Documentation
¶
Overview ¶
Package iac provides shared infrastructure-as-code configuration for AgentCore deployments.
Package iac provides shared infrastructure-as-code configuration for AgentCore deployments.
This package contains configuration structs and utilities that are shared across different IaC tools (CDK, Pulumi, Terraform, CloudFormation). The configuration can be defined in Go code, JSON, or YAML files.
Four deployment approaches are supported:
- CDK Go constructs - via github.com/agentplexus/agentkit-aws-cdk
- CDK + JSON/YAML config - configuration files with minimal CDK wrapper
- Pulumi - via github.com/agentplexus/agentkit-aws-pulumi
- Pure CloudFormation - generate CF templates, deploy with AWS CLI
Example usage:
config, err := iac.LoadStackConfigFromFile("config.yaml")
if err != nil {
log.Fatal(err)
}
// Use with CDK, Pulumi, or generate CloudFormation
Package iac provides shared infrastructure-as-code configuration for AgentCore deployments.
Index ¶
- func GenerateCloudFormation(config *StackConfig) ([]byte, error)
- func GenerateCloudFormationFile(config *StackConfig, outputPath string) error
- func GenerateCloudFormationFromFile(configPath, outputPath string) error
- func JSONConfigExample() string
- func ValidAuthorizerTypes() []string
- func ValidMemoryValues() []int
- func ValidObservabilityProviders() []string
- func ValidProtocols() []string
- func WriteExampleConfig(path string) error
- func YAMLConfigExample() string
- type AgentConfig
- type AuthorizerConfig
- type CFExport
- type CFOutput
- type CFParameter
- type CFResource
- type CloudFormationTemplate
- type GatewayConfig
- type IAMConfig
- type ObservabilityConfig
- type SecretsConfig
- type StackConfig
- type VPCConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateCloudFormation ¶
func GenerateCloudFormation(config *StackConfig) ([]byte, error)
GenerateCloudFormation generates a CloudFormation template from StackConfig. This allows deploying without CDK - just use `aws cloudformation deploy`.
Example:
config, _ := iac.LoadStackConfigFromFile("config.yaml")
template, _ := iac.GenerateCloudFormation(config)
os.WriteFile("template.yaml", template, 0644)
// Then: aws cloudformation deploy --template-file template.yaml --stack-name my-stack
func GenerateCloudFormationFile ¶
func GenerateCloudFormationFile(config *StackConfig, outputPath string) error
GenerateCloudFormationFile generates a CloudFormation template and writes it to a file.
func GenerateCloudFormationFromFile ¶
GenerateCloudFormationFromFile loads a config file and generates CloudFormation.
func JSONConfigExample ¶
func JSONConfigExample() string
JSONConfigExample returns an example JSON configuration.
func ValidAuthorizerTypes ¶ added in v0.3.0
func ValidAuthorizerTypes() []string
ValidAuthorizerTypes returns the list of valid authorizer types.
func ValidMemoryValues ¶
func ValidMemoryValues() []int
ValidMemoryValues returns the list of valid memory values in MB.
func ValidObservabilityProviders ¶
func ValidObservabilityProviders() []string
ValidObservabilityProviders returns the list of valid observability providers.
func ValidProtocols ¶ added in v0.3.0
func ValidProtocols() []string
ValidProtocols returns the list of valid agent protocols.
func WriteExampleConfig ¶
WriteExampleConfig writes an example configuration file.
func YAMLConfigExample ¶
func YAMLConfigExample() string
YAMLConfigExample returns an example YAML configuration.
Types ¶
type AgentConfig ¶
type AgentConfig struct {
// Name is the unique identifier for this agent.
// Used for routing in multi-agent setups.
Name string `json:"name" yaml:"name"`
// Description is a human-readable description of the agent.
Description string `json:"description,omitempty" yaml:"description,omitempty"`
// ContainerImage is the ECR image URI for the agent.
// Example: "123456789.dkr.ecr.us-east-1.amazonaws.com/my-agent:latest"
ContainerImage string `json:"containerImage" yaml:"containerImage"`
// MemoryMB is the memory allocation in megabytes.
// Valid values: 512, 1024, 2048, 4096, 8192, 16384
// Default: 512
MemoryMB int `json:"memoryMB,omitempty" yaml:"memoryMB,omitempty"`
// TimeoutSeconds is the maximum execution time.
// Range: 1-900 (15 minutes max)
// Default: 300
TimeoutSeconds int `json:"timeoutSeconds,omitempty" yaml:"timeoutSeconds,omitempty"`
// Environment contains environment variables for the agent.
// API keys should use SecretsARNs instead for security.
Environment map[string]string `json:"environment,omitempty" yaml:"environment,omitempty"`
// SecretsARNs is a list of AWS Secrets Manager ARNs to inject.
// These are mounted as environment variables at runtime.
SecretsARNs []string `json:"secretsARNs,omitempty" yaml:"secretsARNs,omitempty"`
// IsDefault marks this as the default agent for the stack.
// Only one agent should have IsDefault=true.
IsDefault bool `json:"isDefault,omitempty" yaml:"isDefault,omitempty"`
// Protocol is the communication protocol for the agent runtime.
// Supported: "HTTP", "MCP", "A2A"
// Default: "HTTP"
Protocol string `json:"protocol,omitempty" yaml:"protocol,omitempty"`
// Authorizer configures inbound authorization for the agent.
// Optional - if not set, no authorization is required.
Authorizer *AuthorizerConfig `json:"authorizer,omitempty" yaml:"authorizer,omitempty"`
// EnableMemory enables persistent memory for the agent.
// Default: false
EnableMemory bool `json:"enableMemory,omitempty" yaml:"enableMemory,omitempty"`
}
AgentConfig defines configuration for a single AgentCore agent.
func DefaultAgentConfig ¶
func DefaultAgentConfig(name, containerImage string) AgentConfig
DefaultAgentConfig returns an AgentConfig with sensible defaults.
type AuthorizerConfig ¶ added in v0.3.0
type AuthorizerConfig struct {
// Type is the authorization type.
// Supported: "IAM", "LAMBDA", "NONE"
// Default: "NONE"
Type string `json:"type" yaml:"type"`
// LambdaARN is the ARN of the Lambda authorizer function.
// Required when Type is "LAMBDA".
LambdaARN string `json:"lambdaArn,omitempty" yaml:"lambdaArn,omitempty"`
}
AuthorizerConfig defines authorization configuration for an agent.
type CFExport ¶
type CFExport struct {
Name interface{} `yaml:"Name"`
}
CFExport represents a CloudFormation export.
type CFOutput ¶
type CFOutput struct {
Description string `yaml:"Description,omitempty"`
Value interface{} `yaml:"Value"`
Export *CFExport `yaml:"Export,omitempty"`
}
CFOutput represents a CloudFormation output.
type CFParameter ¶
type CFParameter struct {
Type string `yaml:"Type"`
Description string `yaml:"Description,omitempty"`
Default string `yaml:"Default,omitempty"`
AllowedValues []string `yaml:"AllowedValues,omitempty"`
NoEcho bool `yaml:"NoEcho,omitempty"`
}
CFParameter represents a CloudFormation parameter.
type CFResource ¶
type CFResource struct {
Type string `yaml:"Type"`
Properties map[string]interface{} `yaml:"Properties,omitempty"`
DependsOn []string `yaml:"DependsOn,omitempty"`
DeletionPolicy string `yaml:"DeletionPolicy,omitempty"`
Metadata map[string]interface{} `yaml:"Metadata,omitempty"`
}
CFResource represents a CloudFormation resource.
type CloudFormationTemplate ¶
type CloudFormationTemplate struct {
AWSTemplateFormatVersion string `yaml:"AWSTemplateFormatVersion"`
Description string `yaml:"Description,omitempty"`
Parameters map[string]CFParameter `yaml:"Parameters,omitempty"`
Resources map[string]CFResource `yaml:"Resources"`
Outputs map[string]CFOutput `yaml:"Outputs,omitempty"`
Metadata map[string]interface{} `yaml:"Metadata,omitempty"`
}
CloudFormationTemplate represents a CloudFormation template structure.
type GatewayConfig ¶ added in v0.3.0
type GatewayConfig struct {
// Enabled enables gateway creation.
// Default: false
Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty"`
// Name is the gateway name.
// Default: "{stack-name}-gateway"
Name string `json:"name,omitempty" yaml:"name,omitempty"`
// Description is a description of the gateway.
Description string `json:"description,omitempty" yaml:"description,omitempty"`
// Targets is a list of agent names to route to.
// If empty, all agents in the stack are included.
Targets []string `json:"targets,omitempty" yaml:"targets,omitempty"`
}
GatewayConfig defines configuration for a multi-agent gateway.
type IAMConfig ¶
type IAMConfig struct {
// RoleARN is an existing IAM role to use.
// If empty, a new role is created with required permissions.
RoleARN string `json:"roleARN,omitempty" yaml:"roleARN,omitempty"`
// AdditionalPolicies are additional IAM policy ARNs to attach.
AdditionalPolicies []string `json:"additionalPolicies,omitempty" yaml:"additionalPolicies,omitempty"`
// PermissionsBoundaryARN is an optional permissions boundary.
PermissionsBoundaryARN string `json:"permissionsBoundaryARN,omitempty" yaml:"permissionsBoundaryARN,omitempty"`
// EnableBedrockAccess grants access to Bedrock models.
// Default: true
EnableBedrockAccess bool `json:"enableBedrockAccess,omitempty" yaml:"enableBedrockAccess,omitempty"`
// BedrockModelIDs are specific model IDs to allow.
// If empty, allows all models ("bedrock:*").
BedrockModelIDs []string `json:"bedrockModelIds,omitempty" yaml:"bedrockModelIds,omitempty"`
}
IAMConfig defines IAM role and policy configuration.
func DefaultIAMConfig ¶
func DefaultIAMConfig() *IAMConfig
DefaultIAMConfig returns an IAMConfig with sensible defaults.
type ObservabilityConfig ¶
type ObservabilityConfig struct {
// Provider is the observability provider.
// Supported: "opik", "langfuse", "phoenix", "cloudwatch"
// Default: "opik"
Provider string `json:"provider,omitempty" yaml:"provider,omitempty"`
// Project is the project name for grouping traces.
// Default: stack name
Project string `json:"project,omitempty" yaml:"project,omitempty"`
// APIKeySecretARN is the ARN of the secret containing the provider API key.
// Required for opik, langfuse, phoenix.
APIKeySecretARN string `json:"apiKeySecretARN,omitempty" yaml:"apiKeySecretARN,omitempty"`
// Endpoint is a custom endpoint URL (optional).
Endpoint string `json:"endpoint,omitempty" yaml:"endpoint,omitempty"`
// EnableXRay enables AWS X-Ray tracing.
// Default: false
EnableXRay bool `json:"enableXRay,omitempty" yaml:"enableXRay,omitempty"`
// EnableCloudWatchLogs enables CloudWatch Logs.
// Default: true
EnableCloudWatchLogs bool `json:"enableCloudWatchLogs,omitempty" yaml:"enableCloudWatchLogs,omitempty"`
// LogRetentionDays is the CloudWatch Logs retention period.
// Default: 30
LogRetentionDays int `json:"logRetentionDays,omitempty" yaml:"logRetentionDays,omitempty"`
}
ObservabilityConfig defines monitoring and tracing configuration.
func DefaultObservabilityConfig ¶
func DefaultObservabilityConfig() *ObservabilityConfig
DefaultObservabilityConfig returns an ObservabilityConfig with sensible defaults.
type SecretsConfig ¶
type SecretsConfig struct {
// CreateSecrets creates new secrets if true.
// If false, existing secret ARNs must be provided in AgentConfig.SecretsARNs.
CreateSecrets bool `json:"createSecrets,omitempty" yaml:"createSecrets,omitempty"`
// SecretValues contains key-value pairs to store as secrets.
// Keys become environment variable names at runtime.
// Example: {"GEMINI_API_KEY": "abc123", "OPIK_API_KEY": "xyz789"}
SecretValues map[string]string `json:"secretValues,omitempty" yaml:"secretValues,omitempty"`
// SecretName is the name of the secret in Secrets Manager.
// Default: "{stack-name}-secrets"
SecretName string `json:"secretName,omitempty" yaml:"secretName,omitempty"`
// KMSKeyARN is an optional KMS key for encryption.
// If empty, uses AWS managed key.
KMSKeyARN string `json:"kmsKeyARN,omitempty" yaml:"kmsKeyARN,omitempty"`
}
SecretsConfig defines AWS Secrets Manager configuration.
type StackConfig ¶
type StackConfig struct {
// StackName is the CloudFormation/CDK stack name.
// Required.
StackName string `json:"stackName" yaml:"stackName"`
// Description is a description for the stack.
Description string `json:"description,omitempty" yaml:"description,omitempty"`
// Agents is the list of agents to deploy.
// At least one agent is required.
Agents []AgentConfig `json:"agents" yaml:"agents"`
// VPC configures networking.
// Optional - uses sensible defaults if not provided.
VPC *VPCConfig `json:"vpc,omitempty" yaml:"vpc,omitempty"`
// Secrets configures AWS Secrets Manager.
// Optional.
Secrets *SecretsConfig `json:"secrets,omitempty" yaml:"secrets,omitempty"`
// Observability configures monitoring and tracing.
// Optional - defaults to Opik with CloudWatch Logs.
Observability *ObservabilityConfig `json:"observability,omitempty" yaml:"observability,omitempty"`
// IAM configures IAM roles and policies.
// Optional - creates required roles automatically.
IAM *IAMConfig `json:"iam,omitempty" yaml:"iam,omitempty"`
// Gateway configures a multi-agent gateway for routing.
// Optional - only needed for multi-agent communication.
Gateway *GatewayConfig `json:"gateway,omitempty" yaml:"gateway,omitempty"`
// Tags are AWS resource tags applied to all resources.
Tags map[string]string `json:"tags,omitempty" yaml:"tags,omitempty"`
// RemovalPolicy determines what happens to resources on stack deletion.
// "destroy" removes all resources, "retain" keeps them.
// Default: "destroy"
RemovalPolicy string `json:"removalPolicy,omitempty" yaml:"removalPolicy,omitempty"`
}
StackConfig defines the complete configuration for an AgentCore deployment stack.
func LoadStackConfigFromFile ¶
func LoadStackConfigFromFile(path string) (*StackConfig, error)
LoadStackConfigFromFile loads a StackConfig from a JSON or YAML file. The file format is auto-detected from the extension.
func LoadStackConfigFromJSON ¶
func LoadStackConfigFromJSON(data []byte) (*StackConfig, error)
LoadStackConfigFromJSON parses a StackConfig from JSON data.
func LoadStackConfigFromYAML ¶
func LoadStackConfigFromYAML(data []byte) (*StackConfig, error)
LoadStackConfigFromYAML parses a StackConfig from YAML data.
func (*StackConfig) ApplyDefaults ¶
func (c *StackConfig) ApplyDefaults()
ApplyDefaults applies default values to unset fields.
func (*StackConfig) Validate ¶
func (c *StackConfig) Validate() error
Validate validates the StackConfig and returns any errors.
type VPCConfig ¶
type VPCConfig struct {
// VPCID is an existing VPC to use. If empty, a new VPC is created.
VPCID string `json:"vpcId,omitempty" yaml:"vpcId,omitempty"`
// SubnetIDs are existing subnets to use. Required if VPCID is set.
SubnetIDs []string `json:"subnetIds,omitempty" yaml:"subnetIds,omitempty"`
// SecurityGroupIDs are existing security groups. Optional.
SecurityGroupIDs []string `json:"securityGroupIds,omitempty" yaml:"securityGroupIds,omitempty"`
// CreateVPC creates a new VPC if true. Ignored if VPCID is set.
// Default: true
CreateVPC bool `json:"createVPC,omitempty" yaml:"createVPC,omitempty"`
// VPCCidr is the CIDR block for the new VPC.
// Default: "10.0.0.0/16"
VPCCidr string `json:"vpcCidr,omitempty" yaml:"vpcCidr,omitempty"`
// MaxAZs is the maximum number of availability zones.
// Default: 2
MaxAZs int `json:"maxAZs,omitempty" yaml:"maxAZs,omitempty"`
// EnableVPCEndpoints creates VPC endpoints for AWS services.
// Reduces NAT Gateway costs and improves security.
// Default: true
EnableVPCEndpoints bool `json:"enableVPCEndpoints,omitempty" yaml:"enableVPCEndpoints,omitempty"`
}
VPCConfig defines networking configuration for AgentCore deployment.
func DefaultVPCConfig ¶
func DefaultVPCConfig() *VPCConfig
DefaultVPCConfig returns a VPCConfig with sensible defaults.
Source Files
Click to show internal directories.
Click to hide internal directories.