{ "Description": "agent-claw: serverless personal assistant on AgentCore", "Resources": { "WorkspaceBucket53E30B92": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "BucketName": "agent-claw-workspace-495395224548", "Tags": [ { "Key": "aws-cdk:cr-owned:254e75d0", "Value": "true" } ] }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "AgentClawStack/WorkspaceBucket/Resource" } }, "WorkspaceFilesAwsCliLayer50B6E9D8": { "Type": "AWS::Lambda::LayerVersion", "Properties": { "Content": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "e2659170a0721541efa761a8d5d04d5e36cbbf691c4b15a9053002b7c825055d.zip" }, "Description": "/opt/awscli/aws" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WorkspaceFiles/AwsCliLayer/Resource", "aws:asset:path": "asset.e2659170a0721541efa761a8d5d04d5e36cbbf691c4b15a9053002b7c825055d.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Content" } }, "WorkspaceFilesCustomResourceA7FC771F": { "Type": "Custom::CDKBucketDeployment", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536", "Arn" ] }, "SourceBucketNames": [ "cdk-hnb659fds-assets-495395224548-us-east-1" ], "SourceObjectKeys": [ "d5a4044422f3c0ab39b0d5bfa4e4ea2b1212f0d420a58b542fbc88917d7a676a.zip" ], "DestinationBucketName": { "Ref": "WorkspaceBucket53E30B92" }, "WaitForDistributionInvalidation": true, "Prune": true, "OutputObjectKeys": true }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "AgentClawStack/WorkspaceFiles/CustomResource/Default" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":s3:::cdk-hnb659fds-assets-495395224548-us-east-1" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":s3:::cdk-hnb659fds-assets-495395224548-us-east-1/*" ] ] } ] }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, "/*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", "Roles": [ { "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9.zip" }, "Environment": { "Variables": { "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" } }, "Handler": "index.handler", "Layers": [ { "Ref": "WorkspaceFilesAwsCliLayer50B6E9D8" } ], "Role": { "Fn::GetAtt": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", "Arn" ] }, "Runtime": "python3.13", "Timeout": 900 }, "DependsOn": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" ], "Metadata": { "aws:cdk:path": "AgentClawStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource", "aws:asset:path": "asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "SessionStore8C86EEFE": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "actor_id", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "actor_id", "KeyType": "HASH" } ], "TableName": "agent-claw-sessions", "TimeToLiveSpecification": { "AttributeName": "ttl", "Enabled": true } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "AgentClawStack/SessionStore/Resource" } }, "MessageQueue7A3BF959": { "Type": "AWS::SQS::Queue", "Properties": { "ContentBasedDeduplication": false, "FifoQueue": true, "QueueName": "agent-claw-messages.fifo", "ReceiveMessageWaitTimeSeconds": 20, "VisibilityTimeout": 900 }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "AgentClawStack/MessageQueue/Resource" } }, "TgIngestServiceRoleB96980B6": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/TgIngest/ServiceRole/Resource" } }, "TgIngestServiceRoleDefaultPolicyCC51E135": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "MessageQueue7A3BF959", "Arn" ] } }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" } ], "Version": "2012-10-17" }, "PolicyName": "TgIngestServiceRoleDefaultPolicyCC51E135", "Roles": [ { "Ref": "TgIngestServiceRoleB96980B6" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/TgIngest/ServiceRole/DefaultPolicy/Resource" } }, "TgIngest4CB35C2F": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "9d7af346bbad17b4c228d09e33a602eedc03747fe1cec1c7c9b7c8723ce74e5d.zip" }, "Environment": { "Variables": { "MESSAGE_QUEUE_URL": { "Ref": "MessageQueue7A3BF959" }, "TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3", "TELEGRAM_WEBHOOK_SECRET": "" } }, "FunctionName": "agent-claw-tg-ingest", "Handler": "handler.handler", "MemorySize": 128, "Role": { "Fn::GetAtt": [ "TgIngestServiceRoleB96980B6", "Arn" ] }, "Runtime": "python3.12", "Timeout": 10 }, "DependsOn": [ "TgIngestServiceRoleDefaultPolicyCC51E135", "TgIngestServiceRoleB96980B6" ], "Metadata": { "aws:cdk:path": "AgentClawStack/TgIngest/Resource", "aws:asset:path": "asset.9d7af346bbad17b4c228d09e33a602eedc03747fe1cec1c7c9b7c8723ce74e5d", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "AgentRunnerServiceRole40CA0A00": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/AgentRunner/ServiceRole/Resource" } }, "AgentRunnerServiceRoleDefaultPolicyA584A5CF": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "SessionStore8C86EEFE", "Arn" ] } ] }, { "Action": [ "dynamodb:GetRecords", "dynamodb:GetShardIterator" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "SessionStore8C86EEFE", "Arn" ] } ] }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi" }, { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "MessageQueue7A3BF959", "Arn" ] } }, { "Action": "bedrock-agentcore:InvokeAgentRuntime", "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "AgentRunnerServiceRoleDefaultPolicyA584A5CF", "Roles": [ { "Ref": "AgentRunnerServiceRole40CA0A00" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/AgentRunner/ServiceRole/DefaultPolicy/Resource" } }, "AgentRunnerBDE3FA56": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "eeef9ac2146cd644e1727e77104b58bed992e19379d5070de3a05714ff2dba48.zip" }, "Environment": { "Variables": { "SESSION_TABLE_NAME": { "Ref": "SessionStore8C86EEFE" }, "WORKSPACE_BUCKET_NAME": { "Ref": "WorkspaceBucket53E30B92" }, "TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3", "BRAVE_API_KEY_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi", "RUNTIME_1_ARN": "PLACEHOLDER_SET_AFTER_RUNTIME_DEPLOY", "AWS_REGION_NAME": "us-east-1" } }, "FunctionName": "agent-claw-agent-runner", "Handler": "handler.handler", "MemorySize": 256, "Role": { "Fn::GetAtt": [ "AgentRunnerServiceRole40CA0A00", "Arn" ] }, "Runtime": "python3.12", "Timeout": 900 }, "DependsOn": [ "AgentRunnerServiceRoleDefaultPolicyA584A5CF", "AgentRunnerServiceRole40CA0A00" ], "Metadata": { "aws:cdk:path": "AgentClawStack/AgentRunner/Resource", "aws:asset:path": "asset.eeef9ac2146cd644e1727e77104b58bed992e19379d5070de3a05714ff2dba48", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "AgentRunnerSqsEventSourceAgentClawStackMessageQueue9AF4DF234671B32B": { "Type": "AWS::Lambda::EventSourceMapping", "Properties": { "BatchSize": 10, "Enabled": true, "EventSourceArn": { "Fn::GetAtt": [ "MessageQueue7A3BF959", "Arn" ] }, "FunctionName": { "Ref": "AgentRunnerBDE3FA56" } }, "Metadata": { "aws:cdk:path": "AgentClawStack/AgentRunner/SqsEventSource:AgentClawStackMessageQueue9AF4DF23/Resource" } }, "WebhookApi28122C53": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { "Name": "agent-claw-webhook", "ProtocolType": "HTTP" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/Resource" } }, "WebhookApiDefaultStageC0BC9CA5": { "Type": "AWS::ApiGatewayV2::Stage", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "AutoDeploy": true, "StageName": "$default" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/DefaultStage/Resource" } }, "WebhookApiPOSTtelegramTgIngestIntegration9EE5BB85": { "Type": "AWS::ApiGatewayV2::Integration", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "IntegrationType": "AWS_PROXY", "IntegrationUri": { "Fn::GetAtt": [ "TgIngest4CB35C2F", "Arn" ] }, "PayloadFormatVersion": "2.0" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/TgIngestIntegration/Resource" } }, "WebhookApiPOSTtelegramTgIngestIntegrationPermissionFEBC2E3B": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "TgIngest4CB35C2F", "Arn" ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:us-east-1:495395224548:", { "Ref": "WebhookApi28122C53" }, "/*/*/telegram" ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/TgIngestIntegration-Permission" } }, "WebhookApiPOSTtelegramF7127CFF": { "Type": "AWS::ApiGatewayV2::Route", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "AuthorizationType": "NONE", "RouteKey": "POST /telegram", "Target": { "Fn::Join": [ "", [ "integrations/", { "Ref": "WebhookApiPOSTtelegramTgIngestIntegration9EE5BB85" } ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/Resource" } }, "Runtime1RoleA7A82078": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "bedrock-agentcore.amazonaws.com" } } ], "Version": "2012-10-17" }, "Description": "Execution role for agent-claw Runtime 1 (main assistant)" }, "Metadata": { "aws:cdk:path": "AgentClawStack/Runtime1Role/Resource" } }, "Runtime1RoleDefaultPolicy1A3D5ACF": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi" }, { "Action": [ "bedrock-agentcore:CreateEvent", "bedrock-agentcore:ListEvents", "bedrock-agentcore:RetrieveMemoryRecords" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "Runtime1RoleDefaultPolicy1A3D5ACF", "Roles": [ { "Ref": "Runtime1RoleA7A82078" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/Runtime1Role/DefaultPolicy/Resource" } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/22R0U7DMAxFv4X3LIxufMBWQCCBGC3itXJbr8qWJqV2VlVR/x0lZQMhnu7JvY4VO4lMbhO5vIKBFlV9XGhVSp8zVEeRIVnXVyhgoMLTSvqtq47IIt2bb5plC4SToFXha+y0HVs0LOfo7mIIIEImuQkyCQ1tWYP06d48w4j9B/akrBG5Mo1GtubBmYqDc4F0/2Pen9BwHp/3Al2nTBPi/90d9q2i0H0SClrpM6sxBFF3VqtqjHWRJlGPBlpbl9K/QzlXRpgEfZL0bw5dNCNMAjrVAOMA4ymR/pG523Qq5EHCMWdo4oUZgpVZxzM9Gcamh/OAf46xbjpvq9BhUwUMVGklNwOlWsXlibjU0D6O7Ihte/m90OYXvzruHE/C2Brlga5PyVrerOXy6kBKLXpnWLUos1m/AKsec0UeAgAA" }, "Metadata": { "aws:cdk:path": "AgentClawStack/CDKMetadata/Default" } } }, "Outputs": { "WebhookUrl": { "Description": "Register this URL with Telegram BotFather as webhook endpoint", "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "WebhookApi28122C53" }, ".execute-api.us-east-1.", { "Ref": "AWS::URLSuffix" }, "/telegram" ] ] } }, "WorkspaceBucketName": { "Description": "S3 bucket containing agent workspace files", "Value": { "Ref": "WorkspaceBucket53E30B92" } }, "SessionTableName": { "Description": "DynamoDB table for session mapping", "Value": { "Ref": "SessionStore8C86EEFE" } }, "MessageQueueUrl": { "Description": "SQS FIFO queue for incoming messages", "Value": { "Ref": "MessageQueue7A3BF959" } }, "Runtime1RoleArn": { "Description": "IAM execution role ARN for AgentCore Runtime 1", "Value": { "Fn::GetAtt": [ "Runtime1RoleA7A82078", "Arn" ] } } }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" } }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5" ], { "Ref": "BootstrapVersion" } ] } ] }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } ] } } }