Interactively generate infrastructure as code using Amazon Bedrock agents

Machine Learning

Among the diverse toolkits available for cloud infrastructure adoption, Amazon Bedrock Agent offers a practical and innovative option for teams looking to enhance their Infrastructure as Code (IaC) processes. Amazon Bedrock Agent automates the engineering of prompts and orchestration of user requested tasks. Once configured, the agent builds prompts, enhances them with company specific information, and responds to the user in natural language.

This solution shows how to configure the Amazon Bedrock Agent to accept a cloud architecture diagram, automatically analyze it, and generate Terraform or AWS CloudFormation templates. The solution uses Retrieval Augmented Generation (RAG) to ensure that the generated scripts comply with your organization's needs and industry standards. A key feature is the agent's ability to dynamically interact with the user. During the IaC generation process, the Amazon Bedrock Agent actively explores additional information by analyzing the diagram provided and querying the user to fill in gaps. This interaction allows for a more customized and precise IaC configuration.

Amazon Bedrock is a fully managed service that offers a choice of high-performance foundational models (FMs) from leading artificial intelligence (AI) companies, including AI21 Labs, Anthropic, Cohere, Meta, Mistral AI, Stability AI, and Amazon, through a single API, and also provides a broad range of capabilities required to build generative AI applications with security, privacy, and responsible AI.

In this blog post, we explain how to use the Amazon Bedrock agent to generate customized, organizational standard-compliant IaC scripts directly from uploaded architecture diagrams, accelerating deployments, reducing errors, and ensuring adherence to security guidelines.

Solution overview

Before discussing the deployment process, let's review the key steps in the architecture, as shown in Figure 1.

Figure 1: Overview of creating infrastructure as code from architecture diagrams

  1. Initial input from the Amazon Bedrock chat console: A user starts in the Amazon Bedrock Chat console by entering the name of the Amazon Simple Storage Service (Amazon S3) bucket and the name of the object (key) where the architecture diagram is stored. For example, if the architecture diagram is stored as: s3://testbucket/architecturediagram.pngThe user types: Test Bucket As an S3 bucket name Architecture diagram.png As an object name.
  2. Diagram Analysis and Query Generation: The Amazon Bedrock agent forwards the location of the architecture diagram to an action group that invokes AWS Lambda. The function retrieves the architecture diagram from the specified S3 bucket, analyzes it using the Amazon Bedrock model, and generates a summary of the diagram. It also generates questions about any missing components, dependencies, or parameter values ​​required to create the IaC for AWS services. This detailed response is returned to the agent.
  3. Interaction and User Verification: The agent displays the generated questions to the user and records their answers. The agent then provides a comprehensive overview of the architecture diagram along with any additional inputs provided by the user. The user can then approve this configuration or suggest necessary adjustments. Upon receiving confirmation from the user, the agent passes this information to a second group of actions to generate the IaC.
  4. IaC Generation and DeploymentThe second group of actions processes the user input data along with organization-specific coding guidelines from the Amazon Bedrock knowledge base and invokes a Lambda function that creates the IaC. Once generated, the IaC is automatically pushed to the specified GitHub repository.


You will need:

Deployment Steps

This solution can be used to create IaC (using Terraform or CloudFormation) by inputting your architecture diagram. This blog post focuses on creating the Terraform IaC. There are four steps to deploy the solution:

Step 1: Configure the Amazon Bedrock Knowledge Base: Configuring a knowledge base (KB) provides access to information about standard Terraform modules for your organization. To set up a KB, follow these steps:

  1. Sign in to access the AWS Management Console for Amazon Bedrock. Knowledge Base Section, which is the starting point for creating a new KB.
  2. Enter a clear and meaningful name that reflects the purpose of the KB, such as Terraform KB.
  3. Assign a pre-configured IAM role with the required permissions. Typically, it's best to let Amazon Bedrock create this role to ensure that appropriate permissions are granted.
  4. Define your data source by uploading a JSON file to an S3 bucket with encryption enabled for security. This file must contain a structured list of AWS services and Terraform modules. Use the example provided in the repository for the JSON structure.
  5. Select the default embedding model: For most use cases, the Amazon Bedrock Titan G1 Embedding – Text model is sufficient. This model is pre-configured and ready to use, simplifying the process.
  6. Managed Vector Store enables Amazon Bedrock to create and manage vector stores in the Amazon OpenSearch Service.
  7. Select the KB, Information source Select by section Synchronization It will start to import your data. Once the data import is complete, you will see a green success banner if it was successful.
  8. Double-check all the information you entered for accuracy, paying special attention to the S3 bucket URI and IAM role details.

Step 2: Configure the Bedrock agent:

  1. Open the Amazon Bedrock console, Agent In the left navigation panel, Create an agent.
  2. Enter the agent details including the agent name and description (optional).
  3. You then grant the agent permissions to access AWS services through an IAM service role, which allows the agent to access the services it needs, such as Lambda.
  4. Select a foundation model from Amazon Bedrock (for example, Anthropic Claude 3 Sonnet).
  5. To create your Terraform code using the Amazon Bedrock agent, attach the following instructions to the agent:

“Help user in IaC creation of provided architecture diagram. Ask user for S3 bucket name and object name where diagram is stored. Once information is received, execute analytics query action group. Provide structured summary and ask user only questions received from action group response. Get answer from user and provide detailed summary to user. Get approval from user. Once approved, pass all that information along with S3 bucket name, object name as input to final draft action group and execute action group.”

Step 3: Configure the agent action group: After adding the initial agent configuration and the above instructions to the agent, there are two actions that need to be added to the agent to pass in the architecture diagram and create the Terraform IaC.

  1. Create an action group linked to a Lambda function (see Getting Started with Lambda for creating a Lambda function). This action group is designed to analyze the architecture diagram and generate questions related to missing components, dependencies, or parameter values ​​required for IaC creation of AWS services. This group is invoked by the agent after the user enters the S3 bucket and object details. The response is then relayed to the agent, which runs an interactive session to collect the missing information from the user. See the Lambda code and OpenAPI schema in the repository.
  2. Create a second action group associated with another Lambda function whose role is to create the Terraform code and upload it to the GitHub repository. This group will be invoked only after you review and approve the infrastructure configuration. See the Lambda code and OpenAPI schema in the repository.

Step 4: Add an action group to the agent.

  1. Assign each action group a meaningful name and fill in the description field with details about its function, making the purpose of each group clear within your workflow.
  2. For each action group, select the appropriate Lambda functions that you configured earlier. These functions execute the required business logic when the action is invoked. Be sure to select the correct version of each Lambda function. See the section Lambda Functions for Action Groups for more information.
  3. Provide an Amazon S3 URI that links to the API schema for each action group. This schema should contain the description, structure, and parameters of the API. The API is essential for managing the workflow, such as receiving user input, invoking Lambda functions to execute processes, validating inputs, initiating Terraform module creation, and monitoring provisioning status. For more guidance, see the Action Groups OpenAPI Schema section.

The following screenshot shows an example of a user interaction with an agent in Amazon Bedrock.

The following screenshot shows an example of the Terraform output.


The services used in this demo may incur costs, to clean up resources, follow these steps:

  1. Delete the Lambda function if it is no longer needed.
  2. Delete the action group and the Amazon Bedrock agent that were created.
  3. Empty and delete the S3 bucket used to store your architecture diagrams.
  4. Delete the generated Terraform scripts from the GitHub repository.
  5. Amazon Bedrock Knowledge Base If you no longer need Bedrock, delete it.


Amazon Bedrock's agent uses generative AI to convert architecture diagrams into compliant Infrastructure as Code (IaC) scripts for AWS deployments, including Terraform and AWS CloudFormation. This capability is a critical tool for engineers moving to the cloud, expediting the cloud adoption process while ensuring that deployments adhere to established best practices from the start.

The Amazon Bedrock agent interactivity not only streamlines initial setup by automating IaC generation, but also significantly improves ongoing operations such as infrastructure management. Although this article focuses on IaC creation, the Amazon Bedrock agent interactivity can be used with a variety of AWS services, providing a dynamic and comprehensive solution for managing and optimizing your cloud infrastructure.

Are you ready to use Amazon Bedrock's generative AI to streamline your cloud adoption process? Start by diving deep into the Amazon Bedrock User Guide and learning how it can accelerate your organization's journey to the cloud. If you need expert assistance, consider engaging AWS Professional Services to maximize the efficiency and benefits of using Amazon Bedrock. Amazon Bedrock unlocks the potential of rapid, secure, and efficient cloud transformation. Take the first step today and see how using generative AI can revolutionize your approach to cloud infrastructure.

About the Author

Akhil Raj Yarameri Akhil is a Cloud Infrastructure Architect at AWS, specializing in optimizing cloud infrastructure for enhancing data security and cost efficiency. He expertly integrates technical solutions with business strategies to build scalable, reliable, and secure cloud environments. Akhil embraces Generative AI (Gen AI) technologies to drive innovation and builds technology solutions focused on business outcomes for his customers. With deep expertise on AWS and a strong background in DevOps methodologies across the Software Development Lifecycle (SDLC), Akhil leads critical implementation and migration projects. He holds a Master's degree in Computer Science. Outside of work, he enjoys watching and playing sports.

Ebby Thomas He specializes in strategizing and developing custom AWS Landing Zones with a focus on leveraging Generative AI for enhanced cloud infrastructure automation. In his role with AWS Professional Services, Ebbey's expertise is central to designing solutions that streamline cloud adoption and ensure a secure and efficient operational framework for AWS users. He is known for his innovative approach to cloud challenges and his commitment to advancing cloud service capabilities.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *