{ "Description": "agent-claw: serverless personal assistant on AgentCore", "Resources": { "WorkspaceBucket53E30B92": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "BucketName": "agent-claw-workspace-495395224548", "Tags": [ { "Key": "aws-cdk:cr-owned:254e75d0", "Value": "true" } ] }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "AgentClawStack/WorkspaceBucket/Resource" } }, "WorkspaceFilesAwsCliLayer50B6E9D8": { "Type": "AWS::Lambda::LayerVersion", "Properties": { "Content": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "e2659170a0721541efa761a8d5d04d5e36cbbf691c4b15a9053002b7c825055d.zip" }, "Description": "/opt/awscli/aws" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WorkspaceFiles/AwsCliLayer/Resource", "aws:asset:path": "asset.e2659170a0721541efa761a8d5d04d5e36cbbf691c4b15a9053002b7c825055d.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Content" } }, "WorkspaceFilesCustomResourceA7FC771F": { "Type": "Custom::CDKBucketDeployment", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536", "Arn" ] }, "SourceBucketNames": [ "cdk-hnb659fds-assets-495395224548-us-east-1" ], "SourceObjectKeys": [ "0feea8d997b96e31a1bd7dd049faf8ee17babeb6d2f5b663ba7e3a70387302e0.zip" ], "DestinationBucketName": { "Ref": "WorkspaceBucket53E30B92" }, "WaitForDistributionInvalidation": true, "Prune": true, "OutputObjectKeys": true }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "AgentClawStack/WorkspaceFiles/CustomResource/Default" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":s3:::cdk-hnb659fds-assets-495395224548-us-east-1" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":s3:::cdk-hnb659fds-assets-495395224548-us-east-1/*" ] ] } ] }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, "/*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", "Roles": [ { "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9.zip" }, "Environment": { "Variables": { "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" } }, "Handler": "index.handler", "Layers": [ { "Ref": "WorkspaceFilesAwsCliLayer50B6E9D8" } ], "Role": { "Fn::GetAtt": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", "Arn" ] }, "Runtime": "python3.13", "Timeout": 900 }, "DependsOn": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" ], "Metadata": { "aws:cdk:path": "AgentClawStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource", "aws:asset:path": "asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "SessionStore8C86EEFE": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "actor_id", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "actor_id", "KeyType": "HASH" } ], "TableName": "agent-claw-sessions", "TimeToLiveSpecification": { "AttributeName": "ttl", "Enabled": true } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "AgentClawStack/SessionStore/Resource" } }, "UsersTable9725E9C8": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "actor_id", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "actor_id", "KeyType": "HASH" } ], "TableName": "agent-claw-users" }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "AgentClawStack/UsersTable/Resource" } }, "MessageQueue7A3BF959": { "Type": "AWS::SQS::Queue", "Properties": { "ContentBasedDeduplication": false, "FifoQueue": true, "QueueName": "agent-claw-messages.fifo", "ReceiveMessageWaitTimeSeconds": 20, "VisibilityTimeout": 900 }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "AgentClawStack/MessageQueue/Resource" } }, "TgIngestServiceRoleB96980B6": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/TgIngest/ServiceRole/Resource" } }, "TgIngestServiceRoleDefaultPolicyCC51E135": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "MessageQueue7A3BF959", "Arn" ] } }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" } ], "Version": "2012-10-17" }, "PolicyName": "TgIngestServiceRoleDefaultPolicyCC51E135", "Roles": [ { "Ref": "TgIngestServiceRoleB96980B6" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/TgIngest/ServiceRole/DefaultPolicy/Resource" } }, "TgIngest4CB35C2F": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "f4461651bfa7d2822e3f36525ace7882e1610dcdaf85e052e1907241e25491d6.zip" }, "Environment": { "Variables": { "MESSAGE_QUEUE_URL": { "Ref": "MessageQueue7A3BF959" }, "TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3", "TELEGRAM_WEBHOOK_SECRET": "" } }, "FunctionName": "agent-claw-tg-ingest", "Handler": "handler.handler", "MemorySize": 128, "Role": { "Fn::GetAtt": [ "TgIngestServiceRoleB96980B6", "Arn" ] }, "Runtime": "python3.12", "Timeout": 10 }, "DependsOn": [ "TgIngestServiceRoleDefaultPolicyCC51E135", "TgIngestServiceRoleB96980B6" ], "Metadata": { "aws:cdk:path": "AgentClawStack/TgIngest/Resource", "aws:asset:path": "asset.f4461651bfa7d2822e3f36525ace7882e1610dcdaf85e052e1907241e25491d6", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "AgentRunnerServiceRole40CA0A00": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/AgentRunner/ServiceRole/Resource" } }, "AgentRunnerServiceRoleDefaultPolicyA584A5CF": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "SessionStore8C86EEFE", "Arn" ] } ] }, { "Action": [ "dynamodb:GetRecords", "dynamodb:GetShardIterator" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "SessionStore8C86EEFE", "Arn" ] } ] }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "UsersTable9725E9C8", "Arn" ] } ] }, { "Action": [ "dynamodb:GetRecords", "dynamodb:GetShardIterator" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "UsersTable9725E9C8", "Arn" ] } ] }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi" }, { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "MessageQueue7A3BF959", "Arn" ] } }, { "Action": "bedrock-agentcore:InvokeAgentRuntime", "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "AgentRunnerServiceRoleDefaultPolicyA584A5CF", "Roles": [ { "Ref": "AgentRunnerServiceRole40CA0A00" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/AgentRunner/ServiceRole/DefaultPolicy/Resource" } }, "AgentRunnerBDE3FA56": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "e8d92532d2cb081ba122764c803acc80aaa41350d3497665468ca165dd5ff799.zip" }, "Environment": { "Variables": { "SESSION_TABLE_NAME": { "Ref": "SessionStore8C86EEFE" }, "WORKSPACE_BUCKET_NAME": { "Ref": "WorkspaceBucket53E30B92" }, "TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3", "BRAVE_API_KEY_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi", "RUNTIME_1_ARN": "arn:aws:bedrock-agentcore:us-east-1:495395224548:runtime/agentclaw_agent_claw_main-vTRGIEG6ON", "AWS_REGION_NAME": "us-east-1", "USERS_TABLE_NAME": { "Ref": "UsersTable9725E9C8" }, "WORKSPACE_MCP_URL": "https://25hugrzw4uwtueeg77jsmft6lq0wunmd.lambda-url.us-east-1.on.aws/mcp" } }, "FunctionName": "agent-claw-agent-runner", "Handler": "handler.handler", "MemorySize": 256, "Role": { "Fn::GetAtt": [ "AgentRunnerServiceRole40CA0A00", "Arn" ] }, "Runtime": "python3.12", "Timeout": 900 }, "DependsOn": [ "AgentRunnerServiceRoleDefaultPolicyA584A5CF", "AgentRunnerServiceRole40CA0A00" ], "Metadata": { "aws:cdk:path": "AgentClawStack/AgentRunner/Resource", "aws:asset:path": "asset.e8d92532d2cb081ba122764c803acc80aaa41350d3497665468ca165dd5ff799", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "AgentRunnerSqsEventSourceAgentClawStackMessageQueue9AF4DF234671B32B": { "Type": "AWS::Lambda::EventSourceMapping", "Properties": { "BatchSize": 10, "Enabled": true, "EventSourceArn": { "Fn::GetAtt": [ "MessageQueue7A3BF959", "Arn" ] }, "FunctionName": { "Ref": "AgentRunnerBDE3FA56" } }, "Metadata": { "aws:cdk:path": "AgentClawStack/AgentRunner/SqsEventSource:AgentClawStackMessageQueue9AF4DF23/Resource" } }, "WebhookApi28122C53": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { "Name": "agent-claw-webhook", "ProtocolType": "HTTP" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/Resource" } }, "WebhookApiDefaultStageC0BC9CA5": { "Type": "AWS::ApiGatewayV2::Stage", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "AutoDeploy": true, "StageName": "$default" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/DefaultStage/Resource" } }, "WebhookApiPOSTtelegramTgIngestIntegration9EE5BB85": { "Type": "AWS::ApiGatewayV2::Integration", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "IntegrationType": "AWS_PROXY", "IntegrationUri": { "Fn::GetAtt": [ "TgIngest4CB35C2F", "Arn" ] }, "PayloadFormatVersion": "2.0" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/TgIngestIntegration/Resource" } }, "WebhookApiPOSTtelegramTgIngestIntegrationPermissionFEBC2E3B": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "TgIngest4CB35C2F", "Arn" ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:us-east-1:495395224548:", { "Ref": "WebhookApi28122C53" }, "/*/*/telegram" ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/TgIngestIntegration-Permission" } }, "WebhookApiPOSTtelegramF7127CFF": { "Type": "AWS::ApiGatewayV2::Route", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "AuthorizationType": "NONE", "RouteKey": "POST /telegram", "Target": { "Fn::Join": [ "", [ "integrations/", { "Ref": "WebhookApiPOSTtelegramTgIngestIntegration9EE5BB85" } ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/Resource" } }, "WebhookApiGEToauthstartOAuthStartIntegrationA546443F": { "Type": "AWS::ApiGatewayV2::Integration", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "IntegrationType": "AWS_PROXY", "IntegrationUri": { "Fn::GetAtt": [ "OAuthHandlerC97C2476", "Arn" ] }, "PayloadFormatVersion": "2.0" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/GET--oauth--start/OAuthStartIntegration/Resource" } }, "WebhookApiGEToauthstartOAuthStartIntegrationPermission38BAEF6D": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "OAuthHandlerC97C2476", "Arn" ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:us-east-1:495395224548:", { "Ref": "WebhookApi28122C53" }, "/*/*/oauth/start" ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/GET--oauth--start/OAuthStartIntegration-Permission" } }, "WebhookApiGEToauthstart6DCA713A": { "Type": "AWS::ApiGatewayV2::Route", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "AuthorizationType": "NONE", "RouteKey": "GET /oauth/start", "Target": { "Fn::Join": [ "", [ "integrations/", { "Ref": "WebhookApiGEToauthstartOAuthStartIntegrationA546443F" } ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/GET--oauth--start/Resource" } }, "WebhookApiGEToauthcallbackOAuthCallbackIntegrationCFBBEB09": { "Type": "AWS::ApiGatewayV2::Integration", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "IntegrationType": "AWS_PROXY", "IntegrationUri": { "Fn::GetAtt": [ "OAuthHandlerC97C2476", "Arn" ] }, "PayloadFormatVersion": "2.0" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/GET--oauth--callback/OAuthCallbackIntegration/Resource" } }, "WebhookApiGEToauthcallbackOAuthCallbackIntegrationPermission6BA3A5AD": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "OAuthHandlerC97C2476", "Arn" ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:us-east-1:495395224548:", { "Ref": "WebhookApi28122C53" }, "/*/*/oauth/callback" ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/GET--oauth--callback/OAuthCallbackIntegration-Permission" } }, "WebhookApiGEToauthcallbackFC1F6BCD": { "Type": "AWS::ApiGatewayV2::Route", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "AuthorizationType": "NONE", "RouteKey": "GET /oauth/callback", "Target": { "Fn::Join": [ "", [ "integrations/", { "Ref": "WebhookApiGEToauthcallbackOAuthCallbackIntegrationCFBBEB09" } ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/GET--oauth--callback/Resource" } }, "WebhookApiANYworkspaceproxyWorkspaceMcpIntegration7377EE13": { "Type": "AWS::ApiGatewayV2::Integration", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "IntegrationType": "AWS_PROXY", "IntegrationUri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":lambda:us-east-1:495395224548:function:agent-claw-workspace-mcp" ] ] }, "PayloadFormatVersion": "2.0" }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/ANY--workspace--{proxy+}/WorkspaceMcpIntegration/Resource" } }, "WebhookApiANYworkspaceproxyWorkspaceMcpIntegrationPermission97613ADF": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":lambda:us-east-1:495395224548:function:agent-claw-workspace-mcp" ] ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:us-east-1:495395224548:", { "Ref": "WebhookApi28122C53" }, "/*/*/workspace/{proxy+}" ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/ANY--workspace--{proxy+}/WorkspaceMcpIntegration-Permission" } }, "WebhookApiANYworkspaceproxy4455BE19": { "Type": "AWS::ApiGatewayV2::Route", "Properties": { "ApiId": { "Ref": "WebhookApi28122C53" }, "AuthorizationType": "NONE", "RouteKey": "ANY /workspace/{proxy+}", "Target": { "Fn::Join": [ "", [ "integrations/", { "Ref": "WebhookApiANYworkspaceproxyWorkspaceMcpIntegration7377EE13" } ] ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/WebhookApi/ANY--workspace--{proxy+}/Resource" } }, "Runtime1RoleA7A82078": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "bedrock-agentcore.amazonaws.com" } } ], "Version": "2012-10-17" }, "Description": "Execution role for agent-claw Runtime 1 (main assistant)" }, "Metadata": { "aws:cdk:path": "AgentClawStack/Runtime1Role/Resource" } }, "Runtime1RoleDefaultPolicy1A3D5ACF": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WorkspaceBucket53E30B92", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi" }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "UsersTable9725E9C8", "Arn" ] } ] }, { "Action": [ "dynamodb:GetRecords", "dynamodb:GetShardIterator" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "UsersTable9725E9C8", "Arn" ] } ] }, { "Action": [ "bedrock-agentcore:CreateEvent", "bedrock-agentcore:ListEvents", "bedrock-agentcore:RetrieveMemoryRecords" ], "Effect": "Allow", "Resource": "*" }, { "Action": "lambda:InvokeFunctionUrl", "Condition": { "StringEquals": { "lambda:FunctionUrlAuthType": "AWS_IAM" } }, "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":lambda:us-east-1:495395224548:function:agent-claw-workspace-mcp" ] ] }, "Sid": "WorkspaceMcpInvoke" }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl" }, { "Action": "secretsmanager:GetSecretValue", "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-credentials/*", "Sid": "PerUserGoogleCredentialsReadRuntime" }, { "Action": "secretsmanager:ListSecrets", "Effect": "Allow", "Resource": "*", "Sid": "GoogleCredentialsListRuntime" }, { "Action": [ "events:PutRule", "events:PutTargets", "events:ListRules", "events:ListTargetsByRule", "events:RemoveTargets", "events:DeleteRule" ], "Effect": "Allow", "Resource": "arn:aws:events:us-east-1:*:rule/agent-claw-reminder-*", "Sid": "EventBridgeScheduler" }, { "Action": [ "lambda:AddPermission", "lambda:RemovePermission" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "SchedulerCFE73206", "Arn" ] }, "Sid": "SchedulerLambdaPermission" } ], "Version": "2012-10-17" }, "PolicyName": "Runtime1RoleDefaultPolicy1A3D5ACF", "Roles": [ { "Ref": "Runtime1RoleA7A82078" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/Runtime1Role/DefaultPolicy/Resource" } }, "WorkspaceMcpRolePolicy5B8B0072": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl" }, { "Action": "secretsmanager:GetSecretValue", "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-credentials/*", "Sid": "PerUserGoogleCredentialsRead" } ], "Version": "2012-10-17" }, "PolicyName": "WorkspaceMcpRolePolicy5B8B0072", "Roles": [ "agent-claw-workspace-mcp-role" ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/WorkspaceMcpRole/Policy/Resource" } }, "OAuthHandlerServiceRole9CDCCF9E": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/OAuthHandler/ServiceRole/Resource" } }, "OAuthHandlerServiceRoleDefaultPolicy69D90416": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl" }, { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "UsersTable9725E9C8", "Arn" ] } ] }, { "Action": [ "dynamodb:GetRecords", "dynamodb:GetShardIterator" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "UsersTable9725E9C8", "Arn" ] } ] }, { "Action": "secretsmanager:GetSecretValue", "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl", "Sid": "GoogleOAuthClientSecretExact" }, { "Action": [ "secretsmanager:CreateSecret", "secretsmanager:PutSecretValue", "secretsmanager:GetSecretValue" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-credentials/*", "Sid": "PerUserGoogleCredentialsWrite" } ], "Version": "2012-10-17" }, "PolicyName": "OAuthHandlerServiceRoleDefaultPolicy69D90416", "Roles": [ { "Ref": "OAuthHandlerServiceRole9CDCCF9E" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/OAuthHandler/ServiceRole/DefaultPolicy/Resource" } }, "OAuthHandlerC97C2476": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "99aabce70089266e2352cb313d55ee18b849e39c418e8e9cd25dea8c4bf85fc4.zip" }, "Environment": { "Variables": { "GOOGLE_OAUTH_CLIENT_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-subXHl", "USERS_TABLE_NAME": { "Ref": "UsersTable9725E9C8" }, "TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3", "OAUTH_REDIRECT_URI": { "Fn::Join": [ "", [ "https://", { "Ref": "WebhookApi28122C53" }, ".execute-api.us-east-1.", { "Ref": "AWS::URLSuffix" }, "/oauth/callback" ] ] } } }, "FunctionName": "agent-claw-oauth-handler", "Handler": "handler.handler", "MemorySize": 128, "Role": { "Fn::GetAtt": [ "OAuthHandlerServiceRole9CDCCF9E", "Arn" ] }, "Runtime": "python3.12", "Timeout": 30 }, "DependsOn": [ "OAuthHandlerServiceRoleDefaultPolicy69D90416", "OAuthHandlerServiceRole9CDCCF9E" ], "Metadata": { "aws:cdk:path": "AgentClawStack/OAuthHandler/Resource", "aws:asset:path": "asset.99aabce70089266e2352cb313d55ee18b849e39c418e8e9cd25dea8c4bf85fc4", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "HeartbeatRunnerServiceRole07B33F7E": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/HeartbeatRunner/ServiceRole/Resource" } }, "HeartbeatRunnerServiceRoleDefaultPolicy08E364EE": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "MessageQueue7A3BF959", "Arn" ] } }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:DescribeTable" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "UsersTable9725E9C8", "Arn" ] } ] }, { "Action": [ "dynamodb:GetRecords", "dynamodb:GetShardIterator" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "UsersTable9725E9C8", "Arn" ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "HeartbeatRunnerServiceRoleDefaultPolicy08E364EE", "Roles": [ { "Ref": "HeartbeatRunnerServiceRole07B33F7E" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/HeartbeatRunner/ServiceRole/DefaultPolicy/Resource" } }, "HeartbeatRunnerEA31B930": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "724b3c95c6cd487c828621ad670d23696cd81da614d7df21b846c2d97ef058bf.zip" }, "Environment": { "Variables": { "MESSAGE_QUEUE_URL": { "Ref": "MessageQueue7A3BF959" }, "USERS_TABLE_NAME": { "Ref": "UsersTable9725E9C8" } } }, "FunctionName": "agent-claw-heartbeat-runner", "Handler": "handler.handler", "MemorySize": 128, "Role": { "Fn::GetAtt": [ "HeartbeatRunnerServiceRole07B33F7E", "Arn" ] }, "Runtime": "python3.12", "Timeout": 60 }, "DependsOn": [ "HeartbeatRunnerServiceRoleDefaultPolicy08E364EE", "HeartbeatRunnerServiceRole07B33F7E" ], "Metadata": { "aws:cdk:path": "AgentClawStack/HeartbeatRunner/Resource", "aws:asset:path": "asset.724b3c95c6cd487c828621ad670d23696cd81da614d7df21b846c2d97ef058bf", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "HeartbeatRuleDCC8D7FB": { "Type": "AWS::Events::Rule", "Properties": { "Name": "agent-claw-heartbeat", "ScheduleExpression": "rate(30 minutes)", "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "HeartbeatRunnerEA31B930", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/HeartbeatRule/Resource" } }, "HeartbeatRuleAllowEventRuleAgentClawStackHeartbeatRunner11988F5BB95BE86F": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "HeartbeatRunnerEA31B930", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "HeartbeatRuleDCC8D7FB", "Arn" ] } }, "Metadata": { "aws:cdk:path": "AgentClawStack/HeartbeatRule/AllowEventRuleAgentClawStackHeartbeatRunner11988F5B" } }, "SchedulerServiceRole62CDA70C": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/Scheduler/ServiceRole/Resource" } }, "SchedulerServiceRoleDefaultPolicyFA0D8235": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" }, { "Action": [ "events:RemoveTargets", "events:DeleteRule" ], "Effect": "Allow", "Resource": "arn:aws:events:us-east-1:495395224548:rule/agent-claw-reminder-*" } ], "Version": "2012-10-17" }, "PolicyName": "SchedulerServiceRoleDefaultPolicyFA0D8235", "Roles": [ { "Ref": "SchedulerServiceRole62CDA70C" } ] }, "Metadata": { "aws:cdk:path": "AgentClawStack/Scheduler/ServiceRole/DefaultPolicy/Resource" } }, "SchedulerCFE73206": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1", "S3Key": "8e7324457a5952eb51f04a34fbc5ba853252e7157d8d8958ac5fda92e72edb1f.zip" }, "Environment": { "Variables": { "TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3" } }, "FunctionName": "agent-claw-scheduler", "Handler": "handler.handler", "MemorySize": 128, "Role": { "Fn::GetAtt": [ "SchedulerServiceRole62CDA70C", "Arn" ] }, "Runtime": "python3.12", "Timeout": 30 }, "DependsOn": [ "SchedulerServiceRoleDefaultPolicyFA0D8235", "SchedulerServiceRole62CDA70C" ], "Metadata": { "aws:cdk:path": "AgentClawStack/Scheduler/Resource", "aws:asset:path": "asset.8e7324457a5952eb51f04a34fbc5ba853252e7157d8d8958ac5fda92e72edb1f", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "SchedulerEventBridgeInvoke72A0529A": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "SchedulerCFE73206", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": "arn:aws:events:us-east-1:495395224548:rule/agent-claw-reminder-*" }, "Metadata": { "aws:cdk:path": "AgentClawStack/Scheduler/EventBridgeInvoke" } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/21R207DMAz9Ft4zA934gG2AQAIxOsTr5LVelS1NSu2sqqL+O0rKxoR4OsfHl9gnGWR3GdxcYceTojxMjN5CWAsWB5UTO98WpLDjTeAphIUvDiRqubM/bIQFMg2Kp5tQUmNcX5MVGFP3Z0EhMwnDPMKgDNbbEiEsd/YFe2o/qWXtrFprWxkSZx+9LSQqZ7Lc/YoPR7KyTuu9YtNoW8X0/+qK2lozX84aN9ZYQ8idoViVcOWMLvrUlNigyt5i7cothA/cjpWJDIq/GMK7J5/ERAaFja5QqMP+mEF4EmnmjY75CDFcC1apYSRRyp2XkT1boarF07V/wlQ3KIpHMoTc/yzuDQ0nQzcmmrnBjgujYd7x0ujkr0q+x0eTK57F1ecPjlMu+JuXxsugrCsJ9nx9zGZwO4Obqz1rPWm9FV0T5CN+AxjAathBAgAA" }, "Metadata": { "aws:cdk:path": "AgentClawStack/CDKMetadata/Default" } } }, "Outputs": { "WorkspaceMcpFunctionUrl": { "Description": "workspace-mcp Lambda Function URL (MCP endpoint for Gmail/Calendar)", "Value": "https://25hugrzw4uwtueeg77jsmft6lq0wunmd.lambda-url.us-east-1.on.aws" }, "OAuthStartUrl": { "Description": "Google OAuth start URL — set as OAUTH_START_URL in agentcore.json", "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "WebhookApi28122C53" }, ".execute-api.us-east-1.", { "Ref": "AWS::URLSuffix" }, "/oauth/start" ] ] } }, "OAuthRedirectUri": { "Description": "Google OAuth redirect URI — register in Google Cloud Console", "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "WebhookApi28122C53" }, ".execute-api.us-east-1.", { "Ref": "AWS::URLSuffix" }, "/oauth/callback" ] ] } }, "WebhookUrl": { "Description": "Register this URL with Telegram BotFather as webhook endpoint", "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "WebhookApi28122C53" }, ".execute-api.us-east-1.", { "Ref": "AWS::URLSuffix" }, "/telegram" ] ] } }, "WorkspaceBucketName": { "Description": "S3 bucket containing agent workspace files", "Value": { "Ref": "WorkspaceBucket53E30B92" } }, "SessionTableName": { "Description": "DynamoDB table for session mapping", "Value": { "Ref": "SessionStore8C86EEFE" } }, "UsersTableName": { "Description": "DynamoDB user registry table", "Value": { "Ref": "UsersTable9725E9C8" } }, "MessageQueueUrl": { "Description": "SQS FIFO queue for incoming messages", "Value": { "Ref": "MessageQueue7A3BF959" } }, "Runtime1RoleArn": { "Description": "IAM execution role ARN for AgentCore Runtime 1", "Value": { "Fn::GetAtt": [ "Runtime1RoleA7A82078", "Arn" ] } }, "SchedulerLambdaArn": { "Description": "Scheduler Lambda ARN — set as SCHEDULER_LAMBDA_ARN in agentcore.json", "Value": { "Fn::GetAtt": [ "SchedulerCFE73206", "Arn" ] } } }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" } }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5" ], { "Ref": "BootstrapVersion" } ] } ] }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } ] } } }