I wanted to play with AI agents and AWS AgentCore. But I didn't want to spend a day wrestling with IAM trust policies, ECR repositories, CloudWatch log groups, and managed policies.
So I used my own platform.
The problem
Deploying an AI agent on AWS AgentCore requires at least 8 resources: an IAM role with a specific trust policy for bedrock-agentcore.amazonaws.com, a managed policy with Bedrock and ECR permissions, an ECR repository, a CloudWatch log group, the AgentCore Runtime itself, an endpoint, and optionally memory and a code interpreter.
Getting the trust policy right took three failed deployments. First, bedrock.amazonaws.com wasn't enough — AgentCore has its own service principal. Then the ECR permissions were missing from the policy. Then the container image was built for amd64 but AgentCore runs on arm64 (Graviton). Each failure meant a full rollback and retry.
This is exactly the kind of infrastructure maze that makes developers avoid cloud services and wait for Jira tickets instead.
The solution
I wrote a Pulumi template encoding all of those learnings — the correct trust policy, the right permissions, arm64 container support, the dependency ordering. Added it to AskArchie's blueprint catalog.
Now anyone on my team can deploy a production AI agent by filling a form:
- Agent name
- Model (defaults to Claude Sonnet 4)
- System prompt
- Region (locked by the Platform Engineer)
- Environment (dev/staging/prod)
Fork the blueprint. Fill 5 fields. Click deploy. 4 minutes later: AgentCore Runtime running, endpoint reachable, memory enabled, logs streaming.
The result
I built a Strands agent with 5 tools that call AskArchie's own API. The agent can:
- List all infrastructure stacks across AWS, Azure, and GCP
- Get details on any specific stack
- Check drift status across all stacks
- Browse the blueprint catalog
- Trigger drift detection on a specific stack
I asked it: "List my current stacks with details"
It called the API, found 2 stacks with critical drift, and returned a formatted report with resource names, severity, and what changed. Real data from real infrastructure.
An AI agent deployed BY the platform, managing the platform. The infrastructure took 4 minutes. The IaC took zero lines. The governance came built in.
What this proves
AskArchie isn't just for VPCs and load balancers. Any infrastructure that can be defined in Pulumi can become a governed blueprint. AI agent stacks, data pipelines, ML training environments — the pattern is the same. Template it once. Govern it forever.
Try it
The live demo is open — no signup required: askarchie.io
The full platform walkthrough: YouTube
Top comments (0)