@@ -65,10 +65,10 @@ export class BedrockAgentStack extends cdk.Stack {
6565 } ) ;
6666
6767 const agent = new bedrock . Agent ( this , 'Agent' , {
68- foundationModel : bedrock . BedrockFoundationModel . ANTHROPIC_CLAUDE_INSTANT_V1_2 ,
68+ foundationModel : bedrock . BedrockFoundationModel . ANTHROPIC_CLAUDE_3_5_SONNET_V1_0 ,
6969 instruction : 'You are a helpful and friendly agent that answers questions about literature.' ,
7070 knowledgeBases : [ kb ] ,
71- enableUserInput : true ,
71+ userInputEnabled : true ,
7272 shouldPrepareAgent :true
7373 } ) ;
7474
@@ -79,23 +79,35 @@ export class BedrockAgentStack extends cdk.Stack {
7979 timeout :cdk . Duration . minutes ( 2 )
8080 } ) ;
8181
82- const actionGroup = new AgentActionGroup ( this , 'MyActionGroup' , {
83- actionGroupName : 'query-library' ,
82+ const actionGroup = new AgentActionGroup ( {
83+ name : 'query-library' ,
8484 description : 'Use these functions to get information about the books in the library.' ,
85- actionGroupExecutor : {
86- lambda : actionGroupFunction
87- } ,
88- actionGroupState : "ENABLED" ,
89- apiSchema : bedrock . ApiSchema . fromAsset ( path . join ( __dirname , 'action-group.yaml' ) ) ,
85+ executor : bedrock . ActionGroupExecutor . fromlambdaFunction ( actionGroupFunction ) ,
86+ enabled : true ,
87+ apiSchema : bedrock . ApiSchema . fromLocalAsset ( path . join ( __dirname , 'action-group.yaml' ) ) ,
9088 } ) ;
9189
92- agent . addActionGroups ( [ actionGroup ] )
90+ agent . addActionGroup ( actionGroup ) ;
9391
94- agent . addAlias ( {
92+ const agentAlias2 = new bedrock . AgentAlias ( this , 'myalias2' , {
9593 aliasName : 'my-agent-alias' ,
96- description :'alias for my agent'
97-
98- } )
94+ agent : agent ,
95+ description : 'alias for my agent'
96+ } ) ;
97+
98+ // Add NAG suppression for the Agent's role policy
99+ NagSuppressions . addResourceSuppressionsByPath (
100+ this ,
101+ `/${ this . node . path } ,
102+ [
103+ {
104+ id : 'AwsSolutions-IAM5' ,
105+ reason : 'The Agent requires permissions to invoke the action group Lambda function' ,
106+ appliesTo : [ 'Resource::<ActionGroupFunctionFE14D1CB.Arn>:*' ] ,
107+ } ,
108+ ] ,
109+ true
110+ ) ;
99111
100112 new cdk . CfnOutput ( this , 'AgentId' , { value : agent . agentId } ) ;
101113 new cdk . CfnOutput ( this , 'KnowledgeBaseId' , { value : kb . knowledgeBaseId } ) ;
@@ -108,10 +120,29 @@ export class BedrockAgentStack extends cdk.Stack {
108120 {
109121 id : 'AwsSolutions-IAM4' ,
110122 reason : 'ActionGroup Lambda uses the AWSLambdaBasicExecutionRole AWS Managed Policy.' ,
123+ } ,
124+ {
125+ id : 'AwsSolutions-L1' ,
126+ reason : 'Using Python 3.12 as the latest runtime version for Lambda.' ,
111127 }
112128 ] ,
113129 true ,
114130 ) ;
131+ NagSuppressions . addResourceSuppressionsByPath (
132+ this ,
133+ `/${ this . node . path } ,
134+ [
135+ {
136+ id : 'AwsSolutions-IAM5' ,
137+ reason : 'The Lambda function requires broad permissions for logging and invocation.' ,
138+ appliesTo : [
139+ 'Action::lambda:InvokeFunction' ,
140+ 'Action::logs:*'
141+ ] ,
142+ } ,
143+ ] ,
144+ true ,
145+ ) ;
115146 NagSuppressions . addResourceSuppressionsByPath (
116147 this ,
117148 `/${ this . node . path } ,
0 commit comments