AgentCore Powered Security Assessment

• 

  Application Front End

AgentCore Powered Well-Architected Security Assessment Tool

🎯 What Inspired This Project

As cloud environments grow increasingly complex, security teams struggle with fragmented tools and overwhelming data across multiple AWS security services. Traditional security assessments require deep technical expertise, manual console navigation, and complex API calls just to answer simple questions like "What are my critical security risks?"

The inspiration came from a simple realization: What if security analysts could just ask their infrastructure questions in plain English and get intelligent, actionable answers?

We envisioned transforming the tedious process of security assessment from:

• Logging into multiple AWS consoles
• Writing complex API queries
  
• Manually correlating findings across services
• Interpreting technical jargon

Into a natural conversation:

"Show me high-severity security findings in us-east-1, limit to 3 with remediation steps"

✨ Key Features

🤖 AI-Powered Security Analysis

• Natural Language Interface: Ask security questions in plain English
• AI Models: Claude 3.7 Sonnet (reasoning)
• Intelligent Tool Selection: AI determines optimal security assessment approach

🔒 Enterprise Security

• Multi-layer Authentication: Cognito User Pool + Identity Pool + IAM Roles
• OAuth 2.0 Integration: Enterprise-grade API security
• Well-Architected Framework: Security best practices implementation

⚡ High Performance

• Direct AWS API Calls: Security MCP Server bypasses LLM for data retrieval
• CloudFront CDN: Global content delivery with edge caching
• Memory Persistence: Context retention across user sessions

🔧 Comprehensive Integration

• Multi-Service Support: Security Hub, GuardDuty, Inspector, IAM Access Analyzer
• Real-time Processing: Streaming responses with immediate feedback
• Scalable Architecture: Serverless, auto-scaling execution environment

🚀 Live Demo

Deployed Application: https://dwtz1c6gg4gdx.cloudfront.net/

GitHub Repository: https://github.com/ajitnk-lab/aws-ai-agent-global-hackathon

Experience the AI-powered security assessment platform in action!

🏗️ System Architecture

Enterprise Components:

• Web Frontend: S3 + CloudFront + React App
• Identity Management: Cognito User Pool + Identity Pool + IAM Roles
  
• AI Processing: Bedrock Agent (Claude 3 Sonnet)
• Integration Layer: Lambda Bridge (Auth & Routing)
• AgentCore Platform: AgentCore Gateway (OAuth) + AgentCore Runtime (Security MCP Server) + AgentCore Memory
• AWS Security Services: Direct API integration with Security Hub, GuardDuty, Inspector, IAM Analyzer

🔄 Process Flow

Workflow:

1. Authentication: React UI → Cognito → IAM Tokens
2. AI Processing: Bedrock Agent → Claude 3 Sonnet Reasoning
3. Integration: Lambda Bridge → Parameter Extraction & Routing
4. AgentCore: AgentCore Gateway → AgentCore Runtime (Security MCP Server) → AgentCore Memory
5. Direct API Calls: Security MCP Server → AWS Security Services
6. Response: Data aggregation → Formatting → AgentCore Memory storage

🧠 What We Learned

Technical Discoveries

• AgentCore's Power: Amazon Bedrock AgentCore provides enterprise-grade AI agent infrastructure with built-in memory, OAuth security, and scalable runtime environments
• Conversational Security: Natural language interfaces can dramatically simplify complex security workflows without sacrificing depth or accuracy
• Memory Persistence: Maintaining security context across conversations enables more intelligent, contextual responses

Architecture Insights

• Microservices Integration: Successfully bridged multiple AWS services (Bedrock Agent, Lambda, AgentCore) into a cohesive system
• OAuth Security: Implementing proper authentication flows for AI agents requires careful consideration of token management and session persistence
• Direct API Integration: Security MCP Server tools make direct AWS API calls for maximum performance

🔨 How We Built It

Architecture Overview

User Query → Bedrock Agent → Lambda Bridge → AgentCore Gateway (OAuth) → AgentCore Runtime → Security Tools → AWS APIs
                                                     ↓
                                            AgentCore Memory (Persistent Context)

Key Components

1. Security Assessment Engine (security_tools.py)

class SecurityAssessmentTools:
    def check_security_services(self, region: str) -> dict
    def get_security_findings(self, severity: str, limit: int) -> dict
    def analyze_security_posture(self, service: str) -> dict
    def explore_aws_resources(self, service: str, region: str) -> dict
    def get_resource_compliance_status(self, resource_type: str) -> dict

2. AgentCore Runtime (security_agent.py)

• BedrockAgentCoreApp-based agent with memory hooks
• Persistent security context across sessions
• Tool orchestration and response formatting

3. Lambda Bridge (lambda_bridge.py)

• OAuth token validation
• Request/response transformation
• Error handling and logging

4. Bedrock Agent Configuration

• Natural language understanding
• Function calling with parameter extraction
• Streaming response handling

🚧 Challenges We Faced

1. OAuth Token Management

Challenge: AgentCore Gateway requires OAuth tokens, but Bedrock Agent doesn't natively handle token refresh.

Solution: Implemented token caching in Lambda with automatic refresh logic.

2. Parameter Extraction Complexity

Challenge: Bedrock Agent's function calling sometimes misinterpreted natural language parameters.

Solution: Added parameter validation and default handling.

3. Memory Context Persistence

Challenge: Maintaining security context across multiple conversation turns without overwhelming the agent.

Solution: Implemented selective memory retrieval with relevance scoring.

4. Multi-Service API Orchestration

Challenge: Coordinating calls across GuardDuty, Security Hub, Inspector, and IAM Access Analyzer with different response formats.

Solution: Created unified response schema with service-specific adapters.

🏆 What We're Proud Of

Technical Achievements

• Zero-to-Production: Built a complete enterprise-ready security platform in 12 hours
• Natural Language Security: Successfully translated complex security concepts into conversational AI
• Scalable Architecture: Created a system that can handle enterprise-scale security assessments

Innovation Highlights

• First-of-its-kind: Combined AgentCore's enterprise features with security assessment automation
• User Experience: Transformed security analysis from technical expertise requirement to natural conversation
• Comprehensive Coverage: Integrated 4 major AWS security services into a unified assessment platform

Real-World Impact

• Time Savings: Reduced security assessment time from hours to minutes
• Accessibility: Made advanced security analysis available to non-technical stakeholders
• Consistency: Standardized security assessments based on AWS Well-Architected Framework

🚀 What's Next

Immediate Enhancements

• Multi-Account Support: Extend assessments across AWS Organizations
• Custom Compliance Frameworks: Support for industry-specific security standards
• Automated Remediation: AI-powered security fix suggestions and implementation

Future Vision

• Predictive Security: ML-based threat prediction and prevention
• Cross-Cloud Support: Extend to Azure and GCP security assessments
• Security Orchestration: Integration with SOAR platforms for automated incident response

🙏 Credits & Acknowledgments

Original MCP Server

This project is built upon and adapts the AWS Well-Architected Security MCP Server developed by AWS Labs:

• Original Repository: https://github.com/awslabs/mcp/tree/main/src/well-architected-security-mcp-server
• License: Apache License, Version 2.0
• Credits: AWS Labs team for creating the foundational security assessment tools

Our Transformation & Enhancement

We transformed the original MCP server into a production-ready AgentCore application by:

• AgentCore Integration: Hosting as a Bedrock AgentCore application with enterprise features
• Natural Language Interface: Adding Bedrock Agent for conversational security assessment
• Enterprise Architecture: Implementing OAuth, memory persistence, and scalable deployment
• Web Frontend: Creating a React-based user interface with CloudFront distribution
• Multi-layer Authentication: Adding Cognito User Pool and Identity Pool integration

Special thanks to the AWS Labs team for providing the excellent foundation that made this enterprise-grade security assessment platform possible.

---

Built with: Amazon Bedrock AgentCore, Python & React.js, Claude 3 & 3.7 Sonnet, AWS Security Services, OAuth 2.0 & Cognito

Team: Solo developer passionate about democratizing cloud security through AI innovation

Demo: Live deployment available for testing with sample security scenarios

Built With

• amazon-bedrock-agent
• amazon-bedrock-agentcore
• aws-lambda
• docker
• python
• react