Lucasmacedo/AI-inovyo-assistende-db
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds starting files

Browse Source
This commit is contained in:
DNXBrasil
2026-01-16 17:45:22 -03:00
parent da8f2984c2
commit c31d089efb
37 changed files with 2560 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
code/Dockerfile Normal file
View File

@@ -0,0 +1,37 @@
# Use uma imagem base Python oficial.
# Escolha uma versão que seja compatível com suas dependências.
FROM python:3.12-slim
# Copia os arquivos de requisitos primeiro para aproveitar o cache do Docker
COPY requirements.txt ./requirements.txt
# Instala as dependências do backend
RUN pip install --no-cache-dir -r requirements.txt
# Copia o restante dos diretórios e arquivos da aplicação
COPY ./ ./
# Garante que o script de inicialização seja executável
RUN chmod +x ./entrypoint.sh
# Cria os diretórios que a API FastAPI pode precisar (se eles não existirem)
# Estes diretórios serão usados para persistência se volumes forem montados.
#RUN mkdir -p /app/faiss_index_store && \
# mkdir -p /app/uploaded_pdfs
# Expõe as portas que os aplicativos usarão
# Porta 8000 para a API FastAPI
EXPOSE 8000
# Porta 8501 para o aplicativo Streamlit
EXPOSE 8501
# Define a variável de ambiente GROQ_API_KEY.
# É ALTAMENTE RECOMENDADO passar esta variável em tempo de execução
# em vez de embuti-la aqui por questões de segurança.
# Exemplo: docker run -e GROQ_API_KEY="sua_chave_aqui" ...
# ENV GROQ_API_KEY="SUA_CHAVE_GROQ_AQUI_SE_NECESSARIO_MAS_NAO_RECOMENDADO_EMBUTIR"
# Comando para executar quando o contêiner iniciar
# Executa o script start.sh que gerencia os dois processos
CMD ["./entrypoint.sh"]

0
code/README.md Normal file
View File

342
code/app/backend/BDAgent.py Normal file
View File

@@ -0,0 +1,342 @@
"""
LangGraph Agent using AWS Bedrock Cross-Region Inference Profile with Tools
This script demonstrates how to create a LangGraph agent that uses
an AWS Bedrock inference profile with custom tools (add and multiply).
"""
import boto3
from typing import TypedDict, Annotated
from langgraph.graph import StateGraph, END
from langchain_aws import ChatBedrockConverse
from langchain_core.tools import tool
from langchain_core.messages import HumanMessage, AIMessage, ToolMessage, SystemMessage
import operator
import json
import time
from langfuse import Langfuse
from langfuse.langchain import CallbackHandler
from botocore.exceptions import ClientError
import os
from backend.utils import dynamodb_read_table as drt
WORKGROUP = "iceberg-workgroup"
DATABASE = "dnx_warehouse"
def get_secret():
secret_name = "assistente-db-secrets-manager"
region_name = "us-east-1"
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
# For a list of exceptions thrown, see
# https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
raise e
secret = get_secret_value_response['SecretString']
return secret
secrets=json.loads(get_secret())
langfuse = Langfuse(
public_key=secrets['LANGFUSE-PUBLIC-KEY'],
secret_key=secrets['LANGFUSE-SECRET-KEY'],
host=os.environ["LANGFUSE_HOST"]
)
session = boto3.Session()
athena = session.client("athena", region_name="us-east-1")
# ==============================================
# QUERY
# ==============================================
def exec_athena_query(query):
print("Executando query no Athena...")
response = athena.start_query_execution(
QueryString=query,
QueryExecutionContext={"Database": DATABASE},
WorkGroup=WORKGROUP
)
query_execution_id = response["QueryExecutionId"]
print(f"QueryExecutionId: {query_execution_id}")
# ==============================================
# AGUARDAR RESULTADO
# ==============================================
while True:
result = athena.get_query_execution(QueryExecutionId=query_execution_id)
state = result["QueryExecution"]["Status"]["State"]
if state in ["SUCCEEDED", "FAILED", "CANCELLED"]:
print("Estado final:", state)
break
print("Aguardando execução...")
time.sleep(1)
if state == "SUCCEEDED":
output = athena.get_query_results(QueryExecutionId=query_execution_id)
print(f"\n🔧 [TOOL CALLED] consult answer")
return output["ResultSet"]["Rows"]
else:
print("Erro ao executar a query.")
# Define tools
# Define@tool the agent state
class AgentState(TypedDict):
messages: Annotated[list, operator.add]
current_step: str
# Initialize Bedrock client with inference profile
def create_bedrock_llm(model_id: str, region: str = "us-east-1"):
"""
Create a ChatBedrock instance using a model ID.
Args:
model_id: Bedrock model ID (e.g., anthropic.claude-haiku-4-5-20251001-v1:0)
region: AWS region (default: us-east-1)
Returns:
ChatBedrock instance configured with the model
"""
# Determine provider and model_kwargs based on model ID
MODEL_ARNS = {
"anthropic.claude-haiku-4-5-20251001-v1:0": "arn:aws:bedrock:us-east-1:305427701314:inference-profile/global.anthropic.claude-haiku-4-5-20251001-v1:0",
"anthropic.claude-sonnet-4-5-20250929-v1:0": "arn:aws:bedrock:us-east-1:305427701314:inference-profile/global.anthropic.claude-sonnet-4-5-20250929-v1:0",
"meta.llama4-maverick-17b-instruct-v1:0": "arn:aws:bedrock:us-east-1:305427701314:inference-profile/us.meta.llama4-maverick-17b-instruct-v1:0",
"meta.llama4-scout-17b-instruct-v1:0": "arn:aws:bedrock:us-east-1:305427701314:inference-profile/us.meta.llama4-scout-17b-instruct-v1:0",
"amazon.nova-lite-v1:0": "arn:aws:bedrock:us-east-1:305427701314:inference-profile/us.amazon.nova-lite-v1:0",
"amazon.nova-pro-v1:0": "arn:aws:bedrock:us-east-1:305427701314:inference-profile/us.amazon.nova-pro-v1:0",
"amazon.nova-2-lite-v1:0": "arn:aws:bedrock:us-east-1:305427701314:inference-profile/global.amazon.nova-2-lite-v1:0"
}
PROVIDER={
"anthropic.claude-haiku-4-5-20251001-v1:0": "anthropic",
"anthropic.claude-sonnet-4-5-20250929-v1:0": "anthropic",
"meta.llama4-maverick-17b-instruct-v1:0": "meta",
"meta.llama4-scout-17b-instruct-v1:0": "meta",
"amazon.nova-lite-v1:0": "amazon",
"amazon.nova-pro-v1:0": "amazon",
"amazon.nova-2-lite-v1:0": "amazon"
}
prefix={
"anthropic.claude-haiku-4-5-20251001-v1:0": "global",
"anthropic.claude-sonnet-4-5-20250929-v1:0": "global",
"meta.llama4-maverick-17b-instruct-v1:0": "us",
"meta.llama4-scout-17b-instruct-v1:0": "us",
"amazon.nova-lite-v1:0": "us",
"amazon.nova-pro-v1:0": "us",
"amazon.nova-2-lite-v1:0": "global"
}
llm = ChatBedrockConverse(
model_id=prefix[model_id]+"."+model_id,
region_name=region,
provider=PROVIDER[model_id],
max_tokens=2048,
temperature=0.7
)
# Bind tools to the LLM
#tools = [consult_answers,count_table_rows]
tools=[]
llm_with_tools = llm.bind_tools(tools)
return llm_with_tools
# Define agent nodes
def call_model(state: AgentState, llm) -> AgentState:
"""Call the LLM with tools."""
print(f"[MODEL] Calling Bedrock inference profile...")
messages = state["messages"]
langfuse_handler = CallbackHandler()
config = {"configurable": {"thread_id": "abc123"},"callbacks": [langfuse_handler]}
response = llm.invoke(messages,config=config)
state["current_step"] = "model_called"
return {"messages": [response]}
def call_tools(state: AgentState) -> AgentState:
"""Execute any tool calls from the LLM response."""
print(f"[TOOLS] Checking for tool calls...")
messages = state["messages"]
last_message = messages[-1]
# Check if there are tool calls
if hasattr(last_message, 'tool_calls') and last_message.tool_calls:
print(f"[TOOLS] Found {len(last_message.tool_calls)} tool call(s)")
tool_messages = []
tools_map = {
}
# Execute each tool call
for tool_call in last_message.tool_calls:
tool_name = tool_call["name"]
tool_args = tool_call["args"]
print(f"[TOOLS] Executing: {tool_name}")
# Call the appropriate tool
tool_func = tools_map[tool_name]
result = tool_func.invoke(tool_args)
# Create tool message
tool_message = ToolMessage(
content=str(result),
tool_call_id=tool_call["id"]
)
tool_messages.append(tool_message)
state["current_step"] = "tools_executed"
return {"messages": tool_messages}
else:
print(f"[TOOLS] No tool calls found")
state["current_step"] = "no_tools"
return {"messages": []}
def should_continue(state: AgentState) -> str:
"""Determine if we should continue to tools or end."""
messages = state["messages"]
last_message = messages[-1]
# If there are tool calls, continue to tools node
if hasattr(last_message, 'tool_calls') and last_message.tool_calls:
print("[ROUTER] Routing to tools...")
return "tools"
# Otherwise, end
print("[ROUTER] No more tool calls, ending...")
return "end"
# Build the LangGraph agent
def create_agent(inference_profile_arn: str, region: str = "us-east-1"):
"""
Create a LangGraph agent that uses Bedrock inference profile with tools.
Args:
inference_profile_arn: ARN of the cross-region inference profile
region: AWS region
Returns:
Compiled LangGraph workflow
"""
# Initialize the LLM with tools
llm = create_bedrock_llm(inference_profile_arn, region)
# Create the graph
workflow = StateGraph(AgentState)
# Add nodes
workflow.add_node("model", lambda state: call_model(state, llm))
workflow.add_node("tools", call_tools)
# Define the workflow
workflow.set_entry_point("model")
# Add conditional edges
workflow.add_conditional_edges(
"model",
should_continue,
{
"tools": "tools",
"end": END
}
)
# After tools, go back to model
workflow.add_edge("tools", "model")
# Compile the graph
app = workflow.compile()
return app
def main(user_query,history,model):
"""Main execution function."""
# Configuration - Update with your actual inference profile ARN
INFERENCE_PROFILE_ARN = model
REGION = "us-east-1"
# System prompt for the agent
SYSTEM_PROMPT=""" You are a analitical agent, with acess to monthly reports about Bacio di latte
<context>
A Bacio di Latte é uma rede de gelaterias artesanais fundada em São Paulo, Brasil, em 2011, pelos irmãos milaneses Edoardo e Luigi Tonolli, que trouxeram a tradição do gelato italiano com ingredientes de alta qualidade, resultando em um sorvete cremoso e fresco, produzido diariamente, sem gordura hidrogenada ou trans, e que se tornou popular não só no Brasil, mas também nos EUA, representando uma experiência autêntica de gelato.
<\context>
<reports>
"""+drt.read_table_as_xml("poc_dnx_monthly_summary","us-east-1")+""""
<\reports>
Here is the chat history:"""+history+"""
Aswer the user the best you can with the given information, if you don't know the answer or how to answer say so, only answer from what you know."""
print("=" * 60)
print("LangGraph Agent with AWS Bedrock Inference Profile + Tools")
print("=" * 60)
print(f"\nUsing inference profile: {INFERENCE_PROFILE_ARN}")
print(f"Region: {REGION}\n")
print("Available Tools:")
print(" - add_numbers(a, b): Add two numbers")
print(" - multiply_numbers(a, b): Multiply two numbers")
print("\nSystem Prompt: Configured ✓")
print("=" * 60)
# Create the agent
agent = create_agent(INFERENCE_PROFILE_ARN, REGION)
# Example query that requires tools
# Initialize state with system prompt
initial_state = {
"messages": [
SystemMessage(content=SYSTEM_PROMPT),
HumanMessage(content=user_query)
],
"current_step": "init"
}
print(f"\nUser Query: {user_query}\n")
print("-" * 60)
# Run the agent
final_state = agent.invoke(initial_state)
# Display results
print("-" * 60)
print("\n[FINAL RESULT]")
print("\nConversation History:")
for i, msg in enumerate(final_state["messages"], 1):
if isinstance(msg, SystemMessage):
print(f"\n{i}. System: [System prompt configured]")
elif isinstance(msg, HumanMessage):
print(f"\n{i}. User: {msg.content}")
elif isinstance(msg, AIMessage):
if hasattr(msg, 'tool_calls') and msg.tool_calls:
print(f"\n{i}. AI: [Calling tools...]")
else:
print(f"\n{i}. AI: {msg.content}")
elif isinstance(msg, ToolMessage):
print(f"\n{i}. Tool Result: {msg.content}")
print("\n" + "=" * 60)
print(f"Agent completed successfully. Final step: {final_state['current_step']}")
langfuse.flush()
return final_state['messages'][-1].content
if __name__=="__main__":
main("oi","ancar_nps_tradicional","","")

209
code/app/backend/utils/dynamodb_read_table.py Normal file
View File

@@ -0,0 +1,209 @@
"""
DynamoDB Table Reader Script
This script connects to AWS DynamoDB and reads all entries from a specified table.
Outputs data in XML format with <period> tags containing the context XML content.
Usage:
from dynamodb_read_table import read_table_as_xml
xml_content = read_table_as_xml("my-table-name")
"""
import re
import boto3
from botocore.exceptions import ClientError
def clean_context_xml(context: str) -> str:
"""
Remove XML declaration and <relatorio> tags from context content.
Args:
context: Raw XML content from DynamoDB
Returns:
Cleaned XML content without declaration and relatorio tags
"""
# Remove XML declaration (e.g., <?xml version="1.0" encoding="UTF-8"?>)
context = re.sub(r'<\?xml[^?]*\?>\s*', '', context)
# Remove opening <relatorio> tag (with any attributes)
context = re.sub(r'<relatorio[^>]*>\s*', '', context)
# Remove closing </relatorio> tag
context = re.sub(r'\s*</relatorio>', '', context)
return context.strip()
def remove_xml_declaration(content: str) -> str:
"""
Remove only the XML declaration from content.
Args:
content: Raw XML content
Returns:
Content without XML declaration (keeps relatorio tags)
"""
content = re.sub(r'<\?xml[^?]*\?>\s*', '', content)
return content.strip()
def format_items_to_xml(items: list) -> str:
"""
Format all DynamoDB items to XML format.
Each item's 'period' field becomes a <period> tag,
and the 'context' and 'dados_consolidados' fields are placed inside it.
Args:
items: List of DynamoDB items
Returns:
Complete XML formatted string with all items
"""
xml_parts = []
for item in items:
period = item.get("period", "unknown")
context = item.get("context", "")
dados_consolidados = item.get("dados_consolidados", "")
# Clean the XML content
cleaned_context = clean_context_xml(context)
cleaned_dados = remove_xml_declaration(dados_consolidados)
xml_parts.append(f"<{period}>")
xml_parts.append(cleaned_context)
if cleaned_dados:
xml_parts.append(cleaned_dados)
xml_parts.append(f"</{period}>")
xml_parts.append("") # Empty line between entries
return "\n".join(xml_parts)
def get_dynamodb_client(region_name: str = "us-east-1"):
"""Create and return a DynamoDB client."""
session = boto3.Session()
return session.client("dynamodb", region_name=region_name)
def get_dynamodb_resource(region_name: str = "us-east-1"):
"""Create and return a DynamoDB resource for higher-level operations."""
session = boto3.Session()
return session.resource("dynamodb", region_name=region_name)
def scan_table(table_name: str, region_name: str = "us-east-1") -> list:
"""
Scan a DynamoDB table and return all items.
Uses pagination to handle tables larger than 1MB response limit.
Args:
table_name: Name of the DynamoDB table to scan
region_name: AWS region where the table is located
Returns:
List of all items in the table
"""
dynamodb = get_dynamodb_resource(region_name)
table = dynamodb.Table(table_name)
items = []
last_evaluated_key = None
try:
while True:
if last_evaluated_key:
response = table.scan(ExclusiveStartKey=last_evaluated_key)
else:
response = table.scan()
items.extend(response.get("Items", []))
last_evaluated_key = response.get("LastEvaluatedKey")
if not last_evaluated_key:
break
print(f"Successfully scanned {len(items)} items from table '{table_name}'")
return items
except ClientError as e:
error_code = e.response["Error"]["Code"]
error_message = e.response["Error"]["Message"]
print(f"Error scanning table: {error_code} - {error_message}")
raise
def list_tables(region_name: str = "us-east-1") -> list:
"""List all DynamoDB tables in the specified region."""
client = get_dynamodb_client(region_name)
tables = []
last_evaluated_table_name = None
try:
while True:
if last_evaluated_table_name:
response = client.list_tables(ExclusiveStartTableName=last_evaluated_table_name)
else:
response = client.list_tables()
tables.extend(response.get("TableNames", []))
last_evaluated_table_name = response.get("LastEvaluatedTableName")
if not last_evaluated_table_name:
break
return tables
except ClientError as e:
error_code = e.response["Error"]["Code"]
error_message = e.response["Error"]["Message"]
print(f"Error listing tables: {error_code} - {error_message}")
raise
def get_table_info(table_name: str, region_name: str = "us-east-1") -> dict:
"""Get metadata information about a DynamoDB table."""
client = get_dynamodb_client(region_name)
try:
response = client.describe_table(TableName=table_name)
table_info = response.get("Table", {})
return {
"TableName": table_info.get("TableName"),
"TableStatus": table_info.get("TableStatus"),
"ItemCount": table_info.get("ItemCount"),
"TableSizeBytes": table_info.get("TableSizeBytes"),
"KeySchema": table_info.get("KeySchema"),
"AttributeDefinitions": table_info.get("AttributeDefinitions"),
"CreationDateTime": str(table_info.get("CreationDateTime")),
}
except ClientError as e:
error_code = e.response["Error"]["Code"]
error_message = e.response["Error"]["Message"]
print(f"Error describing table: {error_code} - {error_message}")
raise
def read_table_as_xml(table_name: str, region_name: str = "us-east-1") -> str:
"""
Read all entries from a DynamoDB table and return as XML string.
Args:
table_name: Name of the DynamoDB table to read
region_name: AWS region where the table is located (default: us-east-1)
Returns:
XML formatted string with all items wrapped in <period> tags
"""
items = scan_table(table_name, region_name)
return format_items_to_xml(items)
if __name__=="__main__":
print(read_table_as_xml("poc_dnx_monthly_summary","us-east-1"))

89
code/app/front.py Normal file
View File

@@ -0,0 +1,89 @@
import streamlit as st
import time
from backend import BDAgent
import boto3
# Configure the page - MUST BE FIRST
st.set_page_config(
page_title="Chatbot",
page_icon="💬",
layout="centered"
)
session = boto3.Session()
# Model selection with session state persistence
MODELS = [
"anthropic.claude-sonnet-4-5-20250929-v1:0",
"meta.llama4-maverick-17b-instruct-v1:0",
"meta.llama4-scout-17b-instruct-v1:0",
"amazon.nova-lite-v1:0",
"amazon.nova-pro-v1:0",
"amazon.nova-2-lite-v1:0"
]
selected_value = st.selectbox(
"Selecione o modelo:",
MODELS,
key="selected_model"
)
# Initialize chat history in session state
if "messages" not in st.session_state:
st.session_state.messages = []
# Display title
st.title("💬 Chatbot")
# Display chat history
for message in st.session_state.messages:
with st.chat_message(message["role"]):
st.markdown(message["content"])
# Chat input
if prompt := st.chat_input("Type your message here..."):
# Add user message to chat history
st.session_state.messages.append({"role": "user", "content": prompt})
# Display user message
with st.chat_message("user"):
st.markdown(prompt)
# Display assistant response
with st.chat_message("assistant"):
message_placeholder = st.empty()
# Simulate streaming response (replace with actual API call)
full_response = BDAgent.main(prompt,str(st.session_state.messages),selected_value)
# Simulate typing effect
displayed_response = ""
for char in full_response:
displayed_response += char
message_placeholder.markdown(displayed_response + "")
time.sleep(0.01)
message_placeholder.markdown(full_response)
# Add assistant response to chat history
st.session_state.messages.append({"role": "assistant", "content": full_response})
# Add a sidebar with options
with st.sidebar:
st.header("Options")
if st.button("Clear Chat History"):
st.session_state.messages = []
st.rerun()
st.divider()
st.markdown("""
### How to use:
1. Type your message in the input box
2. Press Enter or click Send
3. View the conversation history
""")

23
code/entrypoint.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
# Define o diretório base da aplicação dentro do contêiner
APP_DIR="/app"
# Navega para o diretório do backend e inicia a API FastAPI em segundo plano
#echo "Iniciando API FastAPI na porta 8000..."
#python app/backend/main.py &
# Aguarda alguns segundos para garantir que a API tenha tempo de iniciar
# Isso é opcional, mas pode ajudar a evitar problemas de conexão imediata do frontend
#echo "Aguardando a API iniciar..."
#sleep 10 # Ajuste o tempo conforme necessário
# Navega para o diretório do frontend e inicia o aplicativo Streamlit em primeiro plano
echo "Iniciando aplicativo Streamlit na porta 8501..."
# --server.headless=true é importante para rodar Streamlit em ambientes sem GUI (como Docker)
# --server.address=0.0.0.0 permite que o Streamlit seja acessado de fora do contêiner
# --server.enableCORS=false pode ser necessário dependendo da configuração, mas geralmente não para localhost
streamlit run app/front.py --server.port 8501 --server.address 0.0.0.0 --server.headless true
# O comando 'streamlit run' manterá o contêiner em execução.
# Se o Streamlit parar por algum motivo, o script e, consequentemente, o contêiner, terminarão.

6
code/main.py Normal file
View File

@@ -0,0 +1,6 @@
def main():
print("Hello from code!")
if __name__ == "__main__":
main()

6
code/requirements.txt Normal file
View File

@@ -0,0 +1,6 @@
boto3>=1.34.0
langchain-aws>=0.1.0
langgraph>=0.0.20
langchain>=0.1.0
streamlit
langfuse

9
infra/ecr/Pulumi.inovyo.yaml Normal file
View File

@@ -0,0 +1,9 @@
config:
ecr_dev:entity_extraction_dev: ecr
ecr_dev:environment: dev
ecr_dev:ecr:
backend:
image_mutability: MUTABLE
name: assistente-analitico-db-dev
ecr_dev:project: Assistente Analitico db
aws:region: us-east-1

3
infra/ecr/Pulumi.yaml Normal file
View File

@@ -0,0 +1,3 @@
name: ecr_dev
runtime: python
description: Infraestrutura da aplicação ECR

93
infra/ecr/README.md Normal file
View File

@@ -0,0 +1,93 @@
# ecr
## Getting started
To make it easy for you to get started with GitLab, here's a list of recommended next steps.
Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
## Add your files
- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
```
cd existing_repo
git remote add origin https://gitlab.shared.cloud.dnxbrasil.com.br/dnx-br/sandbox/genai/ecr.git
git branch -M main
git push -uf origin main
```
## Integrate with your tools
- [ ] [Set up project integrations](https://gitlab.shared.cloud.dnxbrasil.com.br/dnx-br/sandbox/genai/ecr/-/settings/integrations)
## Collaborate with your team
- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
- [ ] [Set auto-merge](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
## Test and Deploy
Use the built-in continuous integration in GitLab.
- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
***
# Editing this README
When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thanks to [makeareadme.com](https://www.makeareadme.com/) for this template.
## Suggestions for a good README
Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
## Name
Choose a self-explaining name for your project.
## Description
Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
## Badges
On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
## Visuals
Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
## Installation
Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
## Usage
Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
## Support
Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
## Roadmap
If you have ideas for releases in the future, it is a good idea to list them in the README.
## Contributing
State if you are open to contributions and what your requirements are for accepting them.
For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
## Authors and acknowledgment
Show your appreciation to those who have contributed to the project.
## License
For open source projects, say how it is licensed.
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.

27
infra/ecr/__main__.py Normal file
View File

@@ -0,0 +1,27 @@
import json
import pulumi
import pulumi_aws as aws
caller_identity = aws.get_caller_identity()
account_id = caller_identity.account_id
config = pulumi.Config()
project = config.require("project")
environment = config.require("environment")
stacks=["backend"]
for stack in stacks:
ecr_config = config.require_object("ecr")[stack]
ecr_repo = aws.ecr.Repository(ecr_config['name'],
name=ecr_config['name'],
encryption_configurations=[{
"encryption_type": "AES256",
}],
image_scanning_configuration={
"scan_on_push": False,
},
image_tag_mutability=ecr_config['image_mutability'],
opts = pulumi.ResourceOptions(protect=False))
pulumi.export("url", pulumi.Output.concat("ECR REPO ID:", ecr_repo.id))

6
infra/ecr/main.py Normal file
View File

@@ -0,0 +1,6 @@
def main():
print("Hello from ecr!")
if __name__ == "__main__":
main()

5
infra/ecr/requirements.txt Normal file
View File

@@ -0,0 +1,5 @@
pulumi
pulumi-aws
pulumi-docker
boto3
setuptools

51
infra/ecs_alb/Pulumi.Inovyo.yaml Normal file
View File

@@ -0,0 +1,51 @@
config:
aws:region: us-east-1
app-ecs:account_id: "305427701314" # dnxbrasil-nonprod
app-ecs:project_name: assistente-analitico
app-ecs:environment: dev
# app-ecs:bedrock_api_key:
# secure: you-can-put-your-pulumi-encrypted-secure-string-here
app-ecs:tags:
project: assistente-analitico-db-dev
env: dev # dev, test, stage, prod
account: nonprod # prod, nonprod, dataScience
costCenter: AI # AWSGeneral, AI, data, productName
owner: AI # team or a preson responsible
app-ecs:network:
vpc_id: vpc-17ceb96c
alb_internal: false
alb_subnet_ids: # 2+ private subnets if alb_internal else public subnets in the same region and vpc
- subnet-0de9f056635629827
- subnet-09cda74f27c543521
alb_allow_ingress_cidr:
- 3.14.44.224/32
ecs_subnet_ids:
- subnet-0f50f25a2fbb054d4
- subnet-0014ea77951bbeb6c
app-ecs:ecs:
- task_name: assisnte-analitico-db-dev
ecr_repo_name: assistente-analitico-db-dev
ecr_image_tag: latest
ecr_image_digest: sha256:7a2aede33d8dd34822b73291d64e1ccce26980fc531290c54d992bcb7dee26fa
cpu: 256
memory: 512
desired_count: 1
sgs_allowing_ingress: {}
use_load_balancer: true
auto_scaling:
min_capacity: 1
max_capacity: 3
target_value: 60.0
lb_config:
name: listener
listener_port: 8501
target_port: 8501
container_port: 8501
env_variables:
LANGFUSE_HOST: http://172.31.252.176:3000
# SECRET_NAME: dev/ai-pge-doc-classification
# BEDROCK_REGION: us-east-1
# LANGCHAIN_TRACING_V2: "true"
# LANGCHAIN_PROJECT: pge-doc-classification-dev
app-ecs:cloudwatch:
log_group_name: assistente-analitico-db-dev

6
infra/ecs_alb/Pulumi.yaml Normal file
View File

@@ -0,0 +1,6 @@
name: app-ecs
runtime:
name: python
options:
virtualenv: venv
description: AWS ECS application deploy

71
infra/ecs_alb/README.md Normal file
View File

@@ -0,0 +1,71 @@
# GenAI project infratructure with Pulumi
Nesta documentação apresentamos o setup da IaC do projeto de GenAI.
## 🚀 Deploying Infrastructure to AWS
Para deployar a infraestrutura referente o projeto de GenAI, é utilizado uma stack IaC Pulumi.
Para isso, o desenvolvedor deve seguir os passos:
1. Dentro do diretório raiz do projeto, crie um ambiente virtual pelos comandos:
```shell
# pip install virtualenv
python3.11 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
```
2. (opcional) Configure o seu Pulumi Token:
```shell
export PULUMI_ACCESS_TOKEN="your-access-token"
```
3. Pulumi Login:
```shell
pulumi login
```
4. (opcional) Select a stack to work on:
```shell
pulumi stack select
```
5. Suba a stack do pulumi:
```shell
pulumi up #selecione o stack se não tiver selecionado
```
Após estes passo, os serviços e dependências do projeto serão criados/atualizados, gerando a fundação para a aplicação.
#### Observação 1:
Lembre-se de configurar o usuário IAM registrado como profile no aws-cli, para detectar a conta AWS a ser utilizada:
```shell
export AWS_PROFILE=myorg-nonprod
```
Se não tiver configurado o profile o aws-cli, exporte as seguintes variáveis:
```shell
export AWS_DEFAULT_REGION=
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
```
#### Observação 2: Registro de imagem Docker no ECR
Para que a infraestrutura projetada anteriormente consiga referenciar as imagens de cada projeto, é necessário indicar o nome do repositório no argumento `ecr_repo_name` no arquivo YAML.
Como a versão da imagem a ser deployada, indique ou `ecr_image_tag` ou `ecr_image_digest`, sem indicar ambos.
Para registrar corretamente a imagem Docker da sua aplicação no ECR, siga os passos descritos na seguinte documentação:
- https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html
Para incluir variáveis de ambiente no container, informe-as como dicionário (chave-valor) em `env_variables`.
## 🤝 Agradecimentos
* Agradecemos por toda a parceria durante o projeto. Conte conosco! 📢

60
infra/ecs_alb/__main__.py Normal file
View File

@@ -0,0 +1,60 @@
import pulumi
import pulumi_aws as aws
import conf as config
import iam
import ecs
# ECS Cluster Setup
app_ecs_cluster = aws.ecs.Cluster(f"{config.project_name}-ecs-cluster",
configuration=aws.ecs.ClusterConfigurationArgs(
execute_command_configuration=aws.ecs.ClusterConfigurationExecuteCommandConfigurationArgs(
logging="DEFAULT",
),
),
settings=[aws.ecs.ClusterSettingArgs(
name="containerInsights",
value="disabled",
)],
tags={"Name": f"{config.project_name}-{config.stack_name}"},
)
ecs_cluster_capacity_providers = aws.ecs.ClusterCapacityProviders(f"{config.project_name}-cluster-capacity-providers",
cluster_name=app_ecs_cluster.name,
capacity_providers=["FARGATE", "FARGATE_SPOT"],
)
# Security Group Setup
alb_security_group = aws.ec2.SecurityGroup(f"{config.project_name}-security-group",
vpc_id=config.network["vpc_id"],
ingress=[aws.ec2.SecurityGroupIngressArgs(
protocol="-1",
from_port=0,
to_port=0,
cidr_blocks=config.network["alb_allow_ingress_cidr"],
),
],
egress=[aws.ec2.SecurityGroupEgressArgs(
protocol="-1",
from_port=0,
to_port=0,
cidr_blocks=["0.0.0.0/0"],
)],
)
# Load Balancer Setup
app_load_balancer = aws.lb.LoadBalancer(
f"alb-{config.project_name}",
load_balancer_type="application",
security_groups=[alb_security_group.id],
subnets=config.network["alb_subnet_ids"],
idle_timeout=(1200),
internal=config.network['alb_internal'],
)
for ecs_app in config.ecs:
ecs.deploy_app(ecs_app, app_ecs_cluster, alb_security_group, app_load_balancer.arn)
# Export the ALB DNS Name
pulumi.export("url", app_load_balancer.dns_name.apply(lambda dns_name: f"http://{dns_name}"))

13
infra/ecs_alb/autotag/autotag.py Normal file
View File

@@ -0,0 +1,13 @@
import pulumi
from autotag.taggable import is_taggable
# registerAutoTags registers a global stack transformation that merges a set
# of tags with whatever was also explicitly added to the resource definition.
def register_auto_tags(auto_tags):
pulumi.runtime.register_stack_transformation(lambda args: auto_tag(args, auto_tags))
# auto_tag applies the given tags to the resource properties if applicable.
def auto_tag(args, auto_tags):
if is_taggable(args.type_):
args.props['tags'] = {**(args.props['tags'] or {}), **auto_tags}
return pulumi.ResourceTransformationResult(args.props, args.opts)

12
infra/ecs_alb/autotag/policy-config.json Normal file
View File

@@ -0,0 +1,12 @@
{
"all": "mandatory",
"check-required-tags": {
"requiredTags": [
"user:project",
"user:env",
"user:account",
"user:costCenter",
"user:owner"
]
}
}

234
infra/ecs_alb/autotag/taggable.py Normal file
View File

@@ -0,0 +1,234 @@
# isTaggable returns true if the given resource type is an AWS resource that supports tags.
def is_taggable(t):
return t in taggable_resource_types
# taggable_resource_types is a list of known AWS type tokens that are taggable.
taggable_resource_types = [
'aws:accessanalyzer/analyzer:Analyzer',
'aws:acm/certificate:Certificate',
'aws:acmpca/certificateAuthority:CertificateAuthority',
'aws:alb/loadBalancer:LoadBalancer',
'aws:alb/targetGroup:TargetGroup',
'aws:apigateway/apiKey:ApiKey',
'aws:apigateway/clientCertificate:ClientCertificate',
'aws:apigateway/domainName:DomainName',
'aws:apigateway/restApi:RestApi',
'aws:apigateway/stage:Stage',
'aws:apigateway/usagePlan:UsagePlan',
'aws:apigateway/vpcLink:VpcLink',
'aws:applicationloadbalancing/loadBalancer:LoadBalancer',
'aws:applicationloadbalancing/targetGroup:TargetGroup',
'aws:appmesh/mesh:Mesh',
'aws:appmesh/route:Route',
'aws:appmesh/virtualNode:VirtualNode',
'aws:appmesh/virtualRouter:VirtualRouter',
'aws:appmesh/virtualService:VirtualService',
'aws:appsync/graphQLApi:GraphQLApi',
'aws:athena/workgroup:Workgroup',
'aws:autoscaling/group:Group',
'aws:backup/plan:Plan',
'aws:backup/vault:Vault',
'aws:cfg/aggregateAuthorization:AggregateAuthorization',
'aws:cfg/configurationAggregator:ConfigurationAggregator',
'aws:cfg/rule:Rule',
'aws:cloudformation/stack:Stack',
'aws:cloudformation/stackSet:StackSet',
'aws:cloudfront/distribution:Distribution',
'aws:cloudhsmv2/cluster:Cluster',
'aws:cloudtrail/trail:Trail',
'aws:cloudwatch/eventRule:EventRule',
'aws:cloudwatch/logGroup:LogGroup',
'aws:cloudwatch/metricAlarm:MetricAlarm',
'aws:codebuild/project:Project',
'aws:codecommit/repository:Repository',
'aws:codepipeline/pipeline:Pipeline',
'aws:codepipeline/webhook:Webhook',
'aws:codestarnotifications/notificationRule:NotificationRule',
'aws:cognito/identityPool:IdentityPool',
'aws:cognito/userPool:UserPool',
'aws:datapipeline/pipeline:Pipeline',
'aws:datasync/agent:Agent',
'aws:datasync/efsLocation:EfsLocation',
'aws:datasync/locationSmb:LocationSmb',
'aws:datasync/nfsLocation:NfsLocation',
'aws:datasync/s3Location:S3Location',
'aws:datasync/task:Task',
'aws:dax/cluster:Cluster',
'aws:directconnect/connection:Connection',
'aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter',
'aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter',
'aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor',
'aws:directconnect/linkAggregationGroup:LinkAggregationGroup',
'aws:directconnect/privateVirtualInterface:PrivateVirtualInterface',
'aws:directconnect/publicVirtualInterface:PublicVirtualInterface',
'aws:directconnect/transitVirtualInterface:TransitVirtualInterface',
'aws:directoryservice/directory:Directory',
'aws:dlm/lifecyclePolicy:LifecyclePolicy',
'aws:dms/endpoint:Endpoint',
'aws:dms/replicationInstance:ReplicationInstance',
'aws:dms/replicationSubnetGroup:ReplicationSubnetGroup',
'aws:dms/replicationTask:ReplicationTask',
'aws:docdb/cluster:Cluster',
'aws:docdb/clusterInstance:ClusterInstance',
'aws:docdb/clusterParameterGroup:ClusterParameterGroup',
'aws:docdb/subnetGroup:SubnetGroup',
'aws:dynamodb/table:Table',
'aws:ebs/snapshot:Snapshot',
'aws:ebs/snapshotCopy:SnapshotCopy',
'aws:ebs/volume:Volume',
'aws:ec2/ami:Ami',
'aws:ec2/amiCopy:AmiCopy',
'aws:ec2/amiFromInstance:AmiFromInstance',
'aws:ec2/capacityReservation:CapacityReservation',
'aws:ec2/customerGateway:CustomerGateway',
'aws:ec2/defaultNetworkAcl:DefaultNetworkAcl',
'aws:ec2/defaultRouteTable:DefaultRouteTable',
'aws:ec2/defaultSecurityGroup:DefaultSecurityGroup',
'aws:ec2/defaultSubnet:DefaultSubnet',
'aws:ec2/defaultVpc:DefaultVpc',
'aws:ec2/defaultVpcDhcpOptions:DefaultVpcDhcpOptions',
'aws:ec2/eip:Eip',
'aws:ec2/fleet:Fleet',
'aws:ec2/instance:Instance',
'aws:ec2/internetGateway:InternetGateway',
'aws:ec2/keyPair:KeyPair',
'aws:ec2/launchTemplate:LaunchTemplate',
'aws:ec2/natGateway:NatGateway',
'aws:ec2/networkAcl:NetworkAcl',
'aws:ec2/networkInterface:NetworkInterface',
'aws:ec2/placementGroup:PlacementGroup',
'aws:ec2/routeTable:RouteTable',
'aws:ec2/securityGroup:SecurityGroup',
'aws:ec2/spotInstanceRequest:SpotInstanceRequest',
'aws:ec2/subnet:Subnet',
'aws:ec2/vpc:Vpc',
'aws:ec2/vpcDhcpOptions:VpcDhcpOptions',
'aws:ec2/vpcEndpoint:VpcEndpoint',
'aws:ec2/vpcEndpointService:VpcEndpointService',
'aws:ec2/vpcPeeringConnection:VpcPeeringConnection',
'aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter',
'aws:ec2/vpnConnection:VpnConnection',
'aws:ec2/vpnGateway:VpnGateway',
'aws:ec2clientvpn/endpoint:Endpoint',
'aws:ec2transitgateway/routeTable:RouteTable',
'aws:ec2transitgateway/transitGateway:TransitGateway',
'aws:ec2transitgateway/vpcAttachment:VpcAttachment',
'aws:ec2transitgateway/vpcAttachmentAccepter:VpcAttachmentAccepter',
'aws:ecr/repository:Repository',
'aws:ecs/capacityProvider:CapacityProvider',
'aws:ecs/cluster:Cluster',
'aws:ecs/service:Service',
'aws:ecs/taskDefinition:TaskDefinition',
'aws:efs/fileSystem:FileSystem',
'aws:eks/cluster:Cluster',
'aws:eks/fargateProfile:FargateProfile',
'aws:eks/nodeGroup:NodeGroup',
'aws:elasticache/cluster:Cluster',
'aws:elasticache/replicationGroup:ReplicationGroup',
'aws:elasticbeanstalk/application:Application',
'aws:elasticbeanstalk/applicationVersion:ApplicationVersion',
'aws:elasticbeanstalk/environment:Environment',
'aws:elasticloadbalancing/loadBalancer:LoadBalancer',
'aws:elasticloadbalancingv2/loadBalancer:LoadBalancer',
'aws:elasticloadbalancingv2/targetGroup:TargetGroup',
'aws:elasticsearch/domain:Domain',
'aws:elb/loadBalancer:LoadBalancer',
'aws:emr/cluster:Cluster',
'aws:fsx/lustreFileSystem:LustreFileSystem',
'aws:fsx/windowsFileSystem:WindowsFileSystem',
'aws:gamelift/alias:Alias',
'aws:gamelift/build:Build',
'aws:gamelift/fleet:Fleet',
'aws:gamelift/gameSessionQueue:GameSessionQueue',
'aws:glacier/vault:Vault',
'aws:glue/crawler:Crawler',
'aws:glue/job:Job',
'aws:glue/trigger:Trigger',
'aws:iam/role:Role',
'aws:iam/user:User',
'aws:inspector/resourceGroup:ResourceGroup',
'aws:kinesis/analyticsApplication:AnalyticsApplication',
'aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream',
'aws:kinesis/stream:Stream',
'aws:kms/externalKey:ExternalKey',
'aws:kms/key:Key',
'aws:lambda/function:Function',
'aws:lb/loadBalancer:LoadBalancer',
'aws:lb/targetGroup:TargetGroup',
'aws:licensemanager/licenseConfiguration:LicenseConfiguration',
'aws:lightsail/instance:Instance',
'aws:mediaconvert/queue:Queue',
'aws:mediapackage/channel:Channel',
'aws:mediastore/container:Container',
'aws:mq/broker:Broker',
'aws:mq/configuration:Configuration',
'aws:msk/cluster:Cluster',
'aws:neptune/cluster:Cluster',
'aws:neptune/clusterInstance:ClusterInstance',
'aws:neptune/clusterParameterGroup:ClusterParameterGroup',
'aws:neptune/eventSubscription:EventSubscription',
'aws:neptune/parameterGroup:ParameterGroup',
'aws:neptune/subnetGroup:SubnetGroup',
'aws:opsworks/stack:Stack',
'aws:organizations/account:Account',
'aws:pinpoint/app:App',
'aws:qldb/ledger:Ledger',
'aws:ram/resourceShare:ResourceShare',
'aws:rds/cluster:Cluster',
'aws:rds/clusterEndpoint:ClusterEndpoint',
'aws:rds/clusterInstance:ClusterInstance',
'aws:rds/clusterParameterGroup:ClusterParameterGroup',
'aws:rds/clusterSnapshot:ClusterSnapshot',
'aws:rds/eventSubscription:EventSubscription',
'aws:rds/instance:Instance',
'aws:rds/optionGroup:OptionGroup',
'aws:rds/parameterGroup:ParameterGroup',
'aws:rds/securityGroup:SecurityGroup',
'aws:rds/snapshot:Snapshot',
'aws:rds/subnetGroup:SubnetGroup',
'aws:redshift/cluster:Cluster',
'aws:redshift/eventSubscription:EventSubscription',
'aws:redshift/parameterGroup:ParameterGroup',
'aws:redshift/snapshotCopyGrant:SnapshotCopyGrant',
'aws:redshift/snapshotSchedule:SnapshotSchedule',
'aws:redshift/subnetGroup:SubnetGroup',
'aws:resourcegroups/group:Group',
'aws:route53/healthCheck:HealthCheck',
'aws:route53/resolverEndpoint:ResolverEndpoint',
'aws:route53/resolverRule:ResolverRule',
'aws:route53/zone:Zone',
'aws:s3/bucket:Bucket',
'aws:s3/bucketObject:BucketObject',
'aws:sagemaker/endpoint:Endpoint',
'aws:sagemaker/endpointConfiguration:EndpointConfiguration',
'aws:sagemaker/model:Model',
'aws:sagemaker/notebookInstance:NotebookInstance',
'aws:secretsmanager/secret:Secret',
'aws:servicecatalog/portfolio:Portfolio',
'aws:sfn/activity:Activity',
'aws:sfn/stateMachine:StateMachine',
'aws:sns/topic:Topic',
'aws:sqs/queue:Queue',
'aws:ssm/activation:Activation',
'aws:ssm/document:Document',
'aws:ssm/maintenanceWindow:MaintenanceWindow',
'aws:ssm/parameter:Parameter',
'aws:ssm/patchBaseline:PatchBaseline',
'aws:storagegateway/cachesIscsiVolume:CachesIscsiVolume',
'aws:storagegateway/gateway:Gateway',
'aws:storagegateway/nfsFileShare:NfsFileShare',
'aws:storagegateway/smbFileShare:SmbFileShare',
'aws:swf/domain:Domain',
'aws:transfer/server:Server',
'aws:transfer/user:User',
'aws:waf/rateBasedRule:RateBasedRule',
'aws:waf/rule:Rule',
'aws:waf/ruleGroup:RuleGroup',
'aws:waf/webAcl:WebAcl',
'aws:wafregional/rateBasedRule:RateBasedRule',
'aws:wafregional/rule:Rule',
'aws:wafregional/ruleGroup:RuleGroup',
'aws:wafregional/webAcl:WebAcl',
'aws:workspaces/directory:Directory',
'aws:workspaces/ipGroup:IpGroup',
]

31
infra/ecs_alb/conf.py Normal file
View File

@@ -0,0 +1,31 @@
import pulumi
import pulumi_aws as aws
from autotag.autotag import register_auto_tags
config = pulumi.Config()
pulumi_project = pulumi.get_project()
project_name = config.require("project_name")
stack_name = pulumi.get_stack()
aws_region = aws.get_region().id
current = aws.get_caller_identity()
current = aws.get_caller_identity_output()
account_id1 = current.account_id
account_id = config.require("account_id")
network = config.get_object("network")
ecs = config.get_object("ecs")
ecr = config.get_object("ecr")
environment = config.require("environment")
register_auto_tags(config.get_object('tags'))
def get(x):
return config.get(x)
def get_bool(x):
return config.get_bool(x)

100
infra/ecs_alb/ecr.py Normal file
View File

@@ -0,0 +1,100 @@
import pulumi
import pulumi_aws as aws
import conf as config
import json
def create_ecr_repo():
ecr_repositories = []
for repo in config.ecr["repos"]:
if repo["create_ecr_repo"]:
ecr_repository = aws.ecr.Repository(
repo,
name=f"{repo}",
force_delete=True)
token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
langserve_ecr_life_cycle_policy = aws.ecr.LifecyclePolicy(f"{repo}-ecr-life-cycle-policy",
repository=ecr_repository.name,
policy=json.dumps({
"rules": [{
"rulePriority": 1,
"description": "Expire images when they are more than 10 available",
"selection": {
"tagStatus": "any",
"countType": "imageCountMoreThan",
"countNumber": 10,
},
"action": {
"type": "expire",
},
}],
}))
policy_ecr = aws.iam.get_policy_document(statements=[{
"sid": "new policy",
"effect": "Allow",
"principals": [{
"type": "AWS",
"identifiers": [config.account_id],
}],
"actions": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:DeleteRepository",
"ecr:BatchDeleteImage",
"ecr:SetRepositoryPolicy",
"ecr:DeleteRepositoryPolicy",
],
}])
attach_policy = aws.ecr.RepositoryPolicy(f"{repo}-policy_ecr",
repository=ecr_repository.name,
policy=policy_ecr.json)
else:
ecr_repository = aws.ecr.get_repository_output(name=repo['name'])
token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
repo['ecr_repo_resource'] = ecr_repository
repo['ecr_token'] = token
ecr_repositories.append(repo)
return ecr_repositories
def get_image(ecr_repo_name, image_tag=None, image_digest=None):
assert (image_tag is not None) != (image_digest is not None), 'User either tag or image_digest, not both, to identify ECR image version.'
if image_tag:
return aws.ecr.get_image(repository_name=ecr_repo_name, image_tag=image_tag)
elif image_digest:
return aws.ecr.get_image(repository_name=ecr_repo_name, image_digest=image_digest)
def build_and_push(ecr_repositories):
ecr_repo_images = {}
for repo in ecr_repositories:
ecr_repo = repo['ecr_repo_resource']
container_context = config.get("container-context")
if container_context is None:
container_context = "."
container_file = config.get("container-file")
if container_file is None:
container_file = "./Dockerfile"
assert ('tag' in repo.keys()) != ('image_digest' in repo.keys()), 'User must provide either tag or image_digest, but not both, to identify image version'
if 'tag' in repo.keys():
ecr_image=aws.ecr.get_image(repository_name=ecr_repo.name, image_tag=repo['tag'])
elif 'image_digest' in repo.keys():
ecr_image=aws.ecr.get_image(repository_name=ecr_repo.name, image_digest=repo['image_digest'])
repo['ecr_image'] = ecr_image
ecr_repo_images[repo['name']] = repo
#ecr_repo_images.append(repo)
return ecr_repo_images

238
infra/ecs_alb/ecs.py Normal file
View File

@@ -0,0 +1,238 @@
import pulumi
import pulumi_aws as aws
import conf as config
import iam
import ecr
import json
def deploy_app(config_ecs_app, app_ecs_cluster, alb_security_group, app_load_balancer_arn):
lb_config = config_ecs_app["lb_config"]
target_group = aws.lb.TargetGroup(f"app-target-group-{lb_config['listener_port']}",
port=lb_config["target_port"],
protocol="HTTP",
vpc_id=config.network["vpc_id"],
target_type="ip",
health_check=aws.lb.TargetGroupHealthCheckArgs(
path="/", # TODO if it doesn't work, can use /docs for fastapi
protocol="HTTP",
port="traffic-port",
healthy_threshold=2,
unhealthy_threshold=2,
timeout=5,
interval=30,
matcher="200-499",
),
)
aws.lb.Listener(f"app-listener-{lb_config['listener_port']}",
load_balancer_arn=app_load_balancer_arn,
port=lb_config["listener_port"],
protocol="HTTP",
default_actions=[aws.lb.ListenerDefaultActionArgs(
type="forward",
target_group_arn=target_group.arn,
)],
)
# target_groups.append(target_group)
# Build and Push ECR
# ecr_repos = ecr.create_ecr_repo(config_ecs_app['ecr_repo_name'])
# assert ('ecr_image_tag' in config_ecs_app.keys()) != ('ecr_image_digest' in config_ecs_app.keys()), 'User must provide either tag or image_digest, but not both, to identify image version'
if 'ecr_image_tag' in config_ecs_app.keys():
ecr_repo_image = ecr.get_image(config_ecs_app['ecr_repo_name'], image_tag=config_ecs_app['ecr_image_tag'])
elif 'ecr_image_digest' in config_ecs_app.keys():
ecr_repo_image = ecr.get_image(config_ecs_app['ecr_repo_name'], image_digest=config_ecs_app['ecr_image_digest'])
# Log Group Setup #TODO move into ecs
app_log_group = aws.cloudwatch.LogGroup(f"{config.project_name}-{config_ecs_app['task_name']}-log-group", retention_in_days=7)
# if key
# ssm_parameter, key = kms.setup_kms()
# iam.create_execution_role_with_keys(ssm_parameter, key)
# IAM Roles Setup
app_execution_role = iam.create_execution_role()
app_task_role = iam.create_task_role()
# summarization_repo_image = config_ecs_app['ecr_image']
if config_ecs_app['use_load_balancer']:
environemnt_variables = [dict(name=k, value=v) for k,v in config_ecs_app['env_variables'].items()]
print(environemnt_variables)
# ECS Task Definition Setup
app_task_definition = aws.ecs.TaskDefinition(f"{config.project_name}-{config_ecs_app['task_name']}-task-definition",
family=f"{config.project_name}-{config_ecs_app['task_name']}-{config.environment}",
cpu=config_ecs_app["cpu"],
memory=config_ecs_app["memory"],
network_mode="awsvpc",
execution_role_arn=app_execution_role.arn,
task_role_arn=app_task_role.arn,
requires_compatibilities=["FARGATE"],
container_definitions=pulumi.Output.all(ecr_repo_image.image_uri,
# ecr_repo_image.image_digest,
app_log_group.name,
environemnt_variables,
# config_ecs_app["secret_name"],
).apply(lambda args: json.dumps([{
"name": f"{config.project_name}-{config_ecs_app['task_name']}-{config.environment}-service",
"image": args[0],
"cpu": 0,
"portMappings": [
{
"name": "api",
"containerPort": lb_config["container_port"],
"hostPort": lb_config["target_port"],
"protocol": "tcp",
}
# } for lb_config_item in lb_configs
],
"essential": True,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": args[1],
"awslogs-region": config.aws_region,
"awslogs-stream-prefix": "pulumi-langserve",
},
},
"environment": args[2],
}])),
)
# ECS Security Group Setup
app_ecs_security_group = aws.ec2.SecurityGroup(f"{config.project_name}-{config_ecs_app['task_name']}-ecs-security-group",
vpc_id=config.network["vpc_id"],
ingress=[aws.ec2.SecurityGroupIngressArgs(
protocol="-1",
from_port=0,
to_port=0,
security_groups=[alb_security_group.id],
)],
egress=[aws.ec2.SecurityGroupEgressArgs(
protocol="-1",
from_port=0,
to_port=0,
cidr_blocks=["0.0.0.0/0"],
)],
)
# Security Group Rules for Ingress
for sg_name, sg_id in config_ecs_app["sgs_allowing_ingress"].items():
aws.ec2.SecurityGroupRule(f"sgr-{sg_name}-allow_in_from-{config.project_name}",
type="ingress",
from_port=0,
to_port=0,
protocol="-1",
security_group_id=sg_id,
source_security_group_id=app_ecs_security_group.id,
description=f"Allow from {config.project_name} ECS SG",
)
# Service Discovery Namespace Setup
app_service_discovery_namespace = aws.servicediscovery.PrivateDnsNamespace(f"{config.project_name}-{config_ecs_app['task_name']}-service-discovery-namespace",
name=f"{config.environment}.{config.project_name}.local",
vpc=config.network["vpc_id"],
)
# ECS Service Setup
load_balancer = aws.ecs.ServiceLoadBalancerArgs(
target_group_arn=target_group.arn,
container_name=f"{config.project_name}-{config_ecs_app['task_name']}-{config.environment}-service",
container_port=lb_config["target_port"],
)
app_service = aws.ecs.Service(f"{config.project_name}-{config_ecs_app['task_name']}-service",
cluster=app_ecs_cluster.arn,
task_definition=app_task_definition.arn,
desired_count=config_ecs_app["desired_count"],
launch_type="FARGATE",
network_configuration=aws.ecs.ServiceNetworkConfigurationArgs(
assign_public_ip=True,
security_groups=[app_ecs_security_group.id],
subnets=config.network["ecs_subnet_ids"],
),
load_balancers=[load_balancer],
scheduling_strategy="REPLICA",
service_connect_configuration=aws.ecs.ServiceServiceConnectConfigurationArgs(
enabled=True,
namespace=app_service_discovery_namespace.arn,
),
tags={"Name": f"{config.project_name}-{config_ecs_app['task_name']}-{config.environment}"},
)
#defining an auto-scaling for summarization
scalable_target = aws.appautoscaling.Target("app-svc-target",
max_capacity=config_ecs_app['auto_scaling']['max_capacity'],
min_capacity=config_ecs_app['auto_scaling']['min_capacity'],
resource_id=pulumi.Output.all(app_ecs_cluster.name, app_service.name).apply(lambda args: f"service/{args[0]}/{args[1]}"),
scalable_dimension="ecs:service:DesiredCount",
service_namespace="ecs",
)
# Define an auto-scaling policy on CPU utilization
scaling_policy = aws.appautoscaling.Policy("app-svc-policy",
policy_type="TargetTrackingScaling",
resource_id=scalable_target.resource_id,
scalable_dimension="ecs:service:DesiredCount",
service_namespace="ecs",
target_tracking_scaling_policy_configuration={
"target_value": config_ecs_app['auto_scaling']['target_value'], # Target CPU utilization (30%)
"predefined_metric_specification": {
"predefined_metric_type": "ECSServiceAverageCPUUtilization"
},
},
)
else:
# classification_repo_image = ecr_repo_images['ai-med-exam-classification']['ecr_image']
# ECS without Load Balancer
new_ecs_task_definition = aws.ecs.TaskDefinition("classification-theia-poc-task-definition",
family="classification-theia-poc",
cpu=config_ecs_app["cpu"],
memory=config_ecs_app["memory"],
network_mode="awsvpc",
execution_role_arn=app_execution_role.arn,
task_role_arn=app_task_role.arn,
requires_compatibilities=["FARGATE"],
container_definitions=pulumi.Output.all(ecr_repo_image.image_uri,
# classification_repo_image.image_digest,
app_log_group.name).apply(lambda args: json.dumps([{
"name": "classification-theia-poc-service",
"image": args[0],
"cpu": 0,
"portMappings": [
{
"name": "api",
"containerPort": 80, # Define the container port without Load Balancer
"hostPort": 80,
"protocol": "tcp",
}
],
"essential": True,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": args[1],
"awslogs-region": config.aws_region,
"awslogs-stream-prefix": "pulumi-classification-theia-poc",
},
},
}])),
)
# ecs without load balancer
new_ecs_service = aws.ecs.Service("classification-theia-poc-service",
cluster=app_ecs_cluster.arn,
task_definition=new_ecs_task_definition.arn,
desired_count=config_ecs_app["desired_count"],
launch_type="FARGATE",
network_configuration=aws.ecs.ServiceNetworkConfigurationArgs(
assign_public_ip=True,
security_groups=[app_ecs_security_group.id],
subnets=config.network["ecs_subnet_ids"],
),
scheduling_strategy="REPLICA",
service_connect_configuration=aws.ecs.ServiceServiceConnectConfigurationArgs(
enabled=True,
namespace=app_service_discovery_namespace.arn,
),
tags={"Name": "classification-theia-poc"},
)

281
infra/ecs_alb/iam.py Normal file
View File

@@ -0,0 +1,281 @@
import pulumi
import pulumi_aws as aws
import conf as config
import json
def create_execution_role():
execution_role = aws.iam.Role(f"{config.project_name}-execution-role",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com",
},
},
],
}),
inline_policies=[aws.iam.RoleInlinePolicyArgs(
name=f"{config.project_name}-{config.stack_name}-service-secrets-policy",
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings"
],
"Resource": "*"
}
],
}),
)],
managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"])
return execution_role
def create_execution_role_with_keys(ssm_parameter, key):
execution_role = aws.iam.Role(f"{config.project_name}-execution-role",
assume_role_policy=json.dumps({
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com",
},
}],
"Version": "2012-10-17",
}),
inline_policies=[aws.iam.RoleInlinePolicyArgs(
name=f"{config.project_name}-{config.stack_name}-service-secrets-policy",
policy=pulumi.Output.all(ssm_parameter.arn, key.arn).apply(lambda args: json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Action": ["ssm:GetParameters"],
"Condition": {
"StringEquals": {
"ssm:ResourceTag/pulumi-application": config.project_name,
"ssm:ResourceTag/pulumi-environment": config.stack_name,
},
},
"Effect": "Allow",
"Resource": [args[0]],
},
{
"Action": ["kms:Decrypt"],
"Condition": {
"StringEquals": {
"aws:ResourceTag/pulumi-application": config.project_name,
"aws:ResourceTag/pulumi-environment": config.stack_name,
},
},
"Effect": "Allow",
"Resource": [args[1]],
"Sid": "DecryptTaggedKMSKey",
},
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings"
],
"Resource": "*"
}
],
})),
)],
managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"])
return execution_role
def create_task_role():
task_role = aws.iam.Role(f"{config.project_name}-task-role",
assume_role_policy=json.dumps({
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com",
},
}],
"Version": "2012-10-17",
}),
inline_policies=[
aws.iam.RoleInlinePolicyArgs(
name="ExecuteCommand",
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenDataChannel",
],
"Effect": "Allow",
"Resource": "*",
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": "*",
},{
"Effect": "Allow",
"Action": [
"athena:StartQueryExecution",
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:StopQueryExecution",
],
"Resource": f"arn:aws:athena:us-east-1:305427701314:workgroup/iceberg-workgroup",
},
{
"Effect": "Allow",
"Action": [
"glue:GetDatabase",
"glue:GetTable",
"glue:GetPartitions",
],
"Resource": [
f"arn:aws:glue:us-east-1:305427701314:catalog",
f"arn:aws:glue:us-east-1:305427701314:database/dnx_warehouse",
f"arn:aws:glue:us-east-1:305427701314:table/dnx_warehouse/*",
],
}, {
"Effect" : "Allow",
"Action" : [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource" : ["arn:aws:secretsmanager:us-east-1:305427701314:secret:assistente-db-secrets-manager-mpYPMi"
]},
{
"Effect": "Allow",
"Action": [
"dynamodb:Scan",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:DescribeTable"
],
"Resource": "arn:aws:dynamodb:us-east-1:305427701314:table/poc_dnx_monthly_summary"
},
],
}),
),
aws.iam.RoleInlinePolicyArgs(
name="DenyIAM",
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": "iam:*",
"Effect": "Deny",
"Resource": "*",
}],
}),
),
aws.iam.RoleInlinePolicyArgs(
name="BedrockS3SQSAccess",
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [
# S3
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
},
# SQS
{
"Effect": "Allow",
"Action": [
"sqs:StartMessageMoveTask",
"sqs:DeleteMessage",
"sqs:GetQueueUrl",
"sqs:ListDeadLetterSourceQueues",
"sqs:ListMessageMoveTasks",
"sqs:PurgeQueue",
"sqs:ReceiveMessage",
"sqs:GetQueueAttributes",
"sqs:ListQueueTags"
],
"Resource": "arn:aws:sqs:us-east-1:673991670544:ai-med-dev-queue-63cb463"
},
{
"Effect": "Allow",
"Action": "sqs:ListQueues",
"Resource": "*"
},
# Bedrock
{
"Effect": "Allow",
"Action": [
"bedrock:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"kms:DescribeKey"
],
"Resource": "arn:*:kms:*:*:key/*"
},
{
"Effect": "Allow",
"Action": [
"iam:ListRoles",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*AmazonBedrock*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "bedrock.amazonaws.com"
}
}
}
]
})
),
])
return task_role

74
infra/ecs_alb/kms.py Normal file
View File

@@ -0,0 +1,74 @@
import pulumi
import pulumi_aws as aws
import pulumi_docker as docker
import conf as config
import json
def setup_kms():
# KMS Key Setup
app_key = aws.kms.Key(f"{config.project_name}-key",
description="Key for encrypting secrets",
enable_key_rotation=True,
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Sid": "",
"Principal": {
"AWS": f"arn:aws:iam::{config.account_id}:root",
},
"Action": [
"kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*",
"kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion", "kms:Tag*", "kms:UntagResource",
],
"Resource": "*",
},
{
"Effect": "Allow",
"Principal": {
"AWS": f"arn:aws:iam::{config.account_id}:root",
},
"Action": [
"kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey",
],
"Resource": "*",
},
{
"Sid": 'Allow access to EFS for all principals in the account that are authorized to use EFS',
"Effect": 'Allow',
"Principal": {"AWS": "*"},
"Action": [
"kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*",
"kms:CreateGrant", "kms:DescribeKey",
],
"Resource": "*",
"Condition": {
"StringEquals": {
"kms:ViaService": f"elasticfilesystem.{config.aws_region}.amazonaws.com",
"kms:CallerAccount": config.account_id,
},
},
},
],
}),
tags={
"pulumi-application": config.project_name,
"pulumi-environment": config.stack_name,
},
)
# SSM Parameter Setup
app_ssm_parameter = aws.ssm.Parameter(f"{config.project_name}-ssm-parameter",
type="SecureString",
value=config.config.require_secret("bedrock_api_key"),
key_id=app_key.key_id,
name=f"/{config.project_name}/{config.stack_name}/BEDROCK_API_KEY",
tags={
"pulumi-application": config.project_name,
"pulumi-environment": config.stack_name,
},
)
return app_ssm_parameter, app_key

5
infra/ecs_alb/requirements.txt Normal file
View File

@@ -0,0 +1,5 @@
pulumi
pulumi-aws
pulumi-docker
boto3
setuptools

40
infra/langfuse/Pulumi.inovyo.yaml Normal file
View File

@@ -0,0 +1,40 @@
config:
aws:region: us-east-1
langfuse:account_id: "232048051668"
langfuse:project_name: assistente-db-langfuse
langfuse:environment: dev
langfuse:tags:
project: assistente-db
env: dev
costCenter: AI
owner: ai-team
langfuse:network:
vpc_id: vpc-17ceb96c
subnet_ids:
- subnet-0de9f056635629827 # public-us-east-1a-subnet
- subnet-09cda74f27c543521 # public-us-east-1b-subnet
langfuse:ec2:
key_name:
allowed_ports:
- 22
- 3000
- 443
- 80
ebs_volume:
size: 100 # em GB
device_name: /dev/sdf # nome do device
volume_type: gp2 # tipo de volume
instance_type: t3.xlarge # langfuse requires at least t3.xlarge
instance_name: LangfuseEC2
sg_name: langfuse-sg
langfuse:langfuse_config:
repo_url: "https://github.com/langfuse/langfuse.git"
web_port: 3000
worker_port: 3030
database_url: "postgresql://langfuse:langfuse@postgres:5432/langfuse"
clickhouse_url: "http://clickhouse:8123"
telemetry_enabled: false

3
infra/langfuse/Pulumi.yaml Normal file
View File

@@ -0,0 +1,3 @@
name: langfuse-dev
runtime: python
description: Infraestrutura da aplicação Langfuse em EC2 usando Docker

93
infra/langfuse/README.md Normal file
View File

@@ -0,0 +1,93 @@
# langfuse
## Getting started
To make it easy for you to get started with GitLab, here's a list of recommended next steps.
Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
## Add your files
- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
```
cd existing_repo
git remote add origin https://gitlab.shared.cloud.dnxbrasil.com.br/dnx-br/sandbox/genai/langfuse.git
git branch -M main
git push -uf origin main
```
## Integrate with your tools
- [ ] [Set up project integrations](https://gitlab.shared.cloud.dnxbrasil.com.br/dnx-br/sandbox/genai/langfuse/-/settings/integrations)
## Collaborate with your team
- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
- [ ] [Set auto-merge](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
## Test and Deploy
Use the built-in continuous integration in GitLab.
- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
***
# Editing this README
When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thanks to [makeareadme.com](https://www.makeareadme.com/) for this template.
## Suggestions for a good README
Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
## Name
Choose a self-explaining name for your project.
## Description
Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
## Badges
On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
## Visuals
Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
## Installation
Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
## Usage
Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
## Support
Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
## Roadmap
If you have ideas for releases in the future, it is a good idea to list them in the README.
## Contributing
State if you are open to contributions and what your requirements are for accepting them.
For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
## Authors and acknowledgment
Show your appreciation to those who have contributed to the project.
## License
For open source projects, say how it is licensed.
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.

105
infra/langfuse/__main__.py Normal file
View File

@@ -0,0 +1,105 @@
import pulumi
import pulumi_aws as aws
import conf as config
# 🔐 Security Group
ingress_rules = [{"protocol": "tcp", "from_port": port, "to_port": port, "cidr_blocks": ["3.14.44.224/32"]}
for port in config.ec2_config["allowed_ports"]]
sg = aws.ec2.SecurityGroup(config.ec2_config["sg_name"],
vpc_id=config.network["vpc_id"],
description="Allow defined ports",
ingress=ingress_rules,
egress=[{"protocol": "-1", "from_port": 0, "to_port": 0, "cidr_blocks": ["0.0.0.0/0"]}],
)
# 🐳 Script user_data com Docker, Langfuse e montagem do volume EBS
user_data = f"""#!/bin/bash
set -e
sudo apt-get update -y
sudo apt-get install -y ca-certificates curl gnupg git
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update -y
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo groupadd docker || true
sudo usermod -aG docker ubuntu
sudo chmod 666 /var/run/docker.sock
sudo systemctl enable docker
sudo systemctl restart docker
cd /opt
git clone {config.langfuse_config["repo_url"]}
cd langfuse
NEXTAUTH_SECRET=$(openssl rand -hex 32)
PUBLIC_IP=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
SALT=$(openssl rand -hex 16)
ENCRYPTION_KEY=$(openssl rand -hex 32)
cat > .env <<EOF
NEXTAUTH_SECRET=$NEXTAUTH_SECRET
NEXTAUTH_URL=http://$PUBLIC_IP:{config.langfuse_config["web_port"]}
DATABASE_URL=postgresql://postgres:postgres@postgres:5432/postgres
CLICKHOUSE_URL=http://clickhouse:8123
CLICKHOUSE_USER=clickhouse
CLICKHOUSE_PASSWORD=clickhouse
TELEMETRY_ENABLED=false
SALT=$SALT
ENCRYPTION_KEY=$ENCRYPTION_KEY
REDIS_AUTH=myredissecret
LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID=minio
LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY=miniosecret
LANGFUSE_S3_MEDIA_UPLOAD_ACCESS_KEY_ID=minio
LANGFUSE_S3_MEDIA_UPLOAD_SECRET_ACCESS_KEY=miniosecret
LANGFUSE_S3_BATCH_EXPORT_ACCESS_KEY_ID=minio
LANGFUSE_S3_BATCH_EXPORT_SECRET_ACCESS_KEY=miniosecret
MINIO_ROOT_USER=minio
MINIO_ROOT_PASSWORD=miniosecret
EOF
sudo docker compose -f docker-compose.yml up -d
# 📦 Montar volume EBS
DEVICE="{config.ec2_config['ebs_volume']['device_name']}"
MOUNT_DIR="/mnt/langfuse-data"
if [ -b "$DEVICE" ]; then
sudo mkfs -t ext4 $DEVICE
sudo mkdir -p $MOUNT_DIR
sudo mount $DEVICE $MOUNT_DIR
echo "$DEVICE $MOUNT_DIR ext4 defaults,nofail 0 2" | sudo tee -a /etc/fstab
else
echo "Volume $DEVICE não encontrado."
fi
"""
# 🖥️ Criar EC2
instance = aws.ec2.Instance("assistente-produtos-servicos-langfuse-ec2",
instance_type=config.ec2_config["instance_type"],
ami=aws.ec2.get_ami(
most_recent=True,
owners=["099720109477"],
filters=[{"name": "name", "values": ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]}]
).id,
subnet_id=config.network["subnet_ids"][0],
vpc_security_group_ids=[sg.id],
#key_name=config.ec2_config["key_name"],
user_data=user_data,
associate_public_ip_address=True,
tags={"Name": config.ec2_config["instance_name"]},
root_block_device=aws.ec2.InstanceRootBlockDeviceArgs(
volume_size=config.ec2_config["ebs_volume"]["size"],
volume_type=config.ec2_config["ebs_volume"]["volume_type"],
delete_on_termination=True,
)
)
pulumi.export("instance_ip", instance.public_ip)
pulumi.export("url", pulumi.Output.concat("http://", instance.public_ip, f":{config.langfuse_config['web_port']}"))

13
infra/langfuse/autotag/autotag.py Normal file
View File

@@ -0,0 +1,13 @@
import pulumi
from autotag.taggable import is_taggable
# registerAutoTags registers a global stack transformation that merges a set
# of tags with whatever was also explicitly added to the resource definition.
def register_auto_tags(auto_tags):
pulumi.runtime.register_stack_transformation(lambda args: auto_tag(args, auto_tags))
# auto_tag applies the given tags to the resource properties if applicable.
def auto_tag(args, auto_tags):
if is_taggable(args.type_):
args.props['tags'] = {**(args.props['tags'] or {}), **auto_tags}
return pulumi.ResourceTransformationResult(args.props, args.opts)

12
infra/langfuse/autotag/policy-config.json Normal file
View File

@@ -0,0 +1,12 @@
{
"all": "mandatory",
"check-required-tags": {
"requiredTags": [
"user:project",
"user:env",
"user:account",
"user:costCenter",
"user:owner"
]
}
}

234
infra/langfuse/autotag/taggable.py Normal file
View File

@@ -0,0 +1,234 @@
# isTaggable returns true if the given resource type is an AWS resource that supports tags.
def is_taggable(t):
return t in taggable_resource_types
# taggable_resource_types is a list of known AWS type tokens that are taggable.
taggable_resource_types = [
'aws:accessanalyzer/analyzer:Analyzer',
'aws:acm/certificate:Certificate',
'aws:acmpca/certificateAuthority:CertificateAuthority',
'aws:alb/loadBalancer:LoadBalancer',
'aws:alb/targetGroup:TargetGroup',
'aws:apigateway/apiKey:ApiKey',
'aws:apigateway/clientCertificate:ClientCertificate',
'aws:apigateway/domainName:DomainName',
'aws:apigateway/restApi:RestApi',
'aws:apigateway/stage:Stage',
'aws:apigateway/usagePlan:UsagePlan',
'aws:apigateway/vpcLink:VpcLink',
'aws:applicationloadbalancing/loadBalancer:LoadBalancer',
'aws:applicationloadbalancing/targetGroup:TargetGroup',
'aws:appmesh/mesh:Mesh',
'aws:appmesh/route:Route',
'aws:appmesh/virtualNode:VirtualNode',
'aws:appmesh/virtualRouter:VirtualRouter',
'aws:appmesh/virtualService:VirtualService',
'aws:appsync/graphQLApi:GraphQLApi',
'aws:athena/workgroup:Workgroup',
'aws:autoscaling/group:Group',
'aws:backup/plan:Plan',
'aws:backup/vault:Vault',
'aws:cfg/aggregateAuthorization:AggregateAuthorization',
'aws:cfg/configurationAggregator:ConfigurationAggregator',
'aws:cfg/rule:Rule',
'aws:cloudformation/stack:Stack',
'aws:cloudformation/stackSet:StackSet',
'aws:cloudfront/distribution:Distribution',
'aws:cloudhsmv2/cluster:Cluster',
'aws:cloudtrail/trail:Trail',
'aws:cloudwatch/eventRule:EventRule',
'aws:cloudwatch/logGroup:LogGroup',
'aws:cloudwatch/metricAlarm:MetricAlarm',
'aws:codebuild/project:Project',
'aws:codecommit/repository:Repository',
'aws:codepipeline/pipeline:Pipeline',
'aws:codepipeline/webhook:Webhook',
'aws:codestarnotifications/notificationRule:NotificationRule',
'aws:cognito/identityPool:IdentityPool',
'aws:cognito/userPool:UserPool',
'aws:datapipeline/pipeline:Pipeline',
'aws:datasync/agent:Agent',
'aws:datasync/efsLocation:EfsLocation',
'aws:datasync/locationSmb:LocationSmb',
'aws:datasync/nfsLocation:NfsLocation',
'aws:datasync/s3Location:S3Location',
'aws:datasync/task:Task',
'aws:dax/cluster:Cluster',
'aws:directconnect/connection:Connection',
'aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter',
'aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter',
'aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor',
'aws:directconnect/linkAggregationGroup:LinkAggregationGroup',
'aws:directconnect/privateVirtualInterface:PrivateVirtualInterface',
'aws:directconnect/publicVirtualInterface:PublicVirtualInterface',
'aws:directconnect/transitVirtualInterface:TransitVirtualInterface',
'aws:directoryservice/directory:Directory',
'aws:dlm/lifecyclePolicy:LifecyclePolicy',
'aws:dms/endpoint:Endpoint',
'aws:dms/replicationInstance:ReplicationInstance',
'aws:dms/replicationSubnetGroup:ReplicationSubnetGroup',
'aws:dms/replicationTask:ReplicationTask',
'aws:docdb/cluster:Cluster',
'aws:docdb/clusterInstance:ClusterInstance',
'aws:docdb/clusterParameterGroup:ClusterParameterGroup',
'aws:docdb/subnetGroup:SubnetGroup',
'aws:dynamodb/table:Table',
'aws:ebs/snapshot:Snapshot',
'aws:ebs/snapshotCopy:SnapshotCopy',
'aws:ebs/volume:Volume',
'aws:ec2/ami:Ami',
'aws:ec2/amiCopy:AmiCopy',
'aws:ec2/amiFromInstance:AmiFromInstance',
'aws:ec2/capacityReservation:CapacityReservation',
'aws:ec2/customerGateway:CustomerGateway',
'aws:ec2/defaultNetworkAcl:DefaultNetworkAcl',
'aws:ec2/defaultRouteTable:DefaultRouteTable',
'aws:ec2/defaultSecurityGroup:DefaultSecurityGroup',
'aws:ec2/defaultSubnet:DefaultSubnet',
'aws:ec2/defaultVpc:DefaultVpc',
'aws:ec2/defaultVpcDhcpOptions:DefaultVpcDhcpOptions',
'aws:ec2/eip:Eip',
'aws:ec2/fleet:Fleet',
'aws:ec2/instance:Instance',
'aws:ec2/internetGateway:InternetGateway',
'aws:ec2/keyPair:KeyPair',
'aws:ec2/launchTemplate:LaunchTemplate',
'aws:ec2/natGateway:NatGateway',
'aws:ec2/networkAcl:NetworkAcl',
'aws:ec2/networkInterface:NetworkInterface',
'aws:ec2/placementGroup:PlacementGroup',
'aws:ec2/routeTable:RouteTable',
'aws:ec2/securityGroup:SecurityGroup',
'aws:ec2/spotInstanceRequest:SpotInstanceRequest',
'aws:ec2/subnet:Subnet',
'aws:ec2/vpc:Vpc',
'aws:ec2/vpcDhcpOptions:VpcDhcpOptions',
'aws:ec2/vpcEndpoint:VpcEndpoint',
'aws:ec2/vpcEndpointService:VpcEndpointService',
'aws:ec2/vpcPeeringConnection:VpcPeeringConnection',
'aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter',
'aws:ec2/vpnConnection:VpnConnection',
'aws:ec2/vpnGateway:VpnGateway',
'aws:ec2clientvpn/endpoint:Endpoint',
'aws:ec2transitgateway/routeTable:RouteTable',
'aws:ec2transitgateway/transitGateway:TransitGateway',
'aws:ec2transitgateway/vpcAttachment:VpcAttachment',
'aws:ec2transitgateway/vpcAttachmentAccepter:VpcAttachmentAccepter',
'aws:ecr/repository:Repository',
'aws:ecs/capacityProvider:CapacityProvider',
'aws:ecs/cluster:Cluster',
'aws:ecs/service:Service',
'aws:ecs/taskDefinition:TaskDefinition',
'aws:efs/fileSystem:FileSystem',
'aws:eks/cluster:Cluster',
'aws:eks/fargateProfile:FargateProfile',
'aws:eks/nodeGroup:NodeGroup',
'aws:elasticache/cluster:Cluster',
'aws:elasticache/replicationGroup:ReplicationGroup',
'aws:elasticbeanstalk/application:Application',
'aws:elasticbeanstalk/applicationVersion:ApplicationVersion',
'aws:elasticbeanstalk/environment:Environment',
'aws:elasticloadbalancing/loadBalancer:LoadBalancer',
'aws:elasticloadbalancingv2/loadBalancer:LoadBalancer',
'aws:elasticloadbalancingv2/targetGroup:TargetGroup',
'aws:elasticsearch/domain:Domain',
'aws:elb/loadBalancer:LoadBalancer',
'aws:emr/cluster:Cluster',
'aws:fsx/lustreFileSystem:LustreFileSystem',
'aws:fsx/windowsFileSystem:WindowsFileSystem',
'aws:gamelift/alias:Alias',
'aws:gamelift/build:Build',
'aws:gamelift/fleet:Fleet',
'aws:gamelift/gameSessionQueue:GameSessionQueue',
'aws:glacier/vault:Vault',
'aws:glue/crawler:Crawler',
'aws:glue/job:Job',
'aws:glue/trigger:Trigger',
'aws:iam/role:Role',
'aws:iam/user:User',
'aws:inspector/resourceGroup:ResourceGroup',
'aws:kinesis/analyticsApplication:AnalyticsApplication',
'aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream',
'aws:kinesis/stream:Stream',
'aws:kms/externalKey:ExternalKey',
'aws:kms/key:Key',
'aws:lambda/function:Function',
'aws:lb/loadBalancer:LoadBalancer',
'aws:lb/targetGroup:TargetGroup',
'aws:licensemanager/licenseConfiguration:LicenseConfiguration',
'aws:lightsail/instance:Instance',
'aws:mediaconvert/queue:Queue',
'aws:mediapackage/channel:Channel',
'aws:mediastore/container:Container',
'aws:mq/broker:Broker',
'aws:mq/configuration:Configuration',
'aws:msk/cluster:Cluster',
'aws:neptune/cluster:Cluster',
'aws:neptune/clusterInstance:ClusterInstance',
'aws:neptune/clusterParameterGroup:ClusterParameterGroup',
'aws:neptune/eventSubscription:EventSubscription',
'aws:neptune/parameterGroup:ParameterGroup',
'aws:neptune/subnetGroup:SubnetGroup',
'aws:opsworks/stack:Stack',
'aws:organizations/account:Account',
'aws:pinpoint/app:App',
'aws:qldb/ledger:Ledger',
'aws:ram/resourceShare:ResourceShare',
'aws:rds/cluster:Cluster',
'aws:rds/clusterEndpoint:ClusterEndpoint',
'aws:rds/clusterInstance:ClusterInstance',
'aws:rds/clusterParameterGroup:ClusterParameterGroup',
'aws:rds/clusterSnapshot:ClusterSnapshot',
'aws:rds/eventSubscription:EventSubscription',
'aws:rds/instance:Instance',
'aws:rds/optionGroup:OptionGroup',
'aws:rds/parameterGroup:ParameterGroup',
'aws:rds/securityGroup:SecurityGroup',
'aws:rds/snapshot:Snapshot',
'aws:rds/subnetGroup:SubnetGroup',
'aws:redshift/cluster:Cluster',
'aws:redshift/eventSubscription:EventSubscription',
'aws:redshift/parameterGroup:ParameterGroup',
'aws:redshift/snapshotCopyGrant:SnapshotCopyGrant',
'aws:redshift/snapshotSchedule:SnapshotSchedule',
'aws:redshift/subnetGroup:SubnetGroup',
'aws:resourcegroups/group:Group',
'aws:route53/healthCheck:HealthCheck',
'aws:route53/resolverEndpoint:ResolverEndpoint',
'aws:route53/resolverRule:ResolverRule',
'aws:route53/zone:Zone',
'aws:s3/bucket:Bucket',
'aws:s3/bucketObject:BucketObject',
'aws:sagemaker/endpoint:Endpoint',
'aws:sagemaker/endpointConfiguration:EndpointConfiguration',
'aws:sagemaker/model:Model',
'aws:sagemaker/notebookInstance:NotebookInstance',
'aws:secretsmanager/secret:Secret',
'aws:servicecatalog/portfolio:Portfolio',
'aws:sfn/activity:Activity',
'aws:sfn/stateMachine:StateMachine',
'aws:sns/topic:Topic',
'aws:sqs/queue:Queue',
'aws:ssm/activation:Activation',
'aws:ssm/document:Document',
'aws:ssm/maintenanceWindow:MaintenanceWindow',
'aws:ssm/parameter:Parameter',
'aws:ssm/patchBaseline:PatchBaseline',
'aws:storagegateway/cachesIscsiVolume:CachesIscsiVolume',
'aws:storagegateway/gateway:Gateway',
'aws:storagegateway/nfsFileShare:NfsFileShare',
'aws:storagegateway/smbFileShare:SmbFileShare',
'aws:swf/domain:Domain',
'aws:transfer/server:Server',
'aws:transfer/user:User',
'aws:waf/rateBasedRule:RateBasedRule',
'aws:waf/rule:Rule',
'aws:waf/ruleGroup:RuleGroup',
'aws:waf/webAcl:WebAcl',
'aws:wafregional/rateBasedRule:RateBasedRule',
'aws:wafregional/rule:Rule',
'aws:wafregional/ruleGroup:RuleGroup',
'aws:wafregional/webAcl:WebAcl',
'aws:workspaces/directory:Directory',
'aws:workspaces/ipGroup:IpGroup',
]

20
infra/langfuse/conf.py Normal file
View File

@@ -0,0 +1,20 @@
import pulumi
import pulumi_aws as aws
from autotag.autotag import register_auto_tags
config = pulumi.Config("langfuse")
project_name = config.require("project_name")
stack_name = pulumi.get_stack()
environment = config.require("environment")
account_id = config.require("account_id")
tags = config.require_object("tags")
network = config.require_object("network")
ec2_config = config.require_object("ec2")
langfuse_config = config.require_object("langfuse_config")
aws_region = aws.get_region().id
current = aws.get_caller_identity()
register_auto_tags(tags)

5
infra/langfuse/requirements.txt Normal file
View File

@@ -0,0 +1,5 @@
pulumi
pulumi-aws
pulumi-docker
boto3
setuptools

4
requirements.txt Normal file
View File

@@ -0,0 +1,4 @@
boto3>=1.34.0
langchain-aws>=0.1.0
langgraph>=0.0.20
langchain>=0.1.0