diff --git a/.header.md b/.header.md index dbc9ab0..899609d 100644 --- a/.header.md +++ b/.header.md @@ -2,42 +2,64 @@ ## Overview -Integrate Amazon Bedrock to your HashiCorp Cloud Platform Terraform (Terraform Cloud) Run Tasks for: +Enhance your HashiCorp Cloud Platform Terraform (Terraform Cloud) workflows with AI-powered analysis using Amazon Bedrock. This module integrates seamlessly as a Run Task to provide: -* Analyzing Terraform plan and generate short-summary +* Intelligent Terraform plan analysis with concise, human-friendly summaries +* Advanced function calling capabilities for extended analysis (e.g., AMI evaluation) +* Responsible AI implementation with customizable guardrails -* Function calling for other API-based analysis (e.g AMI analysis) +### Key Features -### Terraform plan summary +1. **AI-Powered Plan Summaries** + * Generate clear, natural language summaries of Terraform plan outputs + * Quickly understand the impact of infrastructure changes + ![Example](./images/example.png) -Summarize Terraform plan output in human friendly natural language. -![Example](./images/example.png) +2. **Extensible Analysis with Function Calling** + * Leverage AI to perform additional analyses, such as AMI evaluation + * Easily extend to other API-based tools and services + ![Example2](./images/example2.png) -### Function calling (AMI analysis) +3. **Responsible AI Integration** + * Implement Amazon Bedrock guardrails tailored to your organization's policies + * Ensure ethical and compliant AI usage in your infrastructure workflows + ![Example3](./images/example3.png) -Use function calling to execute other tools, such as analyzing AMI data. -![Example2](./images/example2.png) +4. **Secure Architecture** + * Designed for deployment in a dedicated AWS account + * Optional AWS WAF integration for enhanced endpoint protection + * Adherence to AWS security best practices -### Responsible AI +5. **Seamless Terraform Cloud Integration** + * Operates as a native Run Task within your Terraform Cloud workflow + * Provides insights without disrupting existing processes -Implement safeguards using Amazon Bedrock guardrails customized to your organization requirements and responsible AI policies -![Example3](./images/example3.png) +6. **Flexible and Customizable** + * Adapt the module to fit your specific organizational needs + * Easily configure and extend guardrails and analysis capabilities ## Architecture ![Diagram](./images/arch.png) -This module must be deployed in AWS account with access to Amazon Bedrock model. We recommend you to use hub-spoke model, by deploying this module in one dedicated account. - -Please refer to the [best-practice](#best-practice) section below for more details. +This module leverages a hub-spoke model, designed for deployment in a dedicated AWS account with Amazon Bedrock access. It utilizes AWS Lambda, CloudFront, and other AWS services to provide a scalable and secure solution. ## Prerequisites -To use this module you need have the following: +To implement this module, you'll need: + +1. An AWS account with appropriate credentials +2. Access to Amazon Bedrock (default model: Claude 3 Sonnet) +3. A HashiCorp Cloud Platform (HCP) Terraform account + +## Getting Started + +For detailed setup instructions and best practices, please refer to the sections below: + +* [Usage](#usage) +* [Best Practices](#best-practice) -1. AWS account and credentials -1. Amazon Bedrock model access (default model is `Claude 3 Sonnet`) -1. HCP Terraform account +Enhance your Terraform workflows with AI-powered insights while maintaining security and responsible AI practices. ## Usage diff --git a/README.md b/README.md index cc1a8b6..2124b1a 100644 --- a/README.md +++ b/README.md @@ -3,42 +3,64 @@ ## Overview -Integrate Amazon Bedrock to your HashiCorp Cloud Platform Terraform (Terraform Cloud) Run Tasks for: +Enhance your HashiCorp Cloud Platform Terraform (Terraform Cloud) workflows with AI-powered analysis using Amazon Bedrock. This module integrates seamlessly as a Run Task to provide: -* Analyzing Terraform plan and generate short-summary +* Intelligent Terraform plan analysis with concise, human-friendly summaries +* Advanced function calling capabilities for extended analysis (e.g., AMI evaluation) +* Responsible AI implementation with customizable guardrails -* Function calling for other API-based analysis (e.g AMI analysis) +### Key Features -### Terraform plan summary +1. **AI-Powered Plan Summaries** + * Generate clear, natural language summaries of Terraform plan outputs + * Quickly understand the impact of infrastructure changes + ![Example](./images/example.png) -Summarize Terraform plan output in human friendly natural language. -![Example](./images/example.png) +2. **Extensible Analysis with Function Calling** + * Leverage AI to perform additional analyses, such as AMI evaluation + * Easily extend to other API-based tools and services + ![Example2](./images/example2.png) -### Function calling (AMI analysis) +3. **Responsible AI Integration** + * Implement Amazon Bedrock guardrails tailored to your organization's policies + * Ensure ethical and compliant AI usage in your infrastructure workflows + ![Example3](./images/example3.png) -Use function calling to execute other tools, such as analyzing AMI data. -![Example2](./images/example2.png) +4. **Secure Architecture** + * Designed for deployment in a dedicated AWS account + * Optional AWS WAF integration for enhanced endpoint protection + * Adherence to AWS security best practices -### Responsible AI +5. **Seamless Terraform Cloud Integration** + * Operates as a native Run Task within your Terraform Cloud workflow + * Provides insights without disrupting existing processes -Implement safeguards using Amazon Bedrock guardrails customized to your organization requirements and responsible AI policies -![Example3](./images/example3.png) +6. **Flexible and Customizable** + * Adapt the module to fit your specific organizational needs + * Easily configure and extend guardrails and analysis capabilities ## Architecture ![Diagram](./images/arch.png) -This module must be deployed in AWS account with access to Amazon Bedrock model. We recommend you to use hub-spoke model, by deploying this module in one dedicated account. - -Please refer to the [best-practice](#best-practice) section below for more details. +This module leverages a hub-spoke model, designed for deployment in a dedicated AWS account with Amazon Bedrock access. It utilizes AWS Lambda, CloudFront, and other AWS services to provide a scalable and secure solution. ## Prerequisites -To use this module you need have the following: +To implement this module, you'll need: + +1. An AWS account with appropriate credentials +2. Access to Amazon Bedrock (default model: Claude 3 Sonnet) +3. A HashiCorp Cloud Platform (HCP) Terraform account + +## Getting Started + +For detailed setup instructions and best practices, please refer to the sections below: + +* [Usage](#usage) +* [Best Practices](#best-practice) -1. AWS account and credentials -1. Amazon Bedrock model access (default model is `Claude 3 Sonnet`) -1. HCP Terraform account +Enhance your Terraform workflows with AI-powered insights while maintaining security and responsible AI practices. ## Usage diff --git a/VERSION b/VERSION index 8ce995b..a92e827 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.0.3 \ No newline at end of file +v0.0.4 \ No newline at end of file diff --git a/images/example.png b/images/example.png index cfb47a7..86cafeb 100644 Binary files a/images/example.png and b/images/example.png differ diff --git a/lambda/runtask_fulfillment/ai.py b/lambda/runtask_fulfillment/ai.py index aed428b..b23de79 100644 --- a/lambda/runtask_fulfillment/ai.py +++ b/lambda/runtask_fulfillment/ai.py @@ -8,6 +8,7 @@ from runtask_utils import generate_runtask_result from tools.get_ami_releases import GetECSAmisReleases from utils import logger, stream_messages, tool_config +import xml.etree.ElementTree as ET # Initialize model_id and region model_id = os.environ.get("BEDROCK_LLM_MODEL") @@ -180,7 +181,14 @@ def eval(tf_plan_json): # Add response to message history messages.append(response) - result = response["content"][0]["text"] + # Try to parse output as XML and look for the tag + try: + root = ET.fromstring(response["content"][0]["text"]) + result = root.find("result").text + logger.info("Parsed : {}".format(result)) + except Exception as e: + result = response["content"][0]["text"] + logger.info("Non Parsed : {}".format(result)) ##################################################################### ######### Third, generate short summary ######### @@ -188,7 +196,12 @@ def eval(tf_plan_json): logger.info("##### Generating short summary #####") prompt = f""" - Can you provide a short summary with maximum of 150 characters of the infrastructure changes? + List the resources that will be created, modified or deleted in the following terraform plan using the following rules: + - Provide summary of the infrastructure changes + - Highlight major components of the changes such as what Terraform modules is executed + - Summarize what each Terraform modules does + - Highlight any resources that being replaced or deleted + - Highlight any outputs if available {tf_plan_json["resource_changes"]} @@ -214,7 +227,7 @@ def eval(tf_plan_json): guardrail_status, guardrail_response = guardrail_inspection(str(description)) if guardrail_status: - results.append(generate_runtask_result(outcome_id="Plan-Summary", description="Summary of Terraform plan", result=description[:700])) + results.append(generate_runtask_result(outcome_id="Plan-Summary", description="Summary of Terraform plan", result=description[:9000])) # body max limit of 10,000 chars else: results.append(generate_runtask_result(outcome_id="Plan-Summary", description="Summary of Terraform plan", result="Output omitted due to : {}".format(guardrail_response))) description = "Bedrock guardrail triggered : {}".format(guardrail_response) @@ -225,7 +238,8 @@ def eval(tf_plan_json): else: results.append(generate_runtask_result(outcome_id="AMI-Summary", description="Summary of AMI changes", result="Output omitted due to : {}".format(guardrail_response))) - return description, results + runtask_high_level ="Terraform plan analyzer using Amazon Bedrock, expand the findings below to learn more. Click `view more details` to get the detailed logs" + return runtask_high_level, results def guardrail_inspection(input_text, input_mode = 'OUTPUT'):