Restructure obsy samples by BharathiSrini · Pull Request #1654 · awslabs/agentcore-samples

BharathiSrini · 2026-06-11T22:27:22Z

Amazon Bedrock AgentCore Samples Pull Request

Important

We strictly follow a issue-first approach, please first open an issue relating to this Pull Request.
Once this Pull Request is ready for review please attach review ready label to it. Only PRs with review ready will be reviewed.

Issue number:

Add agents-on-ecs and agent-in-lambda samples under agents-hosted-outside-runtime

Restructures 03-integrations/agents-hosted-outside-runtime to add two new patterns:

Moves observability-fullstack-examples/agentic-sales-analyst → agents-on-ecs/agentic-sales-analyst,
giving the ECS-hosted multi-agent sample a proper home under agents-hosted-outside-runtime.
Adds agents-on-aws-lambda/02-agent-in-lambda: a new sample showing how to host a Strands agent
directly inside AWS Lambda with full Gen AI observability via the ADOT managed Lambda layer.
Existing lambda-invokes-runtime content is moved into 01-lambda-invokes-runtime/ and given its
own README explaining the span-suppression pattern.

The 02-agent-in-lambda sample fixes a version-conflict bug (strands-agents bundles its own
opentelemetry packages that shadow the ADOT layer's copies) by adding aws-opentelemetry-distro
to requirements.txt. It also adds _CWJsonSpanExporter to lambda_agent.py, which writes each OTel
span as a compact single-line JSON to the Lambda CloudWatch log group so that AgentCore batch
evaluation can read Gen AI sessions without requiring a separate /aws/spans sink.

User experience

▎ Before: agents-hosted-outside-runtime only showed the "Lambda invokes a runtime" pattern. There was no sample for running an agent directly inside Lambda, and the ECS-based
agentic-sales-analyst lived under the unrelated observability-fullstack-examples folder.

▎ After:
▎ - agents-on-ecs/agentic-sales-analyst — the full-stack ECS multi-agent sample is discoverable under the right parent folder.
▎ - agents-on-aws-lambda/01-lambda-invokes-runtime/ — the existing pattern (Lambda triggers a hosted runtime agent) is preserved with an updated README explaining the span-suppression problem
and the ADOT fix for it.
▎ - agents-on-aws-lambda/02-agent-in-lambda/ — new end-to-end sample: deploy.py creates the Lambda with the ADOT layer attached, invoke.py generates 5 sessions, evaluate.py runs a
Builtin.GoalSuccessRate batch evaluation job against the Lambda CloudWatch log group, and cleanup.py tears everything down. Console screenshots walk through enabling Application Signals,
attaching the ADOT layer, and setting the required environment variables.

Checklist

If your change doesn't seem to apply, please leave them unchecked.

I have reviewed the contributing guidelines
Add your name to CONTRIBUTORS.md
Have you checked to ensure there aren't other open Pull Requests for the same update/change?
Are you uploading a dataset?
Have you documented Introduction, Architecture Diagram, Prerequisites, Usage, Sample Prompts, and Clean Up steps in your example README?
I agree to resolve any issues created for this example in the future.
I have performed a self-review of this change
Changes have been tested
Changes are documented

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

…n-lambda sample - Move observability-fullstack-examples/agentic-sales-analyst → agents-on-ecs/agentic-sales-analyst (git rename preserves history) - Restructure agents-on-aws-lambda into two subfolders: - 01-lambda-invokes-runtime/: existing Lambda→AgentCore runtime pattern - 02-agent-in-lambda/: new pattern — Strands agent wrapped inside Lambda with ADOT observability - New 02-agent-in-lambda sample includes: - lambda_agent.py: Strands Agent handler - requirements.txt: strands-agents + aws-opentelemetry-distro - build.sh: SAM container build producing Lambda-compatible ZIP - images/: console screenshots for X-Ray, ADOT layer, env vars, permissions - README.md: step-by-step setup guide with console screenshots, env var table, IAM policy, and explanation of the Lambda-suppresses-spans problem with requirements for the Lambda-invokes-runtime pattern - Add top-level agents-on-aws-lambda/README.md comparing both patterns

…el via pip - requirements.txt: remove aws-opentelemetry-distro; only strands-agents needed - build.sh: remove opentelemetry-instrument copy step; ZIP contains only strands-agents - lambda_agent.py: update docstring to reflect layer-based setup; clean up logging - README.md: rewrite setup steps for managed layer approach: - add ADOT layer ARN table for all major regions (account 901920570463) - AWS_LAMBDA_EXEC_WRAPPER=/opt/otel-instrument (layer path, not /var/task/) - AGENT_OBSERVABILITY_ENABLED=true for Strands Gen AI spans - Option A (manual ARN) and Option B (Application Signals console toggle) - retain console screenshots, IAM policy, test CLI invocation, trace viewing steps - retain Lambda-invokes-runtime span-suppression pattern explanation

… and evaluation pipeline - Add aws-opentelemetry-distro to requirements.txt so the bundled OTel packages are compatible with the ADOT layer's startup code (fixes ImportError: cannot import name 'LogData' from opentelemetry.sdk._logs) - Add _CWJsonSpanExporter to lambda_agent.py: writes each OTel span as a compact single-line JSON to stdout to the Lambda CloudWatch log group, enabling AgentCore batch evaluation to read Gen AI sessions without a separate /aws/spans sink - Add deploy.py, invoke.py, evaluate.py, cleanup.py scripts - evaluate.py: starts Builtin.GoalSuccessRate batch evaluation using the Lambda log group as the cloudWatchLogs data source - Gitignore lambda_config.json (runtime artifact) Tested end-to-end: 5 Lambda invocations then evaluation COMPLETED

…string without placeholders)

github-actions · 2026-06-11T22:34:24Z

Latest scan for commit: 709c201 | Updated: 2026-06-12 00:33:17 UTC

Security Scan Results

Scan Metadata

Project: ASH
Scan executed: 2026-06-12T00:33:02+00:00
ASH version: 3.0.0

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

Time: Duration taken by each scanner to complete its analysis
Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
MISSING: Scanner could not run because required dependencies/tools are not installed or available
SKIPPED: Scanner was intentionally disabled or excluded from this scan
ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

CRITICAL: Only Critical severity findings cause scanner to fail
HIGH: High and Critical severity findings cause scanner to fail
MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

(g) = global: Set in the global_settings section of ASH configuration
(c) = config: Set in the individual scanner configuration section
(s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

All statistics are calculated from the final aggregated SARIF report
Suppressed findings are counted separately and do not contribute to actionable findings
Scanner status is determined by comparing actionable findings to the threshold

Scanner	S	C	M	L	I	Time	Action	Result	Thresh
bandit	0	1	0	63	0	1.4s	1	FAILED	MED (g)
cdk-nag	0	9	0	0	15	12.7s	9	FAILED	MED (g)
cfn-nag	0	0	12	0	0	6.9s	12	FAILED	MED (g)
checkov	6	4	0	0	0	9.6s	4	FAILED	MED (g)
detect-sec…	0	0	0	0	0	1.4s	0	PASSED	MED (g)
grype	0	42	33	5	0	52.0s	75	FAILED	MED (g)
npm-audit	0	0	0	0	0	912ms	0	PASSED	MED (g)
opengrep	0	0	0	0	0	<1ms	0	SKIPPED	MED (g)
semgrep	0	0	0	0	0	<1ms	0	MISSING	MED (g)
syft	0	0	0	0	0	2.7s	0	PASSED	MED (g)

Detailed Findings

Show 101 actionable findings

Finding 1: B608

Severity: HIGH
Scanner: bandit
Rule ID: B608
Location: 03-integrations/agents-hosted-outside-runtime/agents-on-ecs/agentic-sales-analyst/strands_agentcore_runtime.py:61-118

Description:
Possible SQL injection vector through string-based query construction.

Code Snippet:

schema = discover_schema()
    return f"""
You are a sales analyst for our company. You analyze our internal sales data and provide market context.

SCOPE: Only answer questions about our company's sales data. For unrelated questions, decline politely.

TOOLS:
1. execute_sql_query - Query our sales database
2. search_web - Get market context for our sales performance

DATABASE SCHEMA:
{schema}

CRITICAL RULES:
1. ALWAYS use execute_sql_query for questions about our internal sales data - never just describe what you would query
2. Use search_web only if market context is needed to enhance database results
3. Use only SELECT queries on tables shown in schema above
4. Sample data shows only limited examples - ALWAYS query to discover all actual values and data patterns in the database
5. Database contains data through 2025 - always query before saying data doesn't exist
6. NEVER include SQL queries in the content field - only provide business insights and analysis
7. MANDATORY: You MUST call tools, not describe what tools you would use

WORKFLOW:
1. Analyze the question to determine what information is needed
2. MUST call execute_sql_query if internal sales data is required
3. Only call search_web if market context is needed to enhance database results
4. Return JSON response with insights from tools used

🚨 CRITICAL: ALWAYS RETURN JSON FORMAT 🚨
EVERY response must be valid JSON - NO EXCEPTIONS
EVEN when declining requests, you MUST return JSON format

JSON OUTPUT REQUIRED:
{{
  "content": "Your response text here",
  "sources": []
}}

EXAMPLES:
- Sales question: {{"content": "Analysis with data", "sources": [{{"type": "database", "name": "Sales Database"}}]}}
- Out of scope: {{"content": "I can only analyze our company's sales data", "sources": []}}
- Error: {{"content": "Unable to process request", "sources": []}}

CRITICAL JSON REQUIREMENTS:
- Output ONLY valid JSON starting with {{ and ending with }}
- NO text before or after the JSON object
- ALWAYS include "content" field with your response as a string
- ALWAYS include "sources" array (empty if no tools used)
- For database sources: {{"type": "database", "name": "Sales Database"}}
- For web sources: {{"type": "web", "title": "Exact title from search result", "url": "Exact URL from search result"}}
- Never fabricate sources - use exact data from tool results

🔥 ABSOLUTE REQUIREMENT 🔥
Your response must be EXACTLY: {{ "content": "...", "sources": [...] }}
NO PLAIN TEXT RESPONSES ALLOWED - SYSTEM WILL FAIL
NEVER include SQL statements in the content - only business analysis
"""

Finding 2: CFN_NAG_W11

Severity: MEDIUM
Scanner: cfn-nag
Rule ID: CFN_NAG_W11
Location: 03-integrations/agents-hosted-outside-runtime/agents-on-ecs/agentic-sales-analyst/deployment/common/02-iam.yaml:25

Description:
IAM role should not allow * resource on its permissions policy