README
ΒΆ
AgentKit for AWS CDK
AWS CDK constructs for deploying agentkit-based agents to AWS Bedrock AgentCore.
Features
- π AgentCore Runtime creation - Full
AWS::BedrockAgentCore::Runtimeresource support - π Runtime Endpoint creation - Automatic
AWS::BedrockAgentCore::RuntimeEndpointfor each agent - π‘ Protocol configuration - HTTP, MCP, and A2A protocol support
- π Gateway support - Optional
AWS::BedrockAgentCore::Gatewayfor external tool integration - π Enhanced outputs - Runtime ARNs, IDs, Endpoint ARNs per agent
- π οΈ CLI tools - One-command deployment and secrets management
- ποΈ CDK constructs -
AgentCoreStack,AgentBuilder,StackBuilderfluent APIs - π Config-driven - Load stacks from JSON/YAML configuration files
- π VPC & Security - Automatic VPC creation with security groups and VPC endpoints
- ποΈ Observability - Opik, Langfuse, Phoenix, and CloudWatch integration
- π Four deployment approaches - CDK Go, CDK+JSON, CfnInclude, Pure CloudFormation
Scope
This module provides AWS CDK constructs only. For other IaC tools:
| IaC Tool | Module | Dependencies |
|---|---|---|
| AWS CDK | agentkit-aws-cdk (this module) |
21 |
| Pulumi | agentkit-aws-pulumi | 340 |
| CloudFormation | agentkit (core) | 0 extra |
All modules share the same YAML/JSON configuration schema from agentkit/platforms/agentcore/iac/.
Architecture
agentkit/ # Core library (no CDK deps)
βββ platforms/agentcore/iac/
β βββ config.go # Shared config structs
β βββ loader.go # JSON/YAML loading
β βββ cloudformation.go # Pure CloudFormation generator
agentkit-aws-cdk/ # AWS CDK constructs (this module)
βββ agentcore/
β βββ stack.go # CDK constructs
β βββ builder.go # Fluent builders
β βββ cfninclude.go # CfnInclude wrapper
β βββ loader.go # CDK stack loaders
Why two modules?
agentkitstays lean - no CDK runtime dependenciesagentkit-aws-cdkadds CDK tooling for those who want it- Pure CloudFormation (approach 4) works with just
agentkit
Four Deployment Approaches
| Approach | Module Required | Best For |
|---|---|---|
| 1. CDK Go Constructs | agentkit-aws-cdk | Type safety, IDE support, complex logic |
| 2. CDK + JSON/YAML | agentkit-aws-cdk | Configuration-driven deployments |
| 3. CfnInclude | agentkit-aws-cdk | Existing CloudFormation templates |
| 4. Pure CloudFormation | agentkit only | No CDK runtime, AWS CLI only |
Installation
For CDK approaches (1-3):
go get github.com/plexusone/agentkit-aws-cdk
For Pure CloudFormation (4):
go get github.com/plexusone/agentkit
1. CDK Go Constructs
Type-safe Go code with full IDE support and compile-time validation.
package main
import "github.com/plexusone/agentkit-aws-cdk/agentcore"
func main() {
app := agentcore.NewApp()
// Build agents with fluent API
research := agentcore.NewAgentBuilder("research", "ghcr.io/example/research:latest").
WithMemory(512).
WithTimeout(30).
Build()
orchestration := agentcore.NewAgentBuilder("orchestration", "ghcr.io/example/orchestration:latest").
WithMemory(1024).
WithTimeout(300).
AsDefault().
Build()
// Build stack
agentcore.NewStackBuilder("my-agents").
WithAgents(research, orchestration).
WithOpik("my-project", "arn:aws:secretsmanager:us-east-1:123456789:secret:opik-key").
WithTags(map[string]string{"Environment": "production"}).
Build(app)
agentcore.Synth(app)
}
Deploy:
cdk deploy
See examples/1-cdk-go for complete example.
2. CDK + JSON/YAML Config
Minimal Go wrapper that loads configuration from JSON or YAML files. Perfect for teams who prefer configuration over code.
main.go (never changes):
package main
import "github.com/plexusone/agentkit-aws-cdk/agentcore"
func main() {
app := agentcore.NewApp()
agentcore.MustNewStackFromFile(app, "config.yaml")
agentcore.Synth(app)
}
config.yaml:
stackName: my-agents
description: My AgentCore deployment
agents:
- name: research
containerImage: ghcr.io/example/research:latest
memoryMB: 512
timeoutSeconds: 30
protocol: HTTP # HTTP (default), MCP, or A2A
- name: orchestration
containerImage: ghcr.io/example/orchestration:latest
memoryMB: 1024
timeoutSeconds: 300
protocol: HTTP
isDefault: true
vpc:
createVPC: true
enableVPCEndpoints: true
observability:
provider: opik
project: my-project
enableCloudWatchLogs: true
tags:
Environment: production
Deploy:
cdk deploy
See examples/2-cdk-json for complete example.
3. CfnInclude
Import existing CloudFormation templates into CDK. Use CDK deployment tooling while keeping your existing templates.
main.go:
package main
import "github.com/plexusone/agentkit-aws-cdk/agentcore"
func main() {
app := agentcore.NewApp()
agentcore.NewCfnIncludeBuilder("my-agents", "template.yaml").
WithParameter("Environment", "production").
Build(app)
agentcore.Synth(app)
}
Deploy:
cdk deploy
See examples/3-cfn-include for complete example.
4. Pure CloudFormation
Generate CloudFormation templates from configuration files. No CDK runtime needed - deploy with AWS CLI. Uses only agentkit (not agentkit-aws-cdk).
generate.go:
package main
import (
"fmt"
"os"
"github.com/plexusone/agentkit/platforms/agentcore/iac"
)
func main() {
config, err := iac.LoadStackConfigFromFile("config.yaml")
if err != nil {
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
os.Exit(1)
}
if err := iac.GenerateCloudFormationFile(config, "template.yaml"); err != nil {
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
os.Exit(1)
}
fmt.Println("Generated template.yaml")
}
Deploy with AWS CLI:
go run generate.go
aws cloudformation deploy \
--template-file template.yaml \
--stack-name my-agents \
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM
See examples/4-pure-cloudformation for complete example.
Configuration Reference
StackConfig
| Field | Type | Required | Description |
|---|---|---|---|
stackName |
string | Yes | CloudFormation stack name |
description |
string | No | Stack description |
agents |
[]AgentConfig | Yes | List of agents to deploy |
vpc |
VPCConfig | No | VPC configuration |
observability |
ObservabilityConfig | No | Monitoring configuration |
gateway |
GatewayConfig | No | Gateway for external tools |
iam |
IAMConfig | No | IAM configuration |
tags |
map[string]string | No | Resource tags |
removalPolicy |
string | No | "destroy" or "retain" |
AgentConfig
| Field | Type | Required | Description |
|---|---|---|---|
name |
string | Yes | Agent identifier |
containerImage |
string | Yes | ECR image URI |
description |
string | No | Human-readable description |
memoryMB |
int | No | Memory: 512, 1024, 2048, 4096, 8192, 16384 |
timeoutSeconds |
int | No | Timeout: 1-900 seconds |
protocol |
string | No | Communication protocol: HTTP (default), MCP, A2A |
environment |
map[string]string | No | Environment variables |
secretsARNs |
[]string | No | Secret ARNs to inject |
isDefault |
bool | No | Mark as default agent |
GatewayConfig
| Field | Type | Required | Description |
|---|---|---|---|
enabled |
bool | No | Enable Gateway creation |
name |
string | No | Gateway name |
description |
string | No | Gateway description |
Note: Gateway is for exposing external tools to agents via MCP, not for agent-to-agent communication. Agents communicate directly via A2A protocol.
VPCConfig
| Field | Type | Default | Description |
|---|---|---|---|
createVPC |
bool | true | Create new VPC |
vpcCidr |
string | 10.0.0.0/16 | VPC CIDR block |
maxAZs |
int | 2 | Number of availability zones |
enableVPCEndpoints |
bool | true | Create VPC endpoints |
vpcId |
string | - | Existing VPC ID |
subnetIds |
[]string | - | Existing subnet IDs |
ObservabilityConfig
| Field | Type | Default | Description |
|---|---|---|---|
provider |
string | opik | opik, langfuse, phoenix, cloudwatch |
project |
string | stackName | Project name for traces |
apiKeySecretARN |
string | - | Secret ARN for API key |
enableCloudWatchLogs |
bool | true | Enable CloudWatch Logs |
logRetentionDays |
int | 30 | Log retention period |
enableXRay |
bool | false | Enable X-Ray tracing |
Stack Outputs
After deployment, the stack outputs:
| Output | Description |
|---|---|
VPCID |
VPC identifier |
SecurityGroupID |
Security group for agents |
ExecutionRoleARN |
IAM role for agent execution |
Agent-{name}-RuntimeArn |
Runtime ARN for IAM policies |
Agent-{name}-RuntimeId |
Runtime ID for API calls |
Agent-{name}-EndpointArn |
Endpoint ARN for invocation |
Agent-{name}-Image |
Container image reference |
GatewayArn |
Gateway ARN (if gateway enabled) |
GatewayId |
Gateway ID (if gateway enabled) |
GatewayUrl |
Gateway URL (if gateway enabled) |
Prerequisites
-
Install AWS CDK CLI (for approaches 1-3):
npm install -g aws-cdk -
Configure AWS credentials:
aws configure -
Bootstrap CDK (first time only, for approaches 1-3):
cdk bootstrap aws://ACCOUNT-ID/REGION
Project Structure
my-project/
βββ infrastructure/
β βββ cdk/
β βββ go.mod
β βββ main.go # CDK app (approaches 1-3)
β βββ config.yaml # Configuration (approaches 2, 4)
β βββ cdk.json # CDK config
βββ agents/
β βββ research/
β βββ synthesis/
β βββ orchestration/
βββ go.mod
License
MIT
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
Package agentcore provides AWS CDK constructs for AgentCore deployments.
|
Package agentcore provides AWS CDK constructs for AgentCore deployments. |
|
cmd
|
|
|
deploy
command
deploy orchestrates the full AWS AgentCore deployment process.
|
deploy orchestrates the full AWS AgentCore deployment process. |
|
push-secrets
command
push-secrets pushes environment variables from .env files to AWS Secrets Manager.
|
push-secrets pushes environment variables from .env files to AWS Secrets Manager. |
|
examples
|
|
|
1-cdk-go
command
Example 1: CDK Go Constructs
|
Example 1: CDK Go Constructs |
|
2-cdk-json
command
Example 2: CDK + JSON Config
|
Example 2: CDK + JSON Config |
|
3-cfn-include
command
Example 3: CfnInclude - Import Existing CloudFormation Templates
|
Example 3: CfnInclude - Import Existing CloudFormation Templates |
|
4-pure-cloudformation
command
Example 4: Pure CloudFormation Generator
|
Example 4: Pure CloudFormation Generator |
Click to show internal directories.
Click to hide internal directories.