Developed a conversational AI agent that enables users to manage AWS infrastructure using natural language. The system leverages Claude Sonnet 4.6 to interpret user intent, invoke AWS APIs for services such as S3 and Lambda, and deliver accurate, human-readable operational insights.

- Natural Language Interface: Manage AWS resources using plain English
- AI-Powered Tool Selection: Claude automatically chooses the right AWS operations
- Real AWS Integration: Actually creates and manages AWS resources
- Intelligent Responses: Get both technical data and human explanations
- CloudWatch Monitoring: Query logs and debug Lambda functions
- Conversational AI: Context-aware conversations with memory
User (Streamlit) → FastAPI → AI Agent (Claude) → AWS APIs → Response
- Frontend: Streamlit chat interface (
frontend/) - Backend: FastAPI server with CORS (
backend/api/) - AI Agent: Claude Haiku with function calling (
backend/core/) - AWS Integration: Cloud Control API + CloudWatch Logs
- Python 3.8+
- AWS Account with appropriate permissions
- Anthropic API key
cd agentic-aws-resource-managementpython -m venv venv
# On Mac: source venv/bin/activate
# On Windows: venv\Scripts\activatepip install -r requirements.txt- Sign in to the AWS Management Console
- Navigate to IAM → Users → Create user
- Enter a username (e.g.,
agentic-aws-demo-user) - Leave "Provide user access to the AWS Management Console" unchecked (programmatic access only)
- Click Next
- In a new tab, go to IAM → Policies → Create policy
- Click the JSON tab and replace the default content with the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cloudformation:ListResources",
"cloudformation:DeleteResource",
"cloudformation:GetResource",
"logs:DescribeLogGroups",
"cloudformation:UpdateResource",
"s3:ListAllMyBuckets",
"cloudformation:GetResourceRequestStatus",
"cloudformation:ListResourceRequests",
"cloudformation:CreateResource",
"s3:CreateBucket",
"s3:ListBucket",
"logs:FilterLogEvents"
],
"Resource": "*"
}
]
}- Click Next, give the policy a name (e.g.,
AgenticAWSDemoPolicy), then click Create policy
- Return to the IAM → Users tab and select your new user
- Click Add permissions → Attach policies directly
- Search for
AgenticAWSDemoPolicy, select it, and click Next → Add permissions
- On the user page, go to the Security credentials tab
- Scroll to Access keys → Create access key
- Select Local code as the use case and click Next → Create access key
- Copy or download the CSV — the Secret Access Key is only shown once
- You will use these values in the
.envfile in the next step
Create a .env file in the project root and add the following variables.
Important: Never share this .env file to anyone and never commit this to your git repository. It will leak your credentials.
Create Anthropic API Key here - https://platform.claude.com/settings/keys
# Anthropic API Key
ANTHROPIC_API_KEY=your_anthropic_api_key_here
# AWS Credentials (for demo purposes)
AWS_ACCESS_KEY_ID=your_aws_access_key
AWS_SECRET_ACCESS_KEY=your_aws_secret_key
AWS_DEFAULT_REGION=us-east-1
# Optional: AWS Role ARN for better security
# AWS_ROLE_ARN=arn:aws:iam::ACCOUNT:role/ROLE_NAMEpython3 -m uvicorn backend.api.main:app --reload --port 8000streamlit run frontend/chat.py --server.port 8501Open your browser and go to: http://localhost:8501
User: "Create an S3 bucket for my photos"
AI: I'll create an S3 bucket for your photos. What would you like to name it?
User: "my-photo-bucket-2024"
AI: [Creates bucket] ✅ Successfully created S3 bucket 'my-photo-bucket-2024'
User: "Show me all my S3 buckets"
AI: [Lists resources] You have 5 S3 buckets:
- my-photo-bucket-2024
- data-backup-bucket
- static-website-assets
- ...
User: "Check for errors in my lambda function 'user-authentication'"
AI: [Queries CloudWatch Logs] Found 3 errors in the last hour:
- Authentication failed for user 'john@example.com'
- Invalid token format detected
- Database connection timeout
- Create resources: S3 buckets, EC2 instances, Lambda functions
- List resources: View existing infrastructure
- Read resources: Get detailed resource information
- Update/Delete: Modify or remove resources
- Query error logs: Find issues in Lambda functions
- Time-based filtering: Search logs by time range
- Error analysis: Get detailed error information
Tools are defined in backend/tools/tools.json:
aws_cloud_control: Infrastructure management operationscloudwatch_logs: Log querying and monitoring
AI behavior is controlled by prompts in backend/config/prompt.py:
- Parameter validation rules
- Error handling instructions
- Response formatting guidelines
Error: Overloaded
Solution: Restart the app. Context Window size might have exceeded (Need to be managed for production).
Error: AWS connection failed
Solutions:
- Check your AWS credentials in
.env - Verify AWS permissions
- Ensure AWS region is correct
Status: success, but no resource in AWS
Cause: Cloud Control API is asynchronous Solution: Check resource status and the error details using the request token that was returned by the AWS API.
aws cloudcontrol get-resource-request-status --request-token YOUR_TOKENEnable detailed logging by checking the console output:
- AWS API calls and responses
- AI tool selection process
- Error details and stack traces
- Uses AWS access keys (not recommended for production)
- Basic authentication
- Use IAM Roles instead of access keys
- Implement AWS SSO for user authentication
- Use least privilege permissions
- Enable CloudTrail for audit logging
- Implement proper error handling and logging
# Instead of access keys, use role assumption
sts_client = boto3.client('sts')
assumed_role = sts_client.assume_role(
RoleArn='arn:aws:iam::ACCOUNT:role/DemoRole',
RoleSessionName='AgenticAIDemo'
)agentic-aws-resource-management/
├── frontend/
│ └── chat.py # Streamlit chat interface
├── backend/
│ ├── api/
│ │ └── main.py # FastAPI server and route definitions
│ ├── config/
│ │ ├── aws_config.py # AWS credentials and boto3 session setup
│ │ └── prompt.py # AI system prompts and summary prompts
│ ├── core/
│ │ ├── aws_agent.py # AI agent logic — Claude API calls and AWS execution
│ │ └── processor.py # Bridge between API layer and agent
│ └── tools/
│ └── tools.json # Tool definitions exposed to Claude
├── requirements.txt # Python dependencies
├── .env # Environment variables (never commit this)
└── README.md # This file
- Additional AWS services (RDS, ECS, etc.)
- Cost management tools
- Infrastructure templates
- Multi-account support
- Enhanced security features
- Real-time monitoring dashboard