AWS Agent Backend Implementations
Status: 🟢 In-use Category: Integrations Date: November 5, 2025 (consolidated)
The AWS agent supports two backend implementations:
Testing Both Implementations​
Test LangGraph Backend (Default):​
curl -X POST http://localhost:8002 \
-H "Content-Type: application/json" \
-H "Accept: text/event-stream" \
-d '{"id":"test","method":"message/stream","params":{"message":{"role":"user","parts":[{"kind":"text","text":"list EKS clusters"}]}}}'
# Look for tool notifications:
# 🔧 Aws: Calling tool: ...
# ✅ Aws: Tool ... completed
Test Strands Backend:​
export AWS_AGENT_BACKEND=strands
# Restart agent
docker-compose -f docker-compose.dev.yaml restart agent-aws-p2p
curl -X POST http://localhost:8002 \
-H "Content-Type: application/json" \
-H "Accept: text/event-stream" \
-d '{"id":"test","method":"message/stream","params":{"message":{"role":"user","parts":[{"kind":"text","text":"list EKS clusters"}]}}}'
# No tool notifications, just chunked content
AWS ECS MCP Server Integration
Overview​
Added support for the AWS ECS MCP Server to the AWS Agent, enabling comprehensive Amazon Elastic Container Service (ECS) management capabilities. This integration allows AI assistants to help users with the full lifecycle of containerized applications on AWS.
What Changed​
1. AWS Agent System Prompt Enhancement​
Files:
ai_platform_engineering/agents/aws/agent_aws/agent.pyai_platform_engineering/agents/aws/agent_aws/agent_langgraph.py
Added ECS capabilities to the system prompt, organized into four main categories:
ECS Container Management​
- Containerize web applications with best practices guidance
- Deploy containerized applications to Amazon ECS using Fargate
- Configure Application Load Balancers (ALBs) for web traffic
- Generate and apply CloudFormation templates for ECS infrastructure
- Manage VPC endpoints for secure AWS service access
- Implement deployment circuit breakers with automatic rollback
- Enable enhanced Container Insights for monitoring
ECS Resource Operations​
- List and describe ECS clusters, services, and tasks
- Manage task definitions and capacity providers
- View and manage ECR repositories and container images
- Create, update, and delete ECS resources
- Run tasks, start/stop tasks, and execute commands on containers
- Configure auto-scaling policies and health checks
ECS Troubleshooting​
- Diagnose ECS deployment issues and task failures
- Fetch CloudFormation stack status and service events
- Retrieve CloudWatch logs for application diagnostics
- Detect and resolve image pull failures
- Analyze network configurations (VPC, subnets, security groups)
- Get deployment status and ALB URLs
Security & Best Practices​
- Implement AWS security best practices for container deployments
- Manage IAM roles with least-privilege permissions
- Configure network security groups and VPC settings
- Access AWS Knowledge for ECS documentation and new features
2. MCP Client Configuration​
Added ECS MCP client configuration with security controls:
if enable_ecs_mcp:
logger.info("Creating ECS MCP client...")
ecs_env = env_vars.copy()
# Security controls (default to safe values)
allow_write = os.getenv("ECS_MCP_ALLOW_WRITE", "false").lower() == "true"
allow_sensitive_data = os.getenv("ECS_MCP_ALLOW_SENSITIVE_DATA", "false").lower() == "true"
ecs_env["ALLOW_WRITE"] = "true" if allow_write else "false"
ecs_env["ALLOW_SENSITIVE_DATA"] = "true" if allow_sensitive_data else "false"
ecs_client = MCPClient(lambda: stdio_client(
StdioServerParameters(
command="uvx",
args=["awslabs.ecs-mcp-server@latest"],
env=ecs_env
)
))
clients.append(("ecs", ecs_client))
3. Documentation Updates​
File: ai_platform_engineering/agents/aws/README.md
- Updated agent title from "AWS EKS AI Agent" to "AWS AI Agent" to reflect multi-service support
- Added ECS Management feature description
- Added ECS environment variable configuration
- Added security notes for ECS write operations and sensitive data access
Benefits​
- Comprehensive Container Management: Full lifecycle management from containerization to deployment
- Infrastructure as Code: Automated CloudFormation template generation
- Built-in Troubleshooting: Diagnostic tools for common ECS issues
- Security First: Default secure configuration with opt-in permissions
- ECR Integration: Direct access to container registries
- Load Balancer Support: Automatic ALB configuration and URL management
- Monitoring: Container Insights and CloudWatch integration
- AWS Knowledge Base: Access to latest ECS documentation and best practices