Merge branch 'develop' v0.4.7

Author: Bob Strahan

CHANGELOG.md

@@ -29,6 +29,15 @@ SPDX-License-Identifier: MIT-0
   - **User-Friendly Error Messages**: Created `BedrockErrorMessageHandler` to convert technical errors into clear, actionable messages for service unavailable (503), throttling (429), access denied (403), validation errors (400), timeouts (408), and quota exceeded scenarios
   - **Sub-Agent Error Handling**: When sub-agents (Analytics, Error Analyzer, Code Intelligence) encounter Bedrock errors, the orchestrator continues gracefully without crashing, only displaying the first error to avoid duplicates while allowing other sub-agents to complete
 
+- **GovCloud Template Generation - Missing AppSync and MCP Resource Removal**
+  - Fixed CloudFormation deployment error "Unresolved resource dependencies [DeleteDocumentResolverFunction]" when deploying GovCloud templates
+  - **Test Studio Resources Added (36 resources)**: Added all Test Studio Lambda functions, AppSync resolvers, data sources, and supporting infrastructure to removal list (DeleteTestsResolver, TestRunnerResolver, TestResultsResolver, TestSetResolver, and all related functions, queues, and policies)
+  - **MCP/AgentCore Gateway Resources Added (7 resources)**: Added MCP integration resources that depend on Cognito UserPool to removal list (AgentCoreAnalyticsLambdaFunction, AgentCoreGatewayManagerFunction, AgentCoreGatewayExecutionRole, AgentCoreGateway, ExternalAppClient)
+  - **MCP Outputs Removed (8 outputs)**: Removed MCP-related outputs that reference deleted resources (MCPServerEndpoint, MCPClientId, MCPClientSecret, MCPUserPool, MCPTokenURL, MCPAuthorizationURL, DynamoDBAgentTableName, DynamoDBAgentTableConsoleURL)
+  - **EnableMCP Default Changed**: Set `EnableMCP` parameter default to 'false' for GovCloud since MCP integration requires Cognito authentication infrastructure
+  - **Impact**: GovCloud templates now deploy successfully without dependency errors, maintaining core document processing functionality in headless mode
+
+
 ### Templates
    - us-west-2: `https://s3.us-west-2.amazonaws.com/aws-ml-blog-us-west-2/artifacts/genai-idp/idp-main_0.4.7.yaml`
    - us-east-1: `https://s3.us-east-1.amazonaws.com/aws-ml-blog-us-east-1/artifacts/genai-idp/idp-main_0.4.7.yaml`

docs/govcloud-deployment.md

@@ -76,21 +76,24 @@ aws cloudformation deploy \
 
 The following services are automatically removed from the GovCloud template:
 
-### Web UI Components (22 resources removed)
+### Web UI Components (11 resources removed)
 
 - CloudFront distribution and origin access identity
 - WebUI S3 bucket and build pipeline
 - CodeBuild project for UI deployment
 - Security headers policy
 
-### API Layer (20+ resources removed)
+### API Layer (136 resources removed)
 
 - AppSync GraphQL API and schema
-- All GraphQL resolvers and data sources
-- 10+ Lambda resolver functions
+- All GraphQL resolvers and data sources (50+ resolvers)
+- Lambda resolver functions (20+ functions)
+- **Test Studio Resources (36 resources)**: All test management Lambda functions, AppSync resolvers, data sources, SQS queues, and supporting infrastructure added in v0.4.6
 - API authentication and authorization
+- Chat infrastructure (ChatMessagesTable, ChatSessionsTable)
+- Agent chat processors and resolvers
 
-### Authentication (8 resources removed)
+### Authentication (14 resources removed)
 
 - Cognito User Pool and Identity Pool
 - User pool client and domain
@@ -103,18 +106,23 @@ The following services are automatically removed from the GovCloud template:
 - IP set updater functions
 - CloudFront protection rules
 
-### Analytics Features (8 resources removed)
+### Agent & Analytics Features (14 resources removed)
 
-- Analytics processing functions
+- AgentTable and agent job tracking
+- Agent request handler and processor functions
+- **MCP/AgentCore Gateway Resources (7 resources)**: MCP integration components that depend on Cognito authentication (AgentCoreAnalyticsLambdaFunction, AgentCoreGatewayManagerFunction, AgentCoreGatewayExecutionRole, AgentCoreGateway, ExternalAppClient, and log groups)
+- External MCP agent credentials secret
 - Knowledge base query functions
 - Chat with document features
 - Text-to-SQL query capabilities
 
-### HITL Support
+### HITL Support (11 resources removed)
 
 - SageMaker A2I Human-in-the-Loop
 - Private workforce configuration
 - Human review workflows
+- A2I flow definition and human task UI
+- Cognito client for A2I integration
 
 ## Core Services Retained
 

scripts/generate_govcloud_template.py

@@ -148,7 +148,54 @@ def __init__(self, verbose: bool = False):
             'AgentChatProcessorFunction',
             'AgentChatProcessorLogGroup',
             'AgentChatResolverFunction',
-            'AgentChatResolverLogGroup'
+            'AgentChatResolverLogGroup',
+            # Test Studio Resources (added for GovCloud compatibility)
+            'DeleteTestsResolverFunction',
+            'DeleteTestsResolverFunctionLogGroup',
+            'DeleteTestsDataSource',
+            'DeleteTestsResolver',
+            'TestRunnerFunction',
+            'TestRunnerFunctionLogGroup',
+            'TestRunnerDataSource',
+            'TestRunnerResolver',
+            'TestResultsResolverFunction',
+            'TestResultsResolverFunctionLogGroup',
+            'TestResultsDataSource',
+            'GetTestRunsResolver',
+            'CompareTestRunsResolver',
+            'GetTestRunResolver',
+            'GetTestRunStatusResolver',
+            'TestSetResolverFunction',
+            'TestSetResolverFunctionLogGroup',
+            'TestSetDataSource',
+            'AddTestSetResolver',
+            'AddTestSetFromUploadResolver',
+            'DeleteTestSetsResolver',
+            'GetTestSetsResolver',
+            'ListBucketFilesResolver',
+            'ValidateTestFileNameResolver',
+            'TestResultCacheUpdateQueue',
+            'TestFileCopierFunction',
+            'TestFileCopierFunctionLogGroup',
+            'TestFileCopierFunctionDLQ',
+            'TestFileCopyQueue',
+            'TestFileCopyQueueDLQ',
+            'TestFileCopyQueuePolicy',
+            'TestFileCopyQueueDLQPolicy',
+            'TestSetFileCopierFunction',
+            'TestSetFileCopierFunctionLogGroup',
+            'TestSetFileCopierFunctionDLQ',
+            'TestSetFileCopyQueue',
+            'TestSetFileCopyQueueDLQ',
+            'TestSetFileCopyQueuePolicy',
+            'TestSetFileCopyQueueDLQPolicy',
+            'TestSetZipExtractorFunction',
+            'TestSetZipExtractorFunctionLogGroup',
+            'TestSetZipExtractorFunctionInvokePermission',
+            'TestSetZipExtractorS3Policy',
+            'TestSetBucketNotificationFunction',
+            'TestSetBucketNotificationConfiguration',
+            'TestSetResolverS3Policy'
         }
 
         self.auth_resources = {
@@ -185,7 +232,15 @@ def __init__(self, verbose: bool = False):
             'AgentProcessorLogGroup',
             'ExternalMCPAgentsSecret',
             'ListAvailableAgentsFunction',
-            'ListAvailableAgentsLogGroup'
+            'ListAvailableAgentsLogGroup',
+            # MCP/AgentCore Gateway Resources (depend on Cognito UserPool)
+            'AgentCoreAnalyticsLambdaFunction',
+            'AgentCoreAnalyticsLambdaLogGroup',
+            'AgentCoreGatewayManagerFunction',
+            'AgentCoreGatewayManagerLogGroup',
+            'AgentCoreGatewayExecutionRole',
+            'AgentCoreGateway',
+            'ExternalAppClient'
         }
 
         self.hitl_resources = {
@@ -233,7 +288,16 @@ def __init__(self, verbose: bool = False):
             'SageMakerA2IReviewPortalURL',
             'LabelingConsoleURL',
             'ExternalMCPAgentsSecretName',
-            'PrivateWorkteamArn'
+            'PrivateWorkteamArn',
+            # MCP/AgentCore Gateway Outputs (depend on Cognito UserPool)
+            'MCPServerEndpoint',
+            'MCPClientId',
+            'MCPClientSecret',
+            'MCPUserPool',
+            'MCPTokenURL',
+            'MCPAuthorizationURL',
+            'DynamoDBAgentTableName',
+            'DynamoDBAgentTableConsoleURL'
         }
 
     def setup_logging(self):
@@ -440,6 +504,11 @@ def remove_parameters(self, template: Dict[str, Any]) -> Dict[str, Any]:
             }
             self.logger.info("Modified IDPPattern parameter to only support Pattern-2")
 
+        # Set EnableMCP default to false for GovCloud (MCP integration depends on Cognito/AgentCore)
+        if 'EnableMCP' in parameters:
+            parameters['EnableMCP']['Default'] = 'false'
+            self.logger.info("Modified EnableMCP parameter default to 'false' for GovCloud")
+        
         self.logger.info(f"Removed {len(removed_parameters)} UI-related parameters")
         self.logger.debug(f"Removed parameters: {', '.join(removed_parameters)}")