Architecture overview - Generative AI Application Builder on AWS
Architecture diagrams

Architecture overview

This section provides reference implementation architecture diagrams for the components deployed with this solution.

Architecture diagrams

To support multiple use cases and business needs, this solution provides six AWS CloudFormation templates:

  1. Deployment dashboard - The Deployment dashboard is a web interface that serves as a management console for admin users to view, manage, and create their use cases. This dashboard enables customers to rapidly experiment, iterate, and productionize various AI/ML workloads leveraging LLMs.

  2. Text use case - The Text use case enables users to experience a natural language interface using generative AI. This use case can be integrated into new or existing applications, and is deployable through the Deployment dashboard or independently through a provided URL.

  3. Bedrock Agent use case - The Bedrock Agent use case enables the use of existing Bedrock Agents to complete tasks or automate repeated workflows.

  4. MCP Server - The MCP Server use case enables deployment and management of Model Context Protocol servers that provide standardized tool and resource access to AI applications. Supports both gateway methods for wrapping existing Lambda functions and APIs, and runtime methods for deploying custom containerized MCP servers.

  5. Agent Builder - The Agent Builder enables creation and deployment of production-ready AI agents on Amazon Bedrock AgentCore with full configuration control, MCP server integration, and memory management capabilities.

  6. Workflow Builder - The Workflow Builder enables creation of supervisor agents that orchestrate multiple Agent Builder agents using the Agents as Tools delegation pattern for complex multi-agent workflows.

Deployment dashboard

Depicts Deployment dashboard architecture (when deployed with VPC option disabled)

deployment dashboard diagram

Depicts Deployment dashboard architecture (when deployed with VPC option enabled)

deployment dashboard vpc arch diagram
Note

AWS CloudFormation resources are created from AWS Cloud Development Kit (AWS CDK) constructs.

The high-level process flow for the solution components deployed with the AWS CloudFormation template is as follows:

  1. Admin users log in to the Deployment Dashboard user interface (UI).

  2. Amazon CloudFront delivers the web UI, which is hosted in an Amazon Simple Storage Service (Amazon S3) bucket.

  3. AWS WAF protects the APIs from attacks. This solution configures a set of rules called a web access control list (web ACL) that allows, blocks, or counts web requests based on configurable, user defined web security rules and conditions.

  4. The web UI leverages a set of REST APIs that are exposed using Amazon API Gateway.

  5. Amazon Cognito authenticates users and backs both the CloudFront web UI and API Gateway.

  6. AWS Lambda provides the business logic for the REST endpoints. This backing Lambda function manages and creates the necessary resources to perform use case deployments using AWS CloudFormation.

  7. Amazon DynamoDB stores the list of deployments.

  8. When a new use case is created by the admin user, the backing Lambda function initiates a CloudFormation stack creation event for the requested use case.

  9. All of the LLM configuration options provided by the admin user in the deployment wizard are saved in DynamoDB. The deployment uses this DynamoDB table to configure the LLM at runtime.

  10. Using Amazon CloudWatch, this solution collects operational metrics from various services to generate custom dashboards that allow you to monitor the solution’s performance and operational health.

Note

  • If you choose to deploy this solution in an Amazon VPC, the data will be routed within your private network.

  • Although the Deployment dashboard can be launched in most AWS Regions, the deployed use cases have certain restrictions based on service availability. See Supported AWS Regions for more details.

Text use case

Depicts Text use case architecture (when deployed with VPC option disabled)

text use case diagram

Depicts Text use case architecture (when deployed with VPC option enabled)

text use case vpc arch diagram

The high-level process flow for the solution components deployed with the AWS CloudFormation template is as follows:

  1. Admin users deploy the use case using the Deployment Dashboard. Business users log in to the use case UI.

  2. CloudFront delivers the web UI which is hosted in an S3 bucket.

  3. The web UI leverages a WebSocket integration built using API Gateway. The API Gateway is backed by a custom Lambda authorizer function, which returns the appropriate AWS Identity and Access Management (IAM) policy based on the Amazon Cognito group the authenticating user belongs to. The policy is stored in DynamoDB.

  4. Amazon Cognito authenticates users and backs both the CloudFront web UI and API Gateway.

  5. Incoming requests from the business user are passed from API Gateway to an Amazon SQS queue and then to the LangChain Orchestrator. The LangChain Orchestrator is a collection of Lambda functions and layers that provide the business logic for fulfilling requests coming from the business user. The queue enables the asynchronous operation of the API Gateway to Lambda integration. The queue passes connection information to the Lambda functions which will then post results directly back to the API Gateway websocket connection to support long running inference calls.

  6. The LangChain Orchestrator uses Amazon DynamoDB to get the configured LLM options and necessary session information (such as the chat history).

  7. If the deployment has a knowledge base enabled, then the LangChain Orchestrator leverages Amazon Kendra or Knowledge Bases for Amazon Bedrock to run a search query to retrieve document excerpts.

  8. Using the chat history, query, and context from the knowledge base, the LangChain Orchestrator creates the final prompt and sends the request to the LLM hosted on Amazon Bedrock or Amazon SageMaker AI.

  9. When the response comes back from the LLM, the LangChain Orchestrator streams the response back through the API Gateway WebSocket to be consumed by the client application.

  10. Using Amazon CloudWatch, this solution collects operational metrics from various services to generate custom dashboards that allow you to monitor the deployment’s performance and operational health.

  11. If feedback collection is enabled, a REST API endpoint, leveraging Amazon API Gateway is made available for the collection of user feedback.

  12. The feedback backing lambda, augments the submitted feedback with additional use case specific metadata (e.g. model used) and stores the data in Amazon S3 for later analysis and reporting by the DevOps users.

Note

If you choose to deploy this solution in an Amazon VPC, the data will be routed to your private network.

Bedrock Agent use case

Depicts Bedrock Agent use case architecture (when deployed with VPC option disabled)

agent use case diagram

Depicts Bedrock Agent use case architecture (when deployed with VPC option enabled)

agent use case vpc arch diagram

The high-level process flow for the solution components deployed with the AWS CloudFormation template is as follows:

  1. Admin users deploy the use case using the Deployment Dashboard. Business users sign in to the use case UI.

  2. CloudFront delivers the web UI which is hosted in an S3 bucket.

  3. The web UI leverages a WebSocket integration built using API Gateway. The API Gateway is backed by a custom Lambda authorizer function, which returns the appropriate AWS Identity and Access Management(IAM) policy based on the Amazon Cognito group the authenticating user belongs to. The policy is stored in DynamoDB.

  4. Amazon Cognito authenticates users and backs both the CloudFront web UI and API Gateway.

  5. Incoming requests from the business user are passed from API Gateway to an Amazon SQS queue and then to the AWS Lambda function. The queue enables the asynchronous operation of the API Gateway to Lambda integration. The queue passes connection information to the Lambda function which will then post results directly back to the API Gateway websocket connection to support long running inference calls.

  6. The AWS Lambda function uses Amazon DynamoDB to get the use case configurations as needed

  7. Using the user input and any relevant use case configurations, the AWS Lambda function builds and sends a request payload to the configured Amazon Bedrock Agent to fulfill the user intent.

  8. When the response comes back from the Amazon Bedrock Agent, the Lambda function streams the response back through the API Gateway WebSocket to be consumed by the client application.

  9. Using Amazon CloudWatch, this solution collects operational metrics from various services to generate custom dashboards that allow you to monitor the deployment’s performance and operational health.

  10. If feedback collection is enabled, a REST API endpoint, leveraging Amazon API Gateway is made available for the collection of user feedback.

  11. The feedback backing lambda, augments the submitted feedback with additional use case specific metadata and stores the data in Amazon S3 for later analysis and reporting by the DevOps users.

Note

If you choose to deploy this solution in an Amazon VPC, data will be routed within your private network.

MCP Server use case

Depicts MCP Server use case architecture

mcp server use case diagram

The MCP Server use case enables deployment and management of Model Context Protocol servers on Amazon Bedrock AgentCore. MCP servers provide a standardized interface for AI applications to access tools, resources, and enterprise data sources.

The solution supports two deployment methods:

  • Gateway method: Wraps existing Lambda functions or REST APIs as MCP tools, handling protocol translation automatically

  • Runtime method: Deploys custom containerized MCP servers from Amazon ECR images

The high-level process flow for MCP Server deployment is as follows:

  1. Admin users deploy the MCP Server use case using the Deployment Dashboard, selecting either Gateway or Runtime deployment method.

  2. This action is authenticated with Amazon Cognito.

  3. For the Gateway deployment, the solution creates an Amazon Bedrock AgentCore Gateway that transforms existing Lambda functions or APIs into MCP-compliant tools. For the Runtime deployment, the solution deploys containerized MCP servers on Amazon Bedrock AgentCore Runtime using provided ECR images.

  4. Gateway deployments retrieve the necessary API/Lambda/Smithy schemas from their uploaded location in Amazon S3.

  5. Runtime deployments retrieve the containerized MCP server provided by the user from Amazon Elastic Container Registry (ECR)

  6. The MCP Server is instrumented with an Amazon Bedrock AgentCore Identity OAuth client

  7. The MCP Server makes the associated tools available at the /mcp endpoint for Agents to discover.

  8. Amazon CloudWatch collects operational metrics and logs from MCP server deployments for monitoring and troubleshooting.

Agent Builder use case

Depicts Agent Builder architecture

agent builder deployment diagram

The high-level process flow for the Agent Builder components deployed with the AWS CloudFormation template is as follows:

  1. Admin users deploy the use case using the Deployment Dashboard. Business users sign in to the use case UI.

  2. CloudFront delivers the web UI which is hosted in an S3 bucket.

  3. The web UI leverages a WebSocket integration built using API Gateway. The API Gateway is backed by a custom Lambda authorizer function, which returns the appropriate AWS Identity and Access Management(IAM) policy based on the Amazon Cognito group the authenticating user belongs to. The policy is stored in DynamoDB.

  4. Amazon Cognito authenticates users and backs both the CloudFront web UI and API Gateway.

  5. Incoming requests from the business user are passed from API Gateway to an Amazon SQS queue and then to the AWS Lambda function. The queue enables the asynchronous operation of the API Gateway to Lambda integration. The queue passes connection information to the Lambda function which will then post results directly back to the API Gateway websocket connection to support long running inference calls.

  6. The AWS Lambda function retrieves the agent configuration from DynamoDB.

  7. Using the user input and any relevant use case configurations, the AWS Lambda function builds and sends a request payload to the agent, running on Amazon Bedrock AgentCore Runtime.

  8. The agent connects to associated MCP servers and registers the tools to the strands agent instance. The agent then autonomously selects and performs actions based on tool descriptions and task requirements.

  9. When the response comes back from the Amazon Bedrock AgentCore runtime, the Lambda function streams the response back through the API Gateway WebSocket to be consumed by the client application.

Note

  • Agent processing is limited to Lambda execution timeout (15 minutes).

Workflow Builder use case

Depicts Workflow Builder architecture

workflow deployment diagram

The high-level process flow for the Workflow Builder components deployed with the AWS CloudFormation template is as follows:

  1. Admin users deploy the workflow using the Deployment Dashboard, selecting Agent Builder agents to include as specialized agents.

  2. CloudFront delivers the web UI which is hosted in an S3 bucket.

  3. The web UI leverages a WebSocket integration built using API Gateway. The API Gateway is backed by a custom Lambda authorizer function, which returns the appropriate AWS Identity and Access Management (IAM) policy based on the Amazon Cognito group the authenticating user belongs to. The policy is stored in DynamoDB.

  4. Amazon Cognito authenticates users and backs both the CloudFront web UI and API Gateway.

  5. Incoming requests from the business user are passed from API Gateway to an Amazon SQS queue and then to the AWS Lambda function. The queue enables the asynchronous operation of the API Gateway to Lambda integration.

  6. The AWS Lambda function retrieves workflow configuration from DynamoDB, including the list of specialized Agent Builder agents.

  7. Using the user input and workflow configuration, Lambda sends requests to the Amazon Bedrock AgentCore Runtime hosting the supervisor agent.

  8. The supervisor agent creates local instances of all specialized Agent Builder agents within the AgentCore Runtime environment. These specialized agents are registered as tools using the Agents as Tools pattern. The supervisor then autonomously selects and delegates work to specialized agents based on agent descriptions and task requirements.

  9. The supervisor agent aggregates results from specialized agents and formulates the final response, returning it to the Lambda to be streamed back to the client application through the API Gateway Websocket.

Note

  • Workflow processing is limited to Lambda execution timeout (15 minutes).