Skip to content

feat: add agentcore destroy command #100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Sep 8, 2025
Merged

feat: add agentcore destroy command #100

merged 17 commits into from
Sep 8, 2025
+3,354 −3

Conversation

huanshenyi
Copy link
Contributor

Description

Brief description of changes

Type of Change

  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Performance improvement
  • Code refactoring

Testing

  • Unit tests pass locally
  • Integration tests pass (if applicable)
  • Test coverage remains above 80%
  • Manual testing completed

Checklist

  • My code follows the project's style guidelines (ruff/pre-commit)
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published

Security Checklist

  • No hardcoded secrets or credentials

  • No new security warnings from bandit

  • Dependencies are from trusted sources

  • No sensitive data logged

    Breaking Changes

    N/A - This is an additive feature that doesn't modify existing functionality.

    Additional Notes

    New Command Usage

    agentcore destroy                    # Destroy default agent (with confirmation)
agentcore destroy --agent my-agent  # Destroy specific agent
agentcore destroy --dry-run         # Preview what would be destroyed
agentcore destroy --force           # Skip confirmation prompts

Resources Cleaned Up

- Bedrock AgentCore endpoints
- Bedrock AgentCore agent runtimes
- ECR images (latest tag only for safety)
- CodeBuild projects
- IAM execution roles (only if not used by other agents)
- Agent deployment configuration

Safety Features

- Confirmation prompts by default
- Dry-run mode to preview changes
- Shared resource protection (won't delete IAM roles used by multiple agents)
- Comprehensive error handling and logging
- Graceful handling of already-deleted resources

Test Coverage

- 25+ comprehensive unit tests covering all scenarios
- CLI integration tests
- Error handling and edge case testing
- Mock-based testing for AWS service interactions

@huanshenyi huanshenyi force-pushed the feature/add-destroy-command branch from deb99f2 to f54c0a7 Compare August 5, 2025 07:35
Vivekbhadauria1
Vivekbhadauria1 reviewed Sep 4, 2025
View reviewed changes
src/bedrock_agentcore_starter_toolkit/operations/runtime/destroy.py Outdated
endpoint_response = client.get_agent_runtime_endpoint(agent_id)
endpoint_arn = endpoint_response.get("agentRuntimeEndpointArn")
if endpoint_arn:
# Note: There's no direct delete endpoint method in the current client
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should use https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/bedrock-agentcore-control/client/delete_agent_runtime_endpoint.html.

Vivekbhadauria1
Vivekbhadauria1 requested changes Sep 4, 2025
View reviewed changes
Copy link
Contributor

@Vivekbhadauria1 Vivekbhadauria1 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for merging latest changes. Needs a couple of changes -

  1. Code build IAM role starting with prefix AmazonBedrockAgentCoreSDKCodeBuild* needs to be deleted if developers uses code-build.
  2. The delete endpoint needs to special case "DEFAULT" endpoint that can not be explicitly created/deleted.

Vivekbhadauria1
Vivekbhadauria1 requested changes Sep 4, 2025
View reviewed changes
src/bedrock_agentcore_starter_toolkit/operations/runtime/destroy.py Outdated
result: DestroyResult,
dry_run: bool,
) -> None:
"""Remove all CodeBuild IAM roles with prefix AmazonBedrockAgentCoreSDKCodeBuild*"""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only delete the code build role associated with agent. You can read the config file similar to agent's execution role. The code build role is at "codebuild.execution_role" in the agent's config.

Vivekbhadauria1
Vivekbhadauria1 requested changes Sep 5, 2025
View reviewed changes
Copy link
Contributor

@Vivekbhadauria1 Vivekbhadauria1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! left a few comment on config file cleanup that is being left in an invalid state post destroy.

src/bedrock_agentcore_starter_toolkit/operations/runtime/destroy.py Outdated
role_name = role_arn.split("/")[-1]

if dry_run:
result.resources_removed.append(f"DRY RUN: would remove CodeBuild IAM role: {role_name}")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent with other dry logs. should be "CodeBuild IAM role (DRY RUN) "

src/bedrock_agentcore_starter_toolkit/operations/runtime/destroy.py Outdated
try:
# Clear the bedrock_agentcore deployment info but keep the agent config
if agent_name in project_config.agents:
agent_config = project_config.agents[agent_name]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The agent specific entry should be removed and not just the bedrock_agentcore. This causes the subsequent status/configure/launch calls to fail.

src/bedrock_agentcore_starter_toolkit/operations/runtime/destroy.py Outdated
"""Remove agent configuration from the config file."""
try:
# Clear the bedrock_agentcore deployment info but keep the agent config
if agent_name in project_config.agents:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Default agent name needs to be cleaned up in the config. If there is only one agent and its being destroyed we can remove the config file. Else, we can set the default to next valid agent in the file.

Vivekbhadauria1
Vivekbhadauria1 requested changes Sep 5, 2025
View reviewed changes
Copy link
Contributor

@Vivekbhadauria1 Vivekbhadauria1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of doc related comments.

README.md Outdated
Comment on lines 43 to 72
```bash
# Deploy with the Starter Toolkit
agentcore configure --entrypoint my_agent.py
agentcore launch # Ready to run on Bedrock AgentCore
agentcore invoke '{"prompt": "tell me a fact"}'
agentcore destroy
```

**What you get with the Starter Toolkit:**

- ✅ **Keep your agent logic** - Works with any SDK-built agent
- ✅ **Zero infrastructure management** - No servers, containers, or scaling concerns
- ✅ **One-command deployment** - From local development to enterprise platform
- ✅ **Production-ready hosting** - Reliable, scalable, compliant Bedrock AgentCore deployment

## 🛠️ Deployment & Management Tools

**Simple Configuration**

```bash
# Configure your agent for deployment
agentcore configure --entrypoint my_agent.py --name my-production-agent

# Check deployment status
agentcore status

# Invoke your deployed agent
agentcore invoke '{"prompt": "Hello from Bedrock AgentCore!"}'
```

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has been moved to AgentCore Runtime Quick start and need not be present at top-level documentation. Please update bedrock-agentcore-starter-toolkit/user-guide/runtime/quickstart instead.

README.md Outdated
Comment on lines 118 to 125
## 📚 About Amazon Bedrock AgentCore

Amazon Bedrock AgentCore enables you to deploy and operate highly effective agents securely, at scale using any framework and model. With AgentCore, developers can accelerate AI agents into production with enterprise-grade scale, reliability, and security. The platform provides:

- **Composable Services**: Mix and match services to fit your needs
- **Framework Flexibility**: Works with Strands, LangGraph, CrewAI, Strands, and more
- **Any Model Support**: Not locked into specific models
- **Enterprise Security**: Built-in identity, isolation, and access controls
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sync content from https://github.com/aws/bedrock-agentcore-starter-toolkit. Ideally there should be no new change to this file for destroy.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Vivekbhadauria1
Thank you so much for your patience and guidance! I'm really grateful I could help you address the documentation feedback. Your
implementation of the destroy functionality is excellent work.

We're still working through the review process, but I appreciate you taking the time to collaborate on getting everything just right. It's
been a pleasure working with you on this contribution! 🙏

Vivekbhadauria1
Vivekbhadauria1 requested changes Sep 5, 2025
View reviewed changes
Copy link
Contributor

@Vivekbhadauria1 Vivekbhadauria1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, The tests are failing - https://github.com/aws/bedrock-agentcore-starter-toolkit/actions/runs/17495999286/job/49711013016?pr=100. Please take a look.

@Vivekbhadauria1
Copy link
Contributor

The Test coverage gate is failing. Please take a look.
ERROR: Coverage failure: total of 89.31 is less than fail-under=90.00

@Vivekbhadauria1 Vivekbhadauria1 merged commit 0611649 into aws:main Sep 8, 2025
13 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vivekbhadauria1 Vivekbhadauria1 Vivekbhadauria1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@huanshenyi @Vivekbhadauria1