New serverless pattern - Amazon CloudFront to Amazon Bedrock AgentCore Runtime#3003
New serverless pattern - Amazon CloudFront to Amazon Bedrock AgentCore Runtime#3003rr-on-gh wants to merge 10 commits intoaws-samples:mainfrom
Conversation
…untime pattern - Add new CloudFront to Amazon Bedrock AgentCore Runtime CDK pattern with OAuth 2.0 authentication - Implement three agent runtime services supporting A2A, HTTP, and MCP protocols - Add CloudFront distribution with path-based routing to appropriate agent endpoints - Include Amazon Cognito User Pool for JWT token authentication - Add agent code implementations with Docker containerization for each protocol type - Include comprehensive README with deployment and testing instructions - Add test scripts for validating A2A, HTTP, and MCP protocol endpoints - Add project configuration files (cdk.json, requirements.txt, .gitignore) - Add architecture documentation and example pattern configuration - Update root .gitignore to exclude .history directory - This pattern demonstrates global edge caching, DDoS protection, and centralized access logging through CloudFront
…ion for A2A agent discovery
…ntime_region parameter
…ildcard IAM resources
…REGION configuration
|
@rr-on-gh - thanks for putting this together. Nice to see AgentCore Runtime patterns coming in, and the multi-protocol coverage (A2A, HTTP, MCP) is a great touch. One thing I'd love to understand better: what's the customer use case or scenario that motivated putting CloudFront in front of AgentCore Runtime specifically? Since agent interactions are inherently dynamic and per-request, the edge caching that's core to CloudFront's value proposition wouldn't typically apply here. I'm curious whether the primary driver is:
It'd be great to call that out more explicitly in the README so users understand when to reach for this pattern vs. alternatives like API Gateway or direct Runtime access with native OAuth. This will certainly help our builders. |
3 participants
Issue #, if available:
Description of changes:
This pattern deploys an Amazon CloudFront distribution in front of Amazon Bedrock AgentCore Runtime to proxy requests with OAuth 2.0 authentication. Using Amazon CloudFront in front of AgentCore Runtime provides features to for production traffic serving applications like global edge caching, DDoS protection, AWS WAF integration for IP rate limiting and geo-blocking, custom domain support with SSL/TLS.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.