Skip to content

Added the VPC Browser Examples #502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 4, 2025
Merged

Added the VPC Browser Examples #502

merged 6 commits into from
Nov 4, 2025

Conversation

@chintanpatel-ai
Copy link
Contributor

@chintanpatel-ai chintanpatel-ai commented Oct 15, 2025
edited
Loading

Amazon Bedrock AgentCore Samples Pull Request

Important

  1. We strictly follow a issue-first approach, please first open an issue relating to this Pull Request.
  2. Once this Pull Request is ready for review please attach review ready label to it. Only PRs with review ready will be reviewed.

Issue number:

Concise description of the PR

Summary
Adds two tutorials demonstrating AgentCore Browser Tool access from VPC-based AgentCore Runtime environments.

What's Added
Two new tutorial directories:

04-connecting-browser-from-vpc/ - Hybrid deployment
Browser: Public subnets (internet access)
Runtime: Private VPC subnets
Use case: Secure processing + internet browsing

05-Interacting-with-vpc-based-browser-from-vpc/ - Fully VPC-isolated
Browser: Within VPC (no internet)
Runtime: Same VPC
Use case: Maximum security compliance

Files Added
Complete Jupyter notebooks with step-by-step instructions
CloudFormation templates (cfn-browser.yaml, cfn-vpc-browser.yaml)
Architecture diagrams
Automated deployment scripts (~10-13 min setup)
Testing code and cleanup procedures

Key Features
VPC security patterns
Automated infrastructure deployment
Real-time browser session monitoring
CloudWatch integration
Complete environment setup and teardown

User experience

Please share what the user experience looks like before and after this change

Checklist

If your change doesn't seem to apply, please leave them unchecked.

  • I have reviewed the contributing guidelines
  • Add your name to CONTRIBUTORS.md
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Are you uploading a dataset?
  • Have you documented Introduction, Architecture Diagram, Prerequisites, Usage, Sample Prompts, and Clean Up steps in your example README?
  • I agree to resolve any issues created for this example in the future.
  • I have performed a self-review of this change
  • Changes have been tested
  • Changes are documented

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

@review-notebook-app
Copy link

review-notebook-app bot commented Oct 15, 2025

Check out this pull request on  ReviewNB

See visual diffs & provide feedback on Jupyter Notebooks.

Powered by ReviewNB

@github-actions github-actions bot added 01-tutorials 01-tutorials 05-AgentCore-tools 01-tutorials/05-AgentCore-tools labels Oct 15, 2025
@github-actions
Copy link

github-actions bot commented Oct 16, 2025
edited
Loading

Latest scan for commit: ef41edb | Updated: 2025-11-04 19:31:34 UTC

Security Scan Results

Scan Metadata

  • Project: ASH
  • Scan executed: 2025-11-04T19:31:19+00:00
  • ASH version: 3.0.0

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

  • Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
  • Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
  • High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
  • Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
  • Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
  • Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

  • Time: Duration taken by each scanner to complete its analysis
  • Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

  • PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
  • FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
  • MISSING: Scanner could not run because required dependencies/tools are not installed or available
  • SKIPPED: Scanner was intentionally disabled or excluded from this scan
  • ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

  • CRITICAL: Only Critical severity findings cause scanner to fail
  • HIGH: High and Critical severity findings cause scanner to fail
  • MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
  • LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
  • ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

  • (g) = global: Set in the global_settings section of ASH configuration
  • (c) = config: Set in the individual scanner configuration section
  • (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

  • All statistics are calculated from the final aggregated SARIF report
  • Suppressed findings are counted separately and do not contribute to actionable findings
  • Scanner status is determined by comparing actionable findings to the threshold
Scanner S C H M L I Time Action Result Thresh
bandit 0 0 0 0 0 0 772ms 0 PASSED MED (g)
cdk-nag 0 38 0 0 0 27 30.5s 38 FAILED MED (g)
cfn-nag 0 0 0 42 0 0 1.7s 42 FAILED MED (g)
checkov 0 18 0 0 0 0 6.8s 18 FAILED MED (g)
detect-secr… 0 0 0 0 0 0 1.0s 0 PASSED MED (g)
grype 0 0 0 0 0 0 32.0s 0 PASSED MED (g)
npm-audit 0 0 0 0 0 0 169ms 0 PASSED MED (g)
opengrep 0 0 0 0 0 0 <1ms 0 SKIPPED MED (g)
semgrep 0 0 0 0 0 0 15.0s 0 PASSED MED (g)
syft 0 0 0 0 0 0 2.8s 0 PASSED MED (g)

Detailed Findings

Show 98 actionable findings

Finding 1: CFN_NAG_W32

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W32
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:389

Description:
CodeBuild project should specify an EncryptionKey value

Finding 2: CFN_NAG_W33

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W33
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:904

Description:
EC2 Subnet should not have MapPublicIpOnLaunch set to true

Finding 3: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:84

Description:
IAM role should not allow * resource on its permissions policy

Finding 4: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:168

Description:
IAM role should not allow * resource on its permissions policy

Finding 5: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:214

Description:
IAM role should not allow * resource on its permissions policy

Finding 6: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:958

Description:
IAM role should not allow * resource on its permissions policy

Finding 7: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:272

Description:
Lambda functions should be deployed inside a VPC

Finding 8: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:272

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 9: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:55

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 10: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:84

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 11: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:168

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 12: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:214

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 13: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:958

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 14: CFN_NAG_W5

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W5
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:1007

Description:
Security Groups found with cidr open to world on egress

Finding 15: CFN_NAG_W9

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W9
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:1007

Description:
Security Groups found with ingress cidr that is not /32

Finding 16: CFN_NAG_W2

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W2
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:1007

Description:
Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB

Finding 17: CFN_NAG_W60

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W60
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:694

Description:
VPC should have a flow log attached

Finding 18: CFN_NAG_W32

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W32
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:395

Description:
CodeBuild project should specify an EncryptionKey value

Finding 19: CFN_NAG_W33

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W33
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:1012

Description:
EC2 Subnet should not have MapPublicIpOnLaunch set to true

Finding 20: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:78

Description:
IAM role should not allow * resource on its permissions policy

Finding 21: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:180

Description:
IAM role should not allow * resource on its permissions policy

Finding 22: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:226

Description:
IAM role should not allow * resource on its permissions policy

Finding 23: CFN_NAG_W11

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W11
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:1066

Description:
IAM role should not allow * resource on its permissions policy

Finding 24: CFN_NAG_W89

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W89
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:280

Description:
Lambda functions should be deployed inside a VPC

Finding 25: CFN_NAG_W92

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W92
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:280

Description:
Lambda functions should define ReservedConcurrentExecutions to reserve simultaneous executions

Finding 26: CFN_NAG_W51

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W51
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:1214

Description:
S3 bucket should likely have a bucket policy

Finding 27: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:53

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 28: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:78

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 29: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:180

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 30: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:226

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 31: CFN_NAG_W28

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W28
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:1066

Description:
Resource found with an explicit name, this disallows updates that require replacement of this resource

Finding 32: CFN_NAG_W35

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W35
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:1214

Description:
S3 Bucket should have access logging configured

Finding 33: CFN_NAG_W40

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W40
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:928

Description:
Security Groups egress with an IpProtocol of -1 found

Finding 34: CFN_NAG_W5

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W5
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:928

Description:
Security Groups found with cidr open to world on egress

Finding 35: CFN_NAG_W5

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W5
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:1115

Description:
Security Groups found with cidr open to world on egress

Finding 36: CFN_NAG_W29

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W29
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:742

Description:
Security Groups found egress with port range instead of just a single port

Finding 37: CFN_NAG_W9

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W9
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:928

Description:
Security Groups found with ingress cidr that is not /32

Finding 38: CFN_NAG_W9

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W9
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:1115

Description:
Security Groups found with ingress cidr that is not /32

Finding 39: CFN_NAG_W2

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W2
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:1115

Description:
Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB

Finding 40: CFN_NAG_W27

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W27
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:928

Description:
Security Groups found ingress with port range instead of just a single port

Finding 41: CFN_NAG_W36

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W36
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:928

Description:
Security group rules without a description obscure their purpose and may lead to bad practices in ensuring they only allow traffic from the ports and sources/destinations required.

Finding 42: CFN_NAG_W60

  • Severity: MEDIUM
  • Scanner: cfn-nag
  • Rule ID: CFN_NAG_W60
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/08-Interacting-with-vpc-based-browser-from-vpc/cfn-vpc-browser.yaml:693

Description:
VPC should have a flow log attached

Finding 43: CKV_AWS_136

  • Severity: HIGH
  • Scanner: checkov
  • Rule ID: CKV_AWS_136
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:54-76

Description:
Ensure that ECR repositories are encrypted using KMS

Code Snippet:

ECRRepository:
    Type: AWS::ECR::Repository
    DeletionPolicy: Delete
    UpdateReplacePolicy: Delete
    Properties:
      RepositoryName: !Sub "${AWS::StackName}-${ECRRepositoryName}" 
      ImageTagMutability: IMMUTABLE
      EmptyOnDelete: true
      ImageScanningConfiguration:
        ScanOnPush: true
      RepositoryPolicyText:
        Version: "2012-10-17"
        Statement:
          - Sid: AllowPullFromAccount
            Effect: Allow
            Principal:
              AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
            Action:
              - ecr:BatchGetImage
              - ecr:GetDownloadUrlForLayer
      Tags:
        - Key: StackName
          Value: !Ref AWS::StackName

Finding 44: CKV_AWS_111

  • Severity: HIGH
  • Scanner: checkov
  • Rule ID: CKV_AWS_111
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:83-164

Description:
Ensure IAM policies does not allow write access without constraints

Code Snippet:

AgentExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-${AWS::Region}-agent-execution-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Sid: AssumeRolePolicy
            Effect: Allow
            Principal:
              Service: bedrock-agentcore.amazonaws.com
            Action: sts:AssumeRole
            Condition:
              StringEquals:
                aws:SourceAccount: !Ref AWS::AccountId
              ArnLike:
                aws:SourceArn: !Sub "arn:aws:bedrock-agentcore:${AWS::Region}:${AWS::AccountId}:*"
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/BedrockAgentCoreFullAccess
      Policies:
        - PolicyName: AgentCoreExecutionPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Sid: ECRImageAccess
                Effect: Allow
                Action:
                  - ecr:BatchGetImage
                  - ecr:GetDownloadUrlForLayer
                  - ecr:BatchCheckLayerAvailability
                Resource: !GetAtt ECRRepository.Arn
              - Sid: ECRTokenAccess
                Effect: Allow
                Action:
                  - ecr:GetAuthorizationToken
                Resource: "*"
              - Sid: CloudWatchLogs
                Effect: Allow
                Action:
                  - logs:DescribeLogStreams
                  - logs:CreateLogGroup
                  - logs:DescribeLogGroups
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: "*"
              - Sid: XRayTracing
                Effect: Allow
                Action:
                  - xray:PutTraceSegments
                  - xray:PutTelemetryRecords
                  - xray:GetSamplingRules
                  - xray:GetSamplingTargets
                Resource: "*"
              - Sid: CloudWatchMetrics
                Effect: Allow
                Resource: "*"
                Action: cloudwatch:PutMetricData
                Condition:
                  StringEquals:
                    cloudwatch:namespace: bedrock-agentcore
              - Sid: GetAgentAccessToken
                Effect: Allow
                Action:
                  - bedrock-agentcore:GetWorkloadAccessToken
                  - bedrock-agentcore:GetWorkloadAccessTokenForJWT
                  - bedrock-agentcore:GetWorkloadAccessTokenForUserId
                Resource:
                  - !Sub "arn:aws:bedrock-agentcore:${AWS::Region}:${AWS::AccountId}:workload-identity-directory/default"
                  - !Sub "arn:aws:bedrock-agentcore:${AWS::Region}:${AWS::AccountId}:workload-identity-directory/default/workload-identity/*"
              - Sid: BedrockModelInvocation
                Effect: Allow
                Action:
                  - bedrock:InvokeModel
                  - bedrock:InvokeModelWithResponseStream
                Resource: "*"
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-agent-execution-role"
        - Key: StackName
          Value: !Ref AWS::StackName
        - Key: Module
          Value: IAM

Finding 45: CKV_AWS_111

  • Severity: HIGH
  • Scanner: checkov
  • Rule ID: CKV_AWS_111
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:167-210

Description:
Ensure IAM policies does not allow write access without constraints

Code Snippet:

CodeBuildRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-${AWS::Region}-codebuild-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: codebuild.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: CodeBuildPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Sid: CloudWatchLogs
                Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/*"
              - Sid: ECRAccess
                Effect: Allow
                Action:
                  - ecr:BatchCheckLayerAvailability
                  - ecr:GetDownloadUrlForLayer
                  - ecr:BatchGetImage
                  - ecr:GetAuthorizationToken
                  - ecr:PutImage
                  - ecr:InitiateLayerUpload
                  - ecr:UploadLayerPart
                  - ecr:CompleteLayerUpload
                Resource:
                  - !GetAtt ECRRepository.Arn
                  - "*"
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-codebuild-role"
        - Key: StackName
          Value: !Ref AWS::StackName
        - Key: Module
          Value: IAM

Finding 46: CKV_AWS_117

  • Severity: HIGH
  • Scanner: checkov
  • Rule ID: CKV_AWS_117
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:271-383

Description:
Ensure that AWS Lambda function is configured inside a VPC

Code Snippet:

CodeBuildTriggerFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub "${AWS::StackName}-codebuild-trigger"
      Description: "Triggers CodeBuild projects as CloudFormation custom resource"
      Handler: index.handler
      Role: !GetAtt CustomResourceRole.Arn
      Runtime: python3.13
      Timeout: 900
      Code:
        ZipFile: |
          import boto3
          import cfnresponse
          import json
          import logging
          import time

          logger = logging.getLogger()
          logger.setLevel(logging.INFO)

          def handler(event, context):
              logger.info('Received event: %s', json.dumps(event))
              
              try:
                  if event['RequestType'] == 'Delete':
                      cfnresponse.send(event, context, cfnresponse.SUCCESS, {})
                      return
                  
                  project_name = event['ResourceProperties']['ProjectName']
                  wait_for_completion = event['ResourceProperties'].get('WaitForCompletion', 'true').lower() == 'true'
                  
                  logger.info(f"Attempting to start CodeBuild project: {project_name}")
                  logger.info(f"Wait for completion: {wait_for_completion}")
                  
                  # Start the CodeBuild project
                  codebuild = boto3.client('codebuild')
                  
                  # First, verify the project exists
                  try:
                      project_info = codebuild.batch_get_projects(names=[project_name])
                      if not project_info['projects']:
                          raise Exception(f"CodeBuild project '{project_name}' not found")
                      logger.info(f"CodeBuild project '{project_name}' found")
                  except Exception as e:
                      logger.error(f"Error checking project existence: {str(e)}")
                      raise
                  
                  response = codebuild.start_build(projectName=project_name)
                  build_id = response['build']['id']
                  
                  logger.info(f"Successfully started build: {build_id}")
                  
                  if not wait_for_completion:
                      cfnresponse.send(event, context, cfnresponse.SUCCESS, {
                          'BuildId': build_id,
                          'Status': 'STARTED'
                      })
                      return
                  
                  # Wait for the build to complete
                  max_wait_time = context.get_remaining_time_in_millis() / 1000 - 30  # Leave 30s buffer
                  start_time = time.time()
                  
                  while True:
                      if time.time() - start_time > max_wait_time:
                          error_message = f"Build {build_id} timed out"
                          logger.error(error_message)
                          cfnresponse.send(event, context, cfnresponse.FAILED, {'Error': error_message})
                          return
                      
                      build_response = codebuild.batch_get_builds(ids=[build_id])
                      build_status = build_response['builds'][0]['buildStatus']
                      
                      if build_status == 'SUCCEEDED':
                          logger.info(f"Build {build_id} succeeded")
                          cfnresponse.send(event, context, cfnresponse.SUCCESS, {
                              'BuildId': build_id,
                              'Status': build_status
                          })
                          return
                      elif build_status in ['FAILED', 'FAULT', 'STOPPED', 'TIMED_OUT']:
                          error_message = f"Build {build_id} failed with status: {build_status}"
                          logger.error(error_message)
                          
                          # Get build logs for debugging
                          try:
                              logs_info = build_response['builds'][0].get('logs', {})
                              if logs_info.get('groupName') and logs_info.get('streamName'):
                                  logger.info(f"Build logs available in CloudWatch")
                          except Exception as log_error:
                              logger.warning(f"Could not get log information: {log_error}")
                          
                          cfnresponse.send(event, context, cfnresponse.FAILED, {
                              'Error': error_message,
                              'BuildId': build_id
                          })
                          return
                      
                      logger.info(f"Build {build_id} status: {build_status}")
                      time.sleep(30)  # Check every 30 seconds
                  
              except Exception as e:
                  logger.error('Error: %s', str(e))
                  cfnresponse.send(event, context, cfnresponse.FAILED, {
                      'Error': str(e)
                  })
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-codebuild-trigger"
        - Key: StackName
          Value: !Ref AWS::StackName
        - Key: Module
          Value: Lambda

Finding 47: CKV_AWS_116

  • Severity: HIGH
  • Scanner: checkov
  • Rule ID: CKV_AWS_116
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:271-383

Description:
Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)

Code Snippet:

CodeBuildTriggerFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub "${AWS::StackName}-codebuild-trigger"
      Description: "Triggers CodeBuild projects as CloudFormation custom resource"
      Handler: index.handler
      Role: !GetAtt CustomResourceRole.Arn
      Runtime: python3.13
      Timeout: 900
      Code:
        ZipFile: |
          import boto3
          import cfnresponse
          import json
          import logging
          import time

          logger = logging.getLogger()
          logger.setLevel(logging.INFO)

          def handler(event, context):
              logger.info('Received event: %s', json.dumps(event))
              
              try:
                  if event['RequestType'] == 'Delete':
                      cfnresponse.send(event, context, cfnresponse.SUCCESS, {})
                      return
                  
                  project_name = event['ResourceProperties']['ProjectName']
                  wait_for_completion = event['ResourceProperties'].get('WaitForCompletion', 'true').lower() == 'true'
                  
                  logger.info(f"Attempting to start CodeBuild project: {project_name}")
                  logger.info(f"Wait for completion: {wait_for_completion}")
                  
                  # Start the CodeBuild project
                  codebuild = boto3.client('codebuild')
                  
                  # First, verify the project exists
                  try:
                      project_info = codebuild.batch_get_projects(names=[project_name])
                      if not project_info['projects']:
                          raise Exception(f"CodeBuild project '{project_name}' not found")
                      logger.info(f"CodeBuild project '{project_name}' found")
                  except Exception as e:
                      logger.error(f"Error checking project existence: {str(e)}")
                      raise
                  
                  response = codebuild.start_build(projectName=project_name)
                  build_id = response['build']['id']
                  
                  logger.info(f"Successfully started build: {build_id}")
                  
                  if not wait_for_completion:
                      cfnresponse.send(event, context, cfnresponse.SUCCESS, {
                          'BuildId': build_id,
                          'Status': 'STARTED'
                      })
                      return
                  
                  # Wait for the build to complete
                  max_wait_time = context.get_remaining_time_in_millis() / 1000 - 30  # Leave 30s buffer
                  start_time = time.time()
                  
                  while True:
                      if time.time() - start_time > max_wait_time:
                          error_message = f"Build {build_id} timed out"
                          logger.error(error_message)
                          cfnresponse.send(event, context, cfnresponse.FAILED, {'Error': error_message})
                          return
                      
                      build_response = codebuild.batch_get_builds(ids=[build_id])
                      build_status = build_response['builds'][0]['buildStatus']
                      
                      if build_status == 'SUCCEEDED':
                          logger.info(f"Build {build_id} succeeded")
                          cfnresponse.send(event, context, cfnresponse.SUCCESS, {
                              'BuildId': build_id,
                              'Status': build_status
                          })
                          return
                      elif build_status in ['FAILED', 'FAULT', 'STOPPED', 'TIMED_OUT']:
                          error_message = f"Build {build_id} failed with status: {build_status}"
                          logger.error(error_message)
                          
                          # Get build logs for debugging
                          try:
                              logs_info = build_response['builds'][0].get('logs', {})
                              if logs_info.get('groupName') and logs_info.get('streamName'):
                                  logger.info(f"Build logs available in CloudWatch")
                          except Exception as log_error:
                              logger.warning(f"Could not get log information: {log_error}")
                          
                          cfnresponse.send(event, context, cfnresponse.FAILED, {
                              'Error': error_message,
                              'BuildId': build_id
                          })
                          return
                      
                      logger.info(f"Build {build_id} status: {build_status}")
                      time.sleep(30)  # Check every 30 seconds
                  
              except Exception as e:
                  logger.error('Error: %s', str(e))
                  cfnresponse.send(event, context, cfnresponse.FAILED, {
                      'Error': str(e)
                  })
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-codebuild-trigger"
        - Key: StackName
          Value: !Ref AWS::StackName
        - Key: Module
          Value: Lambda

Finding 48: CKV_AWS_115

  • Severity: HIGH
  • Scanner: checkov
  • Rule ID: CKV_AWS_115
  • Location: 01-tutorials/05-AgentCore-tools/02-Agent-Core-browser-tool/07-connecting-public-browser-from-private-vpc/cfn-browser.yaml:271-383

Description:
Ensure that AWS Lambda function is configured for function-level concurrent execution limit

Code Snippet:

CodeBuildTriggerFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub "${AWS::StackName}-codebuild-trigger"
      Description: "Triggers CodeBuild projects as CloudFormation custom resource"
      Handler: index.handler
      Role: !GetAtt CustomResourceRole.Arn
      Runtime: python3.13
      Timeout: 900
      Code:
        ZipFile: |
          import boto3
          import cfnresponse
          import json
          import logging
          import time

          logger = logging.getLogger()
          logger.setLevel(logging.INFO)

          def handler(event, context):
              logger.info('Received event: %s', json.dumps(event))
              
              try:
                  if event['RequestType'] == 'Delete':


<!-- ASH-SECURITY-SCAN-COMMENT -->

@evandrofranco
Copy link
Contributor

evandrofranco commented Oct 16, 2025

Show 107 actionable findings

Please look into ASH scan output. a lot of findings. Please address HIGH findings.

evandrofranco
evandrofranco requested changes Oct 16, 2025
View reviewed changes
Copy link
Contributor

@evandrofranco evandrofranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please review and address High issues from ASH.

evandrofranco
evandrofranco approved these changes Nov 4, 2025
View reviewed changes
Copy link
Contributor

@evandrofranco evandrofranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK

@evandrofranco evandrofranco merged commit 79600b3 into awslabs:main Nov 4, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evandrofranco evandrofranco evandrofranco approved these changes

Assignees

No one assigned

Labels

01-tutorials 01-tutorials 05-AgentCore-tools 01-tutorials/05-AgentCore-tools

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chintanpatel-ai @evandrofranco