Well day 4 of the MultiCloud | DevOps | AI challenge was all about working with AI. The past 3 days have been setting up the “marketplace” to provide the foundation.
First steps today were to utilize Terraform to create a Lambda function. Lambda is a serverless compute service to run code without provisioning a server. The first part of the updates to the main.tf file were to setup an lambda role, then a lambda policy to scan the DynamoDB tables. Since we are utilizing an existing Terraform with state we can deploy the lambda quickly. As always I like to make sure the synatx of the file is good by using the terraform validate command. Since we have a state file already in use, used on Day 1 for the DynamoDB tables, a quick terraform apply --auto-approve and the lambda funciton and the role are created.
# IAM Role for Lambda function
resource "aws_iam_role" "lambda_role" {
name = "cloudmart_lambda_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "lambda.amazonaws.com"
}
}
]
})
}
# IAM Policy for Lambda function
resource "aws_iam_role_policy" "lambda_policy" {
name = "cloudmart_lambda_policy"
role = aws_iam_role.lambda_role.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"dynamodb:Scan",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
Resource = [
aws_dynamodb_table.cloudmart_products.arn,
aws_dynamodb_table.cloudmart_orders.arn,
aws_dynamodb_table.cloudmart_tickets.arn,
"arn:aws:logs:*:*:*"
]
}
]
})
}
# Lambda function for listing products
resource "aws_lambda_function" "list_products" {
filename = "list_products.zip"
function_name = "cloudmart-list-products"
role = aws_iam_role.lambda_role.arn
handler = "index.handler"
runtime = "nodejs20.x"
source_code_hash = filebase64sha256("list_products.zip")
environment {
variables = {
PRODUCTS_TABLE = aws_dynamodb_table.cloudmart_products.name
}
}
}
# Lambda permission for Bedrock
resource "aws_lambda_permission" "allow_bedrock" {
statement_id = "AllowBedrockInvoke"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.list_products.function_name
principal = "bedrock.amazonaws.com"
}
# Output the ARN of the Lambda function
output "list_products_function_arn" {
value = aws_lambda_function.list_products.arn
}
To create the AI Agent in AWS we are using the Bedrock service. Utilizng the Claude 3 Sonnet model we create the agent with some instrucntions. These instructions can get lengthy depending on the the agent’s funciton however this agent is going to help the shoppers of “CloudMart” and 12 basic guidlines were given for the “sales agent”.
One gotcha was to make sure the IAM role for the Agent had permissions to lambda functiona and the Claude 3 Sonnet model. A quick inline policy change and testing of the agent in Bedrock is successful.
Inline policy addition:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:*:*:function:cloudmart-list-products"
},
{
"Effect": "Allow",
"Action": "bedrock:InvokeModel",
"Resource": "arn:aws:bedrock:*::foundation-model/anthropic.claude-3-7-sonnet-20250219-v1:0"
}
]
}
The next step was to setup an OpenAI Platform API assistant. As I’ve dabbled with the API previously I had funded account already setup. Setting up an assistant wask quick and painless.
As day 3 the requiremnet was only to move the front end container to the CI/CD pipleline, I had to update the backend yaml file the agent information for both Bedrock and OpenAI Assistant. Once updated I had to then apply it with the kubectl apply -f cloudmart-backend.yaml command.
And with that we have a working agnet working on the “CloudMart” site!
This was a fun an exciting day putting AI to use, Let’s see what Day 5 holds!