Skip to content

Customer Support Assistant with VPC #474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 71 commits into from
Oct 14, 2025
Merged

Customer Support Assistant with VPC #474

merged 71 commits into from
Oct 14, 2025

Conversation

@EashanKaushik
Copy link
Contributor

@EashanKaushik EashanKaushik commented Oct 12, 2025

Amazon Bedrock AgentCore Samples Pull Request

Important

  1. We strictly follow a issue-first approach, please first open an issue relating to this Pull Request.
  2. Once this Pull Request is ready for review please attach review ready label to it. Only PRs with review ready will be reviewed.

Issue number:

Concise description of the PR

Changes to ..., because ...

User experience

Please share what the user experience looks like before and after this change

Checklist

If your change doesn't seem to apply, please leave them unchecked.

  • I have reviewed the contributing guidelines
  • Add your name to CONTRIBUTORS.md
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Are you uploading a dataset?
  • Have you documented Introduction, Architecture Diagram, Prerequisites, Usage, Sample Prompts, and Clean Up steps in your example README?
  • I agree to resolve any issues created for this example in the future.
  • I have performed a self-review of this change
  • Changes have been tested
  • Changes are documented

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

@github-actions github-actions bot added the 02-use-cases 02-use-cases label Oct 12, 2025
@github-actions
Copy link

github-actions bot commented Oct 12, 2025
edited
Loading

Latest scan for commit: f267cec | Updated: 2025-10-14 03:51:27 UTC

Security Scan Results

Scan Metadata

  • Project: ASH
  • Scan executed: 2025-10-14T03:51:14+00:00
  • ASH version: 3.0.0

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

  • Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
  • Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
  • High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
  • Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
  • Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
  • Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

  • Time: Duration taken by each scanner to complete its analysis
  • Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

  • PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
  • FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
  • MISSING: Scanner could not run because required dependencies/tools are not installed or available
  • SKIPPED: Scanner was intentionally disabled or excluded from this scan
  • ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

  • CRITICAL: Only Critical severity findings cause scanner to fail
  • HIGH: High and Critical severity findings cause scanner to fail
  • MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
  • LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
  • ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

  • (g) = global: Set in the global_settings section of ASH configuration
  • (c) = config: Set in the individual scanner configuration section
  • (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

  • All statistics are calculated from the final aggregated SARIF report
  • Suppressed findings are counted separately and do not contribute to actionable findings
  • Scanner status is determined by comparing actionable findings to the threshold
Scanner S C H M L I Time Action Result Thresh
bandit 0 3 0 0 2 0 714ms 3 FAILED MED (g)
cdk-nag 0 82 0 1 0 56 35.2s 83 FAILED MED (g)
cfn-nag 0 3 0 64 0 0 8.9s 67 FAILED MED (g)
checkov 0 89 0 0 0 0 13.5s 89 FAILED MED (g)
detect-secr… 0 27 0 0 0 0 2.2s 27 FAILED MED (g)
grype 0 1 0 1 0 0 34.2s 2 FAILED MED (g)
npm-audit 0 0 0 0 0 0 1.3s 0 PASSED MED (g)
opengrep 0 0 0 0 0 0 <1ms 0 SKIPPED MED (g)
semgrep 0 1 0 0 0 0 14.7s 1 FAILED MED (g)
syft 0 0 0 0 0 0 2.3s 0 PASSED MED (g)

Detailed Findings

Show 272 actionable findings

Finding 1: B113

  • Severity: HIGH
  • Scanner: bandit
  • Rule ID: B113
  • Location: 02-use-cases/customer-support-assistant-vpc/agent/utils.py:53-55

Description:
Call to requests without timeout

Code Snippet:

# Make token request
    response = requests.post(token_endpoint, headers=headers, data=data)
    response.raise_for_status()

Finding 2: B104

  • Severity: HIGH
  • Scanner: bandit
  • Rule ID: B104
  • Location: 02-use-cases/customer-support-assistant-vpc/mcp_dynamodb/main.py:148-149

Description:
Possible binding to all interfaces.

Code Snippet:

if __name__ == "__main__":
    mcp.run(transport="streamable-http", host="0.0.0.0", stateless_http=True)

Finding 3: B113

  • Severity: HIGH
  • Scanner: bandit
  • Rule ID: B113
  • Location: 02-use-cases/customer-support-assistant-vpc/test/connect_agent.py:113-125

Description:
Call to requests without timeout

Code Snippet:

)
        response = requests.post(
            token_url,
            data={
                "grant_type": "authorization_code",
                "client_id": client_id,
                "code": auth_code,
                "redirect_uri": redirect_uri,
                "code_verifier": code_verifier,
            },
            headers={"Content-Type": "application/x-www-form-urlencoded"},
        )

Finding 4: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/agent/utils.py:32

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/agent/utils.py' at line 32

Code Snippet:

Secret of type Secret Keyword detected

Finding 5: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:708

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml' at line 708

Code Snippet:

Secret of type Secret Keyword detected

Finding 6: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:267

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml' at line 267

Code Snippet:

Secret of type Secret Keyword detected

Finding 7: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:451

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml' at line 451

Code Snippet:

Secret of type Secret Keyword detected

Finding 8: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:709

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml' at line 709

Code Snippet:

Secret of type Secret Keyword detected

Finding 9: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:362

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml' at line 362

Code Snippet:

Secret of type Secret Keyword detected

Finding 10: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:300

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml' at line 300

Code Snippet:

Secret of type Secret Keyword detected

Finding 11: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:526

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml' at line 526

Code Snippet:

Secret of type Secret Keyword detected

Finding 12: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:122

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml' at line 122

Code Snippet:

Secret of type Secret Keyword detected

Finding 13: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:98

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml' at line 98

Code Snippet:

Secret of type Secret Keyword detected

Finding 14: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:371

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml' at line 371

Code Snippet:

Secret of type Secret Keyword detected

Finding 15: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:211

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml' at line 211

Code Snippet:

Secret of type Secret Keyword detected

Finding 16: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:299

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml' at line 299

Code Snippet:

Secret of type Secret Keyword detected

Finding 17: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:608

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml' at line 608

Code Snippet:

Secret of type Secret Keyword detected

Finding 18: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:607

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml' at line 607

Code Snippet:

Secret of type Secret Keyword detected

Finding 19: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:201

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml' at line 201

Code Snippet:

Secret of type Secret Keyword detected

Finding 20: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:694

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml' at line 694

Code Snippet:

Secret of type Secret Keyword detected

Finding 21: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/vpc-stack.yaml:447

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/vpc-stack.yaml' at line 447

Code Snippet:

Secret of type Secret Keyword detected

Finding 22: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/vpc-stack.yaml:446

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/vpc-stack.yaml' at line 446

Code Snippet:

Secret of type Secret Keyword detected

Finding 23: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/mcp-server-stack.yaml:574

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/mcp-server-stack.yaml' at line 574

Code Snippet:

Secret of type Secret Keyword detected

Finding 24: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/mcp-server-stack.yaml:573

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/mcp-server-stack.yaml' at line 573

Code Snippet:

Secret of type Secret Keyword detected

Finding 25: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/mcp-server-stack.yaml:660

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/mcp-server-stack.yaml' at line 660

Code Snippet:

Secret of type Secret Keyword detected

Finding 26: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/mcp-server-stack.yaml:549

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/mcp-server-stack.yaml' at line 549

Code Snippet:

Secret of type Secret Keyword detected

Finding 27: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:287

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml' at line 287

Code Snippet:

Secret of type Secret Keyword detected

Finding 28: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:703

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml' at line 703

Code Snippet:

Secret of type Secret Keyword detected

Finding 29: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:286

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml' at line 286

Code Snippet:

Secret of type Secret Keyword detected

Finding 30: SECRET-SECRET-KEYWORD

  • Severity: HIGH
  • Scanner: detect-secrets
  • Rule ID: SECRET-SECRET-KEYWORD
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:275

Description:
Secret of type 'Secret Keyword' detected in file '02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml' at line 275

Code Snippet:

Secret of type Secret Keyword detected

Finding 31: CFN_NAG_W32

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W32
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:276

Description:
CodeBuild project should specify an EncryptionKey value

Finding 32: CFN_NAG_F38

  • Severity: HIGH
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_F38
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:922

Description:
IAM role should not allow * resource with PassRole action on its permissions policy

Finding 33: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:104

Description:
IAM role should not allow * resource on its permissions policy

Finding 34: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:229

Description:
IAM role should not allow * resource on its permissions policy

Finding 35: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:357

Description:
IAM role should not allow * resource on its permissions policy

Finding 36: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:541

Description:
IAM role should not allow * resource on its permissions policy

Finding 37: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:922

Description:
IAM role should not allow * resource on its permissions policy

Finding 38: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:408

Description:
Lambda functions should be deployed inside a VPC

Finding 39: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:642

Description:
Lambda functions should be deployed inside a VPC

Finding 40: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:1000

Description:
Lambda functions should be deployed inside a VPC

Finding 41: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:408

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 42: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:642

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 43: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:1000

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 44: CFN_NAG_W84

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W84
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:895

Description:
CloudWatchLogs LogGroup should specify a KMS Key Id to encrypt the log data

Finding 45: CFN_NAG_W86

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W86
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:895

Description:
CloudWatchLogs LogGroup should specify RetentionInDays to expire the log data

Finding 46: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:60

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 47: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/agent-server-stack.yaml:104

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 48: CFN_NAG_W32

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W32
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:365

Description:
CodeBuild project should specify an EncryptionKey value

Finding 49: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:505

Description:
Lambda functions should be deployed inside a VPC

Finding 50: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:505

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 51: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:662

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 52: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:287

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 53: CFN_NAG_W35

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W35
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:65

Description:
S3 Bucket should have access logging configured

Finding 54: CFN_NAG_W40

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W40
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:120

Description:
Security Groups egress with an IpProtocol of -1 found

Finding 55: CFN_NAG_W5

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W5
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:120

Description:
Security Groups found with cidr open to world on egress

Finding 56: CFN_NAG_W9

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W9
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/aurora-postgres-stack.yaml:137

Description:
Security Groups found with ingress cidr that is not /32

Finding 57: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:313

Description:
Lambda functions should be deployed inside a VPC

Finding 58: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:464

Description:
Lambda functions should be deployed inside a VPC

Finding 59: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:313

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 60: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/cognito-stack.yaml:464

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 61: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/dynamodb-stack.yaml:213

Description:
Lambda functions should be deployed inside a VPC

Finding 62: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/dynamodb-stack.yaml:213

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 63: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/dynamodb-stack.yaml:59

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 64: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/dynamodb-stack.yaml:116

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 65: CFN_NAG_F38

  • Severity: HIGH
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_F38
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:315

Description:
IAM role should not allow * resource with PassRole action on its permissions policy

Finding 66: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:200

Description:
IAM role should not allow * resource on its permissions policy

Finding 67: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:315

Description:
IAM role should not allow * resource on its permissions policy

Finding 68: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:393

Description:
Lambda functions should be deployed inside a VPC

Finding 69: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 02-use-cases/customer-support-assistant-vpc/cloudformation/gateway-stack.yaml:632

Description:
Lambda functions should be deployed inside a VPC

Finding 70: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 12, 2025
View reviewed changes
markproy
markproy approved these changes Oct 14, 2025
View reviewed changes
Copy link

@markproy markproy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved

@mttanke mttanke merged commit 683d63f into awslabs:main Oct 14, 2025
7 of 8 checks passed
sunkavar pushed a commit to sasikiran-malladi/amazon-bedrock-agentcore-samples that referenced this pull request Oct 16, 2025
@EashanKaushik @mttanke @sunkavar
Customer Support Assistant with VPC (awslabs#474)
776d736 
* vpc

* vpc

* mcp stack

* number productid

* test agent

* mcp

* mcp

* todo

* mcp

* otel mcp

* otel mcp

* automation

* agent vpc

* provider

* agent

* changes

* lifespan

* changes

* changes

* context var

* context var

* aurora client

* aurora client

* agent dockerfile

* agent logs

* dataplane api

* dataplane api

* dataplane api

* identity token

* identity token

* identity token

* simple

* simple

* simple

* mcp

* mcp tool

* mcp tool impl

* mcp tool imple

* mcp tool imple

* log error

* log error

* log error

* depend

* depend

* new docker

* mcp script

* aurora test

* lifespan

* lifespan

* all tools

* middleware remove

* middleware remove

* middleware remove

* iac

* readme

* readme changes

* readme completed

* frontend

* customer support optimize

* frontend

* frontend

* schema

* schema

* frontend

* docs

* gateway

* Update agent-server-stack.yaml

Signed-off-by: Eashan Kaushik <[email protected]>

* Update mcp-server-stack.yaml

Signed-off-by: Eashan Kaushik <[email protected]>

* Enabling logs by default on runtime and gateway

* removing unused import

* reformatting files

---------

Signed-off-by: Eashan Kaushik <[email protected]>
Co-authored-by: Maira Ladeira Tanke <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markproy markproy markproy approved these changes

@mttanke mttanke mttanke approved these changes

Assignees

No one assigned

Labels

02-use-cases 02-use-cases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@EashanKaushik @markproy @mttanke