Thanks to visit codestin.com
Credit goes to Github.com

Skip to content

JKevinXu/aws-stack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
__pycache__
__pycache__
 
 
bin
bin
 
 
data
data
 
 
lambda
lambda
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
BEDROCK_AGENTCORE_DEPLOYMENT.md
BEDROCK_AGENTCORE_DEPLOYMENT.md
 
 
BEDROCK_AGENTCORE_INTEGRATION_NOTES.md
BEDROCK_AGENTCORE_INTEGRATION_NOTES.md
 
 
BEDROCK_AGENTCORE_PROXY_GUIDE.md
BEDROCK_AGENTCORE_PROXY_GUIDE.md
 
 
BEDROCK_AGENTCORE_PROXY_IMPLEMENTATION_REPORT.md
BEDROCK_AGENTCORE_PROXY_IMPLEMENTATION_REPORT.md
 
 
BEDROCK_AGENT_CORE_PROXY_REPORT.md
BEDROCK_AGENT_CORE_PROXY_REPORT.md
 
 
DEPLOYMENT_INSTRUCTIONS.md
DEPLOYMENT_INSTRUCTIONS.md
 
 
FASTMCP_LAMBDA_DEPENDENCY_ISSUE.md
FASTMCP_LAMBDA_DEPENDENCY_ISSUE.md
 
 
INLINE_AGENT_MCP_REPORT.md
INLINE_AGENT_MCP_REPORT.md
 
 
MCP-JSON-PARSING-ISSUE.md
MCP-JSON-PARSING-ISSUE.md
 
 
MCP_BEDROCK_AGENT_REPORT.md
MCP_BEDROCK_AGENT_REPORT.md
 
 
MCP_IMPLEMENTATION.md
MCP_IMPLEMENTATION.md
 
 
PYTHON_IMPLEMENTATION_NOTES.md
PYTHON_IMPLEMENTATION_NOTES.md
 
 
QUICKSIGHT_SETUP.md
QUICKSIGHT_SETUP.md
 
 
README.md
README.md
 
 
STRANDS_AGENT_DEPLOYMENT.md
STRANDS_AGENT_DEPLOYMENT.md
 
 
cdk.json
cdk.json
 
 
create_agentcore_strands.py
create_agentcore_strands.py
 
 
deploy-strands-agent.sh
deploy-strands-agent.sh
 
 
deploy_agent.py
deploy_agent.py
 
 
inline_agent_mcp.py
inline_agent_mcp.py
 
 
invoke_agent.py
invoke_agent.py
 
 
manifest.json
manifest.json
 
 
mcp_client.py
mcp_client.py
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
requirements.txt
requirements.txt
 
 
response.json
response.json
 
 
strands_claude.py
strands_claude.py
 
 
strands_with_mcp.py
strands_with_mcp.py
 
 
test_bedrock_agent.py
test_bedrock_agent.py
 
 
test_bedrock_agentcore.py
test_bedrock_agentcore.py
 
 
test_mcp_simple.py
test_mcp_simple.py
 
 
tsconfig.json
tsconfig.json
 
 
upload-manifest.sh
upload-manifest.sh
 
 
utils.py
utils.py
 
 

Repository files navigation

AWS CDK S3 Bucket Stack

This project contains an AWS CDK stack that deploys an S3 bucket with the following features:

  • Versioning enabled
  • Server-side encryption using S3-managed keys (SSE-S3)
  • Automatic cleanup on destroy (for development purposes)

AWS CDK S3 Bucket & QuickSight Integration Stack

This project contains an AWS CDK stack that deploys:

  1. S3 buckets with the following features:

    • Versioning enabled
    • Server-side encryption using S3-managed keys (SSE-S3)
    • Automatic cleanup on destroy (for development purposes)

  2. IAM Identity Center integration:

    • Identity Center instance for centralized user management
    • Automated QuickSight Admin group creation
    • Pre-configured IAM role for QuickSight to access S3 data

  3. QuickSight preparation:

    • Dedicated S3 bucket for QuickSight data
    • All necessary permissions and roles
    • Ready-to-use admin group for QuickSight management

Prerequisites

Before you begin, ensure you have the following installed:

  • Node.js & npm
  • AWS CLI
  • AWS CDK CLI (npm install -g aws-cdk)

AWS Credentials Setup

Configure your AWS credentials using one of these methods:

  1. Using AWS CLI (recommended):
aws configure

You'll be prompted to enter:

  • AWS Access Key ID
  • AWS Secret Access Key
  • Default region (e.g., us-east-1)
  • Default output format (json)
  1. Using environment variables:
export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_DEFAULT_REGION=your_preferred_region

Deployment Steps

  1. Install dependencies:
npm install
  1. Build the TypeScript project:
npm run build
  1. Bootstrap the CDK environment (one-time setup per account/region):
cdk bootstrap
  1. Deploy the stack:
cdk deploy

Note: The stack uses AWS CDK custom resources to create the QuickSight admin group. The required aws-cdk-lib/custom-resources module is part of the standard CDK library and does not require additional installation.

Configuring QuickSight with IAM Identity Center

Once the stack is deployed, you can configure Amazon QuickSight to work with the IAM Identity Center:

  1. Note the outputs from the CDK deployment, which include:

    • IdentityCenterInstanceArn - The ARN of the IAM Identity Center instance
    • IdentityStoreId - The ID of the IAM Identity Store
    • QuickSightDataBucketName - The S3 bucket that can be used for QuickSight data

  2. Sign in to the AWS Management Console and navigate to the QuickSight service.

  3. If you haven't subscribed to QuickSight yet:

    • Click "Sign up for QuickSight"
    • Choose "Enterprise" edition
    • Select "IAM Identity Center" as your identity type
    • In the "Authentication" section, select the Identity Center instance that was created by the CDK stack

  4. If you already have QuickSight:

    • Go to QuickSight admin settings
    • Navigate to "Security & permissions"
    • Under "Authentication", select "Manage IAM Identity Center"
    • Connect to the Identity Center instance created by the CDK stack

  5. Configure permissions for the S3 bucket:

    • In QuickSight, go to "Manage QuickSight" > "Security & permissions"
    • Under "QuickSight access to AWS services", select "Add or remove"
    • Enable access to the S3 bucket created by the stack (QuickSightDataBucketName)

  6. Configure users and groups:

    • In the AWS Console, navigate to IAM Identity Center
    • Create users and groups as needed
    • Assign QuickSight access to those users and groups

  7. To connect to the S3 data source in QuickSight:

    • In QuickSight, choose "Datasets" > "New dataset"
    • Select "S3" as the data source
    • Enter the bucket name from the CDK output (QuickSightDataBucketName)
    • Follow the prompts to complete the connection

QuickSight Admin Group Management

The CDK stack automatically creates a QuickSight Admin group in IAM Identity Center, eliminating the need for manual group creation. After deployment:

  1. Note the output QuickSightAdminGroupId from the CDK deployment, which contains the ID of the created admin group.

  2. To add users to this admin group:

    • Go to the AWS IAM Identity Center console
    • Navigate to "Groups" and select the "QuickSight-Admins" group
    • Click "Add users"
    • Select users to add and complete the process

  3. To configure this group in QuickSight:

    • Navigate to the QuickSight console
    • Go to "Manage QuickSight" > "Manage users"
    • Click "Add users" and select the Identity Center option
    • Search for the "QuickSight-Admins" group and add it
    • Set the access level to "Admin"
    • Complete the process by following the prompts

This group has been pre-created with the name "QuickSight-Admins" and is ready to be used for QuickSight administration purposes.

Default QuickSight Admin User

The CDK stack also automatically creates a default QuickSight admin user and adds them to the QuickSight Admins group:

  1. The user is created with the following attributes:

  2. The user is automatically added to the "QuickSight-Admins" group

  3. Important deployment outputs include:

    • QuickSightAdminUserId: The ID of the created admin user
    • UserGroupMembershipId: The ID of the group membership link

  4. To set a password for this user:

    • Go to the AWS IAM Identity Center console
    • Navigate to "Users" and find the "Kevin X" user
    • Select the user and choose "Reset password"
    • Follow the prompts to set a password and complete the process

  5. The user can then log in to QuickSight using their Identity Center credentials

QuickSight Subscription Costs

When subscribing to QuickSight Enterprise Edition with Amazon Q integration, the following costs apply:

User License Costs

  • Author: $24/user/month (or $18/user/month with annual commitment)
  • Author Pro (with Amazon Q): $50/user/month
  • Reader: $3/user/month
  • Reader Pro (with Amazon Q): $20/user/month

Amazon Q Enablement Fee

  • $250/month per account when at least one Pro user exists or there's at least one Amazon Q Topic

Benefits of Pro Licenses

  • Author Pro includes:

    • All standard Author capabilities
    • Build dashboards with natural language
    • Create Amazon Q Topics
    • View executive dashboard summaries
    • Build and share generative data stories
    • Advanced analysis with scenarios capability
    • Entitlement to Amazon Q Business Pro

  • Reader Pro includes:

    • All standard Reader capabilities
    • View executive dashboard summaries
    • Build and share generative data stories
    • Advanced analysis with scenarios capability
    • Entitlement to Amazon Q Business Pro

Additional Costs

  • SPICE Storage: $0.38/GB/month (10GB included with each Author license)
  • Pixel-perfect reports: Starting at $500/month for 500 report units

For the most current pricing information, refer to the official AWS QuickSight pricing page.

Useful CDK Commands

  • npm run build

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages