DEV Community: Sergio Esteban The latest articles on DEV Community by Sergio Esteban (@sergioestebance). https://dev.to/sergioestebance https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3483835%2Fe24cf772-dbe2-4dc1-88f0-7075fbe1cc68.png DEV Community: Sergio Esteban https://dev.to/sergioestebance en Launching your personal assistant Sergio Esteban Tue, 16 Dec 2025 07:49:36 +0000 https://dev.to/sergioestebance/launching-your-personal-assistant-2blp https://dev.to/sergioestebance/launching-your-personal-assistant-2blp <h3> <strong>Introduction</strong> </h3> <p>In this post, we will extend the implementation of an AI Agent. This time, we have improved the agent’s accessibility and its capacity to use different tools for a specific context.</p> <h3> <strong>TLDRS</strong> </h3> <p>All code used in this article is available in the <a href="https://github.com/warike/expo-lambda-s3-gemini" rel="noopener noreferrer">repository</a>.</p> <h3> <strong>Context</strong> </h3> <p>In addition to using AWS serverless services in the context of rapid experimentation, we have included the agent’s capacity to generate responses based on a certain predefined set of tools and the ability to operate using Gemini as a provider.</p> <h3> <strong>What’s the objective?</strong> </h3> <p>We want to obtain information in different formats through tools and then present it to the client within a mobile application.</p> <h3> <strong>Why mobile?</strong> </h3> <p>Greatest benefits of AI are when the technology is accessible on the devices you frequently carry.</p> <p>I definitely don’t carry a laptop everywhere, do you?</p> <p>Below is a high-level diagram representing what you want to achieve.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb8n8tg6n4h56klts1qpb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb8n8tg6n4h56klts1qpb.png" alt="high level diagram of information flow" width="700" height="123"></a></p> <p>While there are no significant changes to the architecture, you will see the necessary considerations in how we handle responses from our Lambda.</p> <p>Let’s move ahead.</p> <h2> <strong>Scope</strong> </h2> <p>We will use the <a href="https://support.davisinstruments.com/article/y4cq28mflh-vantage-pro2-console-user-manual" rel="noopener noreferrer">Davis Instruments console manuals</a> as data sources, and we will build a private Chatbot for iPhone that will answers from these manuals, as well as displaying data from the stations.</p> <h3> <strong>Functional requirements</strong> </h3> <ul> <li>The system should allow you to consult and receive information related to Vantage Pro2 equipment, such as setup questions and/or requests for data from the weather stations.</li> <li>This interaction must be in natural language.</li> <li>The system should allow sending messages and receiving a response in real time as it is generated.</li> </ul> <h3> <strong>Non-Functional requirements</strong> </h3> <p>As usual, you can rely on serverless capabilities and add a few additional characteristics.</p> <ul> <li>The system that provides data supports to the app should be highly available.</li> <li>The system should scale automatically to handle variable traffic patterns.</li> <li>The system should remain secure with domain-level access control and encrypted traffic.</li> </ul> <p>The following is a high level diagram of the architecture.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F21b0pcigxtirnhm60e2k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F21b0pcigxtirnhm60e2k.png" alt="High level diagram of the architecture." width="700" height="283"></a></p> <h3> <strong>Out of scope</strong> </h3> <p>We will omit the feature of being able to request actual data from the <a href="http://weatherlink.com/" rel="noopener noreferrer">WeatherLink API</a>.</p> <p>However, you can find a <a href="https://github.com/warike/showcase/tree/main/projects/06-davis-mcp-express" rel="noopener noreferrer">project of mine</a> that enables an integration using AI and MCP.</p> <p><strong>It is also worth mentioning that the fact that this implementation is possible does not mean this is the ideal way to expose an API.</strong></p> <p>With that out of the way, let’s move on.</p> <h3> <strong>Cost breakdown</strong> </h3> <p>Considering a volume of 1,000 requests per month, which for our use case is very generous, we are running our solution with the following components.</p> <h3> <strong>Google AI API Calls</strong> </h3> <p>We will use Gemini 2.5 Flash for language inference and text-embedding-004 for embeddings.</p> <ul> <li>gemini-2.5-flash input (500k tokens x $0.30/M) plus output (500k tokens x $2.50/M) = $0.15 + $1.25</li> <li>text-embedding-004 (500k tokens x $0.10/M) = $0.05</li> </ul> <p>This gives us an approximate total of $1.45 USD per month.</p> <h3> <strong>AWS Lambda</strong> </h3> <p>We will configure a function with 1024 MB and a 60 second timeout. AWS provides 1M free requests and 400,000 GB-seconds monthly, which covers typical usage.</p> <p>This results in $0.00 USD per month (within free tier).</p> <h3> <strong>CloudFront</strong> </h3> <p>We will use PriceClass_100 (US and Europe) assuming moderate traffic of 5 GB data transfer and 50,000 HTTPS requests.</p> <ul> <li>Data transfer: 5 GB x $0.085/GB = $0.43</li> <li>HTTPS requests: 50,000 x $0.01/10,000 = $0.05</li> </ul> <p>This results in about $0.48 USD per month.</p> <h3> <strong>S3 Storage</strong> </h3> <p>For storing static assets and application data, estimating 2 GB of storage with 100,000 GET requests.</p> <ul> <li>Storage: 2 GB x $0.023/GB = $0.05</li> <li>GET requests: 100,000 x $0.0004/1,000 = $0.04</li> </ul> <p>This results in about $0.09 USD per month.</p> <h3> <strong>Container Registry (AWS ECR)</strong> </h3> <p>For storing 3 images of 400 MB each (1.2 GB total). Billable storage after 500 MB Free Tier is 0.7 GB.</p> <ul> <li>0.7 GB x $0.10/GB = $0.07</li> </ul> <p>This results in about $0.07 USD per month.</p> <h3> <strong>Route 53</strong> </h3> <p>We will use a hosted zone ($0.50/month) and include a standard .com domain registration fee ($13.00/year or $1.08/month).</p> <h2> Get warike-technologies’s stories in your inbox </h2> <p>Join Medium for free to get updates from this writer.</p> <p>Subscribe</p> <p>This results in about $1.58 USD per month.</p> <h3> <strong>CloudWatch</strong> </h3> <p>For logging with seven-day retention, estimating minimal volume (0.2 GB ingestion).</p> <ul> <li>Log Ingestion: 0.2 GB x $0.50/GB = $0.10</li> </ul> <p>This results in about $0.10 USD per month.</p> <h3> <strong>Apple Developer Account</strong> </h3> <p>The Apple Developer Program membership is $99 USD per year. This is a fixed annual fee required to publish apps on the App Store.</p> <ul> <li>Annual Cost: $99.00 / 12 months = $8.25</li> </ul> <p>This results in a monthly allocation of $8.25 USD per month.</p> <h3> <strong>Total Monthly Cost</strong> </h3> <p>This brings us to a total of approximately $12.02 USD per month.</p> <h2> <strong>Implementation</strong> </h2> <p>Let’s start from the App and we can progress towards to the infrastructure</p> <h3> <strong>Mobile App</strong> </h3> <p>For the technical implementation of a mobile application, I will suggest using the <a href="https://galaxies.dev/dashboard" rel="noopener noreferrer">Galaxies Dev</a> <a href="https://github.com/Galaxies-dev/chatgpt-clone-react-native" rel="noopener noreferrer">repository</a>. Big shout out for his work.</p> <p>Given that the <a href="https://www.youtube.com/watch?v=8ztx68SUOQo" rel="noopener noreferrer">video</a> explains how to build the application from scratch, we will highlight the changes we have included on our part.</p> <p>The first thing to consider is that the application will use the following dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import { useChat } from '@ai-sdk/react'; import { DefaultChatTransport } from "ai"; </code></pre> </div> <p>The important parts from the implementation at this point are the following:</p> <ul> <li>We need to sign POST Requests as it is mentioned in the <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-lambda.html" rel="noopener noreferrer">documentation</a>.</li> <li>We need to add Clerk token into our Resquest Headers. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const transport = useMemo(() =&gt; new DefaultChatTransport({ fetch: async (url, options) =&gt; { if (options?.method === 'POST' &amp;&amp; options.body &amp;&amp; typeof options.body === 'string') { const hash = await Crypto.digestStringAsync( Crypto.CryptoDigestAlgorithm.SHA256, options.body ); options.headers = { ...options.headers, 'x-amz-content-sha256': hash, }; } return expoFetch(url as string, options as any); }, credentials: 'include', api: generateAPIUrl("/api/chat"), headers: async () =&gt; { const token = await getTokenRef.current(); return { "Authorization": token ? `Bearer ${token}` : '', "X-Clerk-Token": token || '', }; }, }), []); ... const { messages, stop, sendMessage, status, setMessages } = useChat({ transport: transport, onFinish: async ({ message }) =&gt; { scrollViewRef.current?.scrollToEnd({ animated: true }); // Save assistant message to database const currentChatId = chatIdRef.current; if (currentChatId &amp;&amp; message) { const chatIdNum = parseInt(currentChatId); if (isNaN(chatIdNum)) return; // Filter out tool invocations and empty parts const validParts = filterPartsForDB(message.parts); // Only save if there's actual text content if (validParts.length === 0) return; try { await addMessage(db, chatIdNum, { parts: validParts, role: Role.Assistant, }); } catch { // Fail silently } } }, onError: (err) =&gt; { console.error('Chat error:', err); }, }); </code></pre> </div> <p>And later, to display the messages from the API, we will assume that certain messages include the tools within the payload.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>type ChatMessageProps = { message: UIMessage; isLoading?: boolean; status?: ChatStatus; }; const ChatMessage = ({ message, isLoading, status }: ChatMessageProps) =&gt; { const { user } = useUser(); const { role, id, parts } = message; const isUser = role === Role.User; const isAssistant = role === Role.Assistant; // Check if this is a streaming message with no content yet const hasTextContent = parts?.some( (part) =&gt; part.type === 'text' &amp;&amp; part.text &amp;&amp; part.text.trim().length &gt; 0 ); // Check if we have a data tool response to avoid duplicate rendering const hasTools = parts?.some( // @ts-ignore (part) =&gt; part.type === 'tool-dataTool' || part.type === 'tool-weatherTool' || part.type === 'tool-gddTool' ); // Show loader for assistant messages that are empty and we're streaming const showLoader = isLoading || (isAssistant &amp;&amp; !hasTextContent &amp;&amp; !hasTools &amp;&amp; status === 'streaming'); // Don't render empty user messages if (isUser &amp;&amp; !hasTextContent) { return null; } return ( &lt;View style={[styles.row, isUser &amp;&amp; { flexDirection: 'row-reverse' }]}&gt; &lt;View style={[styles.item, { backgroundColor: '#fff', paddingTop: 5 }]}&gt; &lt;Image source={ isUser ? { uri: user?.imageUrl || 'https://placehold.co/250x250?text=U' } : require('@/assets/images/logo-white.png') } style={styles.avatar} /&gt; &lt;/View&gt; &lt;View style={[styles.text, { flex: 1, paddingBottom: 10 }, isUser &amp;&amp; styles.userMessageBubble]}&gt; {showLoader ? ( &lt;LottieLoader /&gt; ) : ( parts?.map((part, i) =&gt; { switch (part.type) { case 'text': if (!part.text || part.text.trim().length === 0) { return null; } return &lt;CustomMarkdown key={`${id}-${i}`} content={part.text} /&gt;; case 'dynamic-tool': return &lt;LottieLoader key={`${id}-${i}`} /&gt;; case 'tool-weatherTool': const weatherOutput = part.output as WeatherDataProps; if (weatherOutput) { const { temperature, unit, description, forecast } = weatherOutput; return &lt;MessageData key={`${id}-${i}`} temperature={temperature} unit={unit} description={description} forecast={forecast} /&gt;; } return &lt;LottieLoader key={`${id}-${i}`} /&gt;; case 'tool-dataTool': const soilOutput = part.output as SoilChartProps; if (soilOutput) { const { labels, datasets, legend } = soilOutput; return &lt;MessageChart key={`${id}-${i}`} labels={labels} datasets={datasets} legend={legend} /&gt;; } return &lt;LottieLoader key={`${id}-${i}`} /&gt;; case 'tool-gddTool': const gddOutput = part.output as GDDDataProps; if (gddOutput) { const { labels, datasets } = gddOutput; return &lt;MessageGDD key={`${id}-${i}`} labels={labels} datasets={datasets} /&gt;; } return &lt;LottieLoader key={`${id}-${i}`} /&gt;; default: return null; } }) )} &lt;/View&gt; &lt;/View&gt; ); }; </code></pre> </div> <p>Having all that, most of the application should be operating. We can proceed to build the application so that it responds to your requests.</p> <h3> <strong>Implementing Mastra in Lambda</strong> </h3> <p>The first step would be to create a simple flow in Lambda where you must validate the request’s credentials, then check the path, and finally generate the response from the messages.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>export const handler = awslambda.streamifyResponse&lt;APIGatewayProxyEventV2&gt;( async (event: APIGatewayProxyEventV2, responseStream: awslambda.HttpResponseStream) =&gt; { responseStream.setContentType('text/plain; charset=utf-8'); if (!await checkAccess(event)) { responseStream.write('Unauthorized'); responseStream.end(); return; }; if (event.rawPath !== '/api/chat') { const httpResponseMetadata = { statusCode: 404, statusMessage: "Not Found", headers: {}, }; responseStream = awslambda.HttpResponseStream.from(responseStream, httpResponseMetadata); responseStream.write('Not Found'); responseStream.end(); return; } try { const httpResponseMetadata = { statusCode: 200, statusMessage: "OK", headers: {}, }; responseStream = awslambda.HttpResponseStream.from(responseStream, httpResponseMetadata); // Parse request body if (event.body) { const body = JSON.parse(event.body); const { messages } = body; await runAgent(messages, responseStream); } } catch (error) { console.error(`Error in handler:`); console.error(error); } finally { responseStream.end(); } } ); </code></pre> </div> <h3> <strong>Clerk authentication</strong> </h3> <p>The validation that the user is valid is quite simple through Clerk. You simply verify the token sent from the app, and Clerk takes care of the rest.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import type { APIGatewayProxyEventV2 } from "aws-lambda"; import { verifyToken } from '@clerk/backend'; import { env } from './env.js'; export const checkAccess = async (event: APIGatewayProxyEventV2): Promise&lt;boolean&gt; =&gt; { try { const headers = event.headers || {}; const authHeader = headers['x-clerk-token'] ?? headers['authorization'] ?? headers['Authorization']; const token = authHeader?.replace(/^Bearer\s+/i, ''); if (!token) { return false; } await verifyToken(token, { secretKey: env.CLERK_SECRET_KEY, }); return true; } catch (error) { return false; } } </code></pre> </div> <p>All secrets and configuration variables are available on the Clerk dashboard.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl5jyj3cj5d5rz4gquxkc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl5jyj3cj5d5rz4gquxkc.png" alt="Clerk’s Dashboard" width="700" height="257"></a></p> <h3> <strong>Mastra</strong> </h3> <p>Our implementation <strong>cannot use the native functions of ai-sdk or Mastra</strong>. We must use the pipelines function in NodeJS to pipe the response to the stream of our Lambda function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import { mastra } from './app.js'; import { UIMessage, stepCountIs } from 'ai'; import { pipeline } from 'node:stream/promises'; export const runAgent = async (messages: UIMessage[], responseStream: awslambda.HttpResponseStream) =&gt; { const agent = mastra.getAgent("basic"); const result = await agent.stream(messages, { stopWhen: stepCountIs(5), modelSettings: { temperature: 0.0, topK: 3, }, }); const sseResponse = result.aisdk.v5.toUIMessageStreamResponse({ sendReasoning: false }); await pipeline(sseResponse.body!, responseStream); } </code></pre> </div> <p>Also, we must consider creating the agent and its tools. I am going to reuse S3 functionalities and use static functions that represent the data functionalities.</p> <p>Feel free to implementing them yourself, or DM me for more specifics.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// agents.ts import { Agent } from '@mastra/core/agent'; import { rag_system_prompt } from './prompt.js'; import { languageModel } from './model.js'; import { queryTool, weatherTool, gddTool, dataTool } from './tools.js'; export const basicAgent = new Agent({ id: "basic", name: "basic", instructions: [ { role: "system", content: rag_system_prompt }, ], model: languageModel, tools: { queryTool, weatherTool, gddTool, dataTool, }, }); // tools.ts import { MastraLanguageModel } from '@mastra/core/memory'; import { createVectorQueryTool } from '@mastra/rag'; import { createTool } from "@mastra/core/tools"; import { embeddingModel, languageModel } from './model.js'; import { S3VectorsStoreName } from './vector.js'; import { env } from '../env.js'; import { z } from 'zod'; export const queryTool = createVectorQueryTool({ id: 'tool_knowledgebase_s3vectors', description: 'Use it to search for relevant documentation about Vantage Pro 2', vectorStoreName: S3VectorsStoreName, indexName: env.AWS_S3_VECTORS_INDEX_NAME, includeVectors: false, model: embeddingModel, reranker: { model: languageModel as unknown as MastraLanguageModel, options: { topK: 3, }, }, }); export const weatherTool = createTool({ id: "weather-tool", description: "Fetches temperature from weather stations for a location", inputSchema: z.object({ stationId: z.string(), }), outputSchema: z.object({ temperature: z.string(), unit: z.string(), description: z.string(), forecast: z.array(z.string()), }), execute: async (inputData) =&gt; { return { temperature: "10", unit: "C", description: "Sunny", forecast: ["10", "11", "15", "10", "4"], }; }, }); export const dataTool = createTool({ id: "data-tool", description: "Fetches soil moisture data from weather stations for a location", inputSchema: z.object({ stationId: z.string(), }), outputSchema: z.object({ labels: z.array(z.string()), legend: z.array(z.string()).optional(), datasets: z.array(z.object({ data: z.array(z.number()), color: z.string().optional(), strokeWidth: z.number().optional(), withDots: z.boolean().optional() })) }), execute: async (inputData) =&gt; { return { labels: ["08-12", "09-12", "10-12", "11-12", "12-12"], legend: ["20cm", "50cm", "75cm"], datasets: [ { data: [80, 78, 108, 90, 85, 80], color: "rgba(80, 119, 29, 1)", strokeWidth: 2 }, { data: [92, 91, 91, 91, 92, 91], color: "rgba(120, 160, 250, 1)", strokeWidth: 2 }, { data: [101, 101, 102, 102, 101, 101], color: "rgba(250, 200, 50, 1)", strokeWidth: 2 }, { data: [160], withDots: false, color: "transparent", strokeWidth: 0 }, { data: [0], withDots: false, color: "transparent", strokeWidth: 0 } ] }; }, }); export const gddTool = createTool({ id: "gdd-tool", description: "Fetches GDD data from weather stations for a location", inputSchema: z.object({ stationId: z.string(), }), outputSchema: z.object({ labels: z.array(z.string()), datasets: z.array(z.object({ data: z.array(z.number()) })) }), execute: async (inputData) =&gt; { return { labels: ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"], datasets: [ { data: [5.64, 15, 7.64, 1, 8, 6.1, 10] } ] }; }, }); </code></pre> </div> <p>Let’s move ahead to define the infrastructure.</p> <h2> <strong>Infrastructure</strong> </h2> <p>The infrastructure doesn’t change that much from previous implementation.</p> <h3> <strong>Lambda definition</strong> </h3> <p>It is important to be able to map the corresponding variables.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>locals { lambda_chat = { name = "chat-${basename(path.cwd)}" image = "${aws_ecr_repository.warike_development_ecr.repository_url}:chat-v1.0" description = "Lambda chat function for ${local.project_name}" memory_size = 1024 timeout = 60 env_vars = { GOOGLE_GENERATIVE_AI_API_KEY = var.google_generative_ai_api_key GOOGLE_LANGUAGE_MODEL = var.google_language_model GOOGLE_EMBEDDING_MODEL = var.google_model_embedding AWS_S3_VECTORS_BUCKET_NAME = var.vector_bucket_name AWS_S3_VECTORS_INDEX_NAME = var.vector_bucket_index_name LANGWATCH_API_KEY = var.langwatch_api_key CLERK_SECRET_KEY = var.clerk_secret_key NODE_OPTIONS = "--enable-source-maps --stack-trace-limit=1000" NODE_ENV = "production" } } } ## Lambda Chat module "warike_development_lambda_chat" { source = "terraform-aws-modules/lambda/aws" version = "~&gt; 8.1.2" ## Configuration function_name = local.lambda_chat.name description = local.lambda_chat.description memory_size = local.lambda_chat.memory_size timeout = local.lambda_chat.timeout ## Package create_package = false package_type = "Image" image_uri = local.lambda_chat.image environment_variables = merge( local.lambda_chat.env_vars, {} ) create_current_version_allowed_triggers = false ## Permissions create_role = false lambda_role = aws_iam_role.warike_development_lambda_chat_role.arn ## Logging use_existing_cloudwatch_log_group = true logging_log_group = aws_cloudwatch_log_group.warike_development_lambda_chat_logs.name logging_log_format = "JSON" logging_application_log_level = "INFO" logging_system_log_level = "WARN" ## Response Streaming invoke_mode = "RESPONSE_STREAM" ## Lambda Function URL for testing create_lambda_function_url = true authorization_type = "AWS_IAM" cors = { allow_credentials = true allow_origins = ["*"] allow_methods = ["*"] allow_headers = ["*"] expose_headers = ["*"] max_age = 86400 } tags = merge(local.tags, { Name = local.lambda_chat.name }) depends_on = [ aws_cloudwatch_log_group.warike_development_lambda_chat_logs, aws_ecr_repository.warike_development_ecr, null_resource.warike_development_build_image_seed ] } </code></pre> </div> <h3> <strong>Cloudfront</strong> </h3> <p>It is important to be able to map the corresponding domain names that you have chosen to use.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>locals { cloudfront_oac_lambda_function_url = "chat_lambda_function_url" zone_name = var.zone_name app_domain_name = var.app_domain_name } module "warike_development_cloudfront" { source = "terraform-aws-modules/cloudfront/aws" version = "5.0.1" ## Configuration enabled = true price_class = "PriceClass_100" retain_on_delete = false wait_for_deployment = true is_ipv6_enabled = true create_monitoring_subscription = true ## Extra CNAMEs aliases = [local.app_domain_name] comment = "Chat CloudFront Distribution" ## Origin access control create_origin_access_control = true origin_access_control = { "chat_lambda_function_url" = { description = "CloudFront access to Lambda Function URL" origin_type = "lambda" signing_behavior = "always" signing_protocol = "sigv4" } } origin = { "chat_lambda_function_url" = { domain_name = trimsuffix(replace(module.warike_development_lambda_chat.lambda_function_url, "https://", ""), "/") origin_access_control = local.cloudfront_oac_lambda_function_url custom_origin_config = { http_port = 80 https_port = 443 origin_protocol_policy = "match-viewer" origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"] } } } default_cache_behavior = { target_origin_id = local.cloudfront_oac_lambda_function_url viewer_protocol_policy = "redirect-to-https" allowed_methods = ["HEAD", "DELETE", "POST", "GET", "OPTIONS", "PUT", "PATCH"] cached_methods = ["GET", "HEAD", "OPTIONS"] ## Cache policy disabled cache_policy_id = "4135ea2d-6df8-44a3-9df3-4b5a84be39ad" origin_request_policy_id = "b689b0a8-53d0-40ab-baf2-68738e2966ac" ## Forwarded values disabled use_forwarded_values = false ## TTL settings min_ttl = 0 default_ttl = 0 max_ttl = 0 compress = true } viewer_certificate = { acm_certificate_arn = module.warike_development_acm.acm_certificate_arn ssl_support_method = "sni-only" } tags = merge(local.tags, { Name = local.cloudfront_oac_lambda_function_url }) depends_on = [ module.warike_development_acm, module.warike_development_lambda_chat, ] } </code></pre> </div> <h2> <strong>Testing &amp; Observability</strong> </h2> <p>As the implementation was getting ready, We need to way to understand if the tools are being used correctly.</p> <h3> <strong>Running tests for the Lambda functionality.</strong> </h3> <p>The implementation of the tests for the Lambda logic is quite straightforward.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PASS src/__tests__/mastra/app.spec.ts PASS src/__tests__/mastra/agent.spec.ts PASS src/__tests__/mastra/tool.spec.ts PASS src/__tests__/auth.spec.ts PASS src/__tests__/mastra/prompt.spec.ts Test Suites: 5 passed, 5 total Tests: 10 passed, 10 total Snapshots: 0 total Time: 3.628 s, estimated 4 s Ran all test suites. Watch Usage: Press w to show more. </code></pre> </div> <p>However, what we ideally want to know is whether the agent will behave according to the prompt we have defined.</p> <h3> <strong>LangWatch</strong> </h3> <p>Here is where I will use the <a href="https://scenario.langwatch.ai/" rel="noopener noreferrer">LangWatch scenarios</a> tool. It helps to test out my AI agent by integrating quite easily on Mastra.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import { type AgentAdapter, AgentRole, AgentReturnTypes } from "@langwatch/scenario"; import { mastra } from "../mastra/app.js"; export const basicAgent: AgentAdapter = { role: AgentRole.AGENT, call: async (input) =&gt; { const basic = mastra.getAgent("basic"); const result = await basic.generate(input.messages); return result.response.messages as unknown as AgentReturnTypes; }, }; </code></pre> </div> <p>Next, the tests for the agent’s behavior are defined.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import scenario from "@langwatch/scenario"; import { describe, it, expect } from "vitest"; import { basicAgent } from "./agent-adapter.spec"; describe("Weather Station RAG Agent", () =&gt; { it("should provide accurate calibration instructions", async () =&gt; { const result = await scenario.run({ name: "barometric pressure calibration request", description: `The user needs help calibrating their Vantage Pro2 weather station's barometric pressure sensor.`, agents: [ basicAgent, scenario.userSimulatorAgent(), scenario.judgeAgent({ criteria: [ "Agent should provide calibration steps directly without asking follow-up questions", "Response should include step-by-step instructions", "Response should cite the Vantage Pro2 Operations Manual as source", "Response should use telegraphic style (imperative verbs, minimal articles)", "Agent should not include greetings or filler text", "Instructions should mention setting correct elevation first", ], }), ], script: [ scenario.user("How do I calibrate pressure?"), scenario.agent(), scenario.judge(), ], }); expect(result.success).toBe(true); }, 30_000); it("should use weatherTool for temperature and humidity requests", async () =&gt; { const result = await scenario.run({ name: "current weather data request", description: `The user wants current temperature and humidity readings.`, agents: [ basicAgent, scenario.userSimulatorAgent(), scenario.judgeAgent({ criteria: [ "Agent should use the weatherTool to fetch current weather data", "Agent should respond with 'Here's the weather data that you requested'", "Agent should not ask follow-up questions", ], }), ], script: [ scenario.user("What's the current temperature and humidity?"), scenario.agent(), scenario.user("Station ID is TEST123009"), scenario.agent(), scenario.judge(), ], }); expect(result.success).toBe(true); }, 30_000); it("should use dataTool for soil moisture requests", async () =&gt; { const result = await scenario.run({ name: "soil moisture data request", description: `The user wants current soil moisture data from their weather station.`, agents: [ basicAgent, scenario.userSimulatorAgent(), scenario.judgeAgent({ criteria: [ "Agent should request for Station ID", "Agent should use the dataTool to fetch soil moisture data", "Agent should respond with 'Here's the soil moisture data that you requested'", "Agent should not provide additional explanation beyond tool usage", ], }), ], script: [ scenario.user("Show me current soil moisture levels"), scenario.agent(), scenario.user("Station ID is TEST123009"), scenario.agent(), scenario.judge(), ], }); expect(result.success).toBe(true); }, 30_000); it("should use gddTool for growing degree day requests", async () =&gt; { const result = await scenario.run({ name: "gdd data request", description: `The user wants current growing degree day data from their weather station.`, agents: [ basicAgent, scenario.userSimulatorAgent(), scenario.judgeAgent({ criteria: [ "Agent should request for Station ID", "Agent should use the gddTool to fetch growing degree day data", "Agent should respond with 'Here's the growing degree day data that you requested'", "Agent should not provide additional explanation beyond tool usage", ], }), ], script: [ scenario.user("Show me current GDD data"), scenario.agent(), scenario.user("Station ID is TEST123009"), scenario.agent(), scenario.judge(), ], }); expect(result.success).toBe(true); }, 30_000); }); </code></pre> </div> <p>And then I can view the results both in my terminal and on the LangWatch platform.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftag1ade4gavmrtchbiz1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftag1ade4gavmrtchbiz1.png" alt="LangWatch platform" width="700" height="438"></a></p> <p>Additionally, I can configure LangWatch for the observability of my traces.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import { OtelExporter } from "@mastra/otel-exporter"; import { env } from "../env.js"; export const observabilityExporter = new OtelExporter({ provider: { custom: { endpoint: "https://app.langwatch.ai/api/otel/v1/traces", headers: { "Authorization": `Bearer ${env.LANGWATCH_API_KEY}` }, }, }, }) </code></pre> </div> <p>Then you can see the traces in the <a href="https://app.langwatch.ai/" rel="noopener noreferrer">dashboard</a>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyabi7tajtmm7jyw9jef5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyabi7tajtmm7jyw9jef5.png" alt="Tracing details in LangWatch" width="700" height="532"></a></p> <h3> <strong>Human Testing the app</strong> </h3> <p>To test the application, I will use the iPhone simulator.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffc59b4rdx3rjegicx7ea.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffc59b4rdx3rjegicx7ea.png" alt="Sequence of app screenshots." width="700" height="525"></a></p> <p>et voila!</p> <h2> <strong>Conclusions</strong> </h2> <p>This article demonstrates a complete, end-to-end implementation for deploying a powerful, private AI assistant accessible via a mobile application.</p> <p>By combining the accessibility of Expo on the frontend with the robustness of AWS Lambda and S3 on the backend, we created a scalable RAG solution.</p> <p>A core takeaway is the effective orchestration of the AI Agent using Mastra. The agent is configured with multiple tools, including RAG for documentation and specific data fetching functionalities. This tool-calling capability is crucial for delivering diverse and context-specific responses directly to the user.</p> <p>Furthermore, integrating LangWatch proved invaluable for ensuring the agent’s reliability. The use of scenarios for testing agent behavior, especially its tool-use decisions, confirms that the system adheres to the defined prompts and requirements before deployment.</p> <p>This makes a personal assistant a very achievable goal.</p> aws expo mastra rag Launching your RAG system on AWS: CloudFront, Lambda, Bedrock & S3 Vectors Sergio Esteban Mon, 24 Nov 2025 19:05:52 +0000 https://dev.to/sergioestebance/launching-your-rag-system-on-aws-cloudfront-lambda-bedrock-s3-vectors-pk https://dev.to/sergioestebance/launching-your-rag-system-on-aws-cloudfront-lambda-bedrock-s3-vectors-pk <p>A step by step guide with AI SDK, AWS and Terraform</p> <h2> Introduction </h2> <p>In this post I revisit the <a href="https://medium.com/warike/launching-your-ai-agent-on-aws-bedrock-lambda-api-gateway-bd0934f3697b" rel="noopener noreferrer">implementation</a> of an AI Agent, this time adding the ability to return responses tied to a specific context.</p> <h2> TLDRS </h2> <p>All code used in this article is available in the <a href="https://github.com/warike/aws-lambda-cloudfront-stream" rel="noopener noreferrer">repository</a>.</p> <h2> Context </h2> <p>As usual, I rely on Serverless services to launch the experiment quickly. With the new capabilities AWS is rolling out, the agent will stream responses in real time as they are generated.</p> <p>Below is a high level diagram representing the target architecture.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvh0i3dm0mjlz2eask1i0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvh0i3dm0mjlz2eask1i0.png" alt=" " width="800" height="500"></a></p> <h2> Scope </h2> <p>For this project I will implement a RAG system using serverless services.</p> <p>We can outline the following requirements for a low volume of 1000 requests per month.</p> <h3> Functional requirements </h3> <ul> <li>The system should allow sending messages and receiving a response in real time as it is generated.</li> <li>The system should restrict access only through the predefined domain.</li> <li>The system should respond only when the question is related to the previously provided content.</li> </ul> <h3> Non functional requirements </h3> <p>As usual we can rely on serverless capabilities and add a few additional characteristics.</p> <ul> <li>The system should be highly available</li> <li>The system should scale automatically to handle variable traffic patterns</li> <li>The system should remain secure with domain level access control and encrypted traffic</li> </ul> <h2> Out of Scope </h2> <p>This article does not cover data ingestion for the context that the system will use when answering.</p> <p>However, notebooks are available for testing.</p> <p>It is also worth mentioning that being possible does not mean this is the ideal way to expose an Agent.</p> <p>With that out of the way, let’s move on.</p> <h2> Cost breakdown </h2> <p><strong>We are running a serverless RAG application with the following components</strong></p> <p>Considering a volume of 1k requests per month, we can list the following.</p> <h3> Bedrock API Calls </h3> <p>We will use the most cost effective models, Nova Micro and Titan Embed v2, for language inference and embeddings.</p> <ul> <li>Nova Micro input (500K tokens × 0.00035 USD) plus output (500K tokens × 0.0014 USD)</li> <li>Titan Embed v2 (500K tokens × 0.0001 USD) plus vector search operations</li> </ul> <p>This gives us an approximate total of 1.05 USD per month.</p> <h3> AWS Lambda </h3> <p>We will configure a function with 512 MB and a 60 second timeout. This results in roughly 0.20 USD per month.</p> <h3> CloudFront </h3> <p>We will use PriceClass_100 (US and Europe) assuming minimal data transfer and HTTPS requests.</p> <p>This results in about 0.085 USD per month.</p> <h3> Container Registry </h3> <p>For storing the Lambda function image, estimating 1 GB for the Docker image and handling all traffic within the same region.</p> <p>This results in about 0.10 USD per month.</p> <h3> Route53 </h3> <p>We will use a hosted zone regardless of traffic.</p> <p>This results in about 0.50 USD per month.</p> <h3> CloudWatch </h3> <p>For logging with seven day retention.</p> <p>This results in about 0.01 USD per month.</p> <p>This brings us to a total of approximately 1.95 USD per month. This aligns with the low requirements we defined for model responses.</p> <p>Let’s continue.</p> <h2> Implementation </h2> <h3> S3 Vector </h3> <p>Terraform does not currently support S3 Vector resources, so everything must be created using the AWS CLI.</p> <p>First, create the bucket.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws s3vectors create-vector-bucket <span class="se">\ </span> <span class="nt">--vector-bucket-name</span> <span class="s2">"</span><span class="nv">$VECTOR_BUCKET_NAME</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--region</span> <span class="s2">"</span><span class="nv">$REGION</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--profile</span> <span class="s2">"</span><span class="nv">$PROFILE</span><span class="s2">"</span> </code></pre> </div> <p>Next, we will create the Index inside the bucket.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws s3vectors create-index <span class="se">\</span> <span class="nt">--vector-bucket-name</span> <span class="s2">"</span><span class="nv">$VECTOR_BUCKET_NAME</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--index-name</span> <span class="s2">"</span><span class="nv">$VECTOR_BUCKET_NAME</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--data-type</span> float32 <span class="se">\</span> <span class="nt">--dimension</span> 1024 <span class="se">\</span> <span class="nt">--distance-metric</span> cosine <span class="se">\</span> <span class="nt">--metadata-configuration</span> <span class="nv">nonFilterableMetadataKeys</span><span class="o">=</span><span class="nb">id</span>,chunk <span class="se">\</span> <span class="nt">--region</span> <span class="s2">"</span><span class="nv">$REGION</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--profile</span> <span class="s2">"</span><span class="nv">$PROFILE</span><span class="s2">"</span> </code></pre> </div> <p>To continue, we will need the ARN.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws s3vectors list-indexes <span class="se">\</span> <span class="nt">--vector-bucket-name</span> <span class="s2">"</span><span class="nv">$VECTOR_BUCKET_NAME</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--region</span> <span class="s2">"</span><span class="nv">$REGION</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--profile</span> <span class="s2">"</span><span class="nv">$PROFILE</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s2">"Indexes[?IndexName=='</span><span class="nv">$INDEX_NAME</span><span class="s2">'].IndexArn"</span> <span class="se">\</span> <span class="nt">--output</span> text 2&gt;/dev/null <span class="o">||</span> <span class="nb">echo</span> <span class="s2">"Unable to retrieve ARN"</span> </code></pre> </div> <p>With these resources in place we can move forward using Terraform.</p> <p>Unlike my previous article, this version will stream responses as they are generated.</p> <h3> Lambda creation </h3> <p>To support streamed responses we need to use <code>streamText</code> together with <code>@types/aws-lambda</code>.</p> <p>The following is the final result.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">pipeline</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">node:stream/promises</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">config</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./bedrock/config</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">streamText</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">ai</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">bedrock</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./bedrock/model</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">findRelevantContent</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./bedrock/query-vector</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">APIGatewayProxyEventV2</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-lambda</span><span class="dl">'</span><span class="p">;</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">handler</span> <span class="o">=</span> <span class="nx">awslambda</span><span class="p">.</span><span class="nx">streamifyResponse</span><span class="o">&lt;</span><span class="nx">APIGatewayProxyEventV2</span><span class="o">&gt;</span><span class="p">(</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">responseStream</span><span class="p">,</span> <span class="nx">_context</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">responseStream</span><span class="p">.</span><span class="nf">setContentType</span><span class="p">(</span><span class="dl">'</span><span class="s1">text/plain; charset=utf-8</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">prompt</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">body</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">prompt</span><span class="p">)</span> <span class="nx">prompt</span> <span class="o">=</span> <span class="nx">body</span><span class="p">.</span><span class="nx">prompt</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to parse request body:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">e</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">prompt</span><span class="p">)</span> <span class="p">{</span> <span class="nx">responseStream</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error: No prompt provided</span><span class="dl">'</span><span class="p">);</span> <span class="nx">responseStream</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">modelId</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">config</span><span class="p">({});</span> <span class="kd">const</span> <span class="nx">similarDocuments</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">findRelevantContent</span><span class="p">(</span><span class="nx">prompt</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">context</span> <span class="o">=</span> <span class="nx">similarDocuments</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">doc</span> <span class="o">=&gt;</span> <span class="nx">doc</span><span class="p">.</span><span class="nx">chunk</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="se">\n\n</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">systemPrompt</span> <span class="o">=</span> <span class="s2">`You are a helpful assistant. Answer the user's question using ONLY the context provided below. If the answer is not in the context, say "I don't know" or "The provided context does not contain the answer." Do not hallucinate or use outside knowledge. Context: </span><span class="p">${</span><span class="nx">context</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">streamText</span><span class="p">({</span> <span class="na">model</span><span class="p">:</span> <span class="nf">bedrock</span><span class="p">(</span><span class="nx">modelId</span><span class="p">),</span> <span class="na">system</span><span class="p">:</span> <span class="nx">systemPrompt</span><span class="p">,</span> <span class="na">messages</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">prompt</span> <span class="p">},</span> <span class="p">],</span> <span class="p">});</span> <span class="k">await</span> <span class="nf">pipeline</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">textStream</span><span class="p">,</span> <span class="nx">responseStream</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Error in handler:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="nx">responseStream</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error</span><span class="dl">'</span><span class="p">);</span> <span class="nx">responseStream</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <p>With the general logic ready, we can move on to implementing semantic search inside our Vector Index.</p> <h3> Semantic search using Vector S3 </h3> <p>We need to take the user message and generate embeddings using the <code>amazon.titan-embed-text-v2:0</code> model.</p> <p>Once we get the model response, we parse the result according to our needs. In this case we know each chunk contains the raw text we will use to look for relevant content.</p> <p>With this simple flow we return additional context to the model so it can produce a response.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">embed</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">ai</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">bedrock</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./model</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">env</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../env</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">QueryVectorsCommand</span><span class="p">,</span> <span class="nx">S3VectorsClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/client-s3vectors</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">config</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./config</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">VectorMetadata</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span> <span class="nx">chunk</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">s3Vectors</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">S3VectorsClient</span><span class="p">({})</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">findRelevantContent</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">query</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">text</span> <span class="o">=</span> <span class="nx">query</span><span class="p">.</span><span class="nf">replaceAll</span><span class="p">(</span><span class="dl">'</span><span class="se">\\</span><span class="s1">n</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">modelId</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">config</span><span class="p">({</span> <span class="na">modelId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">amazon.titan-embed-text-v2:0</span><span class="dl">'</span> <span class="p">})</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">embedding</span><span class="p">:</span> <span class="nx">userQueryEmbedded</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">embed</span><span class="p">({</span> <span class="na">model</span><span class="p">:</span> <span class="nx">bedrock</span><span class="p">.</span><span class="nf">textEmbeddingModel</span><span class="p">(</span><span class="nx">modelId</span><span class="p">),</span> <span class="na">value</span><span class="p">:</span> <span class="nx">text</span><span class="p">,</span> <span class="na">providerOptions</span><span class="p">:</span> <span class="p">{</span> <span class="na">bedrock</span><span class="p">:</span> <span class="p">{</span> <span class="na">normalize</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">input</span> <span class="o">=</span> <span class="p">{</span> <span class="na">indexArn</span><span class="p">:</span> <span class="nx">env</span><span class="p">.</span><span class="nx">AWS_VECTOR_BUCKET_INDEX_ARN</span><span class="o">!</span><span class="p">,</span> <span class="na">queryVector</span><span class="p">:</span> <span class="p">{</span> <span class="na">float32</span><span class="p">:</span> <span class="nx">userQueryEmbedded</span><span class="p">,</span> <span class="p">},</span> <span class="na">topK</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="na">returnMetadata</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">returnDistance</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">s3Vectors</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">QueryVectorsCommand</span><span class="p">(</span><span class="nx">input</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">result</span><span class="p">.</span><span class="nx">vectors</span> <span class="o">||</span> <span class="nx">result</span><span class="p">.</span><span class="nx">vectors</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">No vectors found for the query</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">[]</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">result</span><span class="p">.</span><span class="nx">vectors</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">v</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">metadata</span> <span class="o">=</span> <span class="nx">v</span><span class="p">.</span><span class="nx">metadata</span> <span class="k">as</span> <span class="nx">VectorMetadata</span> <span class="o">|</span> <span class="kc">undefined</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">metadata</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Metadata is required in the vector response</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">id</span> <span class="o">||</span> <span class="o">!</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">chunk</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Vector metadata must contain id and chunk fields</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">metadata</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">chunk</span><span class="p">:</span> <span class="nx">metadata</span><span class="p">.</span><span class="nx">chunk</span><span class="p">,</span> <span class="na">key</span><span class="p">:</span> <span class="nx">v</span><span class="p">.</span><span class="nx">key</span><span class="p">,</span> <span class="na">distance</span><span class="p">:</span> <span class="nx">v</span><span class="p">.</span><span class="nx">distance</span><span class="p">,</span> <span class="p">}</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>It is important to note that the retrieved results do not always represent the right context. To get higher quality responses we need to spend more time preparing the data we process.</p> <h3> Docker </h3> <p>To package our solution we define the Lambda.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># ---- Build Stage ----</span> <span class="k">FROM</span><span class="w"> </span><span class="s">public.ecr.aws/lambda/nodejs:22</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /usr/src/app</span> <span class="k">RUN </span>corepack <span class="nb">enable</span> <span class="k">COPY</span><span class="s"> package.json pnpm-lock.yaml* ./</span> <span class="k">RUN </span>pnpm <span class="nb">install</span> <span class="nt">--frozen-lockfile</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>pnpm run build <span class="c"># ---- Runtime Stage ----</span> <span class="k">FROM</span><span class="s"> public.ecr.aws/lambda/nodejs:22</span> <span class="k">WORKDIR</span><span class="s"> ${LAMBDA_TASK_ROOT}</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/src/app/dist/ ./</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/src/app/node_modules ./node_modules</span> <span class="k">ENTRYPOINT</span><span class="s"> [ "/lambda-entrypoint.sh", "index.handler" ]</span> </code></pre> </div> <p>With this in place we can move on to creating the cloud resources.</p> <h3> Infrastructure </h3> <h3> Container registry </h3> <p>We need a centralized location to host our Docker images.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_ecr_repository"</span> <span class="s2">"warike_development_ecr"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ecr-${local.project_name}"</span> <span class="nx">image_tag_mutability</span> <span class="p">=</span> <span class="s2">"IMMUTABLE_WITH_EXCLUSION"</span> <span class="nx">encryption_configuration</span> <span class="p">{</span> <span class="nx">encryption_type</span> <span class="p">=</span> <span class="s2">"AES256"</span> <span class="p">}</span> <span class="nx">image_scanning_configuration</span> <span class="p">{</span> <span class="nx">scan_on_push</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="nx">image_tag_mutability_exclusion_filter</span> <span class="p">{</span> <span class="nx">filter</span> <span class="p">=</span> <span class="s2">"*latest"</span> <span class="nx">filter_type</span> <span class="p">=</span> <span class="s2">"WILDCARD"</span> <span class="p">}</span> <span class="nx">force_delete</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> </code></pre> </div> <h3> Lambda module </h3> <p>For deploying our Lambda function using Docker we need to set the invocation mode to <code>RESPONSE_STREAM</code>, enable <code>create_lambda_function_url</code>, and use <code>AWS_IAM</code> as the authorization type.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">locals</span> <span class="p">{</span> <span class="nx">lambda_chat</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"chat-${basename(path.cwd)}"</span> <span class="nx">image</span> <span class="p">=</span> <span class="s2">"${aws_ecr_repository.warike_development_ecr.repository_url}:chat-latest"</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Lambda chat function for ${local.project_name}"</span> <span class="nx">memory_size</span> <span class="p">=</span> <span class="mi">512</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="mi">60</span> <span class="nx">env_vars</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">AWS_BEARER_TOKEN_BEDROCK</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">aws_bearer_token_bedrock</span> <span class="nx">AWS_BEDROCK_MODEL</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">aws_bedrock_model</span> <span class="nx">AWS_VECTOR_BUCKET_INDEX_ARN</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">vector_bucket_index_arn</span> <span class="nx">AWS_BEDROCK_MODEL_EMBEDDING</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">aws_bedrock_model_embedding</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">## Lambda Chat</span> <span class="nx">module</span> <span class="s2">"warike_development_lambda_chat"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/lambda/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 8.1.2"</span> <span class="c1">## Configuration</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_chat</span><span class="p">.</span><span class="nx">name</span> <span class="nx">description</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_chat</span><span class="p">.</span><span class="nx">description</span> <span class="nx">memory_size</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_chat</span><span class="p">.</span><span class="nx">memory_size</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_chat</span><span class="p">.</span><span class="nx">timeout</span> <span class="c1">## Package</span> <span class="nx">create_package</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">package_type</span> <span class="p">=</span> <span class="s2">"Image"</span> <span class="nx">image_uri</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_chat</span><span class="p">.</span><span class="nx">image</span> <span class="nx">environment_variables</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_chat</span><span class="p">.</span><span class="nx">env_vars</span><span class="p">,</span> <span class="p">{}</span> <span class="p">)</span> <span class="c1">## API Gateway</span> <span class="nx">create_current_version_allowed_triggers</span> <span class="p">=</span> <span class="kc">false</span> <span class="c1">## Permissions</span> <span class="nx">create_role</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">lambda_role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">warike_development_lambda_chat_role</span><span class="p">.</span><span class="nx">arn</span> <span class="c1">## Logging</span> <span class="nx">use_existing_cloudwatch_log_group</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">logging_log_group</span> <span class="p">=</span> <span class="nx">aws_cloudwatch_log_group</span><span class="p">.</span><span class="nx">warike_development_lambda_chat_logs</span><span class="p">.</span><span class="nx">name</span> <span class="nx">logging_log_format</span> <span class="p">=</span> <span class="s2">"JSON"</span> <span class="nx">logging_application_log_level</span> <span class="p">=</span> <span class="s2">"INFO"</span> <span class="nx">logging_system_log_level</span> <span class="p">=</span> <span class="s2">"WARN"</span> <span class="c1">## Response Streaming</span> <span class="nx">invoke_mode</span> <span class="p">=</span> <span class="s2">"RESPONSE_STREAM"</span> <span class="c1">## Lambda Function URL</span> <span class="nx">create_lambda_function_url</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">authorization_type</span> <span class="p">=</span> <span class="s2">"AWS_IAM"</span> <span class="nx">cors</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">allow_credentials</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">allow_origins</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"*"</span><span class="p">]</span> <span class="nx">allow_methods</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"*"</span><span class="p">]</span> <span class="nx">allow_headers</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"*"</span><span class="p">]</span> <span class="nx">expose_headers</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"*"</span><span class="p">]</span> <span class="nx">max_age</span> <span class="p">=</span> <span class="mi">86400</span> <span class="p">}</span> <span class="nx">tags</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">local</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_chat</span><span class="p">.</span><span class="nx">name</span> <span class="p">})</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_cloudwatch_log_group</span><span class="p">.</span><span class="nx">warike_development_lambda_chat_logs</span><span class="p">,</span> <span class="nx">aws_ecr_repository</span><span class="p">.</span><span class="nx">warike_development_ecr</span><span class="p">,</span> <span class="nx">null_resource</span><span class="p">.</span><span class="nx">warike_development_build_image_seed</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h3> ACM and Route 53 </h3> <p>Next, to access our Lambda function through CloudFront, we define the DNS records and a certificate.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">## Amazon Certificate Manager</span> module <span class="s2">"warike_development_acm"</span> <span class="o">{</span> <span class="nb">source</span> <span class="o">=</span> <span class="s2">"terraform-aws-modules/acm/aws"</span> version <span class="o">=</span> <span class="s2">"~&gt; 6.1.0"</span> domain_name <span class="o">=</span> local.domain_name zone_id <span class="o">=</span> data.aws_route53_zone.warike_development_warike_tech.id subject_alternative_names <span class="o">=</span> <span class="o">[</span><span class="s2">"*.</span><span class="k">${</span><span class="nv">local</span><span class="p">.domain_name</span><span class="k">}</span><span class="s2">"</span><span class="o">]</span> validation_method <span class="o">=</span> <span class="s2">"DNS"</span> tags <span class="o">=</span> local.tags <span class="o">}</span> <span class="c">## Route 53 - Hosted Zone</span> data <span class="s2">"aws_route53_zone"</span> <span class="s2">"warike_development_warike_tech"</span> <span class="o">{</span> name <span class="o">=</span> local.domain_name <span class="o">}</span> <span class="c">## Route 53 - Apex Record</span> resource <span class="s2">"aws_route53_record"</span> <span class="s2">"warike_development_apex_record"</span> <span class="o">{</span> zone_id <span class="o">=</span> data.aws_route53_zone.warike_development_warike_tech.zone_id name <span class="o">=</span> local.domain_name <span class="nb">type</span> <span class="o">=</span> <span class="s2">"A"</span> <span class="nb">alias</span> <span class="o">{</span> name <span class="o">=</span> module.warike_development_cloudfront.cloudfront_distribution_domain_name zone_id <span class="o">=</span> module.warike_development_cloudfront.cloudfront_distribution_hosted_zone_id evaluate_target_health <span class="o">=</span> <span class="nb">false</span> <span class="o">}</span> depends_on <span class="o">=</span> <span class="o">[</span> module.warike_development_cloudfront, <span class="o">]</span> <span class="o">}</span> </code></pre> </div> <p>With everything above in place we can start configuring CloudFront.</p> <h3> CloudFront </h3> <p>For CloudFront we need to consider that an Origin Access Control will be created.</p> <p>We will reference <code>lambda_function_url</code> from it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"warike_development_cloudfront"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/cloudfront/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 5.0.1"</span> <span class="c1">## Configuration</span> <span class="nx">enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">price_class</span> <span class="p">=</span> <span class="s2">"PriceClass_100"</span> <span class="nx">retain_on_delete</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">wait_for_deployment</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">is_ipv6_enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">create_monitoring_subscription</span> <span class="p">=</span> <span class="kc">true</span> <span class="c1">## Extra CNAMEs</span> <span class="nx">aliases</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"${local.domain_name}"</span><span class="p">]</span> <span class="nx">comment</span> <span class="p">=</span> <span class="s2">"Chat CloudFront Distribution"</span> <span class="c1">## Origin access control</span> <span class="nx">create_origin_access_control</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">origin_access_control</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"chat_lambda_function_url"</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"CloudFront access to Lambda Function URL"</span> <span class="nx">origin_type</span> <span class="p">=</span> <span class="s2">"lambda"</span> <span class="nx">signing_behavior</span> <span class="p">=</span> <span class="s2">"always"</span> <span class="nx">signing_protocol</span> <span class="p">=</span> <span class="s2">"sigv4"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">origin</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"chat_lambda_function_url"</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">domain_name</span> <span class="p">=</span> <span class="nx">trimsuffix</span><span class="p">(</span><span class="nx">replace</span><span class="p">(</span><span class="nx">module</span><span class="p">.</span><span class="nx">warike_development_lambda_chat</span><span class="p">.</span><span class="nx">lambda_function_url</span><span class="p">,</span> <span class="s2">"https://"</span><span class="p">,</span> <span class="s2">""</span><span class="p">),</span> <span class="s2">"/"</span><span class="p">)</span> <span class="nx">origin_access_control</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">cloudfront_oac_lambda_function_url</span> <span class="nx">custom_origin_config</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">http_port</span> <span class="p">=</span> <span class="mi">80</span> <span class="nx">https_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">origin_protocol_policy</span> <span class="p">=</span> <span class="s2">"match-viewer"</span> <span class="nx">origin_ssl_protocols</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"TLSv1"</span><span class="p">,</span> <span class="s2">"TLSv1.1"</span><span class="p">,</span> <span class="s2">"TLSv1.2"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">default_cache_behavior</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">target_origin_id</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">cloudfront_oac_lambda_function_url</span> <span class="nx">viewer_protocol_policy</span> <span class="p">=</span> <span class="s2">"redirect-to-https"</span> <span class="nx">allowed_methods</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"HEAD"</span><span class="p">,</span> <span class="s2">"DELETE"</span><span class="p">,</span> <span class="s2">"POST"</span><span class="p">,</span> <span class="s2">"GET"</span><span class="p">,</span> <span class="s2">"OPTIONS"</span><span class="p">,</span> <span class="s2">"PUT"</span><span class="p">,</span> <span class="s2">"PATCH"</span><span class="p">]</span> <span class="nx">cached_methods</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"GET"</span><span class="p">,</span> <span class="s2">"HEAD"</span><span class="p">,</span> <span class="s2">"OPTIONS"</span><span class="p">]</span> <span class="c1">## Cache policy disabled</span> <span class="nx">cache_policy_id</span> <span class="p">=</span> <span class="s2">"4135ea2d-6df8-44a3-9df3-4b5a84be39ad"</span> <span class="c1">## Forwarded values disabled</span> <span class="nx">use_forwarded_values</span> <span class="p">=</span> <span class="kc">false</span> <span class="c1">## TTL settings</span> <span class="nx">min_ttl</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">default_ttl</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">max_ttl</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">compress</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">function_association</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">viewer-request</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">function_arn</span> <span class="p">=</span> <span class="nx">aws_cloudfront_function</span><span class="p">.</span><span class="nx">warike_development_restrict_domain</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">viewer_certificate</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">acm_certificate_arn</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">warike_development_acm</span><span class="p">.</span><span class="nx">acm_certificate_arn</span> <span class="nx">ssl_support_method</span> <span class="p">=</span> <span class="s2">"sni-only"</span> <span class="p">}</span> <span class="nx">tags</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">local</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">cloudfront_oac_lambda_function_url</span> <span class="p">})</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">module</span><span class="p">.</span><span class="nx">warike_development_acm</span><span class="p">,</span> <span class="nx">module</span><span class="p">.</span><span class="nx">warike_development_lambda_chat</span><span class="p">,</span> <span class="p">]</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_cloudfront_function"</span> <span class="s2">"warike_development_restrict_domain"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"restrict-domain-${local.project_name}"</span> <span class="nx">runtime</span> <span class="p">=</span> <span class="s2">"cloudfront-js-1.0"</span> <span class="nx">comment</span> <span class="p">=</span> <span class="s2">"Restrict access to custom domain only"</span> <span class="nx">publish</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">code</span> <span class="p">=</span> <span class="nx">file</span><span class="p">(</span><span class="s2">"${path.module}/functions/auth.js"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> CloudFront function </h3> <p>Additionally, I added a lightweight CloudFront function to ensure requests are directed to the predefined domain.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">function</span> <span class="nx">handler</span><span class="err">(</span><span class="nx">event</span><span class="err">)</span> <span class="p">{</span> <span class="nx">var</span> <span class="nx">request</span> <span class="p">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">request</span><span class="err">;</span> <span class="nx">var</span> <span class="nx">host</span> <span class="p">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">host</span><span class="p">.</span><span class="nx">value</span><span class="err">;</span> <span class="nx">var</span> <span class="nx">allowedDomain</span> <span class="p">=</span> <span class="s1">'dev.zaistev.com'</span><span class="err">;</span> <span class="nx">if</span> <span class="p">(</span><span class="nx">host</span> <span class="err">!</span><span class="p">==</span> <span class="nx">allowedDomain</span><span class="p">)</span> <span class="p">{</span> <span class="nx">return</span> <span class="p">{</span> <span class="nx">statusCode</span><span class="err">:</span> <span class="mi">403</span><span class="p">,</span> <span class="nx">statusDescription</span><span class="err">:</span> <span class="s1">'Forbidden'</span><span class="p">,</span> <span class="nx">headers</span><span class="err">:</span> <span class="p">{</span> <span class="s2">"content-type"</span><span class="err">:</span> <span class="p">{</span> <span class="s2">"value"</span><span class="err">:</span> <span class="s2">"text/plain"</span> <span class="p">}</span> <span class="p">},</span> <span class="nx">body</span><span class="err">:</span> <span class="p">{</span> <span class="s2">"encoding"</span><span class="err">:</span> <span class="s2">"text"</span><span class="p">,</span> <span class="s2">"value"</span><span class="err">:</span> <span class="s2">"Access denied. Please use the custom domain."</span> <span class="p">}</span> <span class="p">}</span><span class="err">;</span> <span class="p">}</span> <span class="nx">return</span> <span class="nx">request</span><span class="err">;</span> <span class="p">}</span> </code></pre> </div> <p>With the main resources in place we can move on to the actual cloud deployment.</p> <h3> Deployment </h3> <p>I created a set of functions that automate the deployment.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>.PHONY: deploy compile-server push-image terraform-apply <span class="c"># Extract current version from terraform file (e.g., chat-v1)</span> CURRENT_VERSION :<span class="o">=</span> <span class="si">$(</span>shell <span class="nb">grep</span> <span class="nt">-o</span> <span class="s1">'chat-v[0-9]*'</span> infra/lambda-chat.tf | <span class="nb">head</span> <span class="nt">-n</span> 1<span class="si">)</span> <span class="c"># Extract the number part (e.g., 1)</span> VERSION_NUM :<span class="o">=</span> <span class="si">$(</span>shell <span class="nb">echo</span> <span class="si">$(</span>CURRENT_VERSION<span class="si">)</span> | <span class="nb">sed</span> <span class="s1">'s/chat-v//'</span><span class="si">)</span> <span class="c"># Increment the number</span> NEXT_VERSION_NUM :<span class="o">=</span> <span class="si">$(</span>shell <span class="nb">echo</span> <span class="nv">$$</span><span class="o">((</span><span class="si">$(</span>VERSION_NUM<span class="si">)</span> + 1<span class="o">))</span><span class="si">)</span> <span class="c"># Form the new version string (e.g., chat-v2)</span> NEXT_VERSION :<span class="o">=</span> chat-v<span class="si">$(</span>NEXT_VERSION_NUM<span class="si">)</span> deploy: compile-server push-image terraform-apply <span class="nb">test </span>compile-server: @echo <span class="s2">"Compiling server app..."</span> <span class="nb">cd </span>apps/server <span class="o">&amp;&amp;</span> pnpm <span class="nb">install</span> <span class="o">&amp;&amp;</span> pnpm run build push-image: @echo <span class="s2">"Current version: </span><span class="si">$(</span>CURRENT_VERSION<span class="si">)</span><span class="s2">"</span> @echo <span class="s2">"Next version: </span><span class="si">$(</span>NEXT_VERSION<span class="si">)</span><span class="s2">"</span> @echo <span class="s2">"Building and pushing Docker image..."</span> ./infra/push_chat_image.sh <span class="si">$(</span>NEXT_VERSION<span class="si">)</span> @echo <span class="s2">"Updating Terraform configuration..."</span> <span class="c"># Update the version in the terraform file</span> <span class="nb">sed</span> <span class="nt">-i</span> <span class="s1">''</span> <span class="s1">'s/$(CURRENT_VERSION)/$(NEXT_VERSION)/g'</span> infra/lambda-chat.tf terraform-apply: @echo <span class="s2">"Applying Terraform changes..."</span> <span class="nb">cd </span>infra <span class="o">&amp;&amp;</span> terraform apply <span class="nt">-auto-approve</span> <span class="nb">test</span>: @echo <span class="s2">"Running integration tests..."</span> ./infra/test_stream.sh </code></pre> </div> <p>Therefore, to get it running we need to execute<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>make deploy </code></pre> </div> <h2> Testing </h2> <p>Additionally, we don’t have any context data available. This can be addressed by manually inserting data using Python.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>def insert_vector<span class="o">(</span>text, bucket_name, index_name<span class="o">)</span>: <span class="s2">""" Insert a single text chunk into the S3 Vector Index. """</span> <span class="k">if </span>not s3_vectors_client: print<span class="o">(</span><span class="s2">"❌ S3 Vectors client is not initialized."</span><span class="o">)</span> <span class="k">return </span>False <span class="k">if </span>not bucket_name or not index_name: print<span class="o">(</span><span class="s2">"⚠️ S3_VECTOR_BUCKET_NAME or S3_VECTOR_INDEX_NAME is not set."</span><span class="o">)</span> <span class="k">return </span>False <span class="c"># Generate unique ID</span> unique_id <span class="o">=</span> generate_nanoid<span class="o">()</span> <span class="c"># Generate embedding</span> embedding <span class="o">=</span> get_embedding<span class="o">(</span>text<span class="o">)</span> <span class="k">if </span>not embedding: print<span class="o">(</span>f<span class="s2">"❌ Failed to generate embedding for text: {text[:50]}..."</span><span class="o">)</span> <span class="k">return </span>False <span class="c"># Create metadata</span> metadata <span class="o">=</span> <span class="o">{</span> <span class="s2">"id"</span>: unique_id, <span class="s2">"chunk"</span>: text <span class="o">}</span> try: <span class="c"># Insert vector into S3 Vector Index</span> response <span class="o">=</span> s3_vectors_client.put_vectors<span class="o">(</span> <span class="nv">vectorBucketName</span><span class="o">=</span>bucket_name, <span class="nv">indexName</span><span class="o">=</span>index_name, <span class="nv">vectors</span><span class="o">=[</span> <span class="o">{</span> <span class="s2">"key"</span>: unique_id, <span class="s2">"data"</span>: <span class="o">{</span><span class="s2">"float32"</span>: embedding<span class="o">}</span>, <span class="s2">"metadata"</span>: metadata <span class="o">}</span> <span class="o">]</span> <span class="o">)</span> print<span class="o">(</span>f<span class="s2">"✅ Inserted vector with ID: {unique_id}"</span><span class="o">)</span> print<span class="o">(</span>f<span class="s2">" Text preview: {text[:80]}..."</span><span class="o">)</span> <span class="k">return </span>True except Exception as e: print<span class="o">(</span>f<span class="s2">"❌ Error inserting vector: {e}"</span><span class="o">)</span> <span class="k">return </span>False <span class="c"># Insert all predefined texts</span> print<span class="o">(</span><span class="s2">"</span><span class="se">\n</span><span class="s2">🚀 Starting vector insertion...</span><span class="se">\n</span><span class="s2">"</span><span class="o">)</span> success_count <span class="o">=</span> 0 fail_count <span class="o">=</span> 0 <span class="k">for </span>i, text <span class="k">in </span>enumerate<span class="o">(</span>predefined_texts, 1<span class="o">)</span>: print<span class="o">(</span>f<span class="s2">"</span><span class="se">\n</span><span class="s2">[{i}/{len(predefined_texts)}] Processing..."</span><span class="o">)</span> <span class="k">if </span>insert_vector<span class="o">(</span>text, s3_vector_bucket_name, s3_vector_index_name<span class="o">)</span>: success_count +<span class="o">=</span> 1 <span class="k">else</span>: fail_count +<span class="o">=</span> 1 print<span class="o">(</span>f<span class="s2">"</span><span class="se">\n\n</span><span class="s2">📊 Insertion Summary:"</span><span class="o">)</span> print<span class="o">(</span>f<span class="s2">" ✅ Successful: {success_count}"</span><span class="o">)</span> print<span class="o">(</span>f<span class="s2">" ❌ Failed: {fail_count}"</span><span class="o">)</span> print<span class="o">(</span>f<span class="s2">" 📝 Total: {len(predefined_texts)}"</span><span class="o">)</span> </code></pre> </div> <p>Later, if we test with available context, we can get a result like the following.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>🔍 Testing with query: <span class="s1">'Explain how EventBridge works in LLM Workflow context?'</span> ✅ Found 3 similar vectors: 1. ID: HlgHN84M1CUmWH3q5tzHl Distance: 0.4293 Text: An application emits an event <span class="o">(</span><span class="k">for </span>example, <span class="o">{</span><span class="s2">"type"</span>: <span class="s2">"orderCreated"</span>, <span class="s2">"priority"</span>: <span class="s2">"high"</span><span class="o">})</span><span class="nb">.</span> Amazon EventBridge evaluates the event against its routing rules. Based on an event<span class="s1">'s attributes, the system dynamically dispatches to the following: HighPriorityOrderProcessor (service A), StandardOrderProcessor (service B), UpdateOrderProcessor (service C). This pattern supports loose coupling, domain-based specialization, and runtime extensibility. This allows systems to respond intelligently to changing requirements and event semantics. 2. ID: Pv2Y1r0zYKxdFRrToZ0fo Distance: 0.5672 Text: LLM-based routing: In agentic systems, routing also performs dynamic task delegation - but instead of Amazon EventBridge rules or metadata filters, the LLM classifies and interprets the user'</span>s intent through natural language. The result is a flexible, semantic, and adaptive form of dispatching. 3. ID: Cp98hjhcis6SSNooIuhZ8 Distance: 0.6386 Text: Agent router workflow: A user submits a natural language request through an SDK. An Amazon Bedrock agent uses an LLM to classify the task <span class="o">(</span><span class="k">for </span>example, legal, technical, or scheduling<span class="o">)</span><span class="nb">.</span> The agent dynamically routes the task through an action group to invoke the required agent: Domain-specific agent, Specialized tool chain, Custom prompt configuration. The selected handler processes the task and returns a tailored response. </code></pre> </div> <h2> Conclusions </h2> <p>Building this context-aware Agent proves that serverless RAG is both practical and cost-efficient. By pairing the AI SDK with AWS Lambda, we achieved real-time streaming without the operational overhead of complex implementation, and yes, I mean WebSockets on Lambda.</p> <p>We had to rely on the AWS CLI for S3 Vectors since native Terraform support is currently missing. While this adds a manual step, it effectively removes the need for a dedicated and expensive vector database.</p> <p>Ultimately, this architecture provides a secure and scalable starting point. With CloudFront and Docker in place, you have a system that keeps costs remarkably low.</p> <h3> References </h3> <p><a href="https://aws.plainenglish.io/uploading-documents-to-s3-vector-buckets-f418594feca3" rel="noopener noreferrer">https://aws.plainenglish.io/uploading-documents-to-s3-vector-buckets-f418594feca3</a><br> <a href="https://dev.to/aws-builders/ai-sdk-streaming-text-from-lambda-cfd">https://dev.to/aws-builders/ai-sdk-streaming-text-from-lambda-cfd</a><br> <a href="https://docs.aws.amazon.com/lambda/latest/dg/configuration-response-streaming.html" rel="noopener noreferrer">https://docs.aws.amazon.com/lambda/latest/dg/configuration-response-streaming.html</a></p> <p>Warike technologies</p> aws bedrock lambda vectordatabase Launching Your AI Agent on AWS: Bedrock, Lambda & API Gateway Sergio Esteban Sat, 08 Nov 2025 14:34:29 +0000 https://dev.to/sergioestebance/ai-agent-on-aws-bedrock-lambda-api-gateway-3cak https://dev.to/sergioestebance/ai-agent-on-aws-bedrock-lambda-api-gateway-3cak <h2> Introduction </h2> <p>In this post, I’m going to explore the implementation of a service that allows us to send a questions and receive an answer back. Sending a question would be handle as a prompt to a specific model using Bedrock.</p> <p>To minimize the costs of this implementation, I’ll be utilizing the services of API Gateway, AWS Lambda, and Amazon Bedrock.</p> <h2> Context </h2> <p>When we want to implement a Generative AI service, there are several possible paths, and we must take the time to understand the minimal requirements before making a decision.</p> <p>In this post, I will demonstrate the process of deploying a simple GenAI solution that we can either connect to our current solution or expose to a third party via API Gateway.</p> <h2> TLDR </h2> <p>All the content for this implementation can be found in this <a href="https://github.com/warike/showcase/tree/main/projects/11-aws-lambda-apigw-bedrock" rel="noopener noreferrer"><strong>repository</strong></a>.</p> <h2> Scope </h2> <p>For this implementation, I’m going to define a set of quite simple requirements.</p> <p>Below is a diagram that represents the implementation we will be building.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmz72fa9zwyvfwamkovym.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmz72fa9zwyvfwamkovym.png" alt="High level Diagram" width="800" height="391"></a></p> <h3> Functional Requirements </h3> <ul> <li>We should be able to send a prompt and receive a responsein the form of model completion from Nova Micro.</li> <li>We should be able to expose an HTTP endpoint to trigger the process of generating a response.</li> <li>Let's estimate, for the sake of cost calculations, that we will serve a monthly volume of 100 requests.</li> </ul> <h3> Non-Functional Requirements </h3> <p>Since we're using AWS serverless services, we can lean on their built in features for our non-functional requirements.</p> <p>For automation, the deployment should be handled completely by GitHub Actions. When it comes to availability, the API needs to maintain a monthly uptime of 99.9% or higher.</p> <p>On the security front, we'll need IAM-scoped access for Bedrock, use OpenID Connect for authentication, and ensure all traffic is HTTPS only.</p> <p>And finally, for observability, we must have structured logs that capture metadata, token usage, and any errors, all visualized with CloudWatch dashboards.</p> <p>Simple.</p> <h2> What is Out of Scope? </h2> <p>For this implementation, I will be excluding <strong>authentication</strong>, <strong>sanitization</strong>, <strong>authorization</strong> and any <strong>security processes</strong> applied to the requests. This approach allows me to focus on the general GenAI implementation process.</p> <h2> Cost Breakdown per service </h2> <p>Given the predefined volume, we can estimate an average usage per request of 22 input tokens and 232 output tokens.</p> <p><strong>Amazon Bedrock (Nova Micro)</strong></p> <p>The Nova Micro model is processing 2,200 input tokens and 23,200 output tokens monthly. This runs about $0.003/month. Output tokens cost more than input about x 4 times.</p> <p><strong>AWS Lambda</strong></p> <p>Considering only 100 invocations and maybe 3 to 5 seconds per call** with 512MB memory, we are nowhere near the Free Tier limits. Lambda gives us 1 million requests and 400,000 GB-seconds free every month.</p> <p><strong>API Gateway</strong></p> <p>For the first year, we get 1 million requests free. After that, we are looking at maybe $0.0004/month.</p> <p><strong>Amazon ECR</strong></p> <p>That 300MB Docker imagesitting in ECR costs about a cent a month. After the 500MB Free Tier, we are paying for around 136MB of storage.</p> <h2> What Happens When It Scales? </h2> <p>If it reaches 1,000 requests monthly, costs are around $0.04. At 10K requests, it's about $0.39. Even at 100K requests, we are only paying about **$3.76/month.</p> <p>Alrighty, let's move ahead.</p> <h2> Implementation </h2> <p>To begin the implementation, we can start by creating the agent.</p> <h3> Creating the Agent </h3> <p>To create the agent, I first need to set up the complete TypeScript project.</p> <p>We can move quickly by following these instructions and installing the necessary dependencies so the project can operate correctly.</p> <p>Feel free to use the configuration that suits you best.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>mkdir -p handler terraform cd handler pnpm init -y pnpm --package=typescript dlx tsc --init mkdir -p src __tests__ touch src/{app,env,index}.ts pnpm add -D @types/node tsx typescript pnpm add ai @ai-sdk/amazon-bedrock pnpm add zod dotenv </code></pre> </div> <p>In this project, I will define <strong>three fundamental parts</strong>:</p> <ol> <li> <strong>Logic for compatibility</strong> with AWS Lambda.</li> <li> <strong>Logic to manage requests as prompts</strong>, solicit the text generation based on these, and handle their potential future evolution.</li> <li> <strong>Core logic for the actual text generation</strong> using the <strong><code>@ai-sdk</code></strong> and Bedrock invocations.</li> </ol> <p>Below is a summary of the project’s main files.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>import <span class="o">{</span> main <span class="o">}</span> from <span class="s2">"./app"</span><span class="p">;</span> <span class="nb">export </span>const handler <span class="o">=</span> async <span class="o">(</span>event: any, context: any<span class="o">)</span> <span class="o">=&gt;</span> <span class="o">{</span> try <span class="o">{</span> const body <span class="o">=</span> event.body ? JSON.parse<span class="o">(</span>event.body<span class="o">)</span> : <span class="o">{}</span><span class="p">;</span> const prompt <span class="o">=</span> body.prompt ?? <span class="s2">"Welcome from Warike technologies - GenAI solutions architecture"</span><span class="p">;</span> const response <span class="o">=</span> await main<span class="o">(</span>prompt<span class="o">)</span><span class="p">;</span> <span class="k">return</span> <span class="o">{</span> statusCode: 200, body: JSON.stringify<span class="o">({</span> success: <span class="nb">true</span>, data: response, <span class="o">})</span>, <span class="o">}</span><span class="p">;</span> <span class="o">}</span> catch <span class="o">(</span>error<span class="o">)</span> <span class="o">{</span> console.error<span class="o">(</span><span class="s1">'Error in Lambda handler:'</span>, error<span class="o">)</span><span class="p">;</span> <span class="k">return</span> <span class="o">{</span> statusCode: 500, body: JSON.stringify<span class="o">({</span> success: <span class="nb">false</span>, error: error instanceof Error ? error.message : <span class="s1">'An unexpected error occurred'</span> <span class="o">})</span>, <span class="o">}</span><span class="p">;</span> <span class="o">}</span> <span class="o">}</span><span class="p">;</span> // app.ts import <span class="o">{</span> generateResponse <span class="o">}</span> from <span class="s2">"./utils/bedrock"</span><span class="p">;</span> <span class="nb">export </span>async <span class="k">function </span>main<span class="o">(</span>prompt: string<span class="o">)</span> <span class="o">{</span> try <span class="o">{</span> console.log<span class="o">(</span><span class="s1">'🚀 Starting Bedrock:'</span><span class="o">)</span><span class="p">;</span> <span class="k">return </span>await generateResponse<span class="o">(</span>prompt<span class="o">)</span> <span class="o">}</span> catch <span class="o">(</span>error<span class="o">)</span> <span class="o">{</span> console.error<span class="o">(</span><span class="s1">'An unexpected error occurred running workflow:'</span>, error<span class="o">)</span><span class="p">;</span> throw error<span class="p">;</span> <span class="o">}</span> <span class="o">}</span> // utils/bedrock.ts import <span class="o">{</span> config <span class="o">}</span> from <span class="s2">"./config"</span><span class="p">;</span> import <span class="o">{</span> createAmazonBedrock <span class="o">}</span> from <span class="s1">'@ai-sdk/amazon-bedrock'</span><span class="p">;</span> import <span class="o">{</span> generateText <span class="o">}</span> from <span class="s1">'ai'</span><span class="p">;</span> <span class="nb">export </span>async <span class="k">function </span>generateResponse<span class="o">(</span>prompt: string<span class="o">){</span> const <span class="o">{</span> regionId, modelId <span class="o">}</span> <span class="o">=</span> config<span class="o">({</span> <span class="o">})</span><span class="p">;</span> try <span class="o">{</span> const bedrock <span class="o">=</span> createAmazonBedrock<span class="o">({</span> region: regionId <span class="o">})</span><span class="p">;</span> const <span class="o">{</span> text, usage <span class="o">}</span> <span class="o">=</span> await generateText<span class="o">({</span> model: bedrock<span class="o">(</span>modelId<span class="o">)</span>, system: <span class="s2">"You are a helpful assistant."</span>, prompt: <span class="o">[</span> <span class="o">{</span> role: <span class="s2">"user"</span>, content: prompt <span class="o">}</span>, <span class="o">]</span>, <span class="o">})</span><span class="p">;</span> console.log<span class="o">(</span><span class="sb">`</span>model: <span class="k">${</span><span class="nv">modelId</span><span class="k">}</span>, <span class="se">\n</span> response: <span class="k">${</span><span class="nv">text</span><span class="k">}</span>, usage: <span class="k">${</span><span class="nv">JSON</span><span class="p">.stringify(usage)</span><span class="k">}</span><span class="sb">`</span><span class="o">)</span><span class="p">;</span> <span class="k">return </span>text<span class="p">;</span> <span class="o">}</span> catch <span class="o">(</span>error<span class="o">)</span> <span class="o">{</span> console.log<span class="o">(</span><span class="sb">`</span>ERROR: Can<span class="s1">'t invoke '</span><span class="k">${</span><span class="nv">modelId</span><span class="k">}</span><span class="s1">'. Reason: ${error}`); } } </span></code></pre> </div> <p>For local testing, I've defined the following environment variables. We can use an AWS Bedrock API key for testing purposes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">AWS_REGION</span><span class="o">=</span>us-west-2 <span class="nv">AWS_BEDROCK_MODEL</span><span class="o">=</span><span class="s1">'amazon.nova-micro-v1:0'</span> <span class="nv">AWS_BEARER_TOKEN_BEDROCK</span><span class="o">=</span><span class="s1">'aws_bearer_token_bedrock'</span> </code></pre> </div> <p>It's highly recommended to only use <strong>Short-term API keys</strong> to avoid compromising the system's security.</p> <h2> <strong>Defining the Infrastructure</strong> </h2> <p>Now that the system's logic is functional, we can create its Dockerfile, which will facilitate its deployment to AWS Lambda.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># ---- Build Stage ----</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:22-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /usr/src/app</span> <span class="k">RUN </span>corepack <span class="nb">enable</span> <span class="k">COPY</span><span class="s"> package.json pnpm-lock.yaml* ./</span> <span class="k">RUN </span>pnpm <span class="nb">install</span> <span class="nt">--frozen-lockfile</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>pnpm run build <span class="c"># ---- Runtime Stage ----</span> <span class="k">FROM</span><span class="s"> public.ecr.aws/lambda/nodejs:22</span> <span class="k">WORKDIR</span><span class="s"> ${LAMBDA_TASK_ROOT}</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/src/app/dist/src ./ </span> <span class="k">COPY</span><span class="s"> --from=builder /usr/src/app/node_modules ./node_modules</span> <span class="k">CMD</span><span class="s"> [ "index.handler" ]</span> </code></pre> </div> <p>With all components ready in our handler, we can proceed to define the resources in Terraform.</p> <h3> <strong>Exposing the Service with API Gateway</strong> </h3> <p>We'll start by defining our API Gateway. We'll use the HTTP protocol and focus solely on creating the API, its stage, and its subsequent integration with Lambda.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">locals</span> <span class="p">{</span> <span class="nx">api_gateway_name</span> <span class="p">=</span> <span class="s2">"dev-http-${local.project_name}"</span> <span class="p">}</span> <span class="nx">module</span> <span class="s2">"warike_development_api_gw"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/apigateway-v2/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"5.4.1"</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">api_gateway_name</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"API Gateway for ${local.project_name}"</span> <span class="nx">protocol_type</span> <span class="p">=</span> <span class="s2">"HTTP"</span> <span class="nx">create_domain_name</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">create_certificate</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">create_domain_records</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">cors_configuration</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">allow_headers</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"*"</span><span class="p">]</span> <span class="nx">allow_methods</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"*"</span><span class="p">]</span> <span class="nx">allow_origins</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"*"</span><span class="p">]</span> <span class="p">}</span> <span class="c1"># Access logs</span> <span class="nx">stage_name</span> <span class="p">=</span> <span class="s2">"dev"</span> <span class="nx">stage_description</span> <span class="p">=</span> <span class="s2">"Development API Gateway"</span> <span class="nx">stage_access_log_settings</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">create_log_group</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">destination_arn</span> <span class="p">=</span> <span class="nx">aws_cloudwatch_log_group</span><span class="p">.</span><span class="nx">warike_development_api_gw_logs</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">format</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">context</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">requestId</span> <span class="p">=</span> <span class="s2">"$context.requestId"</span> <span class="nx">requestTime</span> <span class="p">=</span> <span class="s2">"$context.requestTime"</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"$context.protocol"</span> <span class="nx">httpMethod</span> <span class="p">=</span> <span class="s2">"$context.httpMethod"</span> <span class="nx">resourcePath</span> <span class="p">=</span> <span class="s2">"$context.resourcePath"</span> <span class="nx">routeKey</span> <span class="p">=</span> <span class="s2">"$context.routeKey"</span> <span class="nx">status</span> <span class="p">=</span> <span class="s2">"$context.status"</span> <span class="nx">responseLength</span> <span class="p">=</span> <span class="s2">"$context.responseLength"</span> <span class="nx">integrationErrorMessage</span> <span class="p">=</span> <span class="s2">"$context.integrationErrorMessage"</span> <span class="nx">error</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">message</span> <span class="p">=</span> <span class="s2">"$context.error.message"</span> <span class="nx">responseType</span> <span class="p">=</span> <span class="s2">"$context.error.responseType"</span> <span class="p">}</span> <span class="nx">identity</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">sourceIP</span> <span class="p">=</span> <span class="s2">"$context.identity.sourceIp"</span> <span class="p">}</span> <span class="nx">integration</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">error</span> <span class="p">=</span> <span class="s2">"$context.integration.error"</span> <span class="nx">integrationStatus</span> <span class="p">=</span> <span class="s2">"$context.integration.integrationStatus"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">})</span> <span class="p">}</span> <span class="c1"># Routes &amp; Integration</span> <span class="nx">routes</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"POST /"</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">integration</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">uri</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">warike_development_lambda</span><span class="p">.</span><span class="nx">lambda_function_arn</span> <span class="nx">payload_format_version</span> <span class="p">=</span> <span class="s2">"2.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">stage_tags</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">local</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"${local.api_gateway_name}-dev"</span> <span class="p">})</span> <span class="nx">tags</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">local</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">api_gateway_name</span> <span class="p">})</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_cloudwatch_log_group</span><span class="p">.</span><span class="nx">warike_development_api_gw_logs</span><span class="p">,</span> <span class="p">]</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_log_group"</span> <span class="s2">"warike_development_api_gw_logs"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"/aws/api-gw/${local.api_gateway_name}"</span> <span class="nx">retention_in_days</span> <span class="p">=</span> <span class="mi">7</span> <span class="p">}</span> </code></pre> </div> <h3> <strong>Connecting to Amazon Bedrock</strong> </h3> <p>Next, to utilize Amazon Bedrock, this implementation will use the Amazon Nova Micro inference profile in the US region.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">locals</span> <span class="p">{</span> <span class="nx">model_id</span> <span class="p">=</span> <span class="s2">"amazon.nova-micro-v1:0"</span> <span class="p">}</span> <span class="nx">data</span> <span class="s2">"aws_bedrock_inference_profile"</span> <span class="s2">"warike_development_lambda_bedrock_model"</span> <span class="p">{</span> <span class="nx">inference_profile_id</span> <span class="p">=</span> <span class="s2">"us.${local.model_id}"</span> <span class="p">}</span> <span class="c1">## Bedrock Policy ##</span> <span class="nx">data</span> <span class="s2">"aws_iam_policy_document"</span> <span class="s2">"warike_development_lambda_bedrock_policy_doc"</span> <span class="p">{</span> <span class="nx">statement</span> <span class="p">{</span> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"bedrock:InvokeModel"</span><span class="p">,</span> <span class="p">]</span> <span class="nx">resources</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"*"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Lambda Service </h3> <p>Finally, we'll create the Lambda function associated with all the components we've created, along with others that can be found in the repository.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">locals</span> <span class="p">{</span> <span class="nx">lambda_function_name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">project_name</span> <span class="nx">lambda_env_vars</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">AWS_BEDROCK_MODEL</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_bedrock_inference_profile</span><span class="p">.</span><span class="nx">warike_development_lambda_bedrock_model</span><span class="p">.</span><span class="nx">inference_profile_arn</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">module</span> <span class="s2">"warike_development_lambda"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/lambda/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"8.1.2"</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_function_name</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Lambda function for ${local.project_name}"</span> <span class="nx">image_uri</span> <span class="p">=</span> <span class="s2">"${aws_ecr_repository.warike_development_ecr.repository_url}:latest"</span> <span class="nx">package_type</span> <span class="p">=</span> <span class="s2">"Image"</span> <span class="nx">create_package</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">ignore_source_code_hash</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">memory_size</span> <span class="p">=</span> <span class="mi">128</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="mi">900</span> <span class="nx">environment_variables</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_env_vars</span><span class="p">,</span> <span class="p">{}</span> <span class="p">)</span> <span class="nx">create_role</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">lambda_role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">warike_development_lambda_role</span><span class="p">.</span><span class="nx">arn</span> <span class="c1">## Cloudwatch logging</span> <span class="nx">use_existing_cloudwatch_log_group</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">logging_log_group</span> <span class="p">=</span> <span class="nx">aws_cloudwatch_log_group</span><span class="p">.</span><span class="nx">warike_development_lambda_logs</span><span class="p">.</span><span class="nx">name</span> <span class="nx">logging_log_format</span> <span class="p">=</span> <span class="s2">"JSON"</span> <span class="nx">logging_application_log_level</span> <span class="p">=</span> <span class="s2">"INFO"</span> <span class="nx">logging_system_log_level</span> <span class="p">=</span> <span class="s2">"WARN"</span> <span class="c1">## function URL</span> <span class="nx">create_lambda_function_url</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_cloudwatch_log_group</span><span class="p">.</span><span class="nx">warike_development_lambda_logs</span><span class="p">,</span> <span class="nx">null_resource</span><span class="p">.</span><span class="nx">warike_development_seed_ecr_image</span> <span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">local</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">lambda_function_name</span> <span class="p">})</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"null_resource"</span> <span class="s2">"warike_development_seed_ecr_image"</span> <span class="p">{</span> <span class="nx">provisioner</span> <span class="s2">"local-exec"</span> <span class="p">{</span> <span class="nx">command</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">EOT</span><span class="sh"> aws ecr get-login-password --region ${local.aws_region} --profile ${local.aws_profile} \ | docker login --username AWS --password-stdin ${data.aws_caller_identity.current.account_id}.dkr.ecr.${local.aws_region}.amazonaws.com docker pull public.ecr.aws/lambda/nodejs:22 docker tag public.ecr.aws/lambda/nodejs:22 ${aws_ecr_repository.warike_development_ecr.repository_url}:latest docker push ${aws_ecr_repository.warike_development_ecr.repository_url}:latest </span><span class="no"> EOT </span> <span class="p">}</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_ecr_repository</span><span class="p">.</span><span class="nx">warike_development_ecr</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>Important notice, <strong><em>warike_development_seed_ecr_image</em></strong> will require you to have your local docker running.</p> <p>Let’s move ahead.</p> <h3> <strong>Creating the Resources</strong> </h3> <p>Once the resources are created, you should see a message similar to this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform apply ... Apply <span class="nb">complete</span><span class="o">!</span> Resources: 26 added, 0 changed, 0 destroyed. </code></pre> </div> <h2> Configuring CI/CD with GitHub + ECR </h2> <p>Additionally, we need a Docker image containing our project. The following GitHub pipeline will allow us to build and push an image to ECR, followed by its deployment to Lambda.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="nn">---</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Lambda CI/CD Common</span> <span class="s1">'</span><span class="s">on'</span><span class="err">:</span> <span class="na">workflow_call</span><span class="pi">:</span> <span class="na">inputs</span><span class="pi">:</span> <span class="na">app-name</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">string</span> <span class="na">lambda-function-secret-name</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">type</span><span class="pi">:</span> <span class="s">string</span> <span class="na">pnpm-version</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">type</span><span class="pi">:</span> <span class="s">number</span> <span class="na">default</span><span class="pi">:</span> <span class="m">10</span> <span class="na">node-version</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">type</span><span class="pi">:</span> <span class="s">number</span> <span class="na">default</span><span class="pi">:</span> <span class="m">22</span> <span class="na">secrets</span><span class="pi">:</span> <span class="na">PROJECT_NAME</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">AWS_OIDC_ROLE_ARN</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">AWS_REGION</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">ECR_REPOSITORY</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">AWS_LAMBDA_FUNCTION_NAME</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">AWS_LAMBDA_FUNCTION_ROLE_ARN</span><span class="pi">:</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and Test</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">defaults</span><span class="pi">:</span> <span class="na">run</span><span class="pi">:</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">./handler</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install pnpm</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">pnpm/action-setup@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="s">${{ inputs.pnpm-version }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Use Node.js ${{ inputs.node-version }}</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="s">${{ inputs.node-version }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install Dependencies</span> <span class="na">run</span><span class="pi">:</span> <span class="s">pnpm install --frozen-lockfile</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Scan for critical vulnerabilities</span> <span class="na">run</span><span class="pi">:</span> <span class="s">pnpm audit --audit-level=critical</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Tests</span> <span class="na">env</span><span class="pi">:</span> <span class="na">DOTENV_QUIET</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">run</span><span class="pi">:</span> <span class="s">pnpm test:ci</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build</span> <span class="na">run</span><span class="pi">:</span> <span class="s">pnpm run build</span> <span class="na">build-docker</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and Push Docker Image</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">build</span> <span class="na">permissions</span><span class="pi">:</span> <span class="na">id-token</span><span class="pi">:</span> <span class="s">write</span> <span class="na">contents</span><span class="pi">:</span> <span class="s">read</span> <span class="na">outputs</span><span class="pi">:</span> <span class="na">sha</span><span class="pi">:</span> <span class="s">${{ steps.vars.outputs.sha }}</span> <span class="na">defaults</span><span class="pi">:</span> <span class="na">run</span><span class="pi">:</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">./handler</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Configure AWS credentials</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/configure-aws-credentials@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">role-to-assume</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_OIDC_ROLE_ARN }}</span> <span class="na">aws-region</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_REGION }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Login to Amazon ECR</span> <span class="na">id</span><span class="pi">:</span> <span class="s">login-ecr</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/amazon-ecr-login@v2</span> <span class="na">with</span><span class="pi">:</span> <span class="na">mask-password</span><span class="pi">:</span> <span class="s1">'</span><span class="s">true'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set commit-sha</span> <span class="na">id</span><span class="pi">:</span> <span class="s">vars</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">calculatedSha=$(git rev-parse --short ${{ github.sha }})</span> <span class="s">echo "sha=${calculatedSha}" &gt;&gt; $GITHUB_OUTPUT</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and Push Docker Image</span> <span class="na">env</span><span class="pi">:</span> <span class="na">DOCKER_IMAGE</span><span class="pi">:</span> <span class="s">${{ secrets.ECR_REPOSITORY }}:${{ inputs.app-name }}-${{ steps.vars.outputs.sha }}</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "Building Docker image $DOCKER_IMAGE"</span> <span class="s">docker build -t $DOCKER_IMAGE .</span> <span class="s">docker tag $DOCKER_IMAGE "${{ secrets.ECR_REPOSITORY }}:${{ inputs.app-name }}-${{ steps.vars.outputs.sha }}"</span> <span class="s">docker tag $DOCKER_IMAGE "${{ secrets.ECR_REPOSITORY }}:latest"</span> <span class="s">docker push $DOCKER_IMAGE</span> <span class="s">docker push "${{ secrets.ECR_REPOSITORY }}:${{ inputs.app-name }}-${{ steps.vars.outputs.sha }}"</span> <span class="s">docker push "${{ secrets.ECR_REPOSITORY }}:latest"</span> <span class="na">deploy-prod</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy Production Lambda</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.ref == 'refs/heads/main'</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">build-docker</span> <span class="na">permissions</span><span class="pi">:</span> <span class="na">id-token</span><span class="pi">:</span> <span class="s">write</span> <span class="na">contents</span><span class="pi">:</span> <span class="s">read</span> <span class="na">defaults</span><span class="pi">:</span> <span class="na">run</span><span class="pi">:</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">./handler</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Configure AWS credentials</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/configure-aws-credentials@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">role-to-assume</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_OIDC_ROLE_ARN }}</span> <span class="na">aws-region</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_REGION }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy Production Lambda</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/aws-lambda-deploy@v1.1.0</span> <span class="na">with</span><span class="pi">:</span> <span class="na">function-name</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_LAMBDA_FUNCTION_NAME }}</span> <span class="na">package-type</span><span class="pi">:</span> <span class="s">Image</span> <span class="na">image-uri</span><span class="pi">:</span> <span class="s">${{ secrets.ECR_REPOSITORY }}:${{ inputs.app-name }}-${{ needs.build-docker.outputs.sha }}</span> </code></pre> </div> <p>And if everything is correct, we will be in a position to test Amazon Bedrock.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7otc5gbv6bo4pjg8z04g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7otc5gbv6bo4pjg8z04g.png" alt="Github actions" width="800" height="259"></a></p> <h2> Testing </h2> <p>Let's perform a test. From our terminal, we can make the following query and observe the result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-sS</span> <span class="s2">"https://123456.execute-api.us-west-2.amazonaws.com/dev/"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"prompt":"Heeey hoe gaat het?"}'</span> | jq </code></pre> </div> <p>The expected output is something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"success"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Hoi! Het gaat prima, bedankt voor het vragen. Hoe gaat het met jou? Is er iets waar ik je kan helpen of iets waar je graag over wilt praten?"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>I call that a <strong>success</strong>.</p> <h2> <strong>Observability</strong> </h2> <p>It is important to mention that we can monitor any errors from <strong>CloudWatch</strong>, so we don't have to navigate in the dark.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F09miq1bxzmogjho0akz7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F09miq1bxzmogjho0akz7.png" alt="Cloudwatch Dashboard" width="800" height="176"></a></p> <h2> <strong>Cleaning</strong> </h2> <p>Finally, we clean up the resources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform destroy ... Destroy <span class="nb">complete</span><span class="o">!</span> Resources: 26 destroyed. </code></pre> </div> <h2> Conclusions </h2> <p>Overall, implementing this GenAI service using AWS serverless components was quite straightforward.</p> <p>The combination of API Gateway, AWS Lambda, and Amazon Bedrock, specifically with the Nova Micro model, proves to be not only functional but also incredibly cost-effective. The analysis showed that this solution remains exceptionally inexpensive, even when (manually) scaling traffic significantly.</p> <p>By leveraging Terraform for infrastructure management and GitHub Actions for the CI/CD pipeline, we achieved a robust and fully automated deployment process.</p> <p>Finally, even by excluding aspects like authentication, it provides a solid and scalable foundation for building more complex Generative AI applications.</p> bedrock aws lambda apigateway