DEV Community

Cover image for 25 Internal Knowledge and Productivity Agent Patterns on AWS You Can Steal Right Now
AWS Community Builders profile image Marcelo Acosta Cavalero
Marcelo Acosta Cavalero for AWS Community Builders

Posted on • Originally published at buildwithaws.substack.com

25 Internal Knowledge and Productivity Agent Patterns on AWS You Can Steal Right Now

#aws #ai #productivity #webdev

Originally published on Build With AWS. Subscribe for weekly AWS builds.

An engineer spent 40 minutes last Thursday searching for the internal API rate-limiting policy. She checked Confluence, Notion, three Slack channels, and finally asked a colleague who pointed her to a Google Doc shared in a thread six months ago. The policy existed.

Finding it was the problem.

This is the second edition of a five-part series cataloging real AI architecture patterns running on AWS.

Edition 1 covered 25 customer-facing agents.

This edition shifts the lens inward: 25 patterns for employee-facing agents that handle knowledge retrieval, internal support, operational productivity, and the daily friction that slows teams down.

If you missed Edition 1, go back for the “Agent or Not?” scoring framework and the AgentCore vs Quick breakdown.

Those mental models apply here too, so this edition skips straight to the architectures and use cases.

One platform update before the cards: Edition 1 split the world into AgentCore (custom agents) and Quick (analytics).

Internal agents add a third lane. Amazon Q Business is the AWS-native default for enterprise knowledge assistants, permissions-aware search, and SaaS-connected internal help desks.

It ships with native connectors for Google Drive, Slack, Confluence, Jira, SharePoint, and dozens more, with document-level ACLs built in.

Q Business can trigger actions through plugins, but AgentCore remains the better choice when workflows require deterministic orchestration, multi-step execution, or strict policy enforcement.

AgentCore remains the right choice for custom agent backends with tool orchestration, memory, identity, and fine-grained control.

Amazon Quick stays in its lane for analytics, dashboarding, research, and workflow automation around business data.

Several patterns below use Q Business for retrieval and AgentCore for action, which turns out to be the natural split for internal workloads.

Reference Architectures for Internal Agents

Internal agents integrate with different systems than customer-facing ones. Corporate identity providers, internal wikis, HR platforms, CI/CD pipelines, and financial systems replace the CRM and e-commerce APIs from Edition 1.

The four reference architectures adapt accordingly.

Reference Architecture D - Single Agent with Internal Tool Access

Platform: AgentCore

When to use: The agent reasons about which internal tools to query, in what order, based on the employee’s role and question. One agent handles the full interaction with 3-8 internal system integrations.

Covers most IT support, HR advisory, and workflow-execution agents where the agent needs to take actions through APIs.

For pure knowledge retrieval and Q&A, see Architecture D2 below.

AgentCore Identity integrates with your corporate IdP (Okta, Azure AD) for SSO. AgentCore Policy enforces role-based access scoping - verify maturity for your target region before production rollout.

Reference Architecture E - Quick Workspace for Internal Intelligence

Platform: Quick

When to use: Teams need AI-powered analysis of internal data, operational metrics, or workforce analytics without writing code.

Covers engineering velocity dashboards, headcount planning analysis, budget tracking, and self-service reporting for managers and operations teams.

Reference Architecture F - Multi-Agent Internal Workflow

Platform: AgentCore (multi-agent)

When to use: Employee requests span IT, HR, finance, and facilities.

Each domain needs its own tools, knowledge bases, and policy constraints.

A single agent trying to handle all internal functions becomes unreliable at 15+ tools. Specialized agents behind a router keep each context window focused.

Reference Architecture G - Q Business for Enterprise Knowledge

Platform: Amazon Q Business

When to use: The primary need is permissions-aware search and Q&A across SaaS knowledge sources.

Q Business ships with native connectors for dozens of data sources and enforces document-level ACLs automatically.

No custom orchestration code required.

Covers enterprise knowledge search, policy Q&A, and any pattern where the core job is “find the right document and synthesize an answer the employee is authorized to see.”

When the same workflow also needs to take actions (create tickets, provision access, call APIs), pair Q Business for retrieval with AgentCore for execution.

The 25 Use Cases

Knowledge Management and Search

#026 - Enterprise Knowledge Search Agent

Pattern: Modernization from chatbot

Platform: Amazon Q Business (primary), AgentCore (optional action layer) Complexity: Quick Win

Reference Architecture: G

What the agent does:

  • Searches across internal knowledge sources - Confluence, SharePoint, Google Drive, Slack message history, Jira, and S3 - through a single conversational interface.
  • Understands natural language questions (”What’s our policy on vendor security reviews?”), retrieves relevant documents from multiple sources, synthesizes a direct answer with citations, and identifies when conflicting information exists across sources.
  • Respects document-level permissions so employees only see content they have access to. Amazon Q Business handles this natively: its built-in connectors index these sources and its ACL engine maps existing permissions without custom code.
  • For sources Q Business does not cover natively, Bedrock Knowledge Bases with a custom data source connector fills the gap, though note that some Bedrock connectors (such as Confluence) are in preview and do not yet support multimodal content like tables and diagrams.

AWS services: Amazon Q Business (connectors + retriever + ACL engine), Bedrock Knowledge Bases (custom RAG for unsupported sources), S3 (document store)

You need this if: Your employees regularly say “I know we documented this somewhere” and spend 20+ minutes searching across 3 or more knowledge platforms.

#027 - Policy and Compliance Q&A Agent

Pattern: New build

Platform: Amazon Q Business (primary), AgentCore (for action routing)

Complexity: Quick Win

Reference Architecture: G

What the agent does:

  • Answers employee questions about internal policies - travel expenses, PTO accrual, data classification, security requirements, procurement thresholds, acceptable use.
  • Pulls from the authoritative policy documents (not outdated wiki copies) and provides specific answers with page references.
  • Q Business indexes the policy corpus from S3 or SharePoint and enforces access controls so employees only see policies relevant to their role.
  • When policies are ambiguous or the question falls outside documented rules, an AgentCore action layer identifies the policy owner and drafts an email for the employee to send.
  • Tracks which policies generate the most questions, surfacing candidates for clarification.

AWS services: Amazon Q Business (retriever + ACL engine), S3 (policy document store), AgentCore Runtime (action routing), CloudWatch (query analytics)

You need this if: Your HR, legal, or compliance team answers the same policy questions repeatedly, and employees default to asking coworkers instead of reading the docs.

#028 - Institutional Knowledge Capture Agent

Pattern: New build

Platform: AgentCore

Complexity: Strategic Bet

Reference Architecture: D

What the agent does:

  • Runs structured knowledge extraction interviews with subject matter experts, particularly before role transitions, departures, or reorganizations.
  • Asks targeted questions about undocumented processes, tribal knowledge, key relationships, and decision context.
  • Transcribes and synthesizes responses into structured knowledge articles with proper metadata and cross-references.
  • Identifies gaps where captured knowledge contradicts or supplements existing documentation.
  • Generates a handoff document for successors.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Memory (interview state), Amazon Transcribe, S3 (knowledge archive), Bedrock Knowledge Bases

You need this if: Critical knowledge walks out the door when senior employees leave, and your team spends months reconstructing context that lived in someone’s head.

#029 - Technical Documentation Assistant

Pattern: Modernization from chatbot

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Helps engineers navigate internal API documentation, runbooks, architecture decision records, and system diagrams.
  • Answers questions like “How does the payment service authenticate with the ledger?” by pulling from code comments, README files, ADRs, and internal docs.
  • When documentation is stale or missing, it flags the gap and creates a draft based on the current codebase.
  • Understands code context so it can explain what a service does, not just repeat what the docs say.

AWS services: Bedrock (Claude), AgentCore Runtime, Bedrock Knowledge Bases (documentation + custom-ingested code artifacts), Amazon Q Developer (native repository integration)

You need this if: Your engineering team wastes hours reading outdated documentation and reverse-engineering service behavior because the docs do not match the code.

#030 - Cross-Team Decision Log Agent

Pattern: New build

Platform: Both (AgentCore backend + Quick analytics)

Complexity: Strategic Bet

Reference Architecture: D + E

What the agent does:

  • Captures architectural decisions, trade-off discussions, and design choices from Slack threads, meeting transcripts, and PR comments.
  • Structures them into searchable decision records with context, alternatives considered, rationale, and stakeholders.
  • When a team proposes something that contradicts or revisits a prior decision, the agent surfaces the original discussion and reasoning.
  • Quick dashboards show decision frequency by domain, open questions, and areas where decisions are overdue.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Memory, Amazon Quick (QuickSight + Index), Amazon Transcribe, S3 (decision archive)

You need this if: Your teams relitigate the same technical decisions every quarter because nobody remembers why the original choice was made.

IT Help Desk and Internal Support

#031 - IT Help Desk Agent

Pattern: Modernization from chatbot

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Handles common IT support requests through Slack or a web interface.
  • Resets passwords via the IdP API, provisions software licenses through the asset management system.
  • Troubleshoots VPN connectivity with diagnostic checks.
  • Resolves printer issues with guided walkthroughs, and manages MFA token enrollment.
  • For issues requiring hands-on support, it collects diagnostic information, determines priority based on impact and urgency, and creates a ticket with all relevant context pre-populated.

AWS services: Bedrock (Nova), AgentCore Runtime, AgentCore Identity (IdP integration), AgentCore Gateway (ITSM APIs), ServiceNow API, Okta/Azure AD API

You need this if: More than 50% of your IT help desk tickets are password resets, access requests, and connectivity issues that follow standard resolution procedures.

#032 - Software Access Provisioning Agent

Pattern: Migration from RPA

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Processes software access requests end-to-end. Employee asks for access to a tool (GitHub org, AWS account, Datadog, Salesforce).
  • The agent checks the employee’s role against the entitlement matrix, identifies whether manager approval is needed, routes the approval request, and upon approval, provisions access via the tool’s API or SCIM endpoint.
  • Handles license availability checks and waitlisting.
  • Automatically de-provisions access when employees change roles or depart based on HRIS events.

AWS services: Bedrock (Nova), AgentCore Runtime, AgentCore Policy (entitlement rules), AgentCore Identity, SCIM APIs, HRIS API (Workday/BambooHR), EventBridge (lifecycle events)

You need this if: Software access requests take 2+ business days to fulfill because they require manual approval chains and admin intervention across multiple systems.

#033 - Incident Communication Coordinator

Pattern: New build

Platform: AgentCore

Complexity: Strategic Bet

Reference Architecture: D

What the agent does:

  • During production incidents, drafts and distributes internal status updates based on real-time information from monitoring tools and the incident Slack channel.
  • Pulls metrics from CloudWatch and Datadog, summarizes the current state of the incident, identifies affected services and customer impact, and posts updates to the status page and stakeholder channels at configured intervals.
  • After resolution, compiles a timeline of events and generates a postmortem draft with contributing factors and action items pre-populated from the incident channel discussion.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Gateway (monitoring APIs), CloudWatch, EventBridge, SNS (notifications), S3 (postmortem archive)

You need this if: Your incident commanders spend more time writing status updates than resolving the incident, and postmortems take a week to produce because nobody captured the timeline in real-time.

#034 - Infrastructure Self-Service Agent

Pattern: New build

Platform: AgentCore

Complexity: Strategic Bet

Reference Architecture: D

What the agent does:

  • Lets developers request and configure cloud infrastructure through conversation instead of filing tickets.
  • Handles common requests: spin up a dev environment, create an S3 bucket with standard tagging, set up a new RDS instance within approved configurations, or request a temporary IAM role for cross-account access.
  • Validates all requests against organizational policies and guardrails (naming conventions, cost limits, security baselines) before executing via IaC templates.
  • Non-standard requests route to the platform team with a pre-filled request.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Policy (guardrails), AWS Service Catalog, CloudFormation/CDK, IAM, AWS Organizations

You need this if: Your platform team processes 30+ infrastructure requests per week and developers wait 1-3 days for standard environments that could be provisioned in minutes.

#035 - Security Questionnaire Response Agent

Pattern: Migration from RPA

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Completes vendor security questionnaires and customer security assessments by matching questions against a maintained library of approved responses.
  • Pulls from SOC 2 reports, penetration test summaries, architecture documentation, and previously approved answers.
  • Drafts responses for each question with confidence scores.
  • High-confidence answers (exact matches to prior approved responses) are auto-filled.
  • Low-confidence answers are flagged for security team review.
  • Tracks which questions appear most frequently to prioritize documentation improvements.

AWS services: Bedrock (Claude), AgentCore Runtime, Bedrock Knowledge Bases (security response library, optionally backed by OpenSearch Serverless for advanced retrieval control), S3 (compliance documents)

You need this if: Your security team spends 10+ hours per week completing repetitive security questionnaires, and the same questions appear across 80% of inbound assessments.

HR and People Operations

#036 - Employee Onboarding Navigator

Pattern: Modernization from chatbot

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Guides new hires through their first 90 days.
  • Sends day-one setup instructions (laptop configuration, tool access, building entry).
  • Answers questions about benefits enrollment deadlines, org structure, team norms, and internal processes.
  • Adapts the onboarding checklist based on role, department, and location.
  • Tracks completion of required training, compliance acknowledgments, and documentation reviews.
  • Nudges managers when their new hire’s onboarding milestones are stalling.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Memory (onboarding state), HRIS API (Workday/BambooHR), LMS API, SES/SNS (notifications)

You need this if: New hire ramp time exceeds 30 days, onboarding satisfaction scores are below 80%, and your HR team manually tracks checklist completion in spreadsheets.

#037 - Benefits and Leave Advisory Agent

Pattern: Modernization from chatbot

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Answers employee questions about health insurance plans, 401(k) matching, HSA/FSA eligibility, parental leave, PTO balance, and FMLA procedures.
  • Pulls real-time data from the HRIS and benefits platforms to give personalized answers (”You have 8.5 PTO days remaining this year”).
  • Walks employees through benefits enrollment during open enrollment with side-by-side plan comparisons based on their specific situation (family size, expected medical usage, contribution preferences).
  • Routes complex cases to HR specialists with the question and relevant context pre-attached.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Identity (employee verification), HRIS API, benefits platform API, Bedrock Guardrails (PII handling)

You need this if: Your HR inbox is dominated by benefits questions during open enrollment, and employees make suboptimal plan selections because they do not understand their options.

#038 - Internal Job Matching Agent

Pattern: New build

Platform: AgentCore

Complexity: Strategic Bet

Reference Architecture: D

What the agent does:

  • Matches employees to internal open positions based on skills, career goals, project history, and performance data.
  • Goes beyond keyword matching on job descriptions: analyzes the employee’s actual work (code contributions, project involvement, skills demonstrated in reviews) against what the hiring manager needs.
  • Surfaces opportunities employees might not have found or considered.
  • Provides a match explanation (”Your work on the data pipeline migration maps directly to this team’s real-time analytics build”).
  • Respects confidentiality so managers are not notified unless the employee applies.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Policy (confidentiality rules), HRIS API, ATS API (Greenhouse/Lever), Bedrock Knowledge Bases (job postings + employee profiles)

You need this if: Internal mobility is below 15%, employees leave for roles they could have found internally, and your job board gets low engagement because listings read like external postings.

#039 - Performance Review Preparation Agent

Pattern: New build

Platform: AgentCore

Complexity: Strategic Bet

Reference Architecture: D

What the agent does:

  • Helps managers prepare for performance reviews by compiling an employee’s contributions over the review period.
  • Pulls data from project management tools (Jira tickets completed, PRs merged, epics delivered), peer feedback, 1:1 notes, goal tracking systems, and prior review history.
  • Generates a structured draft highlighting key accomplishments, growth areas, and evidence for each.
  • Does not write the evaluation - it assembles the evidence so the manager spends time on assessment quality instead of data gathering.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Policy (data access controls), Jira API, GitHub API, HRIS API, 15Five/Lattice API

You need this if: Your managers spend 3+ hours per direct report gathering data for reviews, and review quality suffers because managers rely on recency bias instead of full-period evidence.

#040 - Compensation Benchmarking Agent

Pattern: New build

Platform: Both (AgentCore backend + Quick analytics)

Complexity: Foundation Build

Reference Architecture: D + E

What the agent does:

  • Helps HR and hiring managers make compensation decisions by pulling from internal pay bands, market survey data, and peer comparisons.
  • Takes a role, level, location, and candidate profile, then generates a recommended offer range with supporting data.
  • Flags when a proposed offer falls outside band or creates internal equity concerns.
  • Quick dashboards show compensation distribution by team, gender pay gap analysis, and market competitiveness by role family.
  • All outputs route through HR approval before reaching the hiring manager.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Policy (data access restrictions), Amazon Quick (QuickSight + Research), HRIS API, compensation survey APIs, Redshift

You need this if: Compensation decisions take a week because they require HR to manually pull market data, check internal equity, and build a justification for every offer.

Engineering and Development

#041 - Code Review Context Agent

Pattern: New build

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Enriches pull requests with context that speeds up code review.
  • When a PR is opened, it analyzes the changes and adds a summary: which services are affected, what architectural patterns changed, whether the change touches a critical path, and links to related PRs and design docs.
  • Flags potential issues: breaking API changes, missing test coverage for modified paths, configuration changes that affect other teams, and dependency updates with known vulnerabilities.
  • Does not approve or block - it surfaces what a reviewer should pay attention to.

AWS services: Bedrock (Claude), AgentCore Runtime, GitHub/GitLab API, Bedrock Knowledge Bases (architecture docs + ADRs), Amazon Q Developer (code review context)

You need this if: Code reviews take 2+ days because reviewers spend most of their time understanding context rather than evaluating the actual change.

#042 - Incident Postmortem Generator

Pattern: New build

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Produces structured postmortem documents from incident data.
  • Pulls the timeline from PagerDuty or Opsgenie, reconstructs the sequence of events from the incident Slack channel, correlates with deployment logs and monitoring data, and generates a draft postmortem following your team’s template.
  • Identifies contributing factors by analyzing what changed before the incident (deploys, config changes, traffic spikes).
  • Pre-populates action items based on patterns from previous incidents.
  • The on-call engineer reviews and refines instead of writing from scratch.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Gateway (PagerDuty/Opsgenie API, Slack API), CloudWatch Logs, S3 (postmortem archive)

You need this if: Postmortems take a week to produce, half of incidents never get a written postmortem, and your team keeps encountering the same failure modes.

#043 - Dependency Risk Assessment Agent

Pattern: New build

Platform: AgentCore

Complexity: Strategic Bet

Reference Architecture: D

What the agent does:

  • Continuously monitors your codebase’s dependency tree for risk signals beyond CVEs.
  • Analyzes maintainer activity (abandoned projects, single-maintainer risk), license compatibility, breaking change frequency in upstream releases, and supply chain indicators (typosquatting packages, unexpected maintainer changes).
  • When a dependency update is available, provides a risk assessment: what changed, what might break, and whether similar codebases have reported issues.
  • Prioritizes updates based on actual exposure, not just severity scores.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Gateway (GitHub API, package registry APIs), Amazon Inspector (vulnerability scanning + SCA), Amazon Q Developer (code-level risk context), EventBridge (scheduled scans)

You need this if: Your dependency updates are either ignored for months (creating security debt) or applied blindly (causing unexpected breakages), and Dependabot alerts alone do not give you enough context to prioritize.

#044 - On-Call Handoff Agent

Pattern: New build

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Generates end-of-rotation handoff briefs for on-call engineers.
  • Compiles all incidents from the rotation (alerts fired, pages received, resolutions applied), ongoing issues that need monitoring, recent deployments that might cause problems, and upcoming changes the next on-call should watch.
  • Pulls from PagerDuty, Slack incident channels, deployment logs, and the change calendar.
  • The outgoing on-call reviews and annotates the brief before it goes to the incoming engineer.

AWS services: Bedrock (Claude), AgentCore Runtime, PagerDuty API, Slack API, deployment pipeline API, SES (handoff delivery)

You need this if: On-call handoffs happen verbally (or not at all), incoming engineers start blind, and the first hour of every rotation is spent asking “what happened this week?”

#045 - Architecture Decision Record Agent

Pattern: New build

Platform: AgentCore

Complexity: Strategic Bet

Reference Architecture: D

What the agent does:

  • Facilitates the creation of Architecture Decision Records from design discussions.
  • Monitors designated Slack channels and meeting transcripts for architectural debates.
  • When it detects a decision being made, it drafts an ADR: context, decision, alternatives considered, consequences, and status.
  • Tags the relevant teams and stakeholders for review.
  • Maintains a searchable index of all ADRs linked to the services they affect.
  • When someone proposes a change that conflicts with an existing ADR, the agent surfaces the relevant record and asks whether this is an intentional reversal.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Memory, Slack API, Amazon Transcribe, Bedrock Knowledge Bases (ADR corpus), S3

You need this if: Your team makes architectural decisions in Slack threads that nobody can find three months later, and new engineers re-propose approaches that were already evaluated and rejected.

Finance and Procurement

#046 - Expense Report Processing Agent

Pattern: Migration from RPA

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Processes expense reports by extracting data from uploaded receipts using Amazon Textract, matching expenses against the company’s travel and expense policy, flagging out-of-policy items with specific policy references, and routing compliant reports for manager approval.
  • Handles currency conversion for international expenses, per diem calculations by city, and mileage reimbursement.
  • Auto-categorizes expenses for GL coding.
  • Reports with flagged items go to the submitter for correction before reaching the approval queue.

AWS services: Bedrock (Nova), AgentCore Runtime, Amazon Textract, AgentCore Policy (expense rules), expense management API (Concur/Expensify), DynamoDB

You need this if: Your finance team manually reviews expense reports for policy compliance, processing takes 5+ business days, and 30% of submissions require back-and-forth corrections.

#047 - Procurement Request Agent

Pattern: Migration from RPA

Platform: AgentCore

Complexity: Strategic Bet

Reference Architecture: D

What the agent does:

  • Guides employees through procurement requests conversationally.
  • Collects requirements (what they need, why, budget, timeline), checks whether an existing contract covers the request, identifies the correct approval chain based on amount and category, and generates a purchase requisition.
  • For software purchases, checks the approved vendor list and existing license inventory to avoid redundant buying.
  • Handles the approval workflow: routes to the right approvers, sends reminders, escalates stalled approvals, and notifies the requester at each stage.

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Policy (approval rules + spend limits), ERP API (SAP/Oracle/NetSuite), contract management API, SES (notifications)

You need this if: Employees avoid the procurement process because it requires filling out forms they do not understand, and your procurement team spends hours routing requests to the right approvers.

#048 - Budget Tracking and Forecast Agent

Pattern: New build Platform: Both (AgentCore backend + Quick dashboards) Complexity: Strategic Bet

Reference Architecture: D + E

What the agent does:

  • Monitors department budgets against actuals in real-time.
  • Pulls spend data from the ERP, cloud billing (AWS Cost Explorer), and SaaS management platforms. Alerts budget owners when spending trends suggest they will exceed budget before quarter end.
  • Generates variance explanations by analyzing which line items are over or under plan.
  • Quick dashboards let managers drill into spend by category, vendor, and project.
  • Produces monthly budget summaries and forecast adjustments automatically.

AWS services: Bedrock (Claude), AgentCore Runtime, Amazon Quick (QuickSight + Flows), AWS Cost Explorer API, ERP API, Redshift, EventBridge (alerting triggers), SNS

You need this if: Budget reviews happen monthly from stale spreadsheets, overspend is discovered after the fact, and finance produces variance reports manually.

Meetings and Communication

#049 - Meeting Summarization and Action Tracker

Pattern: New build

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Joins meetings (via Amazon Chime SDK or calendar integration), transcribes the discussion, and produces a structured summary within minutes of the meeting ending.
  • Identifies decisions made, action items with owners and due dates, open questions, and topics deferred.
  • Posts the summary to the relevant Slack channel or project management tool.
  • Tracks action items across meetings and flags overdue items in the next meeting’s pre-brief.
  • Distinguishes between informational discussion and actionable outcomes.

AWS services: Bedrock (Claude), AgentCore Runtime, Amazon Transcribe, Amazon Chime SDK (the SDK remains supported independently of the Chime service), Slack API, Jira API (action item creation), S3 (transcript archive)

You need this if: Action items from meetings disappear into notes nobody reads, decisions get relitigated because they were not recorded, and your team spends 5+ hours per week in meetings without clear outcomes.

#050 - Status Report Generator

Pattern: New build

Platform: AgentCore

Complexity: Quick Win

Reference Architecture: D

What the agent does:

  • Compiles weekly or biweekly status reports by pulling from the systems where work actually happens.
  • Aggregates Jira ticket progress, GitHub PR activity, deployment history, incident reports, and OKR tracking data.
  • Produces a structured update for each team: what shipped, what is in progress, what is blocked, and key metrics.
  • Managers review and edit instead of writing from scratch.
  • Adapts format and detail level based on the audience (team standup vs executive briefing vs cross-functional update).

AWS services: Bedrock (Claude), AgentCore Runtime, AgentCore Gateway (Jira, GitHub, OKR platform APIs), S3 (report archive), SES (distribution)

You need this if: Your managers spend 2+ hours per week writing status reports by manually checking Jira, GitHub, and Slack, and the reports are outdated by the time they are sent.

What These 25 Patterns Reveal

Different dynamics emerge when agents face inward instead of outward.

Knowledge retrieval dominates the Quick Win category.

Most of them involve finding, synthesizing, or delivering information that already exists somewhere in the organization.

The hardest part of internal AI agents is not the reasoning - it is the integration with fragmented knowledge sources behind SSO, document-level permissions, and inconsistent APIs.

Amazon Q Business absorbs a significant chunk of this complexity out of the box with native connectors and built-in ACLs, which is why it appears as the default for pure retrieval patterns.

Bedrock Knowledge Bases fills in when you need a custom RAG pipeline or when Q Business lacks a connector for your source.

Permission models are the real engineering challenge.

Customer-facing agents from Edition 1 mostly deal with one customer’s data at a time.

Internal agents cross organizational boundaries constantly.

An HR agent that can see compensation data, a finance agent that reads budget forecasts, an engineering agent that accesses production logs - each needs fine-grained access controls scoped to the requester’s role.

AgentCore Identity handles IdP integration for SSO. AgentCore Policy adds rule-based access scoping - verify maturity for your target region before production rollout.

For retrieval-only patterns, Q Business’s ACL engine is the more battle-tested option today.

RPA migrations have the clearest ROI.

Expense processing, access provisioning, procurement workflows - these agents replace brittle RPA scripts that break when a UI changes.

The agentic version handles exceptions, asks clarifying questions, and adapts to edge cases instead of failing silently.

Multi-agent architectures appear less often internally (see how we did not reference architecture F).

Internal users tolerate slightly longer response times and are better at framing specific questions, which means a single well-tooled agent handles most internal scenarios effectively.

Quick fills the analytics gap. Some patterns use Quick for dashboarding and self-service analysis.

Internal teams need visibility into operational data more than they need conversational agents.

QuickSight and Quick Research provide that without custom development.

Where the Leverage Actually Is

Most of the patterns in this edition run on a single agent with tool access. That’s not a limitation of the framework, it reflects how internal work actually breaks down. Employees ask specific questions, need specific actions, and want specific answers. The architectural complexity lives in the permission model and the integration layer, not in multi-agent orchestration.

The engineer from the opening spent 40 minutes finding a rate-limiting policy. Pattern #026 solves that with Q Business, native connectors, and document-level ACLs she never has to think about.

No custom orchestration.

No agent memory.

No specialist routing.

The right document, surfaced to someone authorized to see it, in seconds. Start there.

Add AgentCore when the workflow needs to take action, not just answer questions. Add Quick when teams need dashboards, not conversations.

Every pattern in this edition follows that same decision sequence: retrieval first, action second, analytics where the data justifies it.

What Comes Next

Three more editions:

  • Edition 3 - Workflow automation and process agents (internal operations, no direct user interaction)
  • Edition 4 - Data and analytics agents (self-service BI)
  • Edition 5 - Compliance, security, and governance agents (high-stakes environments)

If you are building internal productivity agents, start with #026 (Enterprise Knowledge Search) or #031 (IT Help Desk).

Enterprise Knowledge Search deploys fast on Q Business with minimal custom code.

IT Help Desk needs AgentCore for the action layer but has the clearest success metrics.

Both solve a pain point every employee recognizes on day one.

I publish every week at buildwithaws.substack.com. Subscribe. It's free.

Top comments (0)