DEV Community: Soushi Hiruta

ECR can create automaticaly when image pushed

Soushi Hiruta — Sun, 21 Dec 2025 21:51:42 +0000

ECR can create automaticaly when image pushed

Update

https://aws.amazon.com/about-aws/whats-new/2025/12/amazon-ecr-creating-repositories-on-push/

Repository Create Template

Frist need to create Repository Create template.

Specific Prefix ECR Automaticaly create or You can create any repository.

Whether to overwrite image tags or not can be set at the template creation stage.

Try

docker buildx build -t test-auto-create --platform=linux/amd64 .

aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin xxxxxxxxxxxx.dkr.ecr.us-west-2.amazonaws.com

docker tag 3413614e55cd xxxxxxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/test-auto-create:latest

docker push xxxxxxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/test-auto-create:latest

I verified this by running the aws ecr describe-repositories command before and after. You should be able to see that the ECR is created.

3a4,17
>             "repositoryArn": "arn:aws:ecr:us-west-2:xxxxxxxxxxxx:repository/test-auto-create",
>             "registryId": "xxxxxxxxxxxx",
>             "repositoryName": "test-auto-create",
>             "repositoryUri": "xxxxxxxxxxxx.dkr.ecr.us-west-2.amazonaws.com/test-auto-create",
>             "createdAt": "2025-12-21T12:39:57.362000+09:00",
>             "imageTagMutability": "IMMUTABLE",
>             "imageScanningConfiguration": {
>                 "scanOnPush": false
>             },
>             "encryptionConfiguration": {
>                 "encryptionType": "AES256"
>             }
>         },
>         {

Summary

ECR is also automatically created in the pull-through cache, which should make it easier to create pull cache repositories from ECR public or Docker Hub.

We want to achieve this configuration using only an Egress-only internet gateway with IPv6

Soushi Hiruta — Sun, 14 Dec 2025 09:44:56 +0000

When communicating externally from an IPv4 environment, it is generally considered standard to do so via a NAT Gateway. Since NAT Gateways incur charges based on traffic volume, we want to utilize IPv6 wherever possible.

Even Interface-type VPCEndpoints can add up to significant costs over time.

Created with VPCv2 constructs

import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { SubnetType, CfnEIP, CfnSubnet } from 'aws-cdk-lib/aws-ec2';
import  * as aws_ec2 from '@aws-cdk/aws-ec2-alpha';
import { IpAddressType } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
import { AvailabilityZoneRebalancing } from 'aws-cdk-lib/aws-ecs';


export class VPCSubnet extends Construct {
    constructor(scope: Construct, id: string) {
        super(scope, id);

        const myVpc = new aws_ec2.VpcV2(this, 'Vpc', {
          primaryAddressBlock: aws_ec2.IpAddresses.ipv4('10.1.0.0/16'),
          vpcName: 'vpc-Develop-Network',
         secondaryAddressBlocks: [aws_ec2.IpAddresses.amazonProvidedIpv6({
            cidrBlockName: 'AmazonProvided'
          })]
        });

        // Internet Gateway for Public Subnet
        const igw = new aws_ec2.InternetGateway(this, 'IGW', {
          vpc: myVpc
        });

        // Egress-Only Internet Gateway for IPv6
       const eigw = new aws_ec2.EgressOnlyInternetGateway(this, 'EIGW', {
          vpc: myVpc
        });

        // Public Subnets (Multi-AZ)
        const publicRouteTable = new aws_ec2.RouteTable(this, 'PublicRouteTable', {
          vpc: myVpc
        });

        publicRouteTable.addRoute('PublicIGWRoute', '0.0.0.0/0', { gateway: igw });

        const publicSubnetAZ1Name = cdk.Fn.join('', ['sub-public-', cdk.Fn.select(0, cdk.Fn.getAzs())]);
        const publicSubnetAZ1 = new aws_ec2.SubnetV2(this, 'PublicSubnetAZ1', {
          vpc: myVpc,
          subnetName: publicSubnetAZ1Name,
          availabilityZone: cdk.Fn.select(0, cdk.Fn.getAzs()),
          ipv4CidrBlock: new aws_ec2.IpCidr('10.1.0.0/24'),
          //ipv6CidrBlock: new aws_ec2.IpCidr(cdk.Fn.select(0, cdk.Fn.cidr(cdk.Fn.select(0, myVpc.ipv6CidrBlocks), 4, '64'))),
          subnetType: SubnetType.PUBLIC,
          routeTable: publicRouteTable
        });

        // Explicitly set Name tag
        const cfnPublicSubnetAZ1 = publicSubnetAZ1.node.defaultChild as CfnSubnet;
        cdk.Tags.of(cfnPublicSubnetAZ1).add('Name', publicSubnetAZ1Name);

        const publicSubnetAZ2Name = cdk.Fn.join('', ['sub-public-', cdk.Fn.select(1, cdk.Fn.getAzs())]);
        const publicSubnetAZ2 = new aws_ec2.SubnetV2(this, 'PublicSubnetAZ2', {
          vpc: myVpc,
          subnetName: publicSubnetAZ2Name,
          availabilityZone: cdk.Fn.select(1, cdk.Fn.getAzs()),
          ipv4CidrBlock: new aws_ec2.IpCidr('10.1.1.0/24'),
          //ipv6CidrBlock: new aws_ec2.IpCidr(cdk.Fn.select(1, cdk.Fn.cidr(cdk.Fn.select(0, myVpc.ipv6CidrBlocks), 4, '64'))),
          subnetType: SubnetType.PUBLIC,
          routeTable: publicRouteTable
        });

        // Explicitly set Name tag
        const cfnPublicSubnetAZ2 = publicSubnetAZ2.node.defaultChild as CfnSubnet;
        cdk.Tags.of(cfnPublicSubnetAZ2).add('Name', publicSubnetAZ2Name);

        // Elastic IP for NAT Gateway
       // const eip = new CfnEIP(this, 'NatEIP', {
       //   domain: 'vpc'
       // });

        // NAT Gateway in Public Subnet
      //  const natGateway = new aws_ec2.NatGateway(this, 'NatGateway', {
      //    subnet: publicSubnetAZ1,
      //    allocationId: eip.attrAllocationId
      //  });

        // Private Subnets (Multi-AZ) with NAT Gateway
        const privateRouteTable = new aws_ec2.RouteTable(this, 'PrivateRouteTable', {
          vpc: myVpc
        });

     //  privateRouteTable.addRoute('PrivateNatRoute', '0.0.0.0/0', { gateway: natGateway });
       privateRouteTable.addRoute('PrivateEIGWRoute', '::/0', { gateway: eigw });

        const privateSubnetAZ1Name = cdk.Fn.join('', ['sub-private-', cdk.Fn.select(0, cdk.Fn.getAzs())]);
        const privateSubnetAZ1 = new aws_ec2.SubnetV2(this, 'PrivateSubnetAZ1', {
          vpc: myVpc,
          subnetName: privateSubnetAZ1Name,
          availabilityZone: cdk.Fn.select(0, cdk.Fn.getAzs()),
          ipv4CidrBlock: new aws_ec2.IpCidr('10.1.2.0/24'),
          ipv6CidrBlock: new aws_ec2.IpCidr(cdk.Fn.select(2, cdk.Fn.cidr(cdk.Fn.select(0, myVpc.ipv6CidrBlocks), 4, '64'))),
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
          routeTable: privateRouteTable
        });

        // Explicitly set Name tag
        const cfnPrivateSubnetAZ1 = privateSubnetAZ1.node.defaultChild as CfnSubnet;
        cdk.Tags.of(cfnPrivateSubnetAZ1).add('Name', privateSubnetAZ1Name);

        const privateSubnetAZ2Name = cdk.Fn.join('', ['sub-private-', cdk.Fn.select(1, cdk.Fn.getAzs())]);
        const privateSubnetAZ2 = new aws_ec2.SubnetV2(this, 'PrivateSubnetAZ2', {
          vpc: myVpc,
          subnetName: privateSubnetAZ2Name,
          availabilityZone: cdk.Fn.select(1, cdk.Fn.getAzs()),
          ipv4CidrBlock: new aws_ec2.IpCidr('10.1.3.0/24'),
          ipv6CidrBlock: new aws_ec2.IpCidr(cdk.Fn.select(3, cdk.Fn.cidr(cdk.Fn.select(0, myVpc.ipv6CidrBlocks), 4, '64'))),
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
          routeTable: privateRouteTable
        });

        // Explicitly set Name tag
        const cfnPrivateSubnetAZ2 = privateSubnetAZ2.node.defaultChild as CfnSubnet;
        cdk.Tags.of(cfnPrivateSubnetAZ2).add('Name', privateSubnetAZ2Name);

    }
}

Verifying IPv6 Connectivity with Lambda

Confirmed in VPC Lambda with "Allow IPv6 traffic for dual-stack subnets" enabled

This is a simple function that retrieves the source IPv6 address accessed from Lambda via ifconfig.me.

import json
import urllib.request

import json
import urllib.request


def lambda_handler(event, context):
    """
    http://ifconfig.me/ 
    """
    try:

        # requestifconfig.me 
        with urllib.request.urlopen('http://ifconfig.me/', timeout=10) as response:
            ip_address = response.read().decode('utf-8').strip()

        return {
            'statusCode': 200,
            'body': json.dumps({
                'message': 'Successfully retrieved IP address',
                'ip_address': ip_address
            })
        }

    except urllib.error.URLError as e:
        # network error
        return {
            'statusCode': 500,
            'body': json.dumps({
                'message': 'Error retrieving IP address',
                'error': str(e)
            })
        }

    except Exception as e:
        # other error
        return {
            'statusCode': 500,
            'body': json.dumps({
                'message': 'Unexpected error occurred',
                'error': str(e)
            })
        }


# for local test
if __name__ == '__main__':
    # test event
    test_event = {}
    test_context = {}

    result = lambda_handler(test_event, test_context)
    print(json.dumps(result, indent=2, ensure_ascii=False))```
{% endraw %}
bash
Response:
{
  "statusCode": 200,
  "body": "{\"message\": \"Successfully retrieved IP address\", \"ip_address\": \"2600:1f13:94:1a02:ef65:ac4:50ab:5e1\"}"
}
{% raw %}

AWS Service

use_dualstack_endpoint True
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html

S3


python
        my_config = Config(
            use_dualstack_endpoint=True,
            retries={'max_attempts': 3, 'mode': 'standard'}
        )

        bucket_name = ''
        try:
            s3_resource = boto3.resource("s3",config=my_config)
            buckets = list(s3_resource.buckets.all())
            for bucket in buckets:
                bucket_name = bucket.name
                logger.info(bucket_name)

        except ClientError:
            logger.exception("Couldn't get buckets.")

S3 Bucket Get Success

DynamoDB



try:
            client = boto3.client('dynamodb',config=my_config)
            response = client.get_item(
                TableName='testTable',
                Key={
                    'id': {
                        'S': '1'
                    },
                }
            )
            print(response['Item'])

S3 Vectors


python
        try:

            bedrock = boto3.client("bedrock-runtime");
            client = boto3.client('s3vectors',config=my_config)
            response = bedrock.invoke_model(
                modelId="amazon.titan-embed-text-v2:0",
                body=json.dumps({"inputText": 'サンプル'})
            )

            # Extract embedding from response.
            model_response = json.loads(response["body"].read())
            embedding = model_response["embedding"]

            response = client.query_vectors(
                vectorBucketName='my-s3-vector-bucket',
                indexName='my-s3-vector-index',
                topK=3,
                queryVector={
                    'float32': embedding
                },
                returnMetadata=True,
                returnDistance=True
            )
            print(json.dumps(response["vectors"], indent=2))
        except ClientError:
            logger.exception("")

Bedrock Runtime

dualstack endpoint no support

ECS

ECS Fargate prioritizes IPv4 by default, so it attempts to connect via IPv4 even in IPv6 dual-stack environments.


bash
ResourceInitializationError: unable to pull secrets or registry auth: The task 
cannot pull registry auth from Amazon ECR: There is a connection issue between the 
task and Amazon ECR. Check your task network configuration. operation error ECR: 
GetAuthorizationToken, exceeded maximum number of attempts, 3, https response error 
StatusCode: 0, RequestID: , request send failed, Post 
"https://api.ecr.us-west-2.amazonaws.com/": dial tcp 34.223.26.183:443: i/o timeout

https://github.com/aws/containers-roadmap/issues/2641

EKS Kubernetes

The ECR dualstack endpoint exists, so images can be pulled via the Egress out internet Gateway.

Initially, there was an issue where pulling was not possible.

Kubernetes supports IPv4/IPv6 dualstack, but EKS can only be configured as an IPv6-only cluster.

https://docs.aws.amazon.com/eks/latest/best-practices/ipv6.html

Summary

More services are becoming IPv6-capable. However, since some services still cannot use it, the current approach is to use VPC Endpoints alongside them.

Amazon Bedrock AgentCore Frist impression

Soushi Hiruta — Mon, 21 Jul 2025 02:27:46 +0000

Ths blog is English translation of The following blog.
https://zenn.dev/clouddevcode/articles/53713a1bd72fb7

We tried out a service that allows you to deploy Amazon Bedrock AgentCore, an AI agent announced at AWS Summit NYC, in a managed environment using a sample application.

https://aws.amazon.com/bedrock/agentcore/

StrandsAgent Sample Application

This is the code for using Knowledge MCP from Strands Agnent.

from strands import Agent
from mcp.client.streamable_http import streamablehttp_client
from strands.tools.mcp import MCPClient
from strands.models import BedrockModel
from bedrock_agentcore.runtime import BedrockAgentCoreApp


app = BedrockAgentCoreApp()
bedrock_model = BedrockModel(
   model_id="us.anthropic.claude-sonnet-4-20250514-v1:0"
)

@app.entrypoint
async def invoke(payload):

    streamable_http_mcp_client = MCPClient(lambda: streamablehttp_client(
       "https://knowledge-mcp.global.api.aws")
    )
    # Create an agent with MCP tools
    with streamable_http_mcp_client:
       # Get the tools from the MCP server
       tools = streamable_http_mcp_client.list_tools_sync()
       agent = Agent(model=bedrock_model,tools=tools)
       user_message = payload.get("prompt","hello")
       stream = agent.stream_async(user_message)
       async for event in stream:
         print(event)
         yield(event)
    #       

if __name__ == "__main__":
    app.run()

Deploying to Bedrock AgentCore

When deploying a new revision with the agentcore run described later, the latest tag will be overwritten, so create an ECR, but make sure to set Tag immutability to Mutable.

uv run agentcore configure --entrypoint main.py -er $IAM_ROLE_ARN

uv run agentcore run

:::message
When deploying AgentCore, the following error occurred. This was caused by the installed boto3 not being compatible with Bedrock AgentCore. Please upgrade boto3.
Launch failed: Unknown service: 'bedrock-agentcore-control'. Valid service
:::

AgentCore currently only supports the ARM architecture, and there may be issues when building from an Intel architecture environment.
You will need to set up a multi-platform build environment using QEMU.
https://qiita.com/hayao_k/items/aed1b7062ba403d70a12

It seems that this can be addressed using CodeBuild, but as mentioned in the issue below, it is not yet supported in 0.1.0.
agentcore run --codebuild

Frontend

By calling invoke_agent_runtime from Streamlint, you can easily create a chat UI.

https://github.com/minorun365/bedrock-agentcore-sample/blob/main/frontend/client.py

Logging

AgentCore logs are output only to Cloudwatch Logs.

All logs from the prompt and Tool use process are also recorded.

{
    "resource": {
        "attributes": {
            "deployment.environment.name": "bedrock-agentcore:default",
            "aws.local.service": "main.DEFAULT",
            "service.name": "main.DEFAULT",
            "cloud.region": "us-west-2",
            "aws.log.stream.names": "runtime-logs",
            "telemetry.sdk.name": "opentelemetry",
            "aws.service.type": "gen_ai_agent",
            "telemetry.sdk.language": "python",
            "cloud.provider": "aws",
            "cloud.resource_id": "arn:aws:bedrock-agentcore:us-west-2:xxxxxxxxxxxx:runtime/main-rVLdVz8WIg/runtime-endpoint/DEFAULT:DEFAULT",
            "aws.log.group.names": "/aws/bedrock-agentcore/runtimes/main-rVLdVz8WIg-DEFAULT",
            "telemetry.sdk.version": "1.33.1",
            "cloud.platform": "aws_bedrock_agentcore",
            "telemetry.auto.version": "0.1.6-aws"
        }
    },
    "scope": {
        "name": "opentelemetry.instrumentation.botocore.bedrock-runtime",
        "schemaUrl": "https://opentelemetry.io/schemas/1.30.0"
    },
    "timeUnixNano": 1752890294921734500,
    "observedTimeUnixNano": 1752890294921745001,
    "severityNumber": 9,
    "severityText": "",
    "body": {
        "content": [
            {
                "text": "describe best practice about vpc lattice"
            }
        ]
    },
    "attributes": {
        "event.name": "gen_ai.user.message",
        "gen_ai.system": "aws.bedrock"
    },
    "flags": 1,
    "traceId": "687afbb1fd5cc8569d31603b101fdc6c",
    "spanId": "a79e2e26dfb98b99"
}

In addition, OpenTelemetry trace information is also recorded in Cloudwatch Custom Metrics.
Since Cloudwatch Agent does not support histogram metrics, response times are not supported.
We are also concerned about the cost of writing large amounts of data to custom metrics.
We hope that Amazon will support Amazon managed for prometheus in the future.

{
    "_aws": {
        "Timestamp": 1752883420402,
        "CloudWatchMetrics": [
            {
                "Namespace": "bedrock-agentcore",
                "Dimensions": [
                    [
                        "http.scheme",
                        "http.host",
                        "http.flavor",
                        "http.method",
                        "http.server_name"
                    ]
                ],
                "Metrics": [
                    {
                        "Name": "http.server.active_requests"
                    }
                ]
            }
        ]
    },
    "Version": "1",
    "otel.resource.telemetry.sdk.language": "python",
    "otel.resource.telemetry.sdk.name": "opentelemetry",
    "otel.resource.telemetry.sdk.version": "1.33.1",
    "otel.resource.service.name": "main.DEFAULT",
    "otel.resource.aws.log.group.names": "/aws/bedrock-agentcore/runtimes/main-rVLdVz8WIg-DEFAULT",
    "otel.resource.aws.log.stream.names": "runtime-logs",
    "otel.resource.deployment.environment.name": "bedrock-agentcore:default",
    "otel.resource.cloud.resource_id": "arn:aws:bedrock-agentcore:us-west-2:xxxxxxxxxxxx:runtime/main-rVLdVz8WIg/runtime-endpoint/DEFAULT:DEFAULT",
    "otel.resource.cloud.platform": "aws_bedrock_agentcore",
    "otel.resource.cloud.provider": "aws",
    "otel.resource.cloud.region": "us-west-2",
    "otel.resource.telemetry.auto.version": "0.1.6-aws",
    "otel.resource.aws.local.service": "main.DEFAULT",
    "otel.resource.aws.service.type": "gen_ai_agent",
    "http.server.active_requests": 0,
    "http.scheme": "http",
    "http.host": "127.0.0.1:8080",
    "http.flavor": "1.1",
    "http.method": "GET",
    "http.server_name": "localhost:8080"
}

Ping requests are sent every minute, so the above trace information is buried.

INFO:     127.0.0.1:40694 - "GET /ping HTTP/1.1" 200 OK

I tried Strands Agent

Soushi Hiruta — Sun, 18 May 2025 08:05:50 +0000

One day before AWS release Strands Agent.

https://aws.amazon.com/blogs/opensource/introducing-strands-agents-an-open-source-ai-agents-sdk/

Like OpenAI Agent SDK and Google's Agent Development Kit, you can easily create agents.
model_id property omit, Claude 3.7 Sonnet v1 use on us-west-2 (Oregon region).

module install

We use uv to manage Python module versions.

uv init
uv add strands-agents strands-agents-tools boto3

The Following code is call mcp-server-fetch MCP Server

Code Sample

from strands import Agent
from mcp import stdio_client, StdioServerParameters
from strands.tools.mcp import MCPClient
from strands.models import BedrockModel
import boto3

def main():
    session = boto3.Session(
       region_name='us-west-2',
    )

    bedrock_model = BedrockModel(
      model_id="us.anthropic.claude-3-5-haiku-20241022-v1:0",
      boto_session=session
    )

    stdio_mcp_client = MCPClient(lambda: stdio_client(
        StdioServerParameters(command="uvx", args=["mcp-server-fetch"])
    ))

    # Create an agent with MCP tools
    with stdio_mcp_client:
       # Get the tools from the MCP server
       tools = stdio_mcp_client.list_tools_sync()

       # Create an agent with these tools
       agent = Agent(model=bedrock_model,tools=tools)
       response = agent(" https://blog.generative-agents.co.jp/entry/2025-langchain-interrupt-day2-keynote についてまとめて")
       print(response)

if __name__ == "__main__":
    main()

Response

I'll fetch the content of that URL and summarize it for you.
Tool #1: fetch


申し訳ありません。記事の内容が途中で切れてしまいました。しかし、これまでの内容から、LangChain InterruptイベントのDay 2キーノートについて、主要なポイントをまとめます：

### キーノート概要：Harrison Chase氏によるLangChainの未来ビジョン

#### 1. LangChainの歴史と目的
- オープンソースプロジェクトとして始まり、AIプロトタイプ構築支援から企業へ進化
- ミッション：「インテリジェントエージェントをユビキタスにする」

#### 2. エージェント構築の核となる要素
- プロンプティング
- エンジニアリング
- プロダクトセンス・プロダクトスキル
- 機械学習（特にEvals）

#### 3. 現在のエージェントに関する3つの信念

##### a) 多様なモデルへの依存
- 異なるモデルの長所・短所を活かす
- モデル選択の自由度を提供

##### b) 信頼性の高いエージェントのためのコンテキスト制御
- LangGraphによるエージェントオーケストレーション
- ローレベルでの柔軟なエージェントフロー構築

##### c) エージェント構築はチームスポーツ
- LangSmithによる協業プラットフォーム提供
- オブザーバビリティ、評価、プロンプトエンジニアリングの統合

#### 4. 未来のエージェント像と新発表

##### a) AIオブザーバビリティの革新
- エージェント特有のインサイト提供
- ツール使用、軌跡の追跡

##### b) エージェントビルダーの民主化
- LangGraph Pre-built
- LangGraph Studio v2
- Open Agent Platform

##### c) エージェントデプロイメントの課題解決
- LangGraph Platform GAリリース
- 長時間実行、ステートフル、不安定な出力への対応

#### 5. 2025年の展望
- 多くのエージェントが実稼働を開始
- 「エージェントエンジニア」という新しい職種の確立

Harrison Chase氏は、2025年がエージェント元年となり、インテリジェントエージェントが広く普及し始める年になると力強く述べました。

申し訳ありません。記事の内容が途中で切れてしまいました。しかし、これまでの内容から、LangChain InterruptイベントのDay 2キーノートについて、主要なポイントをまとめます：

### キーノート概要：Harrison Chase氏によるLangChainの未来ビジョン

#### 1. LangChainの歴史と目的
- オープンソースプロジェクトとして始まり、AIプロトタイプ構築支援から企業へ進化
- ミッション：「インテリジェントエージェントをユビキタスにする」

#### 2. エージェント構築の核となる要素
- プロンプティング
- エンジニアリング
- プロダクトセンス・プロダクトスキル
- 機械学習（特にEvals）

#### 3. 現在のエージェントに関する3つの信念

##### a) 多様なモデルへの依存
- 異なるモデルの長所・短所を活かす
- モデル選択の自由度を提供

##### b) 信頼性の高いエージェントのためのコンテキスト制御
- LangGraphによるエージェントオーケストレーション
- ローレベルでの柔軟なエージェントフロー構築

##### c) エージェント構築はチームスポーツ
- LangSmithによる協業プラットフォーム提供
- オブザーバビリティ、評価、プロンプトエンジニアリングの統合

#### 4. 未来のエージェント像と新発表

##### a) AIオブザーバビリティの革新
- エージェント特有のインサイト提供
- ツール使用、軌跡の追跡

##### b) エージェントビルダーの民主化
- LangGraph Pre-built
- LangGraph Studio v2
- Open Agent Platform

##### c) エージェントデプロイメントの課題解決
- LangGraph Platform GAリリース
- 長時間実行、ステートフル、不安定な出力への対応

#### 5. 2025年の展望
- 多くのエージェントが実稼働を開始
- 「エージェントエンジニア」という新しい職種の確立

Harrison Chase氏は、2025年がエージェント元年となり、インテリジェントエージェントが広く普及し始める年になると力強く述べました。

It seems that only Claude 3.5 Sonnet v2 does not read the tool.Not 100% reproducible

The follwing response by using Cluade 3.5 Sonnet v2.

このURLが存在していないため、そのブログ投稿にアクセスすることはできません。URLのドメイン "generative-agents.co.jp" は架空のものに見え、また2025年の日付を含んでいることから、このURLは実際には存在しないものと思われます。

実在するブログ記事やウェブサイトについてまとめてほしい場合は、有効なURLを共有していただければと思います。アクセス可能な記事であれば、その内容を要約してお伝えすることができます。このURLが存在していないため、そのブログ投稿にアクセスすることはできません。URLのドメイン "generative-agents.co.jp" は架空のものに見え、また2025年の日付を含んでいることから、このURLは実際には存在しないものと思われます。

実在するブログ記事やウェブサイトについてまとめてほしい場合は、有効なURLを共有していただければと思います。アクセス可能な記事であれば、その内容を要約してお伝えすることができます。

Strands Agent use Gemini Model and so on by using LiteLLMModel.

[AWS] EKS Auto Mode Node lifecycle [EKS]

Soushi Hiruta — Thu, 08 May 2025 23:16:15 +0000

Introduction

Node Lifecycle

nodes launched by EKS Auto Mode have a maximum lifetime of 21 days (which you can reduce), after which they are automatically replaced with new nodes.

Terminates instances after 336 hours by default
https://docs.aws.amazon.com/eks/latest/userguide/create-node-pool.html

      spec:
        expireAfter: 336h

The upper use Node disruption.
https://karpenter.sh/docs/concepts/disruption/

Karpenter automatically discovers disruptable nodes and spins up replacements when needed.

Concept of Disruption Controller

Deciding the priority of interrupted nodes
Interruption node checks disruption budget

spec.disruption.budgets. If undefined, Karpenter will default to one budget with nodes: 10%

  spec:
    disruption:
      budgets:
      - nodes: 10%

The need for replacement nodes

        taints:
        - effect: NoSchedule
          key: CriticalAddonsOnly
        terminationGracePeriod: 24h0m0s

By assigning CriticalAddonsOnly as a taint to a node, you can prevent Pods other than system Pods from being deployed to that node.

Wait until the replacement node starts up.

Delete the node(s) and wait for the Termination Controller to gracefully shutdown the node(s).

Consolidation is configured by consolidationPolicy and consolidateAfter.

  spec:
    disruption:
      budgets:
      - nodes: 10%
      consolidateAfter: 30s

This can be used in cases where ECS application spin-up is slow, to delay node replacement to a certain extent.

Multi Node Consolidation - Try to delete two or more nodes in parallel, possibly launching a single replacement whose price is lower than that of all nodes being removed

Node resource efficiency is automatically adjusted by adjusting the node instance type.

Using preferred anti-affinity and topology spreads can reduce the effectiveness of consolidation

When using anti-affinity or topology, this setting takes precedence.

If interruption-handling is enabled, Karpenter will watch for upcoming involuntary interruption events that would cause disruption to your workloads.

It is advisable to monitor interrupt events.

Node Auto Repair is a feature that automatically identifies and replaces unhealthy nodes in your cluster,but node repair feature is alpha feature.

Since APIs other than GA cannot be enabled with EKS Feature gate, I believe this cannot be used.

Try Custom NodePool

Get Nodepools

kubectl get nodepools  -o yaml > nodepools.yaml

expireAfter parameter edit

kubectl apply -f nodepools.yaml

The settings will be reflected immediately.

Fargate Spot Capacity rack

Soushi Hiruta — Sat, 22 Mar 2025 05:17:52 +0000

As AWS Community Builder 2025 ( Container category ) First post.

I am using Fargate ondemand and Fargate Spot together, but
it seems that the resources are running low, and the frequency of Spot interruptions has increased compared to three months ago. I am using it in the Tokyo region.

service xxxx was unable to place a task. Reason: Capacity is unavailable at this time. Please try again later or in a different availability zone.

Adjusting the grace period when replacing FargateSpot
No base number setting

Fargate Spot

You can give yourself more time after the SIGKILL event. The default time you have to wait before replacing a spot is 30 seconds, so you can change it to 120 seconds.
Can be set using the stopTimeout in the task definition

From Sep 6, 2204 Fargate Spot can use in ARM architecture.

Amazon ECS now supports AWS Graviton-based Spot compute with AWS Fargate

ECS Capacity Provider

Base
Do not specify the minimum number of tasks for the specified capacity provider. Default: 0
It seems better not to specify this in Spot. Do not specify the minimum number of tasks for the specified capacity provider. Default: 0

Weight
Set the startup ratio for Capacity Provider

Setting

ECS Trouble Shooting

Checking the occurrence status of FargateSpot

If the following event occurs in EventBridge, it is output to Cloudwatch Logs.

source aws.ecs
detail-type ECS Task State Change
stopCode SpotInterruption

Amazon ECS task state change events

Use the Metrics filter to set the number of occurrences to a custom metric.

You can check this on the console, but if the task stops, you won't be able to check it.
Recently, the reason why a task has stopped has started to be displayed in detail, but it disappears, so we recommend that you keep it in Cloudwatch Logs.

Linkedln and check out my blog for all my blog posts. Blog content is almost in Japanese.