Skip to content

refactor(infra-cdk): migrate to L2 constructs and replace NestedStacks with Constructs #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
adam-weber wants to merge 4 commits into
base: main
Choose a base branch
from
Open

refactor(infra-cdk): migrate to L2 constructs and replace NestedStacks with Constructs #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b7387f7
refactor: use L2 constructs and convert NestedStacks to Constructs
adam-weber Jan 22, 2026
6509dab
refactor: replace CfnParameters with config.yaml values
adam-weber Jan 22, 2026
7926ae8
feat: make AgentCore Memory expiration configurable via config.yaml
adam-weber Jan 23, 2026
e8ccf48
docs: fix incorrect file paths and update README for Construct archit…
adam-weber Jan 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 32 additions & 41 deletions infra-cdk/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,11 @@ frontend:
certificate_arn: null # Optional: Set to your ACM certificate ARN

backend:
pattern: "strands-single-agent" # Available patterns: strands-single-agent
pattern: strands-single-agent # Available: strands-single-agent, langgraph-single-agent
deployment_type: docker # Available: docker, zip
agent_name: StrandsAgent
network_mode: PUBLIC # Available: PUBLIC, PRIVATE
memory_expiration_days: 30 # How long AgentCore Memory retains conversation history
```

## Project Structure
Expand All @@ -67,9 +71,10 @@ infra-cdk/
├── bin/
│ └── fast-cdk.ts # CDK app entry point
├── lib/
│ ├── fast-cdk-stack.ts # Main orchestrator stack
│ ├── backend-stack.ts # Backend/AgentCore stack
│ ├── frontend-stack.ts # Frontend/CloudFront stack
│ ├── fast-main-stack.ts # Main orchestrator stack
│ ├── backend-stack.ts # BackendConstruct
│ ├── cognito-stack.ts # CognitoConstruct
│ ├── amplify-hosting-stack.ts # AmplifyHostingConstruct
│ └── utils/ # Utility functions and constructs
├── test/
│ └── fast-cdk.test.ts # Unit tests
Expand All @@ -93,36 +98,30 @@ npm run watch

## Deployment Details

The CDK deployment creates multiple stacks with a specific deployment order:
The CDK deployment creates a single CloudFormation stack containing all resources, organized into logical Constructs.

### Stack Architecture & Deployment Order
### Architecture

1. **Cognito Stack** (CognitoStack):
- Cognito User Pool for user authentication
- User Pool Client for frontend OAuth flows
The main stack (`FASTStack`) composes three Constructs:

1. **CognitoConstruct**: User authentication
- Cognito User Pool and Client
- User Pool Domain for hosted UI
- Machine Client for service-to-service auth

2. **Backend Stack** (BackendStack):
- **Machine Client & Resource Server**: OAuth2 client credentials for service-to-service auth
- **AgentCore Gateway**: API gateway for tool integration with Lambda targets
- **AgentCore Runtime**: Bedrock AgentCore runtime for agent execution
- **Supporting Resources**: IAM roles, DynamoDB tables, API Gateway for feedback
2. **BackendConstruct**: AgentCore infrastructure
- AgentCore Gateway with Lambda tool targets
- AgentCore Runtime for agent execution
- AgentCore Memory for conversation history
- ECR repository and CodeBuild for container builds
- DynamoDB table for feedback
- API Gateway for feedback endpoints

3. **Amplify Hosting Stack** (AmplifyHostingStack):
- Amplify app for frontend hosting
3. **AmplifyHostingConstruct**: Frontend hosting
- Amplify app for React frontend
- Branch configuration for deployments
- Custom domain setup (if configured)

### Component Dependencies

Within the Backend Stack, components are created in this order:
1. **Cognito Integration**: Import user pool from Cognito stack
2. **Machine Client**: Create OAuth2 client for M2M authentication
3. **Gateway**: Create AgentCore Gateway (depends on machine client)
4. **Runtime**: Create AgentCore Runtime (independent of gateway)

This order ensures authentication components are available before services that depend on them, while keeping the runtime deployment separate since it doesn't directly depend on the gateway.

### Docker Build Configuration

The agent container builds use a specific configuration to handle the repository structure efficiently:
Expand Down Expand Up @@ -169,21 +168,13 @@ This approach scales to multiple agent patterns without code duplication while m

### Key Resources Created

1. **Backend Stack**:
- Cognito User Pool integration and machine client
- AgentCore Gateway with Lambda tool targets
- AgentCore Runtime for agent execution
- ECR repository for agent container images
- CodeBuild project for container builds
- DynamoDB table for application data
- API Gateway for feedback endpoints
- IAM roles and policies

2. **Amplify Hosting Stack**:
- Amplify app for frontend deployment
- Automatic builds from Git branches
- Custom domain and SSL certificate integration
- Environment-specific deployments
- **Authentication**: Cognito User Pool, Client, Domain, Machine Client
- **AgentCore**: Gateway, Runtime, Memory
- **Compute**: Lambda functions, ECR repository, CodeBuild project
- **Storage**: DynamoDB tables
- **Frontend**: Amplify app with custom domain support
- **APIs**: API Gateway for feedback endpoints
- **Security**: IAM roles and policies

## Troubleshooting

Expand Down
3 changes: 3 additions & 0 deletions infra-cdk/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,6 @@ admin_user_email: null # Example: admin@example.com
backend:
pattern: strands-single-agent # Available patterns: strands-single-agent, langgraph-single-agent
deployment_type: docker # Available deployment types: docker (default), zip
agent_name: StrandsAgent
network_mode: PUBLIC # Available: PUBLIC, PRIVATE (PRIVATE requires VPC configuration)
Copy link

@harshitkgupta harshitkgupta Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the reason for making PUBLIC VPC instead of default Private?

Copy link
Author

@adam-weber adam-weber Jan 22, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@harshitkgupta PUBLIC is the current default with CfnParams on main.

memory_expiration_days: 30 # How long AgentCore Memory retains conversation history
9 changes: 4 additions & 5 deletions infra-cdk/lib/amplify-hosting-stack.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,17 @@ import * as iam from "aws-cdk-lib/aws-iam"
import { Construct } from "constructs"
import { AppConfig } from "./utils/config-manager"

export interface AmplifyStackProps extends cdk.NestedStackProps {
export interface AmplifyConstructProps {
config: AppConfig
}

export class AmplifyHostingStack extends cdk.NestedStack {
export class AmplifyHostingConstruct extends Construct {
public readonly amplifyApp: amplify.App
public readonly amplifyUrl: string
public readonly stagingBucket: s3.Bucket

constructor(scope: Construct, id: string, props: AmplifyStackProps) {
const description = "Fullstack AgentCore Solution Template - Amplify Hosting Stack"
super(scope, id, { ...props, description })
constructor(scope: Construct, id: string, props: AmplifyConstructProps) {
super(scope, id)

// Create access logs bucket for staging bucket
const accessLogsBucket = new s3.Bucket(this, "StagingBucketAccessLogs", {
Expand Down
Loading