Skip to content

Add AgentCore AWS Specialist Agent sample#105

Merged
kaleko merged 5 commits into
aws-samples:mainfrom
ren8k:add-aws-specialist-agent
Jul 17, 2026
Merged

Add AgentCore AWS Specialist Agent sample#105
kaleko merged 5 commits into
aws-samples:mainfrom
ren8k:add-aws-specialist-agent

Conversation

@ren8k

@ren8k ren8k commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

What this PR adds

A new sample under samples/aws-specialist-agent/: an AWS specialist chat agent built on FAST v0.4.1, showcased at the AgentCore booth at AWS Summit Japan 2026. The agent reasons about AWS, calls AWS APIs and managed tools through AgentCore Gateway, searches the web, executes code, and remembers facts across sessions.

Key differences from FAST

  • Selectable models: Claude and OpenAI GPT on Bedrock via a CDK model registry and per-chat UI selector
  • Long-term memory: AgentCore Memory SemanticMemoryStrategy plus an LTM-listing MCP server hosted on its own Runtime
  • Web search: Amazon-managed AgentCore Gateway web search connector target
  • Chat-history sidebar: session titles and history restored across logins (API Gateway + Lambda + DynamoDB)
  • Fully closed NAT-free VPC: the Runtime and auxiliary Lambdas egress through interface/gateway VPC endpoints only
  • Skills on Runtime: AWS skills mounted read-only from S3 Files at /mnt/skills, vendored and hash-pinned
  • Multiple MCP server management: remote MCP, Runtime-hosted MCP servers, a managed connector, and a Lambda target, gated per user department by Cedar ABAC
  • Speculative pre-warming: frontend pre-warm calls plus Runtime lifecycle configuration to cut cold-start TTFB

Checklist against CONTRIBUTING.md

  • Built on FAST v0.4.1; the (uksb-v6dos0t5g8) tracking suffix in infra-cdk/lib/fast-main-stack.ts is preserved
  • Descriptive kebab-case directory name and stack_name_base (fast-specialist-agent) in config.yaml (the name avoids the word "aws" because Cognito domain prefixes, derived from stack_name_base, must not contain the reserved words aws/amazon/cognito)
  • Top-level sample README with Overview / Key Differences / Architecture / Prerequisites / Deployment / Usage, an architecture diagram (drawio + png) modified from the FAST original, and a UI screenshot + demo gif in docs/img/
  • Only adds files under samples/aws-specialist-agent/ and appends one entry to the root README (table row + section, no other lines touched)
  • CDK is the only IaC option (no infra-terraform directory)
  • No customer data, datasets/models, hardcoded account IDs, real emails, internal URLs, or deployment-specific values; deployment config uses committed placeholders
  • Security review completed through the internal process for FAST samples; ASH scan is green (suppressions documented in .ash/ash.yaml)
  • Tests and lint pass: pytest 60/60, vitest 102/102, CDK jest 18/18, ruff/eslint/prettier clean
  • Deployment verified end to end from this config: the stack reaches CREATE_COMPLETE and all Cedar policies are created ACTIVE

An AWS specialist chat agent built on FAST v0.4.1, showcased at the
AgentCore booth at AWS Summit Japan 2026. Key additions over the FAST
baseline:

- Selectable models: Claude and OpenAI GPT on Bedrock via a CDK model
  registry and per-chat UI selector
- Long-term memory: AgentCore Memory SemanticMemoryStrategy plus an
  LTM-listing MCP server hosted on its own Runtime
- Web search: Amazon-managed AgentCore Gateway web search connector
- Chat-history sidebar: API Gateway + Lambda + DynamoDB session history
- Fully closed NAT-free VPC: all egress via interface/gateway endpoints
- Skills on Runtime: read-only S3 Files mount at /mnt/skills with
  vendored, hash-pinned skill content
- Multi-MCP-server management with Cedar ABAC per user department
- Speculative pre-warming to reduce cold-start latency

ASH scan green with suppressions documented in .ash/ash.yaml.
Tests: pytest 57/57, vitest 102/102, CDK jest 18/18.
@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown

Latest scan for commit: 45630ee | Updated: 2026-07-17 16:10:20 UTC

Security Scan Results

Scan Metadata

  • Project: ASH
  • Scan executed: 2026-07-17T16:10:07+00:00
  • ASH version: 3.2.2

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

  • Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
  • Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
  • High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
  • Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
  • Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
  • Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

  • Time: Duration taken by each scanner to complete its analysis
  • Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

  • PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
  • FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
  • MISSING: Scanner could not run because required dependencies/tools are not installed or available
  • SKIPPED: Scanner was intentionally disabled or excluded from this scan
  • ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

  • CRITICAL: Only Critical severity findings cause scanner to fail
  • HIGH: High and Critical severity findings cause scanner to fail
  • MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
  • LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
  • ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

  • (g) = global: Set in the global_settings section of ASH configuration
  • (c) = config: Set in the individual scanner configuration section
  • (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

  • All statistics are calculated from the final aggregated SARIF report
  • Suppressed findings are counted separately and do not contribute to actionable findings
  • Scanner status is determined by comparing actionable findings to the threshold
Scanner S C H M L I Time Action Result Thresh
bandit 0 4 0 0 69 0 1.2s 4 FAILED MED (g)
cdk-nag 0 0 0 0 0 0 13.7s 0 PASSED MED (g)
cfn-nag 0 0 0 0 0 0 1.6s 0 PASSED MED (g)
checkov 0 0 0 0 0 0 7.6s 0 PASSED MED (g)
detect-secre… 0 6 0 0 0 0 5.5s 6 FAILED MED (g)
grype 0 9 0 1 0 0 1m 0s 10 FAILED MED (g)
npm-audit 0 0 0 0 0 0 1.4s 0 PASSED MED (g)
opengrep 12 6 0 0 0 0 22.5s 6 FAILED MED (g)
semgrep 0 0 0 0 0 0 <1ms 0 MISSING MED (g)
syft 0 0 0 0 0 0 2.9s 0 PASSED MED (g)

Detailed Findings

Show 26 actionable findings

Finding 1: B104

  • Severity: HIGH
  • Scanner: bandit
  • Rule ID: B104
  • Location: samples/aws-specialist-agent/gateway/tools/ltm_mcp_server/server.py:42-44

Description:
Possible binding to all interfaces.

Code Snippet:

mcp = FastMCP("ltm", host="0.0.0.0", stateless_http=True)

Finding 2: B104

  • Severity: HIGH
  • Scanner: bandit
  • Rule ID: B104
  • Location: samples/aws-specialist-agent/gateway/tools/strands_mcp_server/server.py:35-37

Description:
Possible binding to all interfaces.

Code Snippet:

# AgentCore Runtime MCP contract.
mcp.settings.host = "0.0.0.0"
mcp.settings.port = 8000

Finding 3: B104

  • Severity: HIGH
  • Scanner: bandit
  • Rule ID: B104
  • Location: samples/aws-specialist-agent/tests/unit/test_ltm_mcp_server.py:140-142

Description:
Possible binding to all interfaces.

Code Snippet:

_load_server_module()
    assert captured["fastmcp_kwargs"] == {"host": "0.0.0.0", "stateless_http": True}

Finding 4: B104

  • Severity: HIGH
  • Scanner: bandit
  • Rule ID: B104
  • Location: samples/aws-specialist-agent/tests/unit/test_strands_mcp_server.py:101-103

Description:
Possible binding to all interfaces.

Code Snippet:

mod = _load_server_module()
    assert mod.mcp.settings.host == "0.0.0.0"
    assert mod.mcp.settings.port == 8000

Finding 5: SECRET-HEX-HIGH-ENTROPY-STRING

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-HEX-HIGH-ENTROPY-STRING
  • Location: samples/aws-specialist-agent/scripts/vendor-skills.py:30

Description:
Secret of type 'Hex High Entropy String' detected in file 'samples/aws-specialist-agent/scripts/vendor-skills.py' at line 30

Code Snippet:

Secret of type Hex High Entropy String detected

Finding 6: SECRET-HEX-HIGH-ENTROPY-STRING

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-HEX-HIGH-ENTROPY-STRING
  • Location: samples/aws-specialist-agent/skills-lock.json:8

Description:
Secret of type 'Hex High Entropy String' detected in file 'samples/aws-specialist-agent/skills-lock.json' at line 8

Code Snippet:

Secret of type Hex High Entropy String detected

Finding 7: SECRET-HEX-HIGH-ENTROPY-STRING

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-HEX-HIGH-ENTROPY-STRING
  • Location: samples/aws-specialist-agent/skills-lock.json:14

Description:
Secret of type 'Hex High Entropy String' detected in file 'samples/aws-specialist-agent/skills-lock.json' at line 14

Code Snippet:

Secret of type Hex High Entropy String detected

Finding 8: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: samples/aws-specialist-agent/test-scripts/test-runtime-vpc-e2e.py:61

Description:
Secret of type 'Secret Keyword' detected in file 'samples/aws-specialist-agent/test-scripts/test-runtime-vpc-e2e.py' at line 61

Code Snippet:

Secret of type Secret Keyword detected

Finding 9: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: samples/aws-specialist-agent/test-scripts/test-skills-e2e.py:58

Description:
Secret of type 'Secret Keyword' detected in file 'samples/aws-specialist-agent/test-scripts/test-skills-e2e.py' at line 58

Code Snippet:

Secret of type Secret Keyword detected

Finding 10: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: samples/aws-specialist-agent/tests/unit/test_models.py:229

Description:
Secret of type 'Secret Keyword' detected in file 'samples/aws-specialist-agent/tests/unit/test_models.py' at line 229

Code Snippet:

Secret of type Secret Keyword detected

Finding 11: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure

  • Severity: HIGH
  • Scanner: opengrep
  • Rule ID: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure
  • Location: samples/aws-specialist-agent/agent/utils/auth.py:215-217

Description:
Detected a python logger call with a potential hardcoded secret "Getting access token for stack: %s, region: %s" being logged. This may lead to secret credentials being exposed. Make sure that the logger is not logging sensitive information.

Code Snippet:

logger.info(
        "Getting access token for stack: %s, region: %s", stack_name, region
    )  # nosemgrep: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure

Finding 12: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure

  • Severity: HIGH
  • Scanner: opengrep
  • Rule ID: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure
  • Location: samples/aws-specialist-agent/agent/utils/auth.py:250-252

Description:
Detected a python logger call with a potential hardcoded secret "Requesting token from: %s" being logged. This may lead to secret credentials being exposed. Make sure that the logger is not logging sensitive information.

Code Snippet:

logger.info(
        "Requesting token from: %s", token_url
    )  # nosemgrep: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure

Finding 13: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure

  • Severity: HIGH
  • Scanner: opengrep
  • Rule ID: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure
  • Location: samples/aws-specialist-agent/agent/utils/auth.py:259-261

Description:
Detected a python logger call with a potential hardcoded secret "Token request failed: %s" being logged. This may lead to secret credentials being exposed. Make sure that the logger is not logging sensitive information.

Code Snippet:

logger.error(
            "Token request failed: %s", response.status_code
        )  # nosemgrep: python.lang.security.audit.logging.logger-credential-leak.python-logger-credential-disclosure

Finding 14: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

  • Severity: HIGH
  • Scanner: opengrep
  • Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
  • Location: samples/aws-specialist-agent/infra-cdk/lib/backend-stack.ts:232

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

? path.join(prefix, entry.name)

Finding 15: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

  • Severity: HIGH
  • Scanner: opengrep
  • Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
  • Location: samples/aws-specialist-agent/infra-cdk/lib/backend-stack.ts:232

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

? path.join(prefix, entry.name)

Finding 16: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

  • Severity: HIGH
  • Scanner: opengrep
  • Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
  • Location: samples/aws-specialist-agent/infra-cdk/lib/backend-stack.ts:1978

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

.readFileSync(path.join(policiesDir, f), "utf-8")

Finding 17: GHSA-jpw9-pfvf-9f58-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-jpw9-pfvf-9f58-mcp
  • Location: samples/aws-specialist-agent/agent/strands-single-agent/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/agent/strands-single-agent/requirements.txt


Finding 18: GHSA-jpw9-pfvf-9f58-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-jpw9-pfvf-9f58-mcp
  • Location: samples/aws-specialist-agent/gateway/tools/ltm_mcp_server/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/gateway/tools/ltm_mcp_server/requirements.txt


Finding 19: GHSA-jpw9-pfvf-9f58-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-jpw9-pfvf-9f58-mcp
  • Location: samples/aws-specialist-agent/gateway/tools/strands_mcp_server/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/gateway/tools/strands_mcp_server/requirements.txt


Finding 20: GHSA-hvrp-rf83-w775-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-hvrp-rf83-w775-mcp
  • Location: samples/aws-specialist-agent/agent/strands-single-agent/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/agent/strands-single-agent/requirements.txt


Finding 21: GHSA-hvrp-rf83-w775-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-hvrp-rf83-w775-mcp
  • Location: samples/aws-specialist-agent/gateway/tools/ltm_mcp_server/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/gateway/tools/ltm_mcp_server/requirements.txt


Finding 22: GHSA-hvrp-rf83-w775-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-hvrp-rf83-w775-mcp
  • Location: samples/aws-specialist-agent/gateway/tools/strands_mcp_server/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/gateway/tools/strands_mcp_server/requirements.txt


Finding 23: GHSA-vj7q-gjh5-988w-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-vj7q-gjh5-988w-mcp
  • Location: samples/aws-specialist-agent/agent/strands-single-agent/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/agent/strands-single-agent/requirements.txt


Finding 24: GHSA-vj7q-gjh5-988w-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-vj7q-gjh5-988w-mcp
  • Location: samples/aws-specialist-agent/gateway/tools/ltm_mcp_server/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/gateway/tools/ltm_mcp_server/requirements.txt


Finding 25: GHSA-vj7q-gjh5-988w-mcp

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-vj7q-gjh5-988w-mcp
  • Location: samples/aws-specialist-agent/gateway/tools/strands_mcp_server/requirements.txt:1

Description:
A high vulnerability in python package: mcp, version 1.27.1 was found at: /samples/aws-specialist-agent/gateway/tools/strands_mcp_server/requirements.txt


Finding 26: GHSA-gh4j-gqv2-49f6-fast-xml-parser

  • Severity: MEDIUM
  • Scanner: grype
  • Rule ID: GHSA-gh4j-gqv2-49f6-fast-xml-parser
  • Location: samples/aws-specialist-agent/infra-cdk/package-lock.json:1

Description:
A medium vulnerability in npm package: fast-xml-parser, version 5.5.8 was found at: /samples/aws-specialist-agent/infra-cdk/package-lock.json


Report generated by Automated Security Helper (ASH) at 2026-07-17T16:10:03+00:00

ren8k added 4 commits July 17, 2026 13:21
…ncation

Deployment verification of the sample surfaced two failures:

- Cognito domain prefixes must not contain the reserved words aws/amazon/
  cognito, and cognito-stack.ts derives the prefix from stack_name_base,
  so 'fast-aws-specialist' failed UserPoolDomain creation with
  InvalidRequest. Rename to 'fast-specialist-agent'.
- The cedar-policy Lambda truncated over-long policy names with
  policy_name[:48], which drops the index suffix and gives every policy
  the same name once the engine name exceeds ~30 chars; CreatePolicy then
  fails with ConflictException. Shorten the timestamp instead and always
  keep the index.

Verified end to end: the stack deploys CREATE_COMPLETE and all six Cedar
policies are created ACTIVE with unique names.
Show the agent invoking AWS Skills, AWS MCP tools, and managed Web
Search via AgentCore Gateway while rendering a mermaid architecture
diagram, with red callouts for the chat-history sidebar and the
model selector. Addresses PR aws-samples#105 review feedback to better
differentiate the sample from out-of-the-box FAST.
@kaleko
kaleko merged commit f14a56d into aws-samples:main Jul 17, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants