fe6d0e5e1ad6c9": { + "2c026e9320c29bf13590f6517d6161a4f6b92cf0ea0f2c7e512d68025620e296": { "displayName": "aws-cdk-bedrock-agentcore-runtime-cognito Template", "source": { "path": "aws-cdk-bedrock-agentcore-runtime-cognito.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region-b86b8fc6": { + "current_account-current_region-02adfbcd": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7dc2d733a6eb443a09d5d29dcba1fd24568f7d52fa9db40b06fe6d0e5e1ad6c9.json", + "objectKey": "2c026e9320c29bf13590f6517d6161a4f6b92cf0ea0f2c7e512d68025620e296.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -18,7 +18,7 @@ }, "dockerImages": { "f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240": { - "displayName": "TestRuntime/AgentRuntimeArtifact66d1202bd1485e89b239bbe027fdec52", + "displayName": "TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f", "source": { "directory": "asset.f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/aws-cdk-bedrock-agentcore-runtime-cognito.template.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/aws-cdk-bedrock-agentcore-runtime-cognito.template.json index 4c3c8af160c11..108b41555c65e 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/aws-cdk-bedrock-agentcore-runtime-cognito.template.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/aws-cdk-bedrock-agentcore-runtime-cognito.template.json @@ -355,6 +355,10 @@ } } }, + "LifecycleConfiguration": { + "IdleRuntimeSessionTimeout": 60, + "MaxLifetime": 28800 + }, "NetworkConfiguration": { "NetworkMode": "PUBLIC" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/integ.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/integ.json index ef4951401f703..a33906eaf7d70 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/integ.json @@ -9,5 +9,5 @@ "assertionStackName": "BedrockAgentCoreRuntimeCognitoTestDefaultTestDeployAssert362339C9" } }, - "minimumCliVersion": "2.1031.0" + "minimumCliVersion": "2.1027.0" } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/manifest.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/manifest.json index e389515d1b0ff..6101052045949 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7dc2d733a6eb443a09d5d29dcba1fd24568f7d52fa9db40b06fe6d0e5e1ad6c9.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2c026e9320c29bf13590f6517d6161a4f6b92cf0ea0f2c7e512d68025620e296.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -104,14 +104,6 @@ "maxSessionDuration": "*" } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -136,14 +128,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -152,14 +136,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -168,14 +144,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -184,14 +152,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -200,14 +160,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -579,7 +531,7 @@ "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { "userValue": true, "recommendedValue": true, - "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." }, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { "userValue": true, @@ -919,6 +871,10 @@ "recommendedValue": true, "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { "recommendedValue": true, "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", @@ -934,5 +890,5 @@ } } }, - "minimumCliVersion": "2.1031.0" + "minimumCliVersion": "2.1031.2" } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/tree.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/tree.json index ec7eb9b755ac5..a80bd6d30fe38 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-cognito.js.snapshot/tree.json @@ -1 +1 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-runtime-cognito":{"id":"aws-cdk-bedrock-agentcore-runtime-cognito","path":"aws-cdk-bedrock-agentcore-runtime-cognito","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"MyUserPool":{"id":"MyUserPool","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.UserPool","version":"0.0.0","metadata":[{"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.CfnUserPool","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Cognito::UserPool","aws:cdk:cloudformation:props":{"accountRecoverySetting":{"recoveryMechanisms":[{"name":"verified_phone_number","priority":1},{"name":"verified_email","priority":2}]},"adminCreateUserConfig":{"allowAdminCreateUserOnly":true},"emailVerificationMessage":"The verification code to your new account is {####}","emailVerificationSubject":"Verify your new account","smsVerificationMessage":"The verification code to your new account is {####}","verificationMessageTemplate":{"defaultEmailOption":"CONFIRM_WITH_CODE","emailMessage":"The verification code to your new account is {####}","emailSubject":"Verify your new account","smsMessage":"The verification code to your new account is {####}"}}}},"MyUserPoolClient":{"id":"MyUserPoolClient","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/MyUserPoolClient","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.UserPoolClient","version":"0.0.0","metadata":[{"userPool":"*","authFlows":{"adminUserPassword":true}}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/MyUserPoolClient/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.CfnUserPoolClient","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Cognito::UserPoolClient","aws:cdk:cloudformation:props":{"allowedOAuthFlows":["implicit","code"],"allowedOAuthFlowsUserPoolClient":true,"allowedOAuthScopes":["profile","phone","email","openid","aws.cognito.signin.user.admin"],"callbackUrLs":["https://example.com"],"explicitAuthFlows":["ALLOW_ADMIN_USER_PASSWORD_AUTH","ALLOW_REFRESH_TOKEN_AUTH"],"supportedIdentityProviders":["COGNITO"],"userPoolId":{"Ref":"MyUserPoolD09D1D74"}}}}}},"MyAnotherUserPoolClient":{"id":"MyAnotherUserPoolClient","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/MyAnotherUserPoolClient","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.UserPoolClient","version":"0.0.0","metadata":[{"userPool":"*","authFlows":{"adminUserPassword":true}}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/MyAnotherUserPoolClient/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.CfnUserPoolClient","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Cognito::UserPoolClient","aws:cdk:cloudformation:props":{"allowedOAuthFlows":["implicit","code"],"allowedOAuthFlowsUserPoolClient":true,"allowedOAuthScopes":["profile","phone","email","openid","aws.cognito.signin.user.admin"],"callbackUrLs":["https://example.com"],"explicitAuthFlows":["ALLOW_ADMIN_USER_PASSWORD_AUTH","ALLOW_REFRESH_TOKEN_AUTH"],"supportedIdentityProviders":["COGNITO"],"userPoolId":{"Ref":"MyUserPoolD09D1D74"}}}}}}}},"TestRuntime":{"id":"TestRuntime","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.Runtime","version":"0.0.0","metadata":["*"]},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"description":"*","maxSessionDuration":"*"},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"},"description":"Execution role for Bedrock Agent Core Runtime","maxSessionDuration":28800}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"TestRuntimeExecutionRoleDefaultPolicyC7A978D3","roles":[{"Ref":"TestRuntimeExecutionRoleF819113E"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Sub":"${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"}}},"agentRuntimeName":"integ_test_runtime_cognito","authorizerConfiguration":{"customJwtAuthorizer":{"discoveryUrl":{"Fn::Join":["",["https://cognito-idp.",{"Ref":"AWS::Region"},".amazonaws.com/",{"Ref":"MyUserPoolD09D1D74"},"/.well-known/openid-configuration"]]},"allowedClients":[{"Ref":"MyUserPoolMyUserPoolClient01266CD6"},{"Ref":"MyUserPoolMyAnotherUserPoolClient4444CD16"}]}},"networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::GetAtt":["TestRuntimeExecutionRoleF819113E","Arn"]}}}},"AgentRuntimeArtifact66d1202bd1485e89b239bbe027fdec52":{"id":"AgentRuntimeArtifact66d1202bd1485e89b239bbe027fdec52","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/AgentRuntimeArtifact66d1202bd1485e89b239bbe027fdec52","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/AgentRuntimeArtifact66d1202bd1485e89b239bbe027fdec52/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/AgentRuntimeArtifact66d1202bd1485e89b239bbe027fdec52/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}}}},"RuntimeId":{"id":"RuntimeId","path":"aws-cdk-bedrock-agentcore-runtime-cognito/RuntimeId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"RuntimeArn":{"id":"RuntimeArn","path":"aws-cdk-bedrock-agentcore-runtime-cognito/RuntimeArn","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"UserPoolId":{"id":"UserPoolId","path":"aws-cdk-bedrock-agentcore-runtime-cognito/UserPoolId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"UserPoolClientId1":{"id":"UserPoolClientId1","path":"aws-cdk-bedrock-agentcore-runtime-cognito/UserPoolClientId1","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"UserPoolClientId2":{"id":"UserPoolClientId2","path":"aws-cdk-bedrock-agentcore-runtime-cognito/UserPoolClientId2","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-cognito/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-cognito/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeCognitoTest":{"id":"BedrockAgentCoreRuntimeCognitoTest","path":"BedrockAgentCoreRuntimeCognitoTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-runtime-cognito":{"id":"aws-cdk-bedrock-agentcore-runtime-cognito","path":"aws-cdk-bedrock-agentcore-runtime-cognito","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"MyUserPool":{"id":"MyUserPool","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.UserPool","version":"0.0.0","metadata":[{"removalPolicy":"destroy"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.CfnUserPool","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Cognito::UserPool","aws:cdk:cloudformation:props":{"accountRecoverySetting":{"recoveryMechanisms":[{"name":"verified_phone_number","priority":1},{"name":"verified_email","priority":2}]},"adminCreateUserConfig":{"allowAdminCreateUserOnly":true},"emailVerificationMessage":"The verification code to your new account is {####}","emailVerificationSubject":"Verify your new account","smsVerificationMessage":"The verification code to your new account is {####}","verificationMessageTemplate":{"defaultEmailOption":"CONFIRM_WITH_CODE","emailMessage":"The verification code to your new account is {####}","emailSubject":"Verify your new account","smsMessage":"The verification code to your new account is {####}"}}}},"MyUserPoolClient":{"id":"MyUserPoolClient","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/MyUserPoolClient","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.UserPoolClient","version":"0.0.0","metadata":[{"userPool":"*","authFlows":{"adminUserPassword":true}}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/MyUserPoolClient/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.CfnUserPoolClient","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Cognito::UserPoolClient","aws:cdk:cloudformation:props":{"allowedOAuthFlows":["implicit","code"],"allowedOAuthFlowsUserPoolClient":true,"allowedOAuthScopes":["profile","phone","email","openid","aws.cognito.signin.user.admin"],"callbackUrLs":["https://example.com"],"explicitAuthFlows":["ALLOW_ADMIN_USER_PASSWORD_AUTH","ALLOW_REFRESH_TOKEN_AUTH"],"supportedIdentityProviders":["COGNITO"],"userPoolId":{"Ref":"MyUserPoolD09D1D74"}}}}}},"MyAnotherUserPoolClient":{"id":"MyAnotherUserPoolClient","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/MyAnotherUserPoolClient","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.UserPoolClient","version":"0.0.0","metadata":[{"userPool":"*","authFlows":{"adminUserPassword":true}}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/MyUserPool/MyAnotherUserPoolClient/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_cognito.CfnUserPoolClient","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Cognito::UserPoolClient","aws:cdk:cloudformation:props":{"allowedOAuthFlows":["implicit","code"],"allowedOAuthFlowsUserPoolClient":true,"allowedOAuthScopes":["profile","phone","email","openid","aws.cognito.signin.user.admin"],"callbackUrLs":["https://example.com"],"explicitAuthFlows":["ALLOW_ADMIN_USER_PASSWORD_AUTH","ALLOW_REFRESH_TOKEN_AUTH"],"supportedIdentityProviders":["COGNITO"],"userPoolId":{"Ref":"MyUserPoolD09D1D74"}}}}}}}},"TestRuntime":{"id":"TestRuntime","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.Runtime","version":"0.0.0","metadata":["*"]},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"description":"*","maxSessionDuration":"*"},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"},"description":"Execution role for Bedrock Agent Core Runtime","maxSessionDuration":28800}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"TestRuntimeExecutionRoleDefaultPolicyC7A978D3","roles":[{"Ref":"TestRuntimeExecutionRoleF819113E"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Sub":"${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"}}},"agentRuntimeName":"integ_test_runtime_cognito","authorizerConfiguration":{"customJwtAuthorizer":{"discoveryUrl":{"Fn::Join":["",["https://cognito-idp.",{"Ref":"AWS::Region"},".amazonaws.com/",{"Ref":"MyUserPoolD09D1D74"},"/.well-known/openid-configuration"]]},"allowedClients":[{"Ref":"MyUserPoolMyUserPoolClient01266CD6"},{"Ref":"MyUserPoolMyAnotherUserPoolClient4444CD16"}]}},"lifecycleConfiguration":{"idleRuntimeSessionTimeout":60,"maxLifetime":28800},"networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::GetAtt":["TestRuntimeExecutionRoleF819113E","Arn"]}}}},"AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f":{"id":"AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"aws-cdk-bedrock-agentcore-runtime-cognito/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}}}},"RuntimeId":{"id":"RuntimeId","path":"aws-cdk-bedrock-agentcore-runtime-cognito/RuntimeId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"RuntimeArn":{"id":"RuntimeArn","path":"aws-cdk-bedrock-agentcore-runtime-cognito/RuntimeArn","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"UserPoolId":{"id":"UserPoolId","path":"aws-cdk-bedrock-agentcore-runtime-cognito/UserPoolId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"UserPoolClientId1":{"id":"UserPoolClientId1","path":"aws-cdk-bedrock-agentcore-runtime-cognito/UserPoolClientId1","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"UserPoolClientId2":{"id":"UserPoolClientId2","path":"aws-cdk-bedrock-agentcore-runtime-cognito/UserPoolClientId2","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-cognito/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-cognito/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeCognitoTest":{"id":"BedrockAgentCoreRuntimeCognitoTest","path":"BedrockAgentCoreRuntimeCognitoTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeCognitoTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/aws-cdk-bedrock-agentcore-runtime-endpoint.assets.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/aws-cdk-bedrock-agentcore-runtime-endpoint.assets.json index edf86486a637b..9f417f186e643 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/aws-cdk-bedrock-agentcore-runtime-endpoint.assets.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/aws-cdk-bedrock-agentcore-runtime-endpoint.assets.json @@ -1,16 +1,16 @@ { "version": "48.0.0", "files": { - "6e2cad43fa75185ed399221b555d4aefdfba0ba4362cf0313aaffb55563470af": { + "7adbf2d2713e0bc9f8e79dfc0b9cc17ab072be379f12ee9078d88e0f2f073d87": { "displayName": "aws-cdk-bedrock-agentcore-runtime-endpoint Template", "source": { "path": "aws-cdk-bedrock-agentcore-runtime-endpoint.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region-22c99f90": { + "current_account-current_region-ef6f1725": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6e2cad43fa75185ed399221b555d4aefdfba0ba4362cf0313aaffb55563470af.json", + "objectKey": "7adbf2d2713e0bc9f8e79dfc0b9cc17ab072be379f12ee9078d88e0f2f073d87.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -18,7 +18,7 @@ }, "dockerImages": { "f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240": { - "displayName": "ExistingRuntime/AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548", + "displayName": "ExistingRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f", "source": { "directory": "asset.f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/aws-cdk-bedrock-agentcore-runtime-endpoint.template.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/aws-cdk-bedrock-agentcore-runtime-endpoint.template.json index f2a3b6dcaa5b6..18571d8014491 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/aws-cdk-bedrock-agentcore-runtime-endpoint.template.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/aws-cdk-bedrock-agentcore-runtime-endpoint.template.json @@ -237,6 +237,10 @@ }, "AgentRuntimeName": "endpoint_test_runtime", "Description": "Runtime for endpoint integration test", + "LifecycleConfiguration": { + "IdleRuntimeSessionTimeout": 60, + "MaxLifetime": 28800 + }, "NetworkConfiguration": { "NetworkMode": "PUBLIC" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/manifest.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/manifest.json index 7838fa1030a87..698652d47403d 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6e2cad43fa75185ed399221b555d4aefdfba0ba4362cf0313aaffb55563470af.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7adbf2d2713e0bc9f8e79dfc0b9cc17ab072be379f12ee9078d88e0f2f073d87.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -56,14 +56,6 @@ "maxSessionDuration": "*" } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -88,14 +80,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -104,14 +88,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -120,14 +96,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -136,14 +104,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -152,14 +112,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -424,6 +376,7 @@ "module": "aws-cdk-lib", "flags": { "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "userValue": true, "recommendedValue": true, "explanation": "Pass signingProfileName to CfnSigningProfile" }, @@ -442,6 +395,7 @@ } }, "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "userValue": true, "recommendedValue": true, "explanation": "Disable implicit openListener when custom security groups are provided" }, @@ -553,7 +507,7 @@ "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { "userValue": true, "recommendedValue": true, - "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." }, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { "userValue": true, @@ -892,10 +846,25 @@ "userValue": true, "recommendedValue": true, "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" } } } } }, - "minimumCliVersion": "2.1027.0" + "minimumCliVersion": "2.1031.2" } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/tree.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/tree.json index 79af9a761b68d..594fdb62346a8 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-endpoint.js.snapshot/tree.json @@ -1 +1 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-runtime-endpoint":{"id":"aws-cdk-bedrock-agentcore-runtime-endpoint","path":"aws-cdk-bedrock-agentcore-runtime-endpoint","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ExistingRuntime":{"id":"ExistingRuntime","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.Runtime","version":"0.0.0","metadata":["*"]},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"description":"*","maxSessionDuration":"*"},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"},"description":"Execution role for Bedrock Agent Core Runtime","maxSessionDuration":28800}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"ExistingRuntimeExecutionRoleDefaultPolicy6C465EA7","roles":[{"Ref":"ExistingRuntimeExecutionRole8B00B9CA"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Sub":"${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"}}},"agentRuntimeName":"endpoint_test_runtime","description":"Runtime for endpoint integration test","networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::GetAtt":["ExistingRuntimeExecutionRole8B00B9CA","Arn"]}}}},"AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548":{"id":"AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}}}},"TestEndpoint":{"id":"TestEndpoint","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/TestEndpoint","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.RuntimeEndpoint","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/TestEndpoint/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntimeEndpoint","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::RuntimeEndpoint","aws:cdk:cloudformation:props":{"agentRuntimeId":{"Fn::GetAtt":["ExistingRuntimeCC05F9CB","AgentRuntimeId"]},"agentRuntimeVersion":"1","tags":{"Component":"RuntimeEndpoint","Purpose":"IntegrationTest"},"description":"Simple endpoint for integration testing","name":"test_endpoint"}}}}},"RuntimeId":{"id":"RuntimeId","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/RuntimeId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"RuntimeArn":{"id":"RuntimeArn","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/RuntimeArn","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointId":{"id":"EndpointId","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointArn":{"id":"EndpointArn","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointArn","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointName":{"id":"EndpointName","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointName","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointLiveVersion":{"id":"EndpointLiveVersion","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointLiveVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointTargetVersion":{"id":"EndpointTargetVersion","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointTargetVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeEndpointTest":{"id":"BedrockAgentCoreRuntimeEndpointTest","path":"BedrockAgentCoreRuntimeEndpointTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-runtime-endpoint":{"id":"aws-cdk-bedrock-agentcore-runtime-endpoint","path":"aws-cdk-bedrock-agentcore-runtime-endpoint","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ExistingRuntime":{"id":"ExistingRuntime","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.Runtime","version":"0.0.0","metadata":["*"]},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"description":"*","maxSessionDuration":"*"},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"},"description":"Execution role for Bedrock Agent Core Runtime","maxSessionDuration":28800}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"ExistingRuntimeExecutionRoleDefaultPolicy6C465EA7","roles":[{"Ref":"ExistingRuntimeExecutionRole8B00B9CA"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Sub":"${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"}}},"agentRuntimeName":"endpoint_test_runtime","description":"Runtime for endpoint integration test","lifecycleConfiguration":{"idleRuntimeSessionTimeout":60,"maxLifetime":28800},"networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::GetAtt":["ExistingRuntimeExecutionRole8B00B9CA","Arn"]}}}},"AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f":{"id":"AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/ExistingRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}}}},"TestEndpoint":{"id":"TestEndpoint","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/TestEndpoint","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.RuntimeEndpoint","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/TestEndpoint/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntimeEndpoint","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::RuntimeEndpoint","aws:cdk:cloudformation:props":{"agentRuntimeId":{"Fn::GetAtt":["ExistingRuntimeCC05F9CB","AgentRuntimeId"]},"agentRuntimeVersion":"1","tags":{"Component":"RuntimeEndpoint","Purpose":"IntegrationTest"},"description":"Simple endpoint for integration testing","name":"test_endpoint"}}}}},"RuntimeId":{"id":"RuntimeId","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/RuntimeId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"RuntimeArn":{"id":"RuntimeArn","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/RuntimeArn","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointId":{"id":"EndpointId","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointArn":{"id":"EndpointArn","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointArn","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointName":{"id":"EndpointName","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointName","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointLiveVersion":{"id":"EndpointLiveVersion","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointLiveVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"EndpointTargetVersion":{"id":"EndpointTargetVersion","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/EndpointTargetVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-endpoint/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeEndpointTest":{"id":"BedrockAgentCoreRuntimeEndpointTest","path":"BedrockAgentCoreRuntimeEndpointTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeEndpointTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-custom-role.assets.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-custom-role.assets.json index 469360ab7d900..3eb5779e98d4f 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-custom-role.assets.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-custom-role.assets.json @@ -1,16 +1,16 @@ { "version": "48.0.0", "files": { - "0a8c5c25cfe8e1272b4bffcf46837c224b8d9a23013b6de06ef3d4db1116f8d3": { + "bcde386892b4bb6865aaafdfa20dabe95fc18dcce629b653b5183caa5eabf782": { "displayName": "aws-cdk-bedrock-agentcore-runtime-with-custom-role Template", "source": { "path": "aws-cdk-bedrock-agentcore-runtime-with-custom-role.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region-09599a85": { + "current_account-current_region-bd435cc2": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "0a8c5c25cfe8e1272b4bffcf46837c224b8d9a23013b6de06ef3d4db1116f8d3.json", + "objectKey": "bcde386892b4bb6865aaafdfa20dabe95fc18dcce629b653b5183caa5eabf782.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -18,7 +18,7 @@ }, "dockerImages": { "f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240": { - "displayName": "TestRuntime/AgentRuntimeArtifactcd827e16ec3ca16deb7c41e16784a73e", + "displayName": "TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f", "source": { "directory": "asset.f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-custom-role.template.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-custom-role.template.json index 7aa07093ba4f6..0756e3bae75d3 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-custom-role.template.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-custom-role.template.json @@ -234,6 +234,10 @@ } }, "AgentRuntimeName": "integ_test_runtime", + "LifecycleConfiguration": { + "IdleRuntimeSessionTimeout": 60, + "MaxLifetime": 28800 + }, "NetworkConfiguration": { "NetworkMode": "PUBLIC" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/manifest.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/manifest.json index 9d321aef87c3f..5b62e4a2edf73 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0a8c5c25cfe8e1272b4bffcf46837c224b8d9a23013b6de06ef3d4db1116f8d3.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bcde386892b4bb6865aaafdfa20dabe95fc18dcce629b653b5183caa5eabf782.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -320,6 +320,7 @@ "module": "aws-cdk-lib", "flags": { "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "userValue": true, "recommendedValue": true, "explanation": "Pass signingProfileName to CfnSigningProfile" }, @@ -338,6 +339,7 @@ } }, "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "userValue": true, "recommendedValue": true, "explanation": "Disable implicit openListener when custom security groups are provided" }, @@ -449,7 +451,7 @@ "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { "userValue": true, "recommendedValue": true, - "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." }, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { "userValue": true, @@ -789,6 +791,10 @@ "recommendedValue": true, "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { "recommendedValue": true, "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", @@ -804,5 +810,5 @@ } } }, - "minimumCliVersion": "2.1027.0" + "minimumCliVersion": "2.1031.2" } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/tree.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/tree.json index d1a49349c7a8b..97e2cedd007a9 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-custom-role.js.snapshot/tree.json @@ -1 +1 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-runtime-with-custom-role":{"id":"aws-cdk-bedrock-agentcore-runtime-with-custom-role","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"ExecutionRoleDefaultPolicyA5B92313","roles":[{"Ref":"ExecutionRole605A040B"}]}}}}}}},"TestRuntime":{"id":"TestRuntime","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Sub":"${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"}}},"agentRuntimeName":"integ_test_runtime","networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::GetAtt":["ExecutionRole605A040B","Arn"]}}}},"AgentRuntimeArtifactcd827e16ec3ca16deb7c41e16784a73e":{"id":"AgentRuntimeArtifactcd827e16ec3ca16deb7c41e16784a73e","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime/AgentRuntimeArtifactcd827e16ec3ca16deb7c41e16784a73e","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime/AgentRuntimeArtifactcd827e16ec3ca16deb7c41e16784a73e/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime/AgentRuntimeArtifactcd827e16ec3ca16deb7c41e16784a73e/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeWithCustomRole":{"id":"BedrockAgentCoreRuntimeWithCustomRole","path":"BedrockAgentCoreRuntimeWithCustomRole","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-runtime-with-custom-role":{"id":"aws-cdk-bedrock-agentcore-runtime-with-custom-role","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"ExecutionRoleDefaultPolicyA5B92313","roles":[{"Ref":"ExecutionRole605A040B"}]}}}}}}},"TestRuntime":{"id":"TestRuntime","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.Runtime","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Sub":"${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"}}},"agentRuntimeName":"integ_test_runtime","lifecycleConfiguration":{"idleRuntimeSessionTimeout":60,"maxLifetime":28800},"networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::GetAtt":["ExecutionRole605A040B","Arn"]}}}},"AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f":{"id":"AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-with-custom-role/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeWithCustomRole":{"id":"BedrockAgentCoreRuntimeWithCustomRole","path":"BedrockAgentCoreRuntimeWithCustomRole","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeWithCustomRole/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-imported-role.assets.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-imported-role.assets.json index 162fc1c4c5e5a..b2e6bec051b71 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-imported-role.assets.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-imported-role.assets.json @@ -1,16 +1,16 @@ { "version": "48.0.0", "files": { - "770961f562ff5742804f73767c41668d7e0d5961496deb17c26347c4c9ed36d0": { + "424f377ad79d574ef33e29e78931358d7cf196af33cd135ba165b6f3f5626fb5": { "displayName": "aws-cdk-bedrock-agentcore-runtime-with-imported-role Template", "source": { "path": "aws-cdk-bedrock-agentcore-runtime-with-imported-role.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region-1f62b009": { + "current_account-current_region-559e578e": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "770961f562ff5742804f73767c41668d7e0d5961496deb17c26347c4c9ed36d0.json", + "objectKey": "424f377ad79d574ef33e29e78931358d7cf196af33cd135ba165b6f3f5626fb5.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-imported-role.template.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-imported-role.template.json index a1afc15911be5..e0618b4ad87be 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-imported-role.template.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/aws-cdk-bedrock-agentcore-runtime-with-imported-role.template.json @@ -267,6 +267,10 @@ } }, "AgentRuntimeName": "integ_test_runtime", + "LifecycleConfiguration": { + "IdleRuntimeSessionTimeout": 60, + "MaxLifetime": 28800 + }, "NetworkConfiguration": { "NetworkMode": "PUBLIC" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/manifest.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/manifest.json index 986f612048eac..ce3f0540b5828 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/manifest.json @@ -171,7 +171,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/770961f562ff5742804f73767c41668d7e0d5961496deb17c26347c4c9ed36d0.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/424f377ad79d574ef33e29e78931358d7cf196af33cd135ba165b6f3f5626fb5.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -443,6 +443,7 @@ "module": "aws-cdk-lib", "flags": { "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "userValue": true, "recommendedValue": true, "explanation": "Pass signingProfileName to CfnSigningProfile" }, @@ -461,6 +462,7 @@ } }, "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "userValue": true, "recommendedValue": true, "explanation": "Disable implicit openListener when custom security groups are provided" }, @@ -572,7 +574,7 @@ "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { "userValue": true, "recommendedValue": true, - "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." }, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { "userValue": true, @@ -912,6 +914,10 @@ "recommendedValue": true, "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { "recommendedValue": true, "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", @@ -927,5 +933,5 @@ } } }, - "minimumCliVersion": "2.1027.0" + "minimumCliVersion": "2.1031.2" } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/tree.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/tree.json index 0f0f0717f4309..ef7273d42a8ad 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime-with-imported-role.js.snapshot/tree.json @@ -1 +1 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"pre-stack":{"id":"pre-stack","path":"pre-stack","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"pre-stack/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"pre-stack/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"pre-stack/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"pre-stack/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"pre-stack/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"ExecutionRoleDefaultPolicyA5B92313","roles":[{"Ref":"ExecutionRole605A040B"}]}}}}}}},"TestAsset":{"id":"TestAsset","path":"pre-stack/TestAsset","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"pre-stack/TestAsset/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"pre-stack/TestAsset/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}},"Exports":{"id":"Exports","path":"pre-stack/Exports","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"},"children":{"Output{\"Fn::GetAtt\":[\"ExecutionRole605A040B\",\"Arn\"]}":{"id":"Output{\"Fn::GetAtt\":[\"ExecutionRole605A040B\",\"Arn\"]}","path":"pre-stack/Exports/Output{\"Fn::GetAtt\":[\"ExecutionRole605A040B\",\"Arn\"]}","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"pre-stack/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"pre-stack/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"aws-cdk-bedrock-agentcore-runtime-with-imported-role":{"id":"aws-cdk-bedrock-agentcore-runtime-with-imported-role","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ImportedRole":{"id":"ImportedRole","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/ImportedRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*","*","*","*","*","*","*","*","*","*","*","*","*"]},"children":{"PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7":{"id":"PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/ImportedRole/PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":[{"policyName":"*"},{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/ImportedRole/PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":"s3:GetObject","Effect":"Allow","Resource":"arn:aws:s3:::my-bucket/my-object"},{"Action":"dynamodb:Query","Effect":"Allow","Resource":"arn:aws:dynamodb:us-east-1:123456789012:table/my-table"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7","roles":[{"Fn::Select":[1,{"Fn::Split":["/",{"Fn::Select":[5,{"Fn::Split":[":",{"Fn::ImportValue":"pre-stack:ExportsOutputFnGetAttExecutionRole605A040BArnA891DEDE"}]}]}]}]}]}}}}}}},"TestRuntime":{"id":"TestRuntime","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/TestRuntime","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/TestRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Join":["",[{"Ref":"AWS::AccountId"},".dkr.ecr.",{"Ref":"AWS::Region"},".",{"Ref":"AWS::URLSuffix"},"/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"},":f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"]]}}},"agentRuntimeName":"integ_test_runtime","networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::ImportValue":"pre-stack:ExportsOutputFnGetAttExecutionRole605A040BArnA891DEDE"}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeWithImportedRole":{"id":"BedrockAgentCoreRuntimeWithImportedRole","path":"BedrockAgentCoreRuntimeWithImportedRole","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"pre-stack":{"id":"pre-stack","path":"pre-stack","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"pre-stack/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"pre-stack/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"pre-stack/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"pre-stack/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"pre-stack/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"ExecutionRoleDefaultPolicyA5B92313","roles":[{"Ref":"ExecutionRole605A040B"}]}}}}}}},"TestAsset":{"id":"TestAsset","path":"pre-stack/TestAsset","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"pre-stack/TestAsset/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"pre-stack/TestAsset/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}},"Exports":{"id":"Exports","path":"pre-stack/Exports","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"},"children":{"Output{\"Fn::GetAtt\":[\"ExecutionRole605A040B\",\"Arn\"]}":{"id":"Output{\"Fn::GetAtt\":[\"ExecutionRole605A040B\",\"Arn\"]}","path":"pre-stack/Exports/Output{\"Fn::GetAtt\":[\"ExecutionRole605A040B\",\"Arn\"]}","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"pre-stack/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"pre-stack/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"aws-cdk-bedrock-agentcore-runtime-with-imported-role":{"id":"aws-cdk-bedrock-agentcore-runtime-with-imported-role","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"ImportedRole":{"id":"ImportedRole","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/ImportedRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*","*","*","*","*","*","*","*","*","*","*","*","*"]},"children":{"PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7":{"id":"PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/ImportedRole/PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":[{"policyName":"*"},{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/ImportedRole/PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":"s3:GetObject","Effect":"Allow","Resource":"arn:aws:s3:::my-bucket/my-object"},{"Action":"dynamodb:Query","Effect":"Allow","Resource":"arn:aws:dynamodb:us-east-1:123456789012:table/my-table"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"PolicyawscdkbedrockagentcoreruntimewithimportedroleImportedRole261507D7","roles":[{"Fn::Select":[1,{"Fn::Split":["/",{"Fn::Select":[5,{"Fn::Split":[":",{"Fn::ImportValue":"pre-stack:ExportsOutputFnGetAttExecutionRole605A040BArnA891DEDE"}]}]}]}]}]}}}}}}},"TestRuntime":{"id":"TestRuntime","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/TestRuntime","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.Runtime","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/TestRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Join":["",[{"Ref":"AWS::AccountId"},".dkr.ecr.",{"Ref":"AWS::Region"},".",{"Ref":"AWS::URLSuffix"},"/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"},":f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"]]}}},"agentRuntimeName":"integ_test_runtime","lifecycleConfiguration":{"idleRuntimeSessionTimeout":60,"maxLifetime":28800},"networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::ImportValue":"pre-stack:ExportsOutputFnGetAttExecutionRole605A040BArnA891DEDE"}}}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime-with-imported-role/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeWithImportedRole":{"id":"BedrockAgentCoreRuntimeWithImportedRole","path":"BedrockAgentCoreRuntimeWithImportedRole","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeWithImportedRole/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/aws-cdk-bedrock-agentcore-runtime.assets.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/aws-cdk-bedrock-agentcore-runtime.assets.json index 3ce61de728c28..06341f96eadd5 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/aws-cdk-bedrock-agentcore-runtime.assets.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/aws-cdk-bedrock-agentcore-runtime.assets.json @@ -1,16 +1,16 @@ { "version": "48.0.0", "files": { - "25c0844815d9185ada1de544591f34b73d9914af0cf49acfc4cca77e2ed64e1b": { + "008eb50b72025e8f4132283a463edb475936194d2bd2cd8d6fb4b55109a263a1": { "displayName": "aws-cdk-bedrock-agentcore-runtime Template", "source": { "path": "aws-cdk-bedrock-agentcore-runtime.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region-2eb67642": { + "current_account-current_region-5e906448": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "25c0844815d9185ada1de544591f34b73d9914af0cf49acfc4cca77e2ed64e1b.json", + "objectKey": "008eb50b72025e8f4132283a463edb475936194d2bd2cd8d6fb4b55109a263a1.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -18,7 +18,7 @@ }, "dockerImages": { "f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240": { - "displayName": "TestRuntime/AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548", + "displayName": "TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f", "source": { "directory": "asset.f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/aws-cdk-bedrock-agentcore-runtime.template.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/aws-cdk-bedrock-agentcore-runtime.template.json index ac437603e8616..c716731ef9d9a 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/aws-cdk-bedrock-agentcore-runtime.template.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/aws-cdk-bedrock-agentcore-runtime.template.json @@ -241,6 +241,10 @@ "TEST_ENV": "integration", "LOG_LEVEL": "INFO" }, + "LifecycleConfiguration": { + "IdleRuntimeSessionTimeout": 60, + "MaxLifetime": 28800 + }, "NetworkConfiguration": { "NetworkMode": "PUBLIC" }, diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/manifest.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/manifest.json index 14e8cfcf504a4..73cbf0f0a233a 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/25c0844815d9185ada1de544591f34b73d9914af0cf49acfc4cca77e2ed64e1b.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/008eb50b72025e8f4132283a463edb475936194d2bd2cd8d6fb4b55109a263a1.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -56,14 +56,6 @@ "maxSessionDuration": "*" } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -88,14 +80,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -104,14 +88,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -120,14 +96,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -136,14 +104,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -152,14 +112,6 @@ ] } }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addToPolicy": [ - {} - ] - } - }, { "type": "aws:cdk:analytics:method", "data": { @@ -436,6 +388,7 @@ "module": "aws-cdk-lib", "flags": { "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "userValue": true, "recommendedValue": true, "explanation": "Pass signingProfileName to CfnSigningProfile" }, @@ -454,6 +407,7 @@ } }, "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "userValue": true, "recommendedValue": true, "explanation": "Disable implicit openListener when custom security groups are provided" }, @@ -565,7 +519,7 @@ "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { "userValue": true, "recommendedValue": true, - "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." }, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { "userValue": true, @@ -904,10 +858,25 @@ "userValue": true, "recommendedValue": true, "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" + }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, + "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { + "recommendedValue": true, + "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" } } } } }, - "minimumCliVersion": "2.1027.0" + "minimumCliVersion": "2.1031.2" } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/tree.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/tree.json index 9b2070fc3e8a0..cc166247822cc 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/integ.runtime.js.snapshot/tree.json @@ -1 +1 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-runtime":{"id":"aws-cdk-bedrock-agentcore-runtime","path":"aws-cdk-bedrock-agentcore-runtime","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"TestRuntime":{"id":"TestRuntime","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.Runtime","version":"0.0.0","metadata":["*"]},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"description":"*","maxSessionDuration":"*"},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"},"description":"Execution role for Bedrock Agent Core Runtime","maxSessionDuration":28800}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"TestRuntimeExecutionRoleDefaultPolicyC7A978D3","roles":[{"Ref":"TestRuntimeExecutionRoleF819113E"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Sub":"${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"}}},"agentRuntimeName":"integ_test_runtime","tags":{"Environment":"Integration","TestType":"CDK"},"description":"Integration test runtime for BedrockAgentCore","environmentVariables":{"TEST_ENV":"integration","LOG_LEVEL":"INFO"},"networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::GetAtt":["TestRuntimeExecutionRoleF819113E","Arn"]}}}},"AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548":{"id":"AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/AgentRuntimeArtifact57925e7ddb91ee239b55009d714f9548/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}}}},"BasicEndpoint":{"id":"BasicEndpoint","path":"aws-cdk-bedrock-agentcore-runtime/BasicEndpoint","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.RuntimeEndpoint","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/BasicEndpoint/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntimeEndpoint","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::RuntimeEndpoint","aws:cdk:cloudformation:props":{"agentRuntimeId":{"Fn::GetAtt":["TestRuntime65042BB5","AgentRuntimeId"]},"agentRuntimeVersion":"1","description":"Basic endpoint for testing","name":"basic_endpoint"}}}}},"TaggedEndpoint":{"id":"TaggedEndpoint","path":"aws-cdk-bedrock-agentcore-runtime/TaggedEndpoint","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.RuntimeEndpoint","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/TaggedEndpoint/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntimeEndpoint","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::RuntimeEndpoint","aws:cdk:cloudformation:props":{"agentRuntimeId":{"Fn::GetAtt":["TestRuntime65042BB5","AgentRuntimeId"]},"agentRuntimeVersion":"1","tags":{"EndpointType":"Tagged","Version":"v1"},"description":"Endpoint with tags","name":"tagged_endpoint"}}}}},"V2Endpoint":{"id":"V2Endpoint","path":"aws-cdk-bedrock-agentcore-runtime/V2Endpoint","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.RuntimeEndpoint","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/V2Endpoint/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntimeEndpoint","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::RuntimeEndpoint","aws:cdk:cloudformation:props":{"agentRuntimeId":{"Fn::GetAtt":["TestRuntime65042BB5","AgentRuntimeId"]},"agentRuntimeVersion":"2","description":"Version 2 endpoint","name":"v2_endpoint"}}}}},"RuntimeId":{"id":"RuntimeId","path":"aws-cdk-bedrock-agentcore-runtime/RuntimeId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"RuntimeArn":{"id":"RuntimeArn","path":"aws-cdk-bedrock-agentcore-runtime/RuntimeArn","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"BasicEndpointId":{"id":"BasicEndpointId","path":"aws-cdk-bedrock-agentcore-runtime/BasicEndpointId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"TaggedEndpointId":{"id":"TaggedEndpointId","path":"aws-cdk-bedrock-agentcore-runtime/TaggedEndpointId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"V2EndpointId":{"id":"V2EndpointId","path":"aws-cdk-bedrock-agentcore-runtime/V2EndpointId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeTest":{"id":"BedrockAgentCoreRuntimeTest","path":"BedrockAgentCoreRuntimeTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-runtime":{"id":"aws-cdk-bedrock-agentcore-runtime","path":"aws-cdk-bedrock-agentcore-runtime","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"TestRuntime":{"id":"TestRuntime","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.Runtime","version":"0.0.0","metadata":["*"]},"children":{"ExecutionRole":{"id":"ExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"description":"*","maxSessionDuration":"*"},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportExecutionRole":{"id":"ImportExecutionRole","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole/ImportExecutionRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"},"description":"Execution role for Bedrock Agent Core Runtime","maxSessionDuration":28800}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/ExecutionRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:CreateLogGroup","logs:DescribeLogStreams"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*"]]},"Sid":"LogGroupAccess"},{"Action":"logs:DescribeLogGroups","Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:*"]]},"Sid":"DescribeLogGroups"},{"Action":["logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/bedrock-agentcore/runtimes/*:log-stream:*"]]},"Sid":"LogStreamAccess"},{"Action":["xray:GetSamplingRules","xray:GetSamplingTargets","xray:PutTelemetryRecords","xray:PutTraceSegments"],"Effect":"Allow","Resource":"*","Sid":"XRayAccess"},{"Action":"cloudwatch:PutMetricData","Condition":{"StringEquals":{"cloudwatch:namespace":"bedrock-agentcore"}},"Effect":"Allow","Resource":"*","Sid":"CloudWatchMetrics"},{"Action":["bedrock-agentcore:GetWorkloadAccessToken","bedrock-agentcore:GetWorkloadAccessTokenForJWT","bedrock-agentcore:GetWorkloadAccessTokenForUserId"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":bedrock-agentcore:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":workload-identity-directory/default/workload-identity/*"]]}],"Sid":"GetAgentAccessToken"},{"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer"],"Effect":"Allow","Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":ecr:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":repository/",{"Fn::Sub":"cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}"}]]}},{"Action":"ecr:GetAuthorizationToken","Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"TestRuntimeExecutionRoleDefaultPolicyC7A978D3","roles":[{"Ref":"TestRuntimeExecutionRoleF819113E"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntime","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::Runtime","aws:cdk:cloudformation:props":{"agentRuntimeArtifact":{"containerConfiguration":{"containerUri":{"Fn::Sub":"${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:f06c9f54828243752afd2df4e39ab9d2987b5ccf44e6bdc05621c18d5488f240"}}},"agentRuntimeName":"integ_test_runtime","tags":{"Environment":"Integration","TestType":"CDK"},"description":"Integration test runtime for BedrockAgentCore","environmentVariables":{"TEST_ENV":"integration","LOG_LEVEL":"INFO"},"lifecycleConfiguration":{"idleRuntimeSessionTimeout":60,"maxLifetime":28800},"networkConfiguration":{"networkMode":"PUBLIC"},"protocolConfiguration":"HTTP","roleArn":{"Fn::GetAtt":["TestRuntimeExecutionRoleF819113E","Arn"]}}}},"AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f":{"id":"AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr_assets.DockerImageAsset","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Repository":{"id":"Repository","path":"aws-cdk-bedrock-agentcore-runtime/TestRuntime/AgentRuntimeArtifactf7fe664d1c8cde42a00e2487074af30f/Repository","constructInfo":{"fqn":"aws-cdk-lib.aws_ecr.RepositoryBase","version":"0.0.0","metadata":[]}}}}}},"BasicEndpoint":{"id":"BasicEndpoint","path":"aws-cdk-bedrock-agentcore-runtime/BasicEndpoint","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.RuntimeEndpoint","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/BasicEndpoint/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntimeEndpoint","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::RuntimeEndpoint","aws:cdk:cloudformation:props":{"agentRuntimeId":{"Fn::GetAtt":["TestRuntime65042BB5","AgentRuntimeId"]},"agentRuntimeVersion":"1","description":"Basic endpoint for testing","name":"basic_endpoint"}}}}},"TaggedEndpoint":{"id":"TaggedEndpoint","path":"aws-cdk-bedrock-agentcore-runtime/TaggedEndpoint","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.RuntimeEndpoint","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/TaggedEndpoint/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntimeEndpoint","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::RuntimeEndpoint","aws:cdk:cloudformation:props":{"agentRuntimeId":{"Fn::GetAtt":["TestRuntime65042BB5","AgentRuntimeId"]},"agentRuntimeVersion":"1","tags":{"EndpointType":"Tagged","Version":"v1"},"description":"Endpoint with tags","name":"tagged_endpoint"}}}}},"V2Endpoint":{"id":"V2Endpoint","path":"aws-cdk-bedrock-agentcore-runtime/V2Endpoint","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.RuntimeEndpoint","version":"0.0.0","metadata":["*"]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-runtime/V2Endpoint/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnRuntimeEndpoint","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::RuntimeEndpoint","aws:cdk:cloudformation:props":{"agentRuntimeId":{"Fn::GetAtt":["TestRuntime65042BB5","AgentRuntimeId"]},"agentRuntimeVersion":"2","description":"Version 2 endpoint","name":"v2_endpoint"}}}}},"RuntimeId":{"id":"RuntimeId","path":"aws-cdk-bedrock-agentcore-runtime/RuntimeId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"RuntimeArn":{"id":"RuntimeArn","path":"aws-cdk-bedrock-agentcore-runtime/RuntimeArn","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"BasicEndpointId":{"id":"BasicEndpointId","path":"aws-cdk-bedrock-agentcore-runtime/BasicEndpointId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"TaggedEndpointId":{"id":"TaggedEndpointId","path":"aws-cdk-bedrock-agentcore-runtime/TaggedEndpointId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"V2EndpointId":{"id":"V2EndpointId","path":"aws-cdk-bedrock-agentcore-runtime/V2EndpointId","constructInfo":{"fqn":"aws-cdk-lib.CfnOutput","version":"0.0.0"}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-runtime/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreRuntimeTest":{"id":"BedrockAgentCoreRuntimeTest","path":"BedrockAgentCoreRuntimeTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreRuntimeTest/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreRuntimeTest/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreRuntimeTest/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreRuntimeTest/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreRuntimeTest/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/runtime.test.ts b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/runtime.test.ts index ead1c4e911073..e9269da230973 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/runtime.test.ts +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/runtime/runtime.test.ts @@ -1,14 +1,16 @@ import * as path from 'path'; import * as cdk from 'aws-cdk-lib'; +import { Duration } from 'aws-cdk-lib'; import { Annotations, Template, Match } from 'aws-cdk-lib/assertions'; import * as cognito from 'aws-cdk-lib/aws-cognito'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as ecr from 'aws-cdk-lib/aws-ecr'; import * as iam from 'aws-cdk-lib/aws-iam'; +import * as s3 from 'aws-cdk-lib/aws-s3'; import { Runtime } from '../../../agentcore/runtime/runtime'; import { RuntimeEndpoint } from '../../../agentcore/runtime/runtime-endpoint'; -import { AgentRuntimeArtifact } from '../../../agentcore/runtime/runtime-artifact'; +import { AgentCoreRuntime, AgentRuntimeArtifact } from '../../../agentcore/runtime/runtime-artifact'; import { RuntimeAuthorizerConfiguration } from '../../../agentcore/runtime/runtime-authorizer-configuration'; import { RuntimeNetworkConfiguration } from '../../../agentcore/network/network-configuration'; import { @@ -1697,6 +1699,532 @@ describe('Runtime role validation tests', () => { }); }); +describe('Runtime lifecycle configuration tests', () => { + let app: cdk.App; + let stack: cdk.Stack; + let repository: ecr.Repository; + let agentRuntimeArtifact: AgentRuntimeArtifact; + + beforeEach(() => { + app = new cdk.App(); + stack = new cdk.Stack(app, 'test-stack', { + env: { + account: '123456789012', + region: 'us-east-1', + }, + }); + + repository = new ecr.Repository(stack, 'TestRepository', { + repositoryName: 'test-agent-runtime', + }); + agentRuntimeArtifact = AgentRuntimeArtifact.fromEcrRepository(repository, 'v1.0.0'); + }); + + test('Should use default lifecycle configuration when not specified', () => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + LifecycleConfiguration: { + IdleRuntimeSessionTimeout: 60, + MaxLifetime: 28800, + }, + }); + }); + + test('Should set custom lifecycle configuration', () => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + lifecycleConfiguration: { + idleRuntimeSessionTimeout: Duration.minutes(10), + maxLifetime: Duration.hours(4), + }, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + LifecycleConfiguration: { + IdleRuntimeSessionTimeout: 600, + MaxLifetime: 14400, + }, + }); + }); + + test('Should set only idleRuntimeSessionTimeout', () => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + lifecycleConfiguration: { + idleRuntimeSessionTimeout: Duration.minutes(15), + }, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + LifecycleConfiguration: { + IdleRuntimeSessionTimeout: 900, + MaxLifetime: 28800, + }, + }); + }); + + test('Should set only maxLifetime', () => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + lifecycleConfiguration: { + maxLifetime: Duration.hours(6), + }, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + LifecycleConfiguration: { + IdleRuntimeSessionTimeout: 60, + MaxLifetime: 21600, + }, + }); + }); + + test('Should throw error for idleRuntimeSessionTimeout below minimum', () => { + expect(() => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + lifecycleConfiguration: { + idleRuntimeSessionTimeout: Duration.seconds(30), + }, + }); + }).toThrow(/Idle runtime session timeout must be between 60 seconds and 28800 seconds/); + }); + + test('Should throw error for idleRuntimeSessionTimeout above maximum', () => { + expect(() => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + lifecycleConfiguration: { + idleRuntimeSessionTimeout: Duration.hours(9), + }, + }); + }).toThrow(/Idle runtime session timeout must be between 60 seconds and 28800 seconds/); + }); + + test('Should throw error for maxLifetime below minimum', () => { + expect(() => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + lifecycleConfiguration: { + maxLifetime: Duration.seconds(30), + }, + }); + }).toThrow(/Maximum lifetime must be between 60 seconds and 28800 seconds/); + }); +}); + +describe('Runtime request header configuration tests', () => { + let app: cdk.App; + let stack: cdk.Stack; + let repository: ecr.Repository; + let agentRuntimeArtifact: AgentRuntimeArtifact; + + beforeEach(() => { + app = new cdk.App(); + stack = new cdk.Stack(app, 'test-stack', { + env: { + account: '123456789012', + region: 'us-east-1', + }, + }); + + repository = new ecr.Repository(stack, 'TestRepository', { + repositoryName: 'test-agent-runtime', + }); + agentRuntimeArtifact = AgentRuntimeArtifact.fromEcrRepository(repository, 'v1.0.0'); + }); + + test('Should not include request header configuration when not specified', () => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + }); + + app.synth(); + const template = Template.fromStack(stack); + + const runtimeResource = template.findResources('AWS::BedrockAgentCore::Runtime'); + const resourceId = Object.keys(runtimeResource)[0]; + const resource = runtimeResource[resourceId]; + + expect(resource.Properties).not.toHaveProperty('RequestHeaderConfiguration'); + }); + + test('Should set request header configuration with allowList', () => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: ['Authorization', 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header1'], + }, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + RequestHeaderConfiguration: { + RequestHeaderAllowlist: ['Authorization', 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header1'], + }, + }); + }); + + test('Should set request header configuration with single header', () => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: ['Authorization'], + }, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + RequestHeaderConfiguration: { + RequestHeaderAllowlist: ['Authorization'], + }, + }); + }); + + test('Should set request header configuration with multiple custom headers', () => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: [ + 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header1', + 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header2', + 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header3', + ], + }, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + RequestHeaderConfiguration: { + RequestHeaderAllowlist: [ + 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header1', + 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header2', + 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header3', + ], + }, + }); + }); + + test('Should throw error for empty allowList', () => { + expect(() => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: [], + }, + }); + }).toThrow(/Request header allow list contain between 1 and 20 headers/); + }); + + test('Should throw error for allowList exceeding 20 headers', () => { + const longList = Array.from({ length: 21 }, (_, i) => `X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header${i + 1}`); + expect(() => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: longList, + }, + }); + }).toThrow(/Request header allow list contain between 1 and 20 headers/); + }); + + test('Should throw error for invalid header pattern', () => { + expect(() => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: ['Invalid-Header@Name'], + }, + }); + }).toThrow(/Request header must contain only letters, numbers, and hyphens/); + }); + + test('Should throw error for empty header name', () => { + expect(() => { + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: [''], + }, + }); + }).toThrow(/The field Request header is 0 characters long but must be at least 1 characters/); + }); +}); + +describe('Runtime fromS3 artifact loading tests', () => { + let app: cdk.App; + let stack: cdk.Stack; + let bucket: s3.Bucket; + + beforeEach(() => { + app = new cdk.App(); + stack = new cdk.Stack(app, 'test-stack', { + env: { + account: '123456789012', + region: 'us-east-1', + }, + }); + + bucket = new s3.Bucket(stack, 'CodeBucket', { + bucketName: 'test-runtime-code-bucket', + removalPolicy: cdk.RemovalPolicy.DESTROY, + }); + }); + + test('Should create runtime with fromS3 artifact', () => { + const agentRuntimeArtifact = AgentRuntimeArtifact.fromS3( + { + bucketName: bucket.bucketName, + objectKey: 'runtime-code.zip', + }, + AgentCoreRuntime.PYTHON_3_10, + ['main.handler'], + ); + + const runtime = new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + }); + + expect(runtime.agentRuntimeArtifact).toBe(agentRuntimeArtifact); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + AgentRuntimeArtifact: { + CodeConfiguration: { + Code: { + S3: { + Bucket: { + Ref: Match.stringLikeRegexp('CodeBucket.*'), + }, + Prefix: 'runtime-code.zip', + }, + }, + Runtime: 'PYTHON_3_10', + EntryPoint: ['main.handler'], + }, + }, + }); + }); + + test('Should create runtime with fromS3 artifact with object version', () => { + const agentRuntimeArtifact = AgentRuntimeArtifact.fromS3( + { + bucketName: bucket.bucketName, + objectKey: 'runtime-code.zip', + objectVersion: 'version123', + }, + AgentCoreRuntime.PYTHON_3_10, + ['index.handler'], + ); + + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + AgentRuntimeArtifact: { + CodeConfiguration: { + Code: { + S3: { + Bucket: { + Ref: Match.stringLikeRegexp('CodeBucket.*'), + }, + Prefix: 'runtime-code.zip', + VersionId: 'version123', + }, + }, + Runtime: 'PYTHON_3_10', + EntryPoint: ['index.handler'], + }, + }, + }); + }); + + test('Should grant S3 permissions to execution role when using fromS3 artifact', () => { + const agentRuntimeArtifact = AgentRuntimeArtifact.fromS3( + { + bucketName: bucket.bucketName, + objectKey: 'runtime-code.zip', + }, + AgentCoreRuntime.PYTHON_3_10, + ['main.handler'], + ); + + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + }); + + app.synth(); + const template = Template.fromStack(stack); + + // Check that the execution role has S3 permissions + // grantReadWrite grants multiple S3 actions, so we check for at least one S3 action + const policies = template.findResources('AWS::IAM::Policy'); + const hasS3Permissions = Object.values(policies).some((policy: any) => { + const statements = policy.Properties?.PolicyDocument?.Statement || []; + return statements.some((stmt: any) => { + const actions = Array.isArray(stmt.Action) ? stmt.Action : [stmt.Action]; + return actions.some((action: string) => action.startsWith('s3:')); + }); + }); + expect(hasS3Permissions).toBe(true); + }); + + test('Should work with fromS3 artifact and lifecycle configuration', () => { + const agentRuntimeArtifact = AgentRuntimeArtifact.fromS3( + { + bucketName: bucket.bucketName, + objectKey: 'runtime-code.zip', + }, + AgentCoreRuntime.PYTHON_3_10, + ['main.handler'], + ); + + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + lifecycleConfiguration: { + idleRuntimeSessionTimeout: Duration.minutes(15), + maxLifetime: Duration.hours(4), + }, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + AgentRuntimeArtifact: { + CodeConfiguration: { + Code: { + S3: Match.anyValue(), + }, + Runtime: 'PYTHON_3_10', + EntryPoint: ['main.handler'], + }, + }, + LifecycleConfiguration: { + IdleRuntimeSessionTimeout: 900, + MaxLifetime: 14400, + }, + }); + }); + + test('Should work with fromS3 artifact and request header configuration', () => { + const agentRuntimeArtifact = AgentRuntimeArtifact.fromS3( + { + bucketName: bucket.bucketName, + objectKey: 'runtime-code.zip', + }, + AgentCoreRuntime.PYTHON_3_10, + ['main.handler'], + ); + + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + requestHeaderConfiguration: { + allowlistedHeaders: ['Authorization', 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header1'], + }, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + AgentRuntimeArtifact: { + CodeConfiguration: { + Code: { + S3: Match.anyValue(), + }, + Runtime: 'PYTHON_3_10', + EntryPoint: ['main.handler'], + }, + }, + RequestHeaderConfiguration: { + RequestHeaderAllowlist: ['Authorization', 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Header1'], + }, + }); + }); + + test('Should work with fromS3 artifact using string bucket name', () => { + const agentRuntimeArtifact = AgentRuntimeArtifact.fromS3( + { + bucketName: 'my-custom-bucket', + objectKey: 'runtime-code.zip', + }, + AgentCoreRuntime.PYTHON_3_10, + ['com.example.Handler::handleRequest'], + ); + + new Runtime(stack, 'test-runtime', { + runtimeName: 'test_runtime', + agentRuntimeArtifact: agentRuntimeArtifact, + }); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::Runtime', { + AgentRuntimeArtifact: { + CodeConfiguration: { + Code: { + S3: { + Bucket: 'my-custom-bucket', + Prefix: 'runtime-code.zip', + }, + }, + Runtime: 'PYTHON_3_10', + EntryPoint: ['com.example.Handler::handleRequest'], + }, + }, + }); + }); +}); + const logGroupPolicyStatement = { Sid: 'LogGroupAccess', Action: ['logs:DescribeLogStreams', 'logs:CreateLogGroup'], diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/browser.test.ts b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/browser.test.ts index b78fa0ad9b92e..dcae974098f57 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/browser.test.ts +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/browser.test.ts @@ -4,7 +4,7 @@ import { Template, Match } from 'aws-cdk-lib/assertions'; import * as iam from 'aws-cdk-lib/aws-iam'; import * as s3 from 'aws-cdk-lib/aws-s3'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; -import { BrowserCustom } from '../../../agentcore/tools/browser'; +import { BrowserCustom, BrowserSigning } from '../../../agentcore/tools/browser'; import { BrowserNetworkConfiguration } from '../../../agentcore/network/network-configuration'; describe('BrowserCustom default tests', () => { @@ -56,6 +56,7 @@ describe('BrowserCustom default tests', () => { // The resource should have basic properties expect(resource.Properties).toHaveProperty('Name'); expect(resource.Properties).toHaveProperty('NetworkConfiguration'); + expect(resource.Properties).toHaveProperty('BrowserSigning'); // Tags property handling - the important thing is that the construct works // The addPropertyOverride may or may not be visible in the template depending on CDK version @@ -1360,3 +1361,221 @@ describe('BrowserCustom recording configuration with S3 location tests', () => { expect(takeOverDurationMetric).toBeDefined(); }); }); + +describe('BrowserCustom browser signing configuration tests', () => { + let app: cdk.App; + let stack: cdk.Stack; + + beforeEach(() => { + app = new cdk.App(); + stack = new cdk.Stack(app, 'test-stack', { + env: { + account: '123456789012', + region: 'us-east-1', + }, + }); + }); + + test('Should default to DISABLED when browser signing is not specified', () => { + const browser = new BrowserCustom(stack, 'test-browser-default', { + browserCustomName: 'test_browser_default', + networkConfiguration: BrowserNetworkConfiguration.usingPublicNetwork(), + }); + + expect(browser.browserSigning).toBe(BrowserSigning.DISABLED); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::BrowserCustom', { + BrowserSigning: { + Enabled: false, + }, + }); + }); + + test('Should set browser signing to ENABLED when explicitly specified', () => { + const browser = new BrowserCustom(stack, 'test-browser-enabled', { + browserCustomName: 'test_browser_enabled', + networkConfiguration: BrowserNetworkConfiguration.usingPublicNetwork(), + browserSigning: BrowserSigning.ENABLED, + }); + + expect(browser.browserSigning).toBe(BrowserSigning.ENABLED); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::BrowserCustom', { + BrowserSigning: { + Enabled: true, + }, + }); + }); + + test('Should set browser signing to DISABLED when explicitly specified', () => { + const browser = new BrowserCustom(stack, 'test-browser-disabled', { + browserCustomName: 'test_browser_disabled', + networkConfiguration: BrowserNetworkConfiguration.usingPublicNetwork(), + browserSigning: BrowserSigning.DISABLED, + }); + + expect(browser.browserSigning).toBe(BrowserSigning.DISABLED); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::BrowserCustom', { + BrowserSigning: { + Enabled: false, + }, + }); + }); + + test('Should have BrowserSigning property in CloudFormation template when default', () => { + new BrowserCustom(stack, 'test-browser-default-signing', { + browserCustomName: 'test_browser_default_signing', + networkConfiguration: BrowserNetworkConfiguration.usingPublicNetwork(), + }); + + app.synth(); + const template = Template.fromStack(stack); + + const browserResource = template.findResources('AWS::BedrockAgentCore::BrowserCustom'); + const resourceId = Object.keys(browserResource)[0]; + const resource = browserResource[resourceId]; + + expect(resource.Properties).toHaveProperty('BrowserSigning'); + expect(resource.Properties.BrowserSigning).toEqual({ + Enabled: false, + }); + }); + + test('Should have BrowserSigning property with Enabled true when ENABLED', () => { + new BrowserCustom(stack, 'test-browser-enabled-signing', { + browserCustomName: 'test_browser_enabled_signing', + networkConfiguration: BrowserNetworkConfiguration.usingPublicNetwork(), + browserSigning: BrowserSigning.ENABLED, + }); + + app.synth(); + const template = Template.fromStack(stack); + + const browserResource = template.findResources('AWS::BedrockAgentCore::BrowserCustom'); + const resourceId = Object.keys(browserResource)[0]; + const resource = browserResource[resourceId]; + + expect(resource.Properties).toHaveProperty('BrowserSigning'); + expect(resource.Properties.BrowserSigning).toEqual({ + Enabled: true, + }); + }); + + test('Should have BrowserSigning property with Enabled false when DISABLED', () => { + new BrowserCustom(stack, 'test-browser-disabled-signing', { + browserCustomName: 'test_browser_disabled_signing', + networkConfiguration: BrowserNetworkConfiguration.usingPublicNetwork(), + browserSigning: BrowserSigning.DISABLED, + }); + + app.synth(); + const template = Template.fromStack(stack); + + const browserResource = template.findResources('AWS::BedrockAgentCore::BrowserCustom'); + const resourceId = Object.keys(browserResource)[0]; + const resource = browserResource[resourceId]; + + expect(resource.Properties).toHaveProperty('BrowserSigning'); + expect(resource.Properties.BrowserSigning).toEqual({ + Enabled: false, + }); + }); + + test('Should work with browser signing ENABLED and recording config', () => { + const recordingBucket = new s3.Bucket(stack, 'RecordingBucket', { + bucketName: 'test-browser-recordings', + removalPolicy: cdk.RemovalPolicy.DESTROY, + }); + + const browser = new BrowserCustom(stack, 'test-browser-signing-recording', { + browserCustomName: 'test_browser_signing_recording', + networkConfiguration: BrowserNetworkConfiguration.usingPublicNetwork(), + browserSigning: BrowserSigning.ENABLED, + recordingConfig: { + enabled: true, + s3Location: { + bucketName: recordingBucket.bucketName, + objectKey: 'recordings/', + }, + }, + }); + + expect(browser.browserSigning).toBe(BrowserSigning.ENABLED); + expect(browser.recordingConfig?.enabled).toBe(true); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::BrowserCustom', { + BrowserSigning: { + Enabled: true, + }, + RecordingConfig: { + Enabled: true, + }, + }); + }); + + test('Should work with browser signing DISABLED and VPC configuration', () => { + const vpc = new ec2.Vpc(stack, 'testVPC'); + + const browser = new BrowserCustom(stack, 'test-browser-signing-vpc', { + browserCustomName: 'test_browser_signing_vpc', + networkConfiguration: BrowserNetworkConfiguration.usingVpc(stack, { + vpc: vpc, + }), + browserSigning: BrowserSigning.DISABLED, + }); + + expect(browser.browserSigning).toBe(BrowserSigning.DISABLED); + expect(browser.networkConfiguration.networkMode).toBe('VPC'); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::BrowserCustom', { + BrowserSigning: { + Enabled: false, + }, + NetworkConfiguration: { + NetworkMode: 'VPC', + }, + }); + }); + + test('Should work with browser signing ENABLED and custom execution role', () => { + const customRole = new iam.Role(stack, 'CustomExecutionRole', { + assumedBy: new iam.ServicePrincipal('bedrock-agentcore.amazonaws.com'), + roleName: 'custom-browser-execution-role', + }); + + const browser = new BrowserCustom(stack, 'test-browser-signing-role', { + browserCustomName: 'test_browser_signing_role', + networkConfiguration: BrowserNetworkConfiguration.usingPublicNetwork(), + browserSigning: BrowserSigning.ENABLED, + executionRole: customRole, + }); + + expect(browser.browserSigning).toBe(BrowserSigning.ENABLED); + expect(browser.executionRole).toBe(customRole); + + app.synth(); + const template = Template.fromStack(stack); + + template.hasResourceProperties('AWS::BedrockAgentCore::BrowserCustom', { + BrowserSigning: { + Enabled: true, + }, + }); + }); +}); diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/aws-cdk-bedrock-agentcore-browser-1.assets.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/aws-cdk-bedrock-agentcore-browser-1.assets.json index da8a67137f3c5..40cc5ede7f938 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/aws-cdk-bedrock-agentcore-browser-1.assets.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/aws-cdk-bedrock-agentcore-browser-1.assets.json @@ -15,16 +15,16 @@ } } }, - "d73e37d75e7840f8a92ce819dc25df7c03976f5d179126ba91352466b65be448": { + "3fd2949696e191971a1e754fca51f4c59ed1879e24ffd4de12a8575aeed5637e": { "displayName": "aws-cdk-bedrock-agentcore-browser-1 Template", "source": { "path": "aws-cdk-bedrock-agentcore-browser-1.template.json", "packaging": "file" }, "destinations": { - "current_account-current_region-111b0b42": { + "current_account-current_region-23bdebb3": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d73e37d75e7840f8a92ce819dc25df7c03976f5d179126ba91352466b65be448.json", + "objectKey": "3fd2949696e191971a1e754fca51f4c59ed1879e24ffd4de12a8575aeed5637e.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/aws-cdk-bedrock-agentcore-browser-1.template.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/aws-cdk-bedrock-agentcore-browser-1.template.json index f171509f0b5c1..4df86145618ca 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/aws-cdk-bedrock-agentcore-browser-1.template.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/aws-cdk-bedrock-agentcore-browser-1.template.json @@ -20,6 +20,9 @@ "Browser5046F7C9": { "Type": "AWS::BedrockAgentCore::BrowserCustom", "Properties": { + "BrowserSigning": { + "Enabled": false + }, "ExecutionRoleArn": { "Fn::GetAtt": [ "BrowserServiceRoleE2CB4014", @@ -262,6 +265,9 @@ "BrowserWithRecordingEAD45E5F": { "Type": "AWS::BedrockAgentCore::BrowserCustom", "Properties": { + "BrowserSigning": { + "Enabled": true + }, "ExecutionRoleArn": { "Fn::GetAtt": [ "BrowserWithRecordingServiceRole6F12B29B", diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/manifest.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/manifest.json index e24cce7c8e65f..5fe8bb2787727 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d73e37d75e7840f8a92ce819dc25df7c03976f5d179126ba91352466b65be448.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3fd2949696e191971a1e754fca51f4c59ed1879e24ffd4de12a8575aeed5637e.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -299,6 +299,7 @@ "module": "aws-cdk-lib", "flags": { "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": { + "userValue": true, "recommendedValue": true, "explanation": "Pass signingProfileName to CfnSigningProfile" }, @@ -317,6 +318,7 @@ } }, "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": { + "userValue": true, "recommendedValue": true, "explanation": "Disable implicit openListener when custom security groups are provided" }, @@ -428,7 +430,7 @@ "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": { "userValue": true, "recommendedValue": true, - "explanation": "Enable this feature to by default create default policy names for imported roles that depend on the stack the role is in." + "explanation": "Enable this feature to create default policy names for imported roles that depend on the stack the role is in." }, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": { "userValue": true, @@ -768,6 +770,17 @@ "recommendedValue": true, "explanation": "When enabled, CDK creates and manages loggroup for the lambda function" }, + "@aws-cdk/aws-elasticloadbalancingv2:networkLoadBalancerWithSecurityGroupByDefault": { + "recommendedValue": true, + "explanation": "When enabled, Network Load Balancer will be created with a security group by default." + }, + "@aws-cdk/aws-stepfunctions-tasks:httpInvokeDynamicJsonPathEndpoint": { + "recommendedValue": true, + "explanation": "When enabled, allows using a dynamic apiEndpoint with JSONPath format in HttpInvoke tasks.", + "unconfiguredBehavesLike": { + "v2": true + } + }, "@aws-cdk/aws-ecs-patterns:uniqueTargetGroupId": { "recommendedValue": true, "explanation": "When enabled, ECS patterns will generate unique target group IDs to prevent conflicts during load balancer replacement" @@ -776,5 +789,5 @@ } } }, - "minimumCliVersion": "2.1027.0" + "minimumCliVersion": "2.1031.2" } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/tree.json b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/tree.json index e25b74355728c..4609142c09dfb 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.js.snapshot/tree.json @@ -1 +1 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-browser-1":{"id":"aws-cdk-bedrock-agentcore-browser-1","path":"aws-cdk-bedrock-agentcore-browser-1","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"Browser":{"id":"Browser","path":"aws-cdk-bedrock-agentcore-browser-1/Browser","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.BrowserCustom","version":"0.0.0","metadata":["*"]},"children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-bedrock-agentcore-browser-1/Browser/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-bedrock-agentcore-browser-1/Browser/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/Browser/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/Browser/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnBrowserCustom","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::BrowserCustom","aws:cdk:cloudformation:props":{"executionRoleArn":{"Fn::GetAtt":["BrowserServiceRoleE2CB4014","Arn"]},"name":"browser","networkConfiguration":{"networkMode":"PUBLIC"},"recordingConfig":{"enabled":false}}}}}},"RecordingBucket":{"id":"RecordingBucket","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"0.0.0","metadata":[{"bucketName":"*","removalPolicy":"destroy","autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketName":"test-browser-recordings","tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}]}}},"Policy":{"id":"Policy","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"0.0.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"RecordingBucket03AEF6D2"},"policyDocument":{"Statement":[{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["RecordingBucket03AEF6D2","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["RecordingBucket03AEF6D2","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"0.0.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"aws-cdk-bedrock-agentcore-browser-1/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-browser-1/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Role":{"id":"Role","path":"aws-cdk-bedrock-agentcore-browser-1/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}},"Handler":{"id":"Handler","path":"aws-cdk-bedrock-agentcore-browser-1/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"BrowserWithRecording":{"id":"BrowserWithRecording","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.BrowserCustom","version":"0.0.0","metadata":["*"]},"children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["s3:Abort*","s3:DeleteObject*","s3:GetBucket*","s3:GetObject*","s3:List*","s3:PutObject","s3:PutObjectLegalHold","s3:PutObjectRetention","s3:PutObjectTagging","s3:PutObjectVersionTagging"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":s3:::",{"Ref":"RecordingBucket03AEF6D2"},"/*"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":s3:::",{"Ref":"RecordingBucket03AEF6D2"}]]}]}],"Version":"2012-10-17"},"policyName":"BrowserWithRecordingServiceRoleDefaultPolicyA7C6D5ED","roles":[{"Ref":"BrowserWithRecordingServiceRole6F12B29B"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnBrowserCustom","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::BrowserCustom","aws:cdk:cloudformation:props":{"tags":{"Environment":"Dev","Project":"AgentCore","Team":"AI/ML"},"executionRoleArn":{"Fn::GetAtt":["BrowserWithRecordingServiceRole6F12B29B","Arn"]},"name":"browser_recording","networkConfiguration":{"networkMode":"PUBLIC"},"recordingConfig":{"enabled":true,"s3Location":{"bucket":{"Ref":"RecordingBucket03AEF6D2"},"prefix":"browser-recordings/"}}}}},"browser_recordingRecordingBucket":{"id":"browser_recordingRecordingBucket","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/browser_recordingRecordingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"0.0.0","metadata":[]}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-browser-1/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-browser-1/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreBrowser":{"id":"BedrockAgentCoreBrowser","path":"BedrockAgentCoreBrowser","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreBrowser/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreBrowser/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreBrowser/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreBrowser/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreBrowser/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-bedrock-agentcore-browser-1":{"id":"aws-cdk-bedrock-agentcore-browser-1","path":"aws-cdk-bedrock-agentcore-browser-1","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"Browser":{"id":"Browser","path":"aws-cdk-bedrock-agentcore-browser-1/Browser","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.BrowserCustom","version":"0.0.0","metadata":["*"]},"children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-bedrock-agentcore-browser-1/Browser/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-bedrock-agentcore-browser-1/Browser/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/Browser/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/Browser/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnBrowserCustom","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::BrowserCustom","aws:cdk:cloudformation:props":{"browserSigning":{"enabled":false},"executionRoleArn":{"Fn::GetAtt":["BrowserServiceRoleE2CB4014","Arn"]},"name":"browser","networkConfiguration":{"networkMode":"PUBLIC"},"recordingConfig":{"enabled":false}}}}}},"RecordingBucket":{"id":"RecordingBucket","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.Bucket","version":"0.0.0","metadata":[{"bucketName":"*","removalPolicy":"destroy","autoDeleteObjects":true}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucket","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::Bucket","aws:cdk:cloudformation:props":{"bucketName":"test-browser-recordings","tags":[{"key":"aws-cdk:auto-delete-objects","value":"true"}]}}},"Policy":{"id":"Policy","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/Policy","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketPolicy","version":"0.0.0","metadata":[{"bucket":"*"}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/Policy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.CfnBucketPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::S3::BucketPolicy","aws:cdk:cloudformation:props":{"bucket":{"Ref":"RecordingBucket03AEF6D2"},"policyDocument":{"Statement":[{"Action":["s3:DeleteObject*","s3:GetBucket*","s3:List*","s3:PutBucketPolicy"],"Effect":"Allow","Principal":{"AWS":{"Fn::GetAtt":["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092","Arn"]}},"Resource":[{"Fn::GetAtt":["RecordingBucket03AEF6D2","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":["RecordingBucket03AEF6D2","Arn"]},"/*"]]}]}],"Version":"2012-10-17"}}}}}},"AutoDeleteObjectsCustomResource":{"id":"AutoDeleteObjectsCustomResource","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/AutoDeleteObjectsCustomResource","constructInfo":{"fqn":"aws-cdk-lib.CustomResource","version":"0.0.0","metadata":["*"]},"children":{"Default":{"id":"Default","path":"aws-cdk-bedrock-agentcore-browser-1/RecordingBucket/AutoDeleteObjectsCustomResource/Default","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}}}},"Custom::S3AutoDeleteObjectsCustomResourceProvider":{"id":"Custom::S3AutoDeleteObjectsCustomResourceProvider","path":"aws-cdk-bedrock-agentcore-browser-1/Custom::S3AutoDeleteObjectsCustomResourceProvider","constructInfo":{"fqn":"aws-cdk-lib.CustomResourceProviderBase","version":"0.0.0"},"children":{"Staging":{"id":"Staging","path":"aws-cdk-bedrock-agentcore-browser-1/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"Role":{"id":"Role","path":"aws-cdk-bedrock-agentcore-browser-1/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}},"Handler":{"id":"Handler","path":"aws-cdk-bedrock-agentcore-browser-1/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"BrowserWithRecording":{"id":"BrowserWithRecording","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording","constructInfo":{"fqn":"@aws-cdk/aws-bedrock-agentcore-alpha.BrowserCustom","version":"0.0.0","metadata":["*"]},"children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"}},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"bedrock-agentcore.amazonaws.com"}}],"Version":"2012-10-17"}}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["s3:Abort*","s3:DeleteObject*","s3:GetBucket*","s3:GetObject*","s3:List*","s3:PutObject","s3:PutObjectLegalHold","s3:PutObjectRetention","s3:PutObjectTagging","s3:PutObjectVersionTagging"],"Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":s3:::",{"Ref":"RecordingBucket03AEF6D2"},"/*"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":s3:::",{"Ref":"RecordingBucket03AEF6D2"}]]}]}],"Version":"2012-10-17"},"policyName":"BrowserWithRecordingServiceRoleDefaultPolicyA7C6D5ED","roles":[{"Ref":"BrowserWithRecordingServiceRole6F12B29B"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_bedrockagentcore.CfnBrowserCustom","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::BedrockAgentCore::BrowserCustom","aws:cdk:cloudformation:props":{"browserSigning":{"enabled":true},"tags":{"Environment":"Dev","Project":"AgentCore","Team":"AI/ML"},"executionRoleArn":{"Fn::GetAtt":["BrowserWithRecordingServiceRole6F12B29B","Arn"]},"name":"browser_recording","networkConfiguration":{"networkMode":"PUBLIC"},"recordingConfig":{"enabled":true,"s3Location":{"bucket":{"Ref":"RecordingBucket03AEF6D2"},"prefix":"browser-recordings/"}}}}},"browser_recordingRecordingBucket":{"id":"browser_recordingRecordingBucket","path":"aws-cdk-bedrock-agentcore-browser-1/BrowserWithRecording/browser_recordingRecordingBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"0.0.0","metadata":[]}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-bedrock-agentcore-browser-1/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-bedrock-agentcore-browser-1/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"BedrockAgentCoreBrowser":{"id":"BedrockAgentCoreBrowser","path":"BedrockAgentCoreBrowser","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"BedrockAgentCoreBrowser/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"BedrockAgentCoreBrowser/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"BedrockAgentCoreBrowser/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"BedrockAgentCoreBrowser/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"BedrockAgentCoreBrowser/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.ts b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.ts index 4f6f35d9345f9..2e2eb353a8c80 100644 --- a/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.ts +++ b/packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/tools/integ.browser.ts @@ -24,10 +24,11 @@ const recordingBucket = new s3.Bucket(stack, 'RecordingBucket', { autoDeleteObjects: true, }); -// Create a browser with recording configuration +// Create a browser with recording configuration and browser signing new agentcore.BrowserCustom(stack, 'BrowserWithRecording', { browserCustomName: 'browser_recording', networkConfiguration: agentcore.BrowserNetworkConfiguration.usingPublicNetwork(), + browserSigning: agentcore.BrowserSigning.ENABLED, recordingConfig: { enabled: true, s3Location: {