Streamline AWS useful resource troubleshooting with Amazon Bedrock Brokers and AWS Help Automation Workflows

As AWS environments develop in complexity, troubleshooting points with sources can develop into a frightening process. Manually investigating and resolving issues might be time-consuming and error-prone, particularly when coping with intricate techniques. Luckily, AWS supplies a strong instrument referred to as AWS Help Automation Workflows, which is a group of curated AWS Techniques Supervisor self-service automation runbooks. These runbooks are created by AWS Help Engineering with finest practices discovered from fixing buyer points. They permit AWS prospects to troubleshoot, diagnose, and remediate frequent points with their AWS sources.

Amazon Bedrock is a totally managed service that gives a selection of high-performing basis fashions (FMs) from main AI firms like AI21 Labs, Anthropic, Cohere, Meta, Mistral AI, Stability AI, and Amazon by a single API, together with a broad set of capabilities to construct generative AI functions with safety, privateness, and accountable AI. Utilizing Amazon Bedrock, you possibly can experiment with and consider high FMs on your use case, privately customise them along with your knowledge utilizing strategies comparable to fine-tuning and Retrieval Augmented Technology (RAG), and construct brokers that execute duties utilizing your enterprise techniques and knowledge sources. As a result of Amazon Bedrock is serverless, you don’t should handle infrastructure, and you may securely combine and deploy generative AI capabilities into your functions utilizing the AWS providers you might be already aware of.

On this put up, we discover tips on how to use the facility of Amazon Bedrock Brokers and AWS Help Automation Workflows to create an clever agent able to troubleshooting points with AWS sources.

Answer overview

Though the answer is flexible and might be tailored to make use of a wide range of AWS Help Automation Workflows, we deal with a particular instance: troubleshooting an Amazon Elastic Kubernetes Service (Amazon EKS) employee node that failed to affix a cluster. The next diagram supplies a high-level overview of troubleshooting brokers with Amazon Bedrock.

Our resolution is constructed across the following key parts that work collectively to offer a seamless and environment friendly troubleshooting expertise:

• Amazon Bedrock Brokers – Amazon Bedrock Brokers acts because the clever interface between customers and AWS Help Automation Workflows. It processes pure language queries to know the problem context and manages dialog stream to collect required info. The agent makes use of Anthropic’s Claude 3.5 Sonnet mannequin for superior reasoning and response technology, enabling pure interactions all through the troubleshooting course of.
• Amazon Bedrock agent motion teams – These motion teams outline the structured API operations that the Amazon Bedrock agent can invoke. Utilizing OpenAPI specs, they outline the interface between the agent and AWS Lambda capabilities, specifying the accessible operations, required parameters, and anticipated responses. Every motion group accommodates the API schema that tells the agent tips on how to correctly format requests and interpret responses when interacting with Lambda capabilities.
• Lambda Operate – The Lambda operate acts as the mixing layer between the Amazon Bedrock agent and AWS Help Automation Workflows. It validates enter parameters from the agent and initiates the suitable SAW runbook execution. It displays the automation progress whereas processing the technical output right into a structured format. When the workflow is full, it returns formatted outcomes again to the agent for person presentation.
• IAM function – The AWS Identification and Entry Administration (IAM) function supplies the Lambda operate with the mandatory permissions to execute AWS Help Automation Workflows and work together with required AWS providers. This function follows the precept of least privilege to take care of safety finest practices.
• AWS Help Automation Workflows – These pre-built diagnostic runbooks are developed by AWS Help Engineering. The workflows execute complete system checks primarily based on AWS finest practices in a standardized, repeatable method. They cowl a variety of AWS providers and customary points, encapsulating AWS Help’s intensive troubleshooting experience.

The next steps define the workflow of our resolution:

1. Customers begin by describing their AWS useful resource problem in pure language by the Amazon Bedrock chat console. For instance, “Why isn’t my EKS employee node becoming a member of the cluster?”
2. The Amazon Bedrock agent analyzes the person’s query and matches it to the suitable motion outlined in its OpenAPI schema. If important info is lacking, comparable to a cluster identify or occasion ID, the agent engages in a pure dialog to collect the required parameters. This makes certain that mandatory knowledge is collected earlier than continuing with the troubleshooting workflow.
3. The Lambda operate receives the validated request and triggers the corresponding AWS Help Automation Workflow. These SAW runbooks comprise complete diagnostic checks developed by AWS Help Engineering to determine frequent points and their root causes. The checks run robotically with out requiring person intervention.
4. The SAW runbook systematically executes its diagnostic checks and compiles the findings. These outcomes, together with recognized points and configuration issues, are structured in JSON format and returned to the Lambda operate.
5. The Amazon Bedrock agent processes the diagnostic outcomes utilizing chain of thought (CoT) reasoning, primarily based on the ReAct (synergizing reasoning and appearing) method. This allows the agent to investigate the technical findings, determine root causes, generate clear explanations, and supply step-by-step remediation steerage.

Throughout the reasoning part of the agent, the person is ready to view the reasoning steps.

Troubleshooting examples

Let’s take a more in-depth have a look at a standard problem we talked about earlier and the way our agent can help in troubleshooting it.

EKS employee node failed to affix EKS cluster

When an EKS employee node fails to affix an EKS cluster, our Amazon Bedrock agent might be invoked with the related info: cluster identify and employee node ID. The agent will execute the corresponding AWS Help Automation Workflow, which can carry out checks like verifying the employee node’s IAM function permissions and verifying the mandatory community connectivity.

The automation workflow will run all of the checks. Then Amazon Bedrock agent will ingest the troubleshooting, clarify the basis explanation for the problem to the person, and counsel remediation steps primarily based on the AWSSupport-TroubleshootEKSWorkerNode output, comparable to updating the employee node’s IAM function or resolving community configuration points, enabling them to take the mandatory actions to resolve the issue.

OpenAPI instance

Whenever you create an motion group in Amazon Bedrock, it’s essential to outline the parameters that the agent must invoke from the person. You can even outline API operations that the agent can invoke utilizing these parameters. To outline the API operations, we’ll create an OpenAPI schema in JSON:

"Body_troubleshoot_eks_worker_node_troubleshoot_eks_worker_node_post": {
        "properties": {
          "cluster_name": {
            "sort": "string",
            "title": "Cluster Identify",
            "description": "The identify of the EKS cluster"
          },
          "worker_id": {
            "sort": "string",
            "title": "Employee Id",
            "description": "The ID of the employee node"
          }
        },
        "sort": "object",
        "required": [
          "cluster_name",
          "worker_id"
        ],
        "title": "Body_troubleshoot_eks_worker_node_troubleshoot_eks_worker_node_post"
      }

The schema consists of the next parts:

• Body_troubleshoot_eks_worker_node_troubleshoot_eks_worker_node_post – That is the identify of the schema, which corresponds to the request physique for the troubleshoot-eks-worker_node POST endpoint.
• Properties – This part defines the properties (fields) of the schema:
  • “cluster_name” – This property represents the identify of the EKS cluster. It’s a string sort and has a title and outline.
  • “worker_id” – This property represents the ID of the employee node. It is usually a string sort and has a title and outline.
• Kind – This property specifies that the schema is an “object” sort, that means it’s a assortment of key-value pairs.
• Required – This property lists the required fields for the schema, which on this case are “cluster_name” and “employee _id”. These fields have to be supplied within the request physique.
• Title – This property supplies a human-readable title for the schema, which can be utilized for documentation functions.

The OpenAPI schema defines the construction of the request physique. To be taught extra, see Outline OpenAPI schemas on your agent’s motion teams in Amazon Bedrock and OpenAPI specification.

Lambda operate code

Now let’s discover the Lambda operate code:

@app.put up("/troubleshoot-eks-worker-node")
@tracer.capture_method
def troubleshoot_eks_worker_node(
    cluster_name: Annotated[str, Body(description="The name of the EKS cluster")],
    worker_id: Annotated[str, Body(description="The ID of the worker node")]
) -> dict:
    """
    Troubleshoot EKS employee node that failed to affix the cluster.

    Args:
        cluster_name (str): The identify of the EKS cluster.
        worker_id (str): The ID of the employee node.

    Returns:
        dict: The output of the Automation execution.
    """
    return execute_automation(
        automation_name="AWSSupport-TroubleshootEKSWorkerNode",
        parameters={
            'ClusterName': [cluster_name],
            'WorkerID': [worker_id]
        },
        execution_mode="TroubleshootWorkerNode"
    )

The code consists of the next parts

• app.put up(“/troubleshoot-eks-worker-node”, description=”Troubleshoot EKS employee node failed to affix the cluster”) – It is a decorator that units up a route for a POST request to the /troubleshoot-eks-worker-node endpoint. The outline parameter supplies a quick clarification of what this endpoint does.
• @tracer.capture_method – That is one other decorator that’s possible used for tracing or monitoring functions, presumably as a part of an software efficiency monitoring (APM) instrument. It captures details about the execution of the operate, such because the length, errors, and different metrics.
• cluster_name: str = Physique(description=”The identify of the EKS cluster”), – This parameter specifies that the cluster_name is a string sort and is predicted to be handed within the request physique. The Physique decorator is used to point that this parameter needs to be extracted from the request physique. The outline parameter supplies a quick clarification of what this parameter represents.
• worker_id: str = Physique(description=”The ID of the employee node”) – This parameter specifies that the worker_id is a string sort and is predicted to be handed within the request physique.
•  -> Annotated[dict, Body(description=”The output of the Automation execution”)] – That is the return sort of the operate, which is a dictionary. The Annotated sort is used to offer extra metadata concerning the return worth, particularly that it needs to be included within the response physique. The outline parameter supplies a quick clarification of what the return worth represents.

To hyperlink a brand new SAW runbook within the Lambda operate, you possibly can observe the identical template.

Stipulations

Ensure you have the next conditions:

Deploy the answer

Full the next steps to deploy the answer:

1. Clone the GitHub repository and go to the basis of your downloaded repository folder:

$ git clone https://github.com/aws-samples/sample-bedrock-agent-for-troubleshooting-aws-resources.git

$ cd bedrock-agent-for-troubleshooting-aws-resources

2. Set up native dependencies:

$ npm set up

3. Check in to your AWS account utilizing the AWS CLI by configuring your credential file (exchange <PROFILE_NAME> with the profile identify of your deployment AWS account):

$ export AWS_PROFILE=PROFILE_NAME

4. Bootstrap the AWS CDK surroundings (it is a one-time exercise and isn’t wanted in case your AWS account is already bootstrapped):

$ cdk bootstrap

5. Run the script to exchange the placeholders on your AWS account and AWS Area within the config information:

$ cdk deploy --all

Take a look at the agent

Navigate to the Amazon Bedrock Brokers console in your Area and discover your deployed agent. One can find the agent ID within the cdk deploy command output.

Now you can work together with the agent and take a look at troubleshooting a employee node not becoming a member of an EKS cluster. The next are some instance questions:

• I need to troubleshoot why my Amazon EKS employee node shouldn’t be becoming a member of the cluster. Are you able to assist me?
• Why this occasion <instance_ID> shouldn’t be capable of be part of the EKS cluster <Cluster_Name>?

The next screenshot exhibits the console view of the agent.

The agent understood the query and mapped it with the appropriate motion group. It additionally noticed that the parameters wanted are lacking within the person immediate. It got here again with a follow-up query to require the Amazon Elastic Compute Cloud (Amazon EC2) occasion ID and EKS cluster identify.

We are able to see the agent’s thought course of within the hint step 1. The agent assesses the subsequent step as able to name the appropriate Lambda operate and proper API path.

With the outcomes getting back from the runbook, the agent now opinions the troubleshooting consequence. It goes by the data and can begin writing the answer the place it supplies the directions for the person to observe.

Within the reply supplied, the agent was capable of spot all the problems and remodel that into resolution steps. We are able to additionally see the agent mentioning the appropriate info like IAM coverage and the required tag.

Clear up

When implementing Amazon Bedrock Brokers, there are not any extra expenses for useful resource building. Nonetheless, prices are incurred for embedding mannequin and textual content mannequin invocations on Amazon Bedrock, with expenses primarily based on the pricing of every FM used. On this use case, additionally, you will incur prices for Lambda invocations.

To keep away from incurring future expenses, delete the created sources by the AWS CDK. From the basis of your repository folder, run the next command:

$ npm run cdk destroy --all

Conclusion

Amazon Bedrock Brokers and AWS Help Automation Workflows are highly effective instruments that, when mixed, can revolutionize AWS useful resource troubleshooting. On this put up, we explored a serverless software constructed with the AWS CDK that demonstrates how these applied sciences might be built-in to create an clever troubleshooting agent. By defining motion teams throughout the Amazon Bedrock agent and associating them with particular situations and automation workflows, we’ve developed a extremely environment friendly course of for diagnosing and resolving points comparable to Amazon EKS employee node failures.

Our resolution showcases the potential for automating complicated troubleshooting duties, saving time and streamlining operations. Powered by Anthropic’s Claude 3.5 Sonnet, the agent demonstrates improved understanding and responding in languages apart from English, comparable to French, Japanese, and Spanish, making it accessible to international groups whereas sustaining its technical accuracy and effectiveness. The clever agent rapidly identifies root causes and supplies actionable insights, whereas robotically executing related AWS Help Automation Workflows. This strategy not solely minimizes downtime, but additionally scales successfully to accommodate numerous AWS providers and use circumstances, making it a flexible basis for organizations trying to improve their AWS infrastructure administration.

Discover the AWS Help Automation Workflow for extra use circumstances and think about using this resolution as a place to begin for constructing extra complete troubleshooting brokers tailor-made to your group’s wants. To be taught extra about utilizing brokers to orchestrate workflows, see Automate duties in your software utilizing conversational brokers. For particulars about utilizing guardrails to safeguard your generative AI functions, check with Cease dangerous content material in fashions utilizing Amazon Bedrock Guardrails.

Joyful coding!

Acknowledgements

The authors thank all of the reviewers for his or her priceless suggestions.

---

In regards to the Authors

Wael Dimassi is a Technical Account Supervisor at AWS, constructing on his 7-year background as a Machine Studying specialist. He enjoys studying about AWS AI/ML providers and serving to prospects meet their enterprise outcomes by constructing options for them.

Marwen Benzarti is a Senior Cloud Help Engineer at AWS Help the place he focuses on Infrastructure as Code. With over 4 years at AWS and a pair of years of earlier expertise as a DevOps engineer, Marwen works carefully with prospects to implement AWS finest practices and troubleshoot complicated technical challenges. Exterior of labor, he enjoys taking part in each aggressive multiplayer and immersive story-driven video video games.