OPS-6322 add OpenSearch collection and improve examples (#2)

* Add examples * Add Opensearch * Add outputs & OSS provider
Flaconi · Nov 6, 2024 · e880e27 · e880e27
1 parent 9873132
commit e880e27
Show file tree

Hide file tree

Showing 12 changed files with 356 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -20,6 +20,8 @@ For requirements regarding module structure: [style-guide-terraform.md](https://
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.73 |
+| <a name="provider_opensearch"></a> [opensearch](#provider\_opensearch) | = 2.2.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.12 |
 
 <!-- TFDOCS_PROVIDER_END -->
 
@@ -30,6 +32,8 @@ For requirements regarding module structure: [style-guide-terraform.md](https://
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.73 |
+| <a name="requirement_opensearch"></a> [opensearch](#requirement\_opensearch) | = 2.2.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.12 |
 
 <!-- TFDOCS_REQUIREMENTS_END -->
 
@@ -50,21 +54,33 @@ Description: Name for the agent alias.
 
 Type: `string`
 
+### <a name="input_agent_instructions"></a> [agent\_instructions](#input\_agent\_instructions)
+
+Description: Model identifier for agent.
+
+Type: `string`
+
 ### <a name="input_knowledgebase_name"></a> [knowledgebase\_name](#input\_knowledgebase\_name)
 
 Description: Name for the knowledgebase.
 
 Type: `string`
 
+### <a name="input_knowledgebase_description"></a> [knowledgebase\_description](#input\_knowledgebase\_description)
+
+Description: Description for the knowledgebase.
+
+Type: `string`
+
 ### <a name="input_s3_arn"></a> [s3\_arn](#input\_s3\_arn)
 
 Description: ARN of S3 bucket with data
 
 Type: `string`
 
-### <a name="input_oss_arn"></a> [oss\_arn](#input\_oss\_arn)
+### <a name="input_oss_collection_name"></a> [oss\_collection\_name](#input\_oss\_collection\_name)
 
-Description: ARN of OpenSearch Serverless Collection.
+Description: Name of OpenSearch Serverless Collection.
 
 Type: `string`
 
@@ -88,21 +104,21 @@ Type: `string`
 
 Default: `"anthropic.claude-v2"`
 
-### <a name="input_knowledgebase_decription"></a> [knowledgebase\_decription](#input\_knowledgebase\_decription)
+### <a name="input_knowledgebase_model_id"></a> [knowledgebase\_model\_id](#input\_knowledgebase\_model\_id)
 
-Description: Description for the knowledgebase.
+Description: Model identifier for Knowledgebase.
 
 Type: `string`
 
-Default: `null`
+Default: `"amazon.titan-embed-text-v1"`
 
-### <a name="input_knowledgebase_model_id"></a> [knowledgebase\_model\_id](#input\_knowledgebase\_model\_id)
+### <a name="input_oss_additional_roles_arns"></a> [oss\_additional\_roles\_arns](#input\_oss\_additional\_roles\_arns)
 
-Description: Model identifier for Knowledgebase.
+Description: Additional ARNs of roles to access OpenSearch
 
-Type: `string`
+Type: `list(string)`
 
-Default: `"amazon.titan-embed-text-v1"`
+Default: `[]`
 
 ### <a name="input_tags"></a> [tags](#input\_tags)
 
@@ -117,7 +133,12 @@ Default: `{}`
 <!-- TFDOCS_OUTPUTS_START -->
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_agent"></a> [agent](#output\_agent) | Information about created Bedrock Agent |
+| <a name="output_agent_alias"></a> [agent\_alias](#output\_agent\_alias) | Information about created Bedrock Agent Alias |
+| <a name="output_knowledge_base"></a> [knowledge\_base](#output\_knowledge\_base) | Information about created Bedrock Knowledgebase |
+| <a name="output_oss_collection"></a> [oss\_collection](#output\_oss\_collection) | Information about created OpenSearch Serverless collection |
 
 <!-- TFDOCS_OUTPUTS_END -->
 

diff --git a/data.tf b/data.tf
@@ -1,6 +1,10 @@
-data "aws_caller_identity" "current" {}
+data "aws_caller_identity" "this" {}
 
-data "aws_region" "current" {}
+data "aws_region" "this" {}
+
+data "aws_iam_session_context" "this" {
+  arn = data.aws_caller_identity.this.arn
+}
 
 data "aws_bedrock_foundation_model" "agent" {
   model_id = var.agent_model_id
@@ -19,12 +23,12 @@ data "aws_iam_policy_document" "agent_trust" {
     }
     condition {
       test     = "StringEquals"
-      values   = [data.aws_caller_identity.current.account_id]
+      values   = [data.aws_caller_identity.this.account_id]
       variable = "aws:SourceAccount"
     }
     condition {
       test     = "ArnLike"
-      values   = ["arn:aws:bedrock:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:agent/*"]
+      values   = ["arn:aws:bedrock:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:agent/*"]
       variable = "AWS:SourceArn"
     }
   }
@@ -37,6 +41,12 @@ data "aws_iam_policy_document" "agent_permissions" {
       data.aws_bedrock_foundation_model.agent.model_arn,
     ]
   }
+  statement {
+    actions = ["bedrock:Retrieve"]
+    resources = [
+      aws_bedrockagent_knowledge_base.this.arn
+    ]
+  }
 }
 
 data "aws_iam_policy_document" "knowledgebase_trust" {
@@ -48,12 +58,12 @@ data "aws_iam_policy_document" "knowledgebase_trust" {
     }
     condition {
       test     = "StringEquals"
-      values   = [data.aws_caller_identity.current.account_id]
+      values   = [data.aws_caller_identity.this.account_id]
       variable = "aws:SourceAccount"
     }
     condition {
       test     = "ArnLike"
-      values   = ["arn:aws:bedrock:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:knowledge-base/*"]
+      values   = ["arn:aws:bedrock:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:knowledge-base/*"]
       variable = "AWS:SourceArn"
     }
   }
@@ -69,7 +79,7 @@ data "aws_iam_policy_document" "knowledgebase_permissions" {
   statement {
     actions = ["aoss:APIAccessAll"]
     resources = [
-      var.oss_arn
+      aws_opensearchserverless_collection.this.arn
     ]
   }
   statement {
@@ -79,7 +89,7 @@ data "aws_iam_policy_document" "knowledgebase_permissions" {
     ]
     condition {
       test     = "StringEquals"
-      values   = [data.aws_caller_identity.current.account_id]
+      values   = [data.aws_caller_identity.this.account_id]
       variable = "aws:ResourceAccount"
     }
   }
@@ -90,7 +100,7 @@ data "aws_iam_policy_document" "knowledgebase_permissions" {
     ]
     condition {
       test     = "StringEquals"
-      values   = [data.aws_caller_identity.current.account_id]
+      values   = [data.aws_caller_identity.this.account_id]
       variable = "aws:ResourceAccount"
     }
   }

diff --git a/examples/simple/README.md b/examples/simple/README.md
@@ -0,0 +1,39 @@
+# Example
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.73 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_agent"></a> [agent](#module\_agent) | ../../ | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_s3_arn"></a> [s3\_arn](#input\_s3\_arn) | ARN of S3 bucket with data | `string` | n/a | yes |
+| <a name="input_oss_collection_name"></a> [oss\_collection\_name](#input\_oss\_collection\_name) | Name of OpenSearch Serverless Collection. | `string` | n/a | yes |
+| <a name="input_oss_additional_roles_arns"></a> [oss\_additional\_roles\_arns](#input\_oss\_additional\_roles\_arns) | Additional ARNs of roles to access OpenSearch | `list(string)` | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_resources"></a> [resources](#output\_resources) | Information about created resources |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -0,0 +1,17 @@
+module "agent" {
+  source = "../../"
+
+  name       = "my-example"
+  alias_name = "my-alias-name"
+
+  agent_instructions = "Imagine you are manager in a grocery store. Be kind and polite and answer question in eloquent way."
+
+  knowledgebase_name        = "my-knowledgebase"
+  knowledgebase_description = "Description for my knowledgebase"
+
+  s3_arn = var.s3_arn
+
+  oss_collection_name = var.oss_collection_name
+
+  oss_additional_roles_arns = var.oss_additional_roles_arns
+}
diff --git a/examples/simple/outputs.tf b/examples/simple/outputs.tf
@@ -0,0 +1,4 @@
+output "resources" {
+  description = "Information about created resources"
+  value       = module.agent
+}
diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf
@@ -0,0 +1,15 @@
+variable "s3_arn" {
+  description = "ARN of S3 bucket with data"
+  type        = string
+}
+
+variable "oss_collection_name" {
+  description = "Name of OpenSearch Serverless Collection."
+  type        = string
+}
+
+variable "oss_additional_roles_arns" {
+  description = "Additional ARNs of roles to access OpenSearch"
+  type        = list(string)
+  default     = []
+}
diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.73"
+    }
+  }
+}