このデモで使用するAgentCoreリソース
| リソース | 用途 |
|---|---|
aws_bedrockagentcore_gateway |
AgentCore Gateway |
aws_bedrockagentcore_gateway_target |
Gateway Target(MCP Server) |
aws_bedrockagentcore_oauth2_credential_provider |
OAuth2 Credential Provider |
aws_bedrockagentcore_agent_runtime |
AgentCore Runtime(MCPサーバー) |
aws_bedrockagentcore_workload_identity |
Workload Identity |
aws_ecr_repository |
MCPサーバーコンテナリポジトリ |
m2m-auth-demo/
├── versions.tf # Terraformプロバイダー設定
├── variables.tf # 変数定義
├── outputs.tf # 出力定義
├── cognito_inbound.tf # Cognito A: ユーザー認証用
├── cognito_outbound.tf # Cognito B: M2M認証用
├── identity.tf # AgentCore Identity (OAuth2 Credential Provider)
├── runtime.tf # AgentCore Runtime (MCP Server) + ECR + Docker Build
├── gateway.tf # AgentCore Gateway + Target
├── iam.tf # IAMロール
├── agent/
│ ├── Dockerfile # MCPサーバーコンテナ定義 (ARM64)
│ ├── mcp_server.py # MCPサーバーコード
│ ├── requirements.txt # Python依存関係
│ └── __init__.py # Pythonパッケージ
└── README.md
- Terraform >= 1.5.0
- AWS CLI v2
- Docker (docker buildx 対応)
- AWS Provider >= 6.25.0
- AWS認証情報(ECRへのプッシュ権限)
cd m2m-auth-demo
terraform initterraform apply一度の terraform apply で以下がすべて作成されます:
- Cognito User Pool A (Inbound認証用)
- Cognito User Pool B (M2M認証用) + Resource Server
- ECR Repository + Docker Image Build & Push (ARM64)
- AgentCore Identity OAuth2 Credential Provider
- AgentCore Runtime (MCP Server)
- AgentCore Gateway + Target
Note: Dockerイメージのビルド&プッシュは
null_resourceで自動実行されます。agent/配下のファイル変更時に自動で再ビルドされます。
INBOUND_USER_POOL_ID=$(terraform output -raw inbound_user_pool_id)
INBOUND_CLIENT_ID=$(terraform output -raw inbound_client_id)
export AWS_REGION=us-east-1
aws cognito-idp admin-create-user \
--user-pool-id $INBOUND_USER_POOL_ID \
--username test-user \
--temporary-password 'TempPass123!' \
--message-action SUPPRESS
aws cognito-idp admin-set-user-password \
--user-pool-id $INBOUND_USER_POOL_ID \
--username test-user \
--password 'TestPass123!' \
--permanentTOKEN=$(aws cognito-idp initiate-auth \
--client-id $INBOUND_CLIENT_ID \
--auth-flow USER_PASSWORD_AUTH \
--auth-parameters USERNAME=test-user,PASSWORD='TestPass123!' \
--query 'AuthenticationResult.AccessToken' \
--output text)GATEWAY_URL=$(terraform output -raw gateway_url)
# tools/list
curl -X POST "$GATEWAY_URL" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | jq
# tools/call (add_numbers)
curl -X POST "$GATEWAY_URL" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc":"2.0",
"id":2,
"method":"tools/call",
"params":{
"name":"m2m-auth-demo-mcp-target___add_numbers",
"arguments":{"a": 5, "b": 3}
}
}' | jq
# tools/call (greet_user)
curl -X POST "$GATEWAY_URL" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc":"2.0",
"id":3,
"method":"tools/call",
"params":{
"name":"m2m-auth-demo-mcp-target___greet_user",
"arguments":{"name": "Alice"}
}
}' | jq| ツール名 | 説明 | パラメータ |
|---|---|---|
add_numbers |
2つの数値を加算 | a: int, b: int |
multiply_numbers |
2つの数値を乗算 | a: int, b: int |
greet_user |
ユーザーに挨拶 | name: string |
terraform destroyNote: ECRリポジトリ内のイメージも一緒に削除されます。