Complete deployment guide for the Concierge Agent system with Amplify backend, CDK infrastructure, and web UI.
- Node.js: v18+ (v20 recommended)
- npm: v9+
- AWS CLI: v2+ configured with credentials
- Docker: For building agent container images
- jq: For JSON parsing -
brew install jq(macOS) orapt-get install jq(Linux)
- AWS account with appropriate permissions
- Amplify deployment permissions
- CDK deployment permissions (CloudFormation, IAM, etc.)
- Bedrock permissions (AgentCore)
- S3, DynamoDB, Cognito, ECR
API keys enable additional features but are not required for basic functionality.
Note: Without API keys, shopping features will be disabled, but the agent will still work.
The shopping assistant requires SERP API for product search functionality.
- Sign up at: https://serpapi.com/users/sign_up # pragma: allowlist secret
- Configure using the setup script:
This will prompt you for your API key and store it in AWS Systems Manager Parameter Store as
./scripts/set-api-keys.sh
/concierge-agent/shopping/serp-api-key
Deploy all components with npm scripts:
# Install dependencies
npm install
cd amplify
npm install
cd ..
# 1. Deploy backend (Cognito, DynamoDB, AppSync)
npm run deploy:amplify
# 2. Deploy MCP servers (Cart + Shopping)
npm run deploy:mcp
# 3. Deploy main agent (Runtime + Gateway + Memory)
npm run deploy:agentThe application uses mock payment APIs by default. No external payment credentials are required.
npm run deploy:frontendThe mock payment service simulates the full card onboarding and purchase flow in the browser.
Deploys Cognito, DynamoDB tables, and AppSync API.
npm run deploy:amplifyWhat this deploys:
- Cognito User Pool with web client and M2M client
- AppSync GraphQL API
- DynamoDB tables (UserProfile, Wishlist, Feedback)
- CloudFormation exports for cross-stack references
Expected outputs:
amplify_outputs.jsonfile created- CloudFormation exports:
ConciergeAgent-{deploymentId}-Auth-UserPoolIdConciergeAgent-{deploymentId}-Auth-ClientIdConciergeAgent-{deploymentId}-Auth-MachineClientIdConciergeAgent-{deploymentId}-Data-UserProfileTableNameConciergeAgent-{deploymentId}-Data-WishlistTableNameConciergeAgent-{deploymentId}-Data-FeedbackTableName
Verification:
# Check if amplify_outputs.json exists
ls amplify_outputs.json
# View CloudFormation exports
aws cloudformation list-exports --query "Exports[?contains(Name, 'ConciergeAgent')]"Deploys Cart and Shopping MCP runtimes as separate stacks.
Before deploying, optionally configure API keys:
chmod +x scripts/set-api-keys.sh
./scripts/set-api-keys.shDeploy all MCP servers:
npm run deploy:mcpWhat this deploys:
- CartStack - Shopping cart management with DynamoDB access
- ShoppingStack - Product search tools with SerpAPI integration
- Both use OAuth authentication and integrate with Cognito
Expected outputs:
CartStack-{deploymentId}-RuntimeArnShoppingStack-{deploymentId}-RuntimeArn- Runtime IDs for each stack
Verification:
# Check MCP runtime exports
aws cloudformation list-exports --query "Exports[?contains(Name, 'RuntimeArn')]"Deploys main supervisor agent with memory and gateway.
npm run deploy:agentWhat this deploys:
- Agent Runtime with JWT authentication
- Memory resource for conversation persistence
- AgentCore Gateway connecting to MCP servers
- OAuth2 Credential Provider for M2M authentication
- IAM roles with permissions for DynamoDB, Bedrock, Memory, Gateway
- SSM parameter storing gateway URL
Expected outputs:
MainRuntimeArn- Main agent runtime ARNMemoryId- Conversation memory IDGatewayUrl- Gateway endpoint URLGatewayId- Gateway IDOAuthProviderArn- OAuth provider ARN
Post-deployment:
The sync-gateway.sh script automatically runs to update the runtime with the gateway URL.
Verification:
# Check agent stack outputs
aws cloudformation describe-stacks \
--stack-name AgentStack-shopping \
--query 'Stacks[0].Outputs'
# Verify gateway URL in SSM
aws ssm get-parameter --name /concierge-agent/shopping/gateway-urlDeploys web UI to Amplify Hosting with CI/CD.
npm run deploy:frontendWhat this deploys:
- Amplify Hosting app
- CloudFront distribution
- GitHub integration for automatic builds
- Environment variables for agent connection
Expected outputs:
- Live app URL (CloudFront distribution)
- Amplify app ID
Verification:
# Check frontend stack outputs
aws cloudformation describe-stacks \
--stack-name FrontendStack \
--query 'Stacks[0].Outputs'
# Visit the deployed URLConfigure via deployment-config.json in project root:
{
"deploymentId": "shopping",
"description": "Unique identifier for this deployment"
}Change deploymentId to deploy multiple independent instances in the same AWS account.
Agent Container (automatically configured):
MEMORY_ID=<memory-id>
USER_PROFILE_TABLE_NAME=<table-name>
WISHLIST_TABLE_NAME=<table-name>
FEEDBACK_TABLE_NAME=<table-name>
DEPLOYMENT_ID=<deployment-id>
GATEWAY_CLIENT_ID=<cognito-client-id>
GATEWAY_USER_POOL_ID=<user-pool-id>
GATEWAY_SCOPE=concierge-gateway/invokeWeb UI (auto-generated in web-ui/.env.local):
VITE_AGENT_RUNTIME_ARN=arn:aws:bedrock-agentcore:...
VITE_AGENT_ENDPOINT_NAME=DEFAULT
VITE_AWS_REGION=us-east-1| Script | Description | Time |
|---|---|---|
npm run deploy |
Deploy Amplify + MCP + Agent | ~9 min |
npm run deploy:amplify |
Deploy Amplify backend only | ~4 min |
npm run deploy:mcp |
Deploy MCP servers only | ~60 sec |
npm run deploy:agent |
Deploy Agent stack only | ~4 min |
npm run deploy:frontend |
Deploy web UI to Amplify Hosting | ~3 min |
npm run dev |
Start local development server | - |
npm run build |
Build web UI for production | - |
npm run clean |
Delete all resources (frontend, agent, MCP, Amplify) | ~5 min |
npm run clean:frontend |
Delete frontend only | ~1 min |
npm run clean:agent |
Delete agent stack only | ~2 min |
npm run clean:mcp |
Delete MCP servers only | ~1 min |
npm run clean:amplify |
Delete Amplify backend only | ~2 min |
Issue: amplify_outputs.json not created
# Solution: Ensure deployment completed successfully
npm run deploy:amplify
# Check CloudFormation stack status
aws cloudformation describe-stacks --stack-name amplify-*Issue: Cognito exports not found
# Solution: Verify exports exist
aws cloudformation list-exports --query "Exports[?contains(Name, 'ConciergeAgent')]"Issue: MCP stack deployment fails
# Solution: Ensure Amplify is deployed first
npm run deploy:amplify
# Verify Docker is running
docker ps
# Check agent code paths exist
ls -la concierge_agent/mcp_cart_tools/
ls -la concierge_agent/mcp_shopping_tools/Issue: Cannot import MCP runtime ARN
# Solution: Ensure MCP stacks are deployed first
npm run deploy:mcp
# Verify MCP exports
aws cloudformation list-exports --query "Exports[?contains(Name, 'RuntimeArn')]"Issue: Docker build fails
# Solution: Ensure Docker is running
docker ps
# Test build locally
cd concierge_agent/supervisor_agent
docker build -t test-build .Issue: OAuth provider creation fails
# Solution: Check Lambda logs
aws logs tail /aws/lambda/AgentStack-*-OAuthProviderLambda* --follow
# Verify IAM permissions for LambdaIssue: Gateway returns "An internal error occurred"
Solution: Enable debug mode to see detailed errors:
# Get gateway ID from stack outputs
GATEWAY_ID=$(aws cloudformation describe-stacks \
--stack-name AgentStack-shopping \
--query 'Stacks[0].Outputs[?OutputKey==`GatewayId`].OutputValue' \
--output text)
# Enable debugging
aws bedrock-agentcore-control update-gateway \
--gateway-identifier $GATEWAY_ID \
--exception-level DEBUGOr update the gateway construct in CDK to include exceptionLevel: 'DEBUG'.
Issue: .env.local not created
# Solution: Ensure agent stack is deployed
npm run deploy:agent
# Manually configure
./scripts/setup-web-ui-env.shIssue: Authentication fails
# Check Cognito configuration
cat web-ui/.env.local
# Verify user exists
aws cognito-idp list-users --user-pool-id <pool-id>Issue: Agent not responding
# Check Agent Runtime ARN is correct
cat web-ui/.env.local
# Verify runtime is active
aws bedrock-agentcore list-runtimesAWS CLI: Ensure AWS CLI is configured with credentials and running the latest version
API Gateway logging: Ensure API Gateway logs are enabled in CloudWatch
Error: CloudWatch Logs role ARN must be set in account settings to enable logging (Service: ApiGateway, Status Code: 400
-
Create the IAM role for API Gateway to push logs to CloudWatch:
aws iam create-role --role-name APIGatewayCloudWatchLogsRole --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"apigateway.amazonaws.com"},"Action":"sts:AssumeRole"}]}' -
Attach the managed policy that allows pushing logs:
aws iam attach-role-policy --role-name APIGatewayCloudWatchLogsRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs -
Configure API Gateway account settings to use this role:
aws apigateway update-account --patch-operations op=replace,path=/cloudwatchRoleArn,value=arn:aws:iam::<account_id>:role/APIGatewayCloudWatchLogsRole
AgentCore Observability: Enable CloudWatch Transaction Search and log delivery for debugging
One-time account setup for CloudWatch Transaction Search (enables traces/spans)
- Open CloudWatch console
- Navigate to Application Signals (APM) → Transaction search
- Click "Enable Transaction Search"
- Check "Ingest spans as structured logs"
- Click Save
Per-resource log delivery (configure in AgentCore Console)
- Open AgentCore Console → select Runtime/Memory/Gateway
- Scroll to "Log delivery" section → Click "Add"
- Select CloudWatch Logs, choose APPLICATION_LOGS type
- Save
Enable Runtime tracing (per runtime)
- Open AgentCore Console → Runtime agents → select runtime
- Scroll to "Tracing" section → Enable
Docker build fails: Ensure Docker is running
Permission errors: Check IAM roles have Bedrock and DynamoDB permissions
Frontend build fails: Check TypeScript errors in web-ui/src
Runtime connection fails: Verify runtime ARN in .env.local
CloudFormation export not found: Ensure deployment order (Amplify → MCP → Agent)
# Make changes to concierge_agent/supervisor_agent/
npm run deploy:agent# Make changes to concierge_agent/mcp_cart_tools/ or mcp_shopping_tools/
# Touch Dockerfiles to force rebuild
find concierge_agent/mcp_* -name Dockerfile -exec touch {} \;
npm run deploy:mcp# Make changes to amplify/
npm run deploy:amplify# Make changes to web-ui/src/
# For local development
npm run dev
# For deployed frontend
npm run deploy:frontendnpm run cleanThis deletes (in order):
- Frontend (Amplify Hosting)
- Agent stack (Runtime, Memory, Gateway, OAuth Provider)
- MCP servers (Cart and Shopping)
- Amplify backend (Cognito, AppSync, DynamoDB)
# Delete only frontend
npm run clean:frontend
# Delete only agent stack
npm run clean:agent
# Delete only MCP servers
npm run clean:mcp
# Delete only Amplify backend
npm run clean:amplifyNote: Some resources may require manual deletion:
- CloudWatch log groups
- SSM parameters
- Cognito: Free tier available
- AppSync: Pay per request
- DynamoDB: On-demand pricing
- Lambda: Free tier available
- Bedrock AgentCore: Pay per invocation
- Memory: Pay per operation
- ECR: Minimal storage costs
- MCP Runtimes: Pay per invocation
- Gateway: Pay per request
- Delete sandbox environments when not in use
- Use on-demand pricing for DynamoDB
- Monitor Bedrock usage
- Set up billing alerts
- Use Amplify Pipelines instead of sandbox:
npx ampx pipeline-deploy --branch main-
Use CDK Pipelines for infrastructure stacks
-
Enable monitoring:
- CloudWatch dashboards
- X-Ray tracing
- Bedrock usage metrics
-
Security hardening:
- Enable MFA for Cognito
- Restrict IAM permissions
- Enable CloudTrail logging
- Store API keys in AWS Secrets Manager
-
Backup strategy:
- DynamoDB point-in-time recovery
- Regular configuration backups
After successful deployment:
- Create Cognito users (admin only)
- Test agent with sample queries
- Monitor agent performance
- Customize agent prompts as needed
- Configure production environment
- Set up monitoring and alerts