Added Deploying Stands Agents SDK Agents to AWS App Runner

docs/examples/README.md

@@ -55,6 +55,7 @@ Available CDK examples:
 
 - [Deploy to EC2](cdk/deploy_to_ec2/README.md) - Guide for deploying agents to Amazon EC2 instances
 - [Deploy to Fargate](cdk/deploy_to_fargate/README.md) - Guide for deploying agents to AWS Fargate
+- [Deploy to App Runner](cdk/deploy_to_apprunner/README.md) - Guide for deploying agents to AWS App Runner
 - [Deploy to Lambda](cdk/deploy_to_lambda/README.md) - Guide for deploying agents to AWS Lambda
 
 ### Amazon EKS Example

docs/examples/cdk/deploy_to_apprunner/.gitignore

@@ -0,0 +1,41 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+.venv/
+output.json
+
+# Installed dependencies for container image
+_dependencies
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+packaging/
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo

docs/examples/cdk/deploy_to_apprunner/README.md

@@ -0,0 +1,139 @@
+# AWS CDK App Runner Deployment Example
+
+## Introduction
+
+This is a TypeScript-based CDK (Cloud Development Kit) example that demonstrates how to deploy a Python application to AWS App Runner. The example deploys a weather forecaster application that runs as a containerized service in AWS App Runner. The application is built with FastAPI and provides two weather endpoints:
+
+1. `/weather` - A standard endpoint that returns weather information based on the provided prompt
+2. `/weather-streaming` - A streaming endpoint that delivers weather information in real-time as it's being generated
+
+## Prerequisites
+
+- [AWS CLI](https://aws.amazon.com/cli/) installed and configured
+- [Node.js](https://nodejs.org/) (v18.x or later)
+- Python 3.12 or later
+- Either:
+  - [Podman](https://podman.io/) installed and running
+  - (or) [Docker](https://www.docker.com/) installed and running
+## Project Structure
+
+- `lib/` - Contains the CDK stack definition in TypeScript
+- `bin/` - Contains the CDK app entry point and deployment scripts:
+  - `cdk-app.ts` - Main CDK application entry point
+- `docker/` - Contains the Dockerfile and application code for the container:
+  - `Dockerfile` - Docker image definition
+  - `app/` - Application code
+  - `requirements.txt` - Python dependencies for the container & local development
+
+## Setup and Deployment
+
+1. Install dependencies:
+
+```bash
+# Install Node.js dependencies including CDK and TypeScript locally
+npm install
+
+# Create a Python virtual environment (optional but recommended)
+python -m venv .venv
+source .venv/bin/activate  # On Windows: .venv\Scripts\activate
+
+# Install Python dependencies for the local development
+pip install -r ./docker/requirements.txt
+```
+
+2. Bootstrap your AWS environment (if not already done):
+
+```bash
+npx cdk bootstrap
+```
+
+3. Ensure podman is started (one time):
+
+```bash
+podman machine init
+podman machine start
+```
+
+4. Package & deploy via CDK:
+
+```bash
+CDK_DOCKER=podman npx cdk deploy
+```
+
+## Usage
+
+After deployment, you can access the weather service using the App Runner Service URL that is output after deployment:
+
+```bash
+# Get the service URL from the CDK output
+SERVICE_URL=$(aws cloudformation describe-stacks --stack-name AgentAppRunnerStack --query "Stacks[0].Outputs[?ExportName=='AppRunnerServiceUrl'].OutputValue" --output text)
+```
+
+The service exposes a REST API endpoint that you can call using curl or any HTTP client:
+
+```bash
+# Call the weather service
+curl -X POST \
+  https://$SERVICE_URL/weather \
+  -H 'Content-Type: application/json' \
+  -d '{"prompt": "What is the weather in New York?"}'
+
+# Call the streaming endpoint
+curl -X POST \
+  https://$SERVICE_URL/weather-streaming \
+  -H 'Content-Type: application/json' \
+  -d '{"prompt": "What is the weather in New York in Celsius?"}'
+```
+
+## Local testing (python)
+
+You can run the python app directly for local testing via:
+
+```bash
+python ./docker/app/app.py
+```
+
+Then, set the SERVICE_URL to point to your local server
+
+```bash
+SERVICE_URL=127.0.0.1:8000
+```
+
+and you can use the curl commands above to test locally.
+
+## Local testing (container)
+
+Build & run the container:
+
+```bash
+podman build --platform linux/amd64 -t agent_container ./docker/
+
+podman run -p 127.0.0.1:8000:8000 \
+  -v ~/.aws:/home/appuser/.aws:ro \
+  -e AWS_PROFILE=default \
+  -t agent_container
+```
+
+Then, set the SERVICE_URL to point to your local server
+
+```bash
+SERVICE_URL=127.0.0.1:8000
+```
+
+and you can use the curl commands above to test locally.
+
+## Cleanup
+
+To remove all resources created by this example:
+
+```bash
+npx cdk destroy
+```
+
+## Additional Resources
+
+- [AWS CDK TypeScript Documentation](https://docs.aws.amazon.com/cdk/latest/guide/work-with-cdk-typescript.html)
+- [AWS App Runner Documentation](https://docs.aws.amazon.com/apprunner/latest/dg/what-is-apprunner.html)
+- [Docker Documentation](https://docs.docker.com/)
+- [Podman Documentation](https://podman.io/docs)
+- [TypeScript Documentation](https://www.typescriptlang.org/docs/)

docs/examples/cdk/deploy_to_apprunner/bin/cdk-app.ts

@@ -0,0 +1,22 @@
+#!/usr/bin/env node
+import { App } from "aws-cdk-lib";
+import { AgentAppRunnerStack } from "../lib/agent-apprunner-stack";
+
+const app = new App();
+
+// prettier-ignore
+new AgentAppRunnerStack(app, "AgentAppRunnerStack", {
+  /* If you don't specify 'env', this stack will be environment-agnostic.
+   * Account/Region-dependent features and context lookups will not work,
+   * but a single synthesized template can be deployed anywhere. */
+
+  /* Uncomment the next line to specialize this stack for the AWS Account
+   * and Region that are implied by the current CLI configuration. */
+  // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+
+  /* Uncomment the next line if you know exactly what Account and Region you
+   * want to deploy the stack to. */
+  // env: { account: '123456789012', region: 'us-east-1' },
+
+  /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
+});

docs/examples/cdk/deploy_to_apprunner/cdk.json

@@ -0,0 +1,88 @@
+{
+  "app": "npx tsx bin/cdk-app.ts",
+  "watch": {
+    "include": ["**"],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+    "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+    "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
+    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true,
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+    "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
+    "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
+    "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true,
+    "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true,
+    "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true,
+    "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true,
+    "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true,
+    "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true,
+    "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true,
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true,
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true,
+    "@aws-cdk/core:enableAdditionalMetadataCollection": true,
+    "@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy": false,
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true,
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true,
+    "@aws-cdk/core:aspectPrioritiesMutating": true,
+    "@aws-cdk/aws-dynamodb:retainTableReplica": true,
+    "@aws-cdk/aws-stepfunctions:useDistributedMapResultWriterV2": true
+  }
+}

docs/examples/cdk/deploy_to_apprunner/docker/Dockerfile

@@ -0,0 +1,29 @@
+FROM public.ecr.aws/docker/library/python:3.12-slim
+
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    git \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Python dependencies
+# Copy requirements file
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY app/ .
+
+# Create a non-root user to run the application
+RUN useradd -m appuser
+USER appuser
+
+# Expose the port the app runs on
+EXPOSE 8000
+
+# Command to run the application with Uvicorn
+# - workers: 2 worker processes (adjust based on container resources)
+# - host: Listen on all interfaces
+# - port: 8000
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "2"]