Merge pull request #9 from aws-ia/feat/updates

fix: agentcore runtime regex conditions

Author: alexa-perlov

.header.md

@@ -36,7 +36,7 @@ This module simplifies the process of:
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Runtime
   create_runtime = true
@@ -61,7 +61,7 @@ module "agentcore" {
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Runtime
   create_runtime = true
@@ -87,7 +87,7 @@ module "agentcore" {
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Runtime with custom IAM role
   create_runtime = true
@@ -108,7 +108,7 @@ Create and configure an MCP gateway:
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Gateway
   create_gateway = true
@@ -150,7 +150,7 @@ The module can automatically create a Cognito User Pool to handle JWT authentica
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Gateway
   create_gateway = true

README.md

@@ -37,7 +37,7 @@ This module simplifies the process of:
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Runtime
   create_runtime = true
@@ -62,7 +62,7 @@ module "agentcore" {
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Runtime
   create_runtime = true
@@ -88,7 +88,7 @@ module "agentcore" {
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Runtime with custom IAM role
   create_runtime = true
@@ -109,7 +109,7 @@ Create and configure an MCP gateway:
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Gateway
   create_gateway = true
@@ -151,7 +151,7 @@ The module can automatically create a Cognito User Pool to handle JWT authentica
 ```hcl
 module "agentcore" {
   source  = "aws-ia/agentcore/aws"
-  version = "0.0.1"
+  version = "0.0.2"
 
   # Enable Agent Core Gateway
   create_gateway = true
@@ -275,6 +275,7 @@ gateway_tags = {
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
 | <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.24.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.6.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.0 |
 
 ## Providers
 
@@ -283,6 +284,7 @@ gateway_tags = {
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
 | <a name="provider_awscc"></a> [awscc](#provider\_awscc) | >= 0.24.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.6.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | >= 0.9.0 |
 
 ## Modules
 
@@ -307,6 +309,7 @@ No modules.
 | [awscc_bedrockagentcore_runtime_endpoint.agent_runtime_endpoint](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/bedrockagentcore_runtime_endpoint) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_string.solution_prefix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [time_sleep.iam_role_propagation](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.service_linked_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

VERSION

@@ -1 +1 @@
-v0.0.1
+v0.0.2

main.tf

@@ -6,10 +6,13 @@ resource "random_string" "solution_prefix" {
   length  = 4
   special = false
   upper   = false
+  numeric = false
 }
 
 locals {
   create_runtime = var.create_runtime
+  # Sanitize runtime name to ensure it follows the regex pattern ^[a-zA-Z][a-zA-Z0-9_]{0,47}$
+  sanitized_runtime_name = replace(var.runtime_name, "-", "_")
 }
 
 # IAM Policy for creating the Service-Linked Role
@@ -38,9 +41,18 @@ data "aws_iam_policy_document" "service_linked_role" {
 
 resource "awscc_bedrockagentcore_runtime" "agent_runtime" {
   count              = local.create_runtime ? 1 : 0
-  agent_runtime_name = "${random_string.solution_prefix.result}_${var.runtime_name}"
+  agent_runtime_name = "${random_string.solution_prefix.result}_${local.sanitized_runtime_name}"
   description        = var.runtime_description
   role_arn           = var.runtime_role_arn != null ? var.runtime_role_arn : aws_iam_role.runtime_role[0].arn
+  
+  # Explicit dependency to avoid race conditions with IAM role creation
+  # Include the time_sleep resource to ensure IAM role propagation
+  depends_on = [
+    aws_iam_role.runtime_role,
+    aws_iam_role_policy.runtime_role_policy,
+    aws_iam_role_policy.runtime_slr_policy,
+    time_sleep.iam_role_propagation
+  ]
 
   agent_runtime_artifact = {
     container_configuration = {
@@ -109,6 +121,13 @@ resource "aws_iam_role_policy" "runtime_slr_policy" {
   policy = data.aws_iam_policy_document.service_linked_role[0].json
 }
 
+# Add a time delay to ensure IAM role propagation
+resource "time_sleep" "iam_role_propagation" {
+  count           = local.create_runtime && var.runtime_role_arn == null ? 1 : 0
+  depends_on      = [aws_iam_role.runtime_role, aws_iam_role_policy.runtime_role_policy, aws_iam_role_policy.runtime_slr_policy]
+  create_duration = "20s"
+}
+
 resource "aws_iam_role_policy" "runtime_role_policy" {
   count = local.create_runtime && var.runtime_role_arn == null ? 1 : 0
   name  = "${random_string.solution_prefix.result}-bedrock-agent-runtime-policy"
@@ -195,7 +214,7 @@ resource "aws_iam_role_policy" "runtime_role_policy" {
         ]
         Resource = [
           "arn:aws:bedrock-agentcore:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:workload-identity-directory/default",
-          "arn:aws:bedrock-agentcore:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:workload-identity-directory/default/workload-identity/${random_string.solution_prefix.result}_${var.runtime_name}-*"
+          "arn:aws:bedrock-agentcore:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:workload-identity-directory/default/workload-identity/${random_string.solution_prefix.result}_${local.sanitized_runtime_name}-*"
         ]
       },
       {
@@ -218,11 +237,13 @@ resource "aws_iam_role_policy" "runtime_role_policy" {
 
 locals {
   create_runtime_endpoint = var.create_runtime_endpoint
+  # Sanitize runtime endpoint name to ensure it follows the regex pattern ^[a-zA-Z][a-zA-Z0-9_]{0,47}$
+  sanitized_runtime_endpoint_name = replace(var.runtime_endpoint_name, "-", "_")
 }
 
 resource "awscc_bedrockagentcore_runtime_endpoint" "agent_runtime_endpoint" {
   count            = local.create_runtime_endpoint ? 1 : 0
-  name             = "${random_string.solution_prefix.result}_${var.runtime_endpoint_name}"
+  name             = "${random_string.solution_prefix.result}_${local.sanitized_runtime_endpoint_name}"
   description      = var.runtime_endpoint_description
   agent_runtime_id = var.runtime_endpoint_agent_runtime_id != null ? var.runtime_endpoint_agent_runtime_id : try(awscc_bedrockagentcore_runtime.agent_runtime[0].agent_runtime_id, null)
   tags             = var.runtime_endpoint_tags

providers.tf

@@ -13,5 +13,9 @@ terraform {
       source  = "hashicorp/random"
       version = ">= 3.6.0"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.9.0"
+    }
   }
 }