### Example of Unsupported vs. Supported OpenAPI Schema Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Illustrates the difference between an unsupported OpenAPI schema using 'oneOf' and a supported schema using a simple type. The 'Good' example demonstrates the recommended approach for compatibility with AWS Gateway. ```yaml # ❌ Bad - unsupported schema: oneOf: - type: string - type: number # ✅ Good - simple type schema: type: string ``` -------------------------------- ### Install AgentCore SDK (Bash) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/runtime/README.md Installs the Bedrock AgentCore SDK using pip. This is a prerequisite for developing agents with the SDK. ```bash pip install bedrock-agentcore ``` -------------------------------- ### AWS Lambda Cold Start Optimization with Provisioned Concurrency Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/serverless-patterns.md Demonstrates optimizing Lambda cold starts for latency-sensitive APIs using provisioned concurrency. This involves configuring memory size for faster initialization and setting up auto-scaling for the provisioned concurrency. ```typescript import * as lambda from 'aws-cdk-lib/aws-lambda-nodejs'; // For latency-sensitive APIs const apiFunction = new lambda.NodejsFunction(this, 'ApiFunction', { entry: 'src/api.ts', memorySize: 1769, // 1 vCPU for faster initialization }); const alias = apiFunction.currentVersion.addAlias('live'); alias.addAutoScaling({ minCapacity: 2, maxCapacity: 10, }).scaleOnUtilization({ utilizationTarget: 0.7, }); ``` -------------------------------- ### Testing Target Deployment Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md A bash script to test the deployment and status of AWS Bedrock Agent Gateway targets. ```APIDOC ## Testing Target Deployment ### Description This script provides a set of commands to verify the status and details of deployed gateway targets. ### Method Bash Script ### Endpoint N/A (Script Execution) ### Parameters - **GATEWAY_ID** (string) - Required - The identifier of the gateway. - **TARGET_ID** (string) - Required - The identifier of the target. ### Request Example ```bash ./test-target.sh ``` ### Response Output from AWS CLI commands indicating target status and details. ### Code Example ```bash #!/bin/bash # test-target.sh GATEWAY_ID=$1 TARGET_ID=$2 # Test 1: List targets echo "Listing gateway targets..." aws bedrock-agentcore-control list-gateway-targets \ --gateway-identifier $GATEWAY_ID \ --profile default --region us-west-2 # Test 2: Get target details echo "Getting target details..." aws bedrock-agentcore-control get-gateway-target \ --gateway-identifier $GATEWAY_ID \ --target-identifier $TARGET_ID \ --profile default --region us-west-2 # Test 3: Get tools from target echo "Getting tools..." aws bedrock-agentcore-control get-gateway-target \ --gateway-identifier $GATEWAY_ID \ --target-identifier $TARGET_ID \ --query 'tools' \ --profile default --region us-west-2 ``` ``` -------------------------------- ### Pre-traffic Deployment Hook Example (Python) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/deployment-best-practices.md Provides a basic structure for a Python-based pre-traffic deployment hook. This function is intended to run before traffic is shifted to a new Lambda version, allowing for validation checks. ```python # Placeholder for Python pre-traffic hook logic # This function would typically perform validation checks on the new Lambda version # before it receives production traffic. ``` -------------------------------- ### Example CloudWatch Dashboard Definition Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/observability/README.md A JSON structure defining widgets for a CloudWatch dashboard. This example includes widgets for 'Target Invocations' and 'Target Errors' from the AWS/BedrockAgentCore namespace. It specifies metrics, period, statistics, region, and titles. ```json { "widgets": [ { "type": "metric", "properties": { "metrics": [ ["AWS/BedrockAgentCore", "TargetInvocations", {"stat": "Sum"}] ], "period": 300, "stat": "Sum", "region": "us-west-2", "title": "Target Invocations" } }, { "type": "metric", "properties": { "metrics": [ ["AWS/BedrockAgentCore", "TargetErrors", {"stat": "Sum"}] ], "period": 300, "stat": "Sum", "region": "us-west-2", "title": "Target Errors" } } ] } ``` -------------------------------- ### OpenAPI Schema Best Practices Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Guidelines for creating valid OpenAPI schemas for AWS Bedrock Agent Gateway, focusing on supported constructs and common pitfalls. ```APIDOC ## OpenAPI Schema Best Practices ### Description This section details best practices for authoring OpenAPI schemas compatible with AWS Bedrock Agent Gateway, emphasizing the avoidance of unsupported constructs and ensuring proper schema structure. ### Method N/A (Documentation) ### Endpoint N/A (Documentation) ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) N/A #### Response Example N/A ### Common Issues & Solutions 1. **Unsupported Constructs (`oneOf`, `anyOf`, `allOf`)**: * **Issue**: These constructs are not supported in the Gateway. * **Solution**: Use simple OpenAPI 3.0 types only. ```yaml # ❌ Bad - unsupported schema: oneOf: - type: string - type: number # ✅ Good - simple type schema: type: string ``` 2. **Missing `operationId`**: * **Issue**: All operations in the OpenAPI schema must have an `operationId`. * **Solution**: Ensure every API operation is defined with a unique `operationId`. 3. **Invalid `$ref` References**: * **Issue**: References to components are not valid. * **Solution**: Ensure all `$ref` pointers correctly point to existing definitions within the `components` section. 4. **YAML Syntax Errors**: * **Issue**: The OpenAPI schema file contains syntax errors. * **Solution**: Use an online YAML validator or your IDE's linter to identify and fix syntax errors. ``` -------------------------------- ### Install AWS Skills Plugins using Bash Source: https://github.com/zxkane/aws-skills/blob/main/README.md Commands to add the AWS Skills marketplace to Claude Code and install individual plugins. It's recommended to install the common dependency first. ```bash /plugin marketplace add zxkane/aws-skills # Install the common dependency first /plugin install aws-common@aws-skills # Then install the plugins you need /plugin install aws-cdk@aws-skills /plugin install aws-cost-ops@aws-skills /plugin install serverless-eda@aws-skills /plugin install aws-agentic-ai@aws-skills ``` -------------------------------- ### Get Bedrock Agent Service Map Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/observability/README.md Visualizes the service map for the Bedrock agent, showing interactions between different services. Useful for understanding the overall architecture and dependencies. Requires start and end timestamps. ```bash # Get service map aws xray get-service-graph \ --start-time \ --end-time ``` -------------------------------- ### Setup Service-Specific Credential Providers (AWS CLI) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/cross-service/credential-management.md This setup involves creating separate API key credential providers for each individual service. This pattern enhances isolation and allows for independent rotation per service, managed via the AWS CLI. ```bash # Create separate providers aws bedrock-agentcore-control create-api-key-credential-provider \ --name GatewayAPICredentials \ --api-key "YOUR_GATEWAY_API_KEY" aws bedrock-agentcore-control create-api-key-credential-provider \ --name RuntimeCredentials \ --api-key "YOUR_RUNTIME_API_KEY" ``` -------------------------------- ### Target Status: PENDING for too long Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Troubleshooting steps for gateway targets that remain in a 'PENDING' state indefinitely. ```APIDOC ## Target Status: PENDING for too long ### Description This section addresses scenarios where a gateway target remains in the 'PENDING' state for an extended period, indicating a potential creation issue. ### Method N/A (Documentation) ### Endpoint N/A (Documentation) ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) N/A #### Response Example N/A ### Root Cause The target creation process is stuck due to unmet dependencies or internal service issues. ### Solutions 1. **Check dependencies**: Ensure that all required resources, such as the gateway itself and any associated credential providers, exist and are correctly configured. 2. **Delete and recreate target**: Remove the pending target and attempt to create it again. 3. **Check AWS service health**: Monitor the AWS Service Health Dashboard for any ongoing incidents related to AWS Bedrock or related services. ``` -------------------------------- ### List Gateway Targets with AWS CLI Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Retrieves a list of all targets configured for a specific AWS Bedrock AgentCore gateway. This helps in diagnosing issues related to target configuration or existence. ```bash aws bedrock-agentcore-control list-gateway-targets \ --gateway-identifier \ --profile default --region us-west-2 ``` -------------------------------- ### Create CloudWatch Alarm for High Token Usage (Template) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/observability/README.md A template for creating a CloudWatch alarm to alert when token consumption exceeds a defined limit. This example sets the threshold to 1,000,000 tokens. ```bash # Alert on excessive token usage aws cloudwatch put-metric-alarm \ --alarm-name tokens-high \ --metric-name TokensConsumed \ --statistic Sum \ --threshold 1000000 \ --comparison-operator GreaterThanThreshold ``` -------------------------------- ### Test Target Deployment Script Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md A bash script to test the deployment of a gateway target. It performs three tests: listing all gateway targets, retrieving details of a specific target, and fetching the tools associated with a target. ```bash #!/bin/bash # test-target.sh GATEWAY_ID=$1 TARGET_ID=$2 # Test 1: List targets echo "Listing gateway targets..." aws bedrock-agentcore-control list-gateway-targets \ --gateway-identifier $GATEWAY_ID \ --profile default --region us-west-2 # Test 2: Get target details echo "Getting target details..." aws bedrock-agentcore-control get-gateway-target \ --gateway-identifier $GATEWAY_ID \ --target-identifier $TARGET_ID \ --profile default --region us-west-2 # Test 3: Get tools from target echo "Getting tools..." aws bedrock-agentcore-control get-gateway-target \ --gateway-identifier $GATEWAY_ID \ --target-identifier $TARGET_ID \ --query 'tools' \ --profile default --region us-west-2 ``` -------------------------------- ### Check for Unsupported OpenAPI Constructs Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md This command uses grep to find unsupported OpenAPI constructs like 'oneOf', 'anyOf', or 'allOf' within the schema file. These constructs are not supported in AWS Gateway and should be replaced with simple types. ```bash grep -n "oneOf\|anyOf\|allOf" schemas/my-api-openapi.yaml ``` -------------------------------- ### Common Error Summary Table Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md A summary table of common errors encountered with AWS Bedrock Agent Gateway, including likely causes and suggested solutions. ```APIDOC ## Common Error Summary Table ### Description This table provides a quick reference for common errors, their potential causes, and recommended solutions when working with AWS Bedrock Agent Gateway. ### Method N/A (Reference Table) ### Endpoint N/A (Reference Table) ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) N/A #### Response Example N/A ### Error Table | Error | Likely Cause | Solution | |---------------------------------------------------|-----------------------------------------------------|--------------------------------------------------------------------------| | "not authorized to perform: bedrock-agentcore:GetResourceApiKey" | Missing IAM permissions | Add necessary permissions to the gateway's IAM role. | | "Credential provider not found" | Provider doesn't exist or name typo | Create the credential provider using `create-api-key-credential-provider`. | | "Invalid API key" | Key format is wrong or the key itself is invalid | Use `update-api-key-credential-provider` to correct the API key. | | "Invalid OpenAPI schema" | Unsupported constructs (oneOf/anyOf/allOf) present | Remove unsupported constructs; use simple types instead. | | "Invalid API host header" | Host header doesn't match the API endpoint | Update the OpenAPI schema with the correct server URL and host header. | | "Rate limit exceeded" | Exceeded allowed number of API calls | Check gateway and upstream API limits; implement caching or optimize calls. | | "Connection timeout" | Upstream API is not responding in time | Verify API accessibility, check network connectivity, increase timeout if possible. | | "Target status FAILED" | Schema validation errors or credential issues | Check `statusReason` in `get-gateway-target` output for details. | ``` -------------------------------- ### Create CloudWatch Alarm for High Error Rate (Template) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/observability/README.md A template for creating a CloudWatch alarm to alert when the error rate exceeds a certain percentage. This example sets the threshold to 5%. ```bash # Alert on >5% error rate aws cloudwatch put-metric-alarm \ --alarm-name error-rate-high \ --metric-name ErrorRate \ --threshold 5 \ --comparison-operator GreaterThanThreshold ``` -------------------------------- ### Enable Lambda SnapStart for Java Functions (TypeScript) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/performance-optimization.md Configures a Java Lambda function to use SnapStart for faster cold starts. This setting is applied to published versions of the function and requires no code changes. ```typescript new lambda.Function(this, 'JavaFunction', { runtime: lambda.Runtime.JAVA_17, code: lambda.Code.fromAsset('target/function.jar'), handler: 'com.example.Handler::handleRequest', snapStart: lambda.SnapStartConf.ON_PUBLISHED_VERSIONS, }); ``` -------------------------------- ### Query Recent Traces for Bedrock Agent Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/observability/README.md Retrieves a summary of recent traces for a specific service, in this case, 'AgentCore'. This is useful for debugging and understanding request flows. Requires start and end timestamps. ```bash # Query recent traces aws xray get-trace-summaries \ --start-time \ --end-time \ --filter-expression 'service(id(name: "AgentCore", type: "AWS::Service"))' ``` -------------------------------- ### Create CloudWatch Alarm for High Latency (Template) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/observability/README.md A template for creating a CloudWatch alarm to alert when the target latency exceeds a specified threshold. This example uses the p95 statistic and sets the threshold to 2000 milliseconds (2 seconds). ```bash # Alert on P95 latency >2s aws cloudwatch put-metric-alarm \ --alarm-name latency-high \ --metric-name TargetLatency \ --statistic p95 \ --threshold 2000 \ --comparison-operator GreaterThanThreshold ``` -------------------------------- ### Check Bedrock AgentCore Observability Configuration (Bash) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/observability/README.md This command checks the current observability configuration for a specific Bedrock agent. It is used to diagnose issues where tracing might not be enabled. Ensure you have the AWS CLI installed and configured with appropriate permissions. ```bash aws bedrock-agentcore-control get-observability-config \ --agent-id ``` -------------------------------- ### EventBridge to Step Functions Workflow Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/serverless-patterns.md Orchestrates workflows triggered by events using EventBridge and Step Functions. This example sets up a rule to start a Step Functions state machine when a specific event occurs. ```typescript // State machine for order processing const orderStateMachine = new stepfunctions.StateMachine(this, 'OrderFlow', { definition: /* ... */, }); // EventBridge triggers state machine new events.Rule(this, 'OrderPlacedRule', { eventPattern: { source: ['orders'], detailType: ['OrderPlaced'], }, targets: [new targets.SfnStateMachine(orderStateMachine)], }); ``` -------------------------------- ### GitHub Actions Workflow for Serverless Deployment Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/deployment-best-practices.md A GitHub Actions workflow that automates the build and deployment of a serverless application. It checks out code, sets up Node.js and SAM CLI, installs dependencies, runs tests, builds the SAM application, and deploys to development and production environments based on the branch. ```yaml # .github/workflows/deploy.yml name: Deploy Serverless Application on: push: branches: [main] jobs: build-and-deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup Node.js uses: actions/setup-node@v3 with: node-version: '20' - name: Install dependencies run: npm ci - name: Run tests run: npm test - name: Setup SAM CLI uses: aws-actions/setup-sam@v2 - name: Build SAM application run: sam build - name: Deploy to Dev if: github.ref != 'refs/heads/main' run: | sam deploy \ --no-confirm-changeset \ --no-fail-on-empty-changeset \ --stack-name dev-stack \ --parameter-overrides Environment=dev - name: Run integration tests run: npm run test:integration - name: Deploy to Prod if: github.ref == 'refs/heads/main' run: | sam deploy \ --no-confirm-changeset \ --no-fail-on-empty-changeset \ --stack-name prod-stack \ --parameter-overrides Environment=prod ``` -------------------------------- ### Configure Environment for Tiered Providers (Bash) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/deployment-strategies.md Demonstrates environment variable configuration for a tiered credential strategy, using a shared provider for development and staging, and an isolated provider for production. ```bash # .env.development GATEWAY_IDENTIFIER=dev-gateway-abc123xyz CREDENTIAL_PROVIDER_NAME=DevTestAPICredentialProvider # .env.staging GATEWAY_IDENTIFIER=staging-gateway-def456uvw CREDENTIAL_PROVIDER_NAME=DevTestAPICredentialProvider # .env.production GATEWAY_IDENTIFIER=prod-gateway-ghi789rst CREDENTIAL_PROVIDER_NAME=ProdAPICredentialProvider ``` -------------------------------- ### Install and Configure cdk-nag for TypeScript/JavaScript Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-cdk/skills/aws-cdk-development/SKILL.md Installs the cdk-nag package as a dev dependency and adds AwsSolutionsChecks to the CDK application for synthesis-time validation. This helps ensure compliance with AWS best practices during the synthesis phase. ```bash npm install --save-dev cdk-nag ``` ```typescript import { Aspects } from 'aws-cdk-lib'; import { AwsSolutionsChecks } from 'cdk-nag'; const app = new App(); Aspects.of(app).add(new AwsSolutionsChecks()); ``` -------------------------------- ### Local Testing with AWS SAM CLI Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/serverless-patterns.md Shows commands for local testing of Lambda functions and APIs using the AWS Serverless Application Model (SAM) CLI. Includes starting the API locally, invoking functions, and generating sample events. ```bash # Test API locally sam local start-api # Invoke function locally sam local invoke MyFunction -e events/test-event.json # Generate sample event sam local generate-event apigateway aws-proxy > event.json ``` -------------------------------- ### Example Alarm Naming Conventions (TypeScript) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-cost-ops/skills/aws-cost-operations/references/cloudwatch-alarms.md Provides examples of a consistent naming convention for CloudWatch Alarms. The suggested pattern is '--', which helps in quickly identifying the alarm's purpose and impact. ```typescript // Pattern: -- 'lambda-errors-critical' 'api-latency-warning' 'rds-cpu-warning' 'ecs-tasks-critical' ``` -------------------------------- ### Create Tiered Credential Providers (Bash) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/deployment-strategies.md Sets up a hybrid credential strategy by creating a shared provider for non-production environments (dev/test) and an isolated provider for production. This balances simplicity with enhanced security for production. ```bash # Shared provider for dev/test aws bedrock-agentcore-control create-api-key-credential-provider \ --name DevTestAPICredentialProvider \ --api-key "DEV_TEST_API_KEY" \ --profile default --region us-west-2 # Isolated provider for production aws bedrock-agentcore-control create-api-key-credential-provider \ --name ProdAPICredentialProvider \ --api-key "PROD_API_KEY" \ --profile default --region us-west-2 ``` -------------------------------- ### Local Testing with AWS SAM CLI Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/deployment-best-practices.md Facilitates local testing of serverless applications using the AWS Serverless Application Model (SAM) CLI. Supports starting a local API, invoking functions, generating sample events, and debugging. ```bash # Start local API sam local start-api # Invoke function locally sam local invoke OrderFunction -e events/create-order.json # Generate sample events sam local generate-event apigateway aws-proxy > event.json # Debug locally sam local invoke OrderFunction -d 5858 # Test with Docker sam local start-api --docker-network my-network ``` -------------------------------- ### Domain Event Example (JSON) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/eda-patterns.md An example of a 'Domain Event' in JSON format, specifically an 'OrderPlaced' event. This structure includes details like order ID, customer ID, amount, and timestamp, representing a significant business occurrence. ```json { "source": "orders", "detailType": "OrderPlaced", "detail": { "orderId": "12345", "customerId": "customer-1", "amount": 100.00, "timestamp": "2025-01-15T10:30:00Z" } } ``` -------------------------------- ### Blue-Green Deployment Script (Bash) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/deployment-strategies.md This script implements a blue-green deployment strategy. It first deploys to the 'blue' environment, then tests it. If the 'blue' environment is healthy, it proceeds to deploy to the 'green' environment, allowing for a safe cutover. Assumes the existence of deploy.sh and test-target.sh scripts. ```bash # Deploy to blue environment ./deploy.sh .env.blue # Test blue environment ./test-target.sh blue # Switch to green if blue is healthy ./deploy.sh .env.green ``` -------------------------------- ### Query Browser Metrics with CloudWatch (Bash) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/browser/README.md Demonstrates how to query browser-related metrics from CloudWatch using the AWS CLI. This is useful for monitoring the performance and health of browser sessions. ```bash # Query browser metrics aws cloudwatch get-metric-statistics \ --namespace AWS/BedrockAgentCore/Browser \ --metric-name SessionCount \ --dimensions Name=AgentId,Value= \ --start-time \ --end-time \ --period 3600 \ --statistics Average ``` -------------------------------- ### System Event Example (JSON) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/eda-patterns.md An example of a 'System Event' in JSON format, representing a technical occurrence like an S3 object creation. This event includes details about the source ('aws.s3'), the event type ('Object Created'), and specific details like the bucket and file key. ```json { "source": "aws.s3", "detailType": "Object Created", "detail": { "bucket": "my-bucket", "key": "data/file.json" } } ``` -------------------------------- ### Execute Build and Test Commands Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-cdk/skills/aws-cdk-development/SKILL.md Runs the project build command (e.g., `npm run build`) and the test command (e.g., `npm test`). These are essential pre-commit steps to ensure code compilation and test suite success. ```bash npm run build # or language-specific build command ``` ```bash npm test # or pytest, mvn test, etc. ``` -------------------------------- ### Target Status: FAILED Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Diagnosing and resolving 'FAILED' target status issues in AWS Bedrock Agent Gateway by examining status reasons. ```APIDOC ## Target Status: FAILED ### Description This section details how to diagnose and resolve issues when a gateway target's status is 'FAILED'. ### Method N/A (Documentation) ### Endpoint N/A (Documentation) ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) N/A #### Response Example N/A ### Diagnosis Retrieve target details, including the status reason, using the AWS CLI: ```bash aws bedrock-agentcore-control get-gateway-target \ --gateway-identifier \ --target-identifier \ --query '{status: status, statusReason: statusReason}' \ --profile default --region us-west-2 ``` ### Common Status Reasons and Solutions * **`SCHEMA_VALIDATION_FAILED`**: The OpenAPI schema contains errors or unsupported constructs. **Solution**: Validate and correct the OpenAPI schema. * **`CREDENTIAL_PROVIDER_NOT_FOUND`**: The specified credential provider does not exist. **Solution**: Ensure the credential provider is correctly created and named. * **`PERMISSION_DENIED`**: The IAM role associated with the gateway lacks the necessary permissions. **Solution**: Grant the required IAM permissions to the gateway's execution role. ``` -------------------------------- ### Branch-Based Deployment Script (Bash) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/deployment-strategies.md This script deploys resources based on the current branch name. It selects an environment configuration file (.env.production, .env.staging, or .env.development) and executes a deployment script accordingly. Assumes the existence of a deploy.sh script. ```bash # Branch-based deployment if [ "$BRANCH" = "main" ]; then ./deploy.sh .env.production elif [ "$BRANCH" = "develop" ]; then ./deploy.sh .env.staging else ./deploy.sh .env.development fi ``` -------------------------------- ### Get Runtime Details (AWS CLI) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/runtime/README.md Retrieves detailed information about a specific agent runtime. Requires the agent runtime ID and the region. ```bash aws bedrock-agentcore-control get-agent-runtime \ --agent-runtime-id \ --region us-west-2 ``` -------------------------------- ### AWS SAM Parameters for Environment Configuration Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/deployment-best-practices.md Illustrates environment management in AWS SAM using parameters. It defines allowed environment values and conditionally sets environment variables based on the chosen environment, such as log levels. ```yaml Parameters: Environment: Type: String Default: dev AllowedValues: - dev - staging - prod Resources: Function: Type: AWS::Serverless::Function Properties: Environment: Variables: ENVIRONMENT: !Ref Environment LOG_LEVEL: !If [IsProd, INFO, DEBUG] ``` -------------------------------- ### API Call Issues: Connection Timeout Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Troubleshooting 'Connection timeout' errors, which occur when the upstream API fails to respond within the configured timeout limit. ```APIDOC ## API Call Issues: Connection Timeout ### Description This section helps diagnose and resolve 'Connection timeout' errors, indicating that the upstream API did not respond within the expected timeframe. ### Method N/A (Documentation) ### Endpoint N/A (Documentation) ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) N/A #### Response Example N/A ### Root Cause The upstream API is not responding within the timeout period configured for the gateway target. ### Solutions 1. **Verify upstream API accessibility**: Ensure the upstream API is running and accessible from the network where the gateway operates. 2. **Check network connectivity**: Confirm that there is stable network connectivity between the AWS Bedrock Agent Gateway and the upstream API endpoint. 3. **Increase timeout (if supported)**: If the gateway target configuration allows, increase the timeout value. 4. **Check VPC configuration**: If the upstream API is hosted within a VPC, ensure the gateway has the necessary network configurations (e.g., VPC endpoints, security groups) to reach it. ``` -------------------------------- ### Deploy Gateway Target Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/README.md This section details the steps required to deploy a Gateway Target, including uploading the OpenAPI schema, creating a credential provider (if using API Key authentication), and creating the gateway target itself. ```APIDOC ## Deploy Gateway Target ### Description This process involves uploading an OpenAPI schema to S3, optionally creating an API key credential provider, and then creating the gateway target resource. ### Method This is a multi-step process using AWS CLI commands. ### Steps 1. **Upload OpenAPI schema to S3** ```bash aws s3 cp my-api-openapi.yaml s3:///schemas/ ``` 2. **Create credential provider (API Key auth only)** ```bash aws bedrock-agentcore-control create-api-key-credential-provider \ --name MyAPICredentialProvider \ --api-key "YOUR_API_KEY" \ --region us-west-2 ``` 3. **Create gateway target** ```bash aws bedrock-agentcore-control create-gateway-target \ --gateway-identifier \ --name MyAPITarget \ --endpoint-configuration '{"openApiSchema": {"s3": {"uri": "s3:///schemas/my-api-openapi.yaml"}}}' \ --credential-provider-configurations '[{"credentialProviderType": "GATEWAY_API_KEY_CREDENTIAL_PROVIDER", "apiKeyCredentialProvider": {"providerArn": "arn:aws:bedrock-agentcore:us-west-2::api-key-credential-provider/MyAPICredentialProvider"}}]' \ --region us-west-2 ``` 4. **Verify deployment** ```bash aws bedrock-agentcore-control get-gateway-target \ --gateway-identifier \ --target-identifier \ --region us-west-2 ``` ### Parameters #### Path Parameters None for these commands. #### Query Parameters None for these commands. #### Request Body Not applicable for these CLI commands; parameters are passed as arguments. ### Request Example See the step-by-step commands above. ### Response #### Success Response (200) Command output will vary based on the specific AWS CLI command executed. Typically includes details of the created or retrieved resource. #### Response Example ```json { "gatewayTarget": { "gatewayId": "", "targetIdentifier": "", "name": "MyAPITarget", "status": "ACTIVE" // ... other details } } ``` ``` -------------------------------- ### Verify Gateway Exists with AWS CLI Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Checks if a specified gateway exists in AWS Bedrock AgentCore. This command requires the gateway identifier and AWS CLI configuration. ```bash aws bedrock-agentcore-control get-gateway \ --gateway-identifier \ --profile default --region us-west-2 ``` -------------------------------- ### Schema Size Exceeds Limit Error Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Troubleshooting steps and solutions for the 'Schema size exceeds limit' error when deploying OpenAPI schemas to AWS Bedrock Agent Gateway. ```APIDOC ## Schema Size Exceeds Limit Error ### Description This section addresses the 'Schema size exceeds limit' error, which occurs when the OpenAPI schema is too large for the AWS Bedrock Agent Gateway. ### Method N/A (Documentation) ### Endpoint N/A (Documentation) ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) N/A #### Response Example N/A ### Solutions 1. **Remove unused endpoints**: Exclude any endpoints from the schema that are not required for the agent's functionality. 2. **Simplify descriptions**: Shorten or remove lengthy descriptions within the schema, retaining only essential information. 3. **Remove redundant component definitions**: Consolidate or remove duplicate definitions in the `components` section. 4. **Split into multiple targets**: If the API is large, consider splitting it into multiple logical targets if feasible. ``` -------------------------------- ### Deploy Gateway Target using AWS CLI Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/README.md This snippet outlines the steps to deploy a gateway target for the AWS Gateway Service. It involves uploading an OpenAPI schema to S3, creating a credential provider (if using API Key authentication), and then creating the gateway target itself. Finally, it shows how to verify the deployment. ```bash aws s3 cp my-api-openapi.yaml s3:///schemas/ aws bedrock-agentcore-control create-api-key-credential-provider \ --name MyAPICredentialProvider \ --api-key "YOUR_API_KEY" \ --region us-west-2 aws bedrock-agentcore-control create-gateway-target \ --gateway-identifier \ --name MyAPITarget \ --endpoint-configuration '{"openApiSchema": {"s3": {"uri": "s3:///schemas/my-api-openapi.yaml"}}}' \ --credential-provider-configurations '[{"credentialProviderType": "GATEWAY_API_KEY_CREDENTIAL_PROVIDER", "apiKeyCredentialProvider": {"providerArn": "arn:aws:bedrock-agentcore:us-west-2::api-key-credential-provider/MyAPICredentialProvider"}}]' \ --region us-west-2 aws bedrock-agentcore-control get-gateway-target \ --gateway-identifier \ --target-identifier \ --region us-west-2 ``` -------------------------------- ### Get Specific Trace Details Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/observability/README.md Fetches detailed information for one or more specific traces using their IDs. This is essential for in-depth analysis of individual requests. Requires trace IDs. ```bash # Get specific trace aws xray batch-get-traces \ --trace-ids ``` -------------------------------- ### Get Memory Details using AWS CLI Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/memory/README.md Retrieves detailed information about a specific memory, identified by its memory ID. This is useful for inspecting the configuration and status of a particular memory. ```bash aws bedrock-agentcore-control get-memory \ --memory-id \ --region us-west-2 ``` -------------------------------- ### Load Testing with Artillery Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/deployment-best-practices.md Conducts load testing on APIs using Artillery. This involves installing Artillery, defining test scenarios in a YAML file, running the tests, and generating reports. ```bash # Install Artillery npm install -g artillery # Create load test cat > load-test.yml < /tmp/gateway-policy.json <:secret:bedrock-agentcore-identity!*"] } ] } EOF # Get policy ARN from role POLICY_ARN=$(aws iam list-attached-role-policies \ --role-name $ROLE_NAME \ --query 'AttachedPolicies[0].PolicyArn' \ --output text \ --profile default --region us-west-2) # Create new policy version aws iam create-policy-version \ --policy-arn $POLICY_ARN \ --policy-document file:///tmp/gateway-policy.json \ --set-as-default \ --profile default --region us-west-2 ``` -------------------------------- ### AWS Lambda Large Deployment Package Solution Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/serverless-patterns.md Provides solutions for the anti-pattern of large Lambda deployment packages that increase cold start times. Techniques include using layers, externalizing the AWS SDK, and selective bundling of dependencies. ```typescript import * as lambda from 'aws-cdk-lib/aws-lambda-nodejs'; new lambda.NodejsFunction(this, 'Function', { entry: 'src/handler.ts', bundling: { minify: true, externalModules: ['@aws-sdk/*'], // Provided by runtime nodeModules: ['only-needed-deps'], // Selective bundling }, }); ``` -------------------------------- ### Create Shared API Key Credential Provider (Bash) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/deployment-strategies.md Creates a single API key credential provider to be shared across multiple gateway targets. This simplifies key management and reduces operational overhead. It requires the AWS CLI and Bedrock AgentCore control commands. ```bash aws bedrock-agentcore-control create-api-key-credential-provider \ --name SharedAPICredentialProvider \ --api-key "YOUR_API_KEY" \ --profile default --region us-west-2 ``` -------------------------------- ### All-at-Once Deployment Strategy (SAM) Source: https://github.com/zxkane/aws-skills/blob/main/plugins/serverless-eda/skills/aws-serverless-eda/references/deployment-best-practices.md Configures an AWS Lambda function for an 'All-at-Once' deployment strategy using a SAM template. This deploys the new version immediately, offering simplicity but carrying higher risk. ```yaml # SAM template Resources: OrderFunction: Type: AWS::Serverless::Function Properties: DeploymentPreference: Type: AllAtOnce # Deploy immediately ``` -------------------------------- ### Create OAuth 2.0 Credential Provider using AWS CLI Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/identity/README.md This command sets up an OAuth 2.0 credential provider, enabling machine-to-machine or user-delegated access. It requires a name, client ID, client secret, authorization and token URLs, and the desired scopes. This facilitates integration with services supporting OAuth 2.0. ```bash aws bedrock-agentcore-control create-oauth2-credential-provider \ --name MyOAuthProvider \ --client-id "YOUR_CLIENT_ID" \ --client-secret "YOUR_CLIENT_SECRET" \ --authorization-url "https://provider.com/oauth/authorize" \ --token-url "https://provider.com/oauth/token" \ --scopes '["read", "write"]' \ --region us-west-2 ``` -------------------------------- ### API Call Issues: Invalid API Host Header Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Resolving 'Invalid API host header' errors by ensuring correct configuration of server URLs and host headers in the OpenAPI schema. ```APIDOC ## API Call Issues: Invalid API Host Header ### Description This section addresses the 'Invalid API host header' error, which typically arises from a mismatch between the API endpoint's host and the host header sent by the gateway. ### Method N/A (Documentation) ### Endpoint N/A (Documentation) ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) N/A #### Response Example N/A ### Diagnosis 1. **Check schema server URL**: Verify the `servers` section in your `my-api-openapi.yaml`. ```bash grep -A5 "servers:" schemas/my-api-openapi.yaml ``` 2. **Verify host header in security scheme**: Examine the `securitySchemes` section for host header configurations. ```bash grep -A10 "securitySchemes:" schemas/my-api-openapi.yaml ``` ### Root Cause A discrepancy between the configured API endpoint URL in the OpenAPI schema and the actual host header expected by the API. ### Solution Update the OpenAPI schema to reflect the correct server URL and ensure the host header configuration within `securitySchemes` matches the API's requirements. ``` -------------------------------- ### API Call Issues: Rate Limit Exceeded Source: https://github.com/zxkane/aws-skills/blob/main/plugins/aws-agentic-ai/skills/aws-agentic-ai/services/gateway/troubleshooting-guide.md Diagnosing and resolving 'Rate limit exceeded' (429 Too Many Requests) errors when making API calls through AWS Bedrock Agent Gateway. ```APIDOC ## API Call Issues: Rate Limit Exceeded ### Description This section provides guidance on diagnosing and resolving the 'Rate limit exceeded' error (HTTP 429), which indicates that the number of requests has surpassed the allowed limits. ### Method N/A (Documentation) ### Endpoint N/A (Documentation) ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) N/A #### Response Example N/A ### Diagnosis Check the status of the gateway target: ```bash aws bedrock-agentcore-control get-gateway-target \ --gateway-identifier \ --target-identifier \ --profile default --region us-west-2 ``` ### Root Cause Exceeding rate limits imposed by either the AWS Bedrock Agent Gateway or the upstream API. ### Solutions 1. **Check Gateway limits**: Review the quota limits for your AWS Bedrock Agent Gateway in the AWS Console. 2. **Upstream API limits**: Consult the documentation or dashboard of your API provider to understand their rate limits. 3. **Optimize calls**: Reduce the number of API calls by embedding IDs directly in the schema where possible, rather than making separate lookup requests. 4. **Implement caching**: Cache responses from the upstream API to avoid redundant calls for the same data. 5. **Request limit increase**: If necessary, contact AWS Support to request an increase in gateway rate limits. ```