Author's note: for the official name for this solution is the "Fullstack Solution Template for Agentcore" but it is referred to throughout this code base as FAST for convenience.
The Fullstack AgentCore Solution Template (FAST) is a starter project repository that enables users (delivery scientists and engineers) to quickly deploy a secured, web-accessible React frontend connected to an AgentCore backend. Its purpose is to accelerate building full stack applications on AgentCore from weeks to days by handling the undifferentiated heavy lifting of infrastructure setup and to enable vibe-coding style development on top. The only central dependency of FAST is AgentCore. It is agnostic to agent SDK (Strands, LangGraph, etc) and to coding assistant platforms (Q, Kiro, Cline, Claude Code, etc).
FAST is designed with security and vibe-codability as primary tenets. Best practices and knowledge from experts are codified in documentation in this repository rather than in code. By including this documentation in an AI coding assistant's context, or by instructing the AI coding assistant to leverage best practices and code snippets found in the documentation, delivery scientists and developers can quickly vibe-build AgentCore applications for any use case. AI coding assistants can be used to fully customize the frontend and the infrastructure, enabling scientists to focus the areas where their knowledge is most impactful: the actual prompt engineering and GenAI implementation details.
With FAST as a starting point and development framework, delivery scientists and engineers will accelerate their development process and deliver production quality AgentCore code following architecture and security best practices without having to learn any frontend or infrastructure code.
FAST comes deployable out-of-the-box with a fully functioning, full-stack application. This application represents starts as a basic multi-turn chat agent where the backend agent has access to tools. Do not let this deter you, even if your use case is entirely different! If your application requires AgentCore, customizing FAST to any use case is extremely straightforward. That is the intended use of FAST!
The application is intentionally kept very, very simple to allow developers to easily build up whatever they want on top of the baseline. The tools shipped out of the box include:
-
Gateway Tools - Lambda-based tools behind AgentCore Gateway with authentication:
- Text analysis tool (counts words and letter frequency)
-
Code Interpreter - Direct integration with Amazon Bedrock AgentCore Code Interpreter:
- Secure Python code execution in isolated sandbox
- Session management with state persistence
- Pre-built runtime with common libraries
Try asking the agent to analyze text or execute Python code to see these tools in action.
If you are a delivery scientist or engineer who wants to use FAST to build a full stack application, this is the section for you.
FAST is designed to be forked and deployed out of the box with a security-approved baseline system working. Your task will be to customize it to create your own full stack application to do (literally) anything on AgentCore.
Deploying the full stack out-of-the-box FAST baseline system is only a few cdk commands once you have forked the repo, namely:
cd infra-cdk
npm install
cdk bootstrap # Once ever
cdk deploy
cd ..
python scripts/deploy-frontend.pySee the deployment guide for detailed instructions on how to deploy FAST into an AWS account.
Terraform alternative: FAST also supports Terraform for infrastructure deployment. See
infra-terraform/README.mdfor the Terraform deployment guide. We recommend choosing one infrastructure tool and deleting the other directory (infra-cdk/orinfra-terraform/) from your fork to keep things clean.
What comes next? That's up to you, the developer. With your requirements in mind, open up your coding assistant, describe what you'd like to do, and begin. The steering docs in this repository help guide coding assistants with best practices, and encourage them to always refer to the documentation built-in to the repository to make sure you end up building something great.
The out-of-the-box architecture is shown above. The diagram illustrates the authentication flows across the stack:
- User login to the frontend (Cognito User Pool β Authorization Code grant): The user authenticates with Cognito via the web application hosted on AWS Amplify. Cognito issues a JWT access token for the session.
- Frontend to AgentCore Runtime (Cognito User Pool JWT validation): The frontend passes the user's JWT in the Authorization header. The Runtime validates the token against the Cognito User Pool.
- AgentCore Runtime to AgentCore Gateway (OAuth2 Client Credentials / M2M): The Runtime authenticates using the OAuth2 Client Credentials grant with user identity propagated into the M2M token via the Cognito V3 Pre-Token Lambda. The Gateway evaluates Cedar policies against the user's claims to enforce fine-grained access control.
- Frontend to API Gateway (Cognito User Pool JWT validation): API requests are authenticated using a Cognito User Pools Authorizer with the same user JWT from Flow 1.
- Frontend: React with TypeScript, Vite, Tailwind CSS, and shadcn components - infinitely flexible and ready for coding assistants
- Agent Providers: Multiple agent providers supported (Strands, LangGraph, etc.) running within AgentCore Runtime
- Authentication: AWS Cognito User Pool with OAuth support for easy swapping out Cognito
- Infrastructure: CDK deployment with Amplify Hosting for frontend and AgentCore backend (Terraform also supported)
fullstack-agentcore-solution-template/
βββ .amazonq/ # Amazon Q assistant rules
βββ .github/ # GitHub Actions workflows
β βββ workflows/
βββ docker/ # Docker development environment
β βββ docker-compose.yml # Local development stack
β βββ Dockerfile.frontend.dev # Frontend development container
βββ frontend/ # React frontend application
β βββ src/
β β βββ app/ # Application pages
β β βββ components/ # React components (shadcn/ui)
β β βββ hooks/ # Custom React hooks
β β βββ lib/ # Utility libraries
β β β βββ agentcore-client/ # AgentCore streaming client
β β βββ routes/ # React Router routes
β β βββ services/ # API service layers
β β βββ styles/ # Global styles
β β βββ test/ # Frontend tests
β β βββ types/ # TypeScript type definitions
β βββ public/ # Static assets
β βββ components.json # shadcn/ui configuration
β βββ vite.config.ts # Vite configuration
β βββ package.json
βββ infra-cdk/ # CDK infrastructure code
β βββ lib/ # CDK stack definitions
β β βββ utils/ # Shared CDK utilities
β β βββ amplify-hosting-stack.ts
β β βββ backend-stack.ts
β β βββ cognito-stack.ts
β β βββ fast-main-stack.ts
β βββ bin/ # CDK app entry point
β βββ lambdas/ # Lambda function code
β β βββ cedar-policy/ # Cedar Policy Engine lifecycle
β β βββ oauth2-provider/ # OAuth2 Credential Provider lifecycle
β β βββ pretoken-v3/ # Cognito V3 Pre-Token Generation Lambda
β β βββ feedback/ # Feedback API handler
β β βββ zip-packager/ # Runtime ZIP packager
β βββ config.yaml # Deployment configuration
βββ infra-terraform/ # Terraform infrastructure (alternative to CDK)
β βββ modules/ # Terraform modules
β β βββ amplify-hosting/ # Amplify Hosting module
β β βββ cognito/ # Cognito User Pool module
β β βββ backend/ # Backend resources module
β βββ scripts/ # Terraform-specific deployment scripts
β βββ lambdas/ # Terraform-specific Lambda code
β βββ terraform.tfvars.example # Example variable file
β βββ README.md # Terraform deployment guide
βββ patterns/ # Agent pattern implementations
β βββ strands-single-agent/ # Basic strands agent pattern
β β βββ basic_agent.py # Agent implementation
β β βββ strands_code_interpreter.py # Code Interpreter wrapper
β β βββ requirements.txt # Agent dependencies
β β βββ Dockerfile # Container configuration
β βββ langgraph-single-agent/ # LangGraph agent pattern
β β βββ langgraph_agent.py # Agent implementation
β β βββ requirements.txt # Agent dependencies
β β βββ Dockerfile # Container configuration
β βββ utils/ # Shared agent utilities
β βββ auth.py # Authentication helpers
β βββ ssm.py # SSM parameter helpers
βββ tools/ # Reusable tools (framework-agnostic)
β βββ code_interpreter/ # AgentCore Code Interpreter integration
β βββ code_interpreter_tools.py # Core implementation
βββ gateway/ # Gateway utilities and tools
β βββ policies/ # Cedar policy definitions
β β βββ policy.cedar # Department-based access control policy
β βββ tools/ # Gateway tool implementations
β βββ sample_tool/ # Example Gateway tool
βββ scripts/ # Deployment and utility scripts
β βββ deploy-frontend.py # Cross-platform frontend deployment
β βββ utils.py # Shared script utilities
βββ test-scripts/ # Testing scripts
β βββ test-agent.py # Agent testing
β βββ test-feedback-api.py # Feedback API testing
β βββ test-gateway.py # Gateway testing
β βββ test-memory.py # Memory testing
βββ tests/ # Test suite
β βββ unit/ # Unit tests
β βββ integration/ # Integration tests
β βββ conftest.py # Pytest configuration
βββ docs/ # Documentation source files
β βββ architecture-diagram/ # Architecture diagrams
β βββ DEPLOYMENT.md # Deployment guide
β βββ LOCAL_DEVELOPMENT.md # Local development guide
β βββ AGENT_CONFIGURATION.md # Agent setup guide
β βββ MEMORY_INTEGRATION.md # Memory integration guide
β βββ GATEWAY.md # Gateway integration guide
β βββ IDENTITY_POLICY.md # Identity propagation & Cedar policy guide
β βββ CEDAR_POLICY_GUIDE.md # Cedar policy syntax, capabilities & reference
β βββ REPLACING_COGNITO.md # Identity provider swap & Gateway interceptors guide
β βββ RUNTIME_GATEWAY_AUTH.md # M2M authentication workflow
β βββ SESSION_MANAGEMENT.md # Session persistence & resumption guide
β βββ CONTEXT_MANAGEMENT.md # Context window management guide
β βββ STREAMING.md # Streaming implementation guide
β βββ TOOL_AC_CODE_INTERPRETER.md # Code Interpreter guide
β βββ VERSION_BUMP_PLAYBOOK.md # Version management
βββ .mkdocs/ # MkDocs build configuration
β βββ mkdocs.yml # MkDocs configuration
β βββ requirements.txt # Documentation dependencies
β βββ Makefile # Build and deployment commands
βββ vibe-context/ # AI coding assistant context and rules
β βββ AGENTS.md # Rules for AI assistants
β βββ coding-conventions.md # Code style guidelines
β βββ development-best-practices.md # Development guidelines
βββ .kiro/ # Kiro CLI configuration
βββ CHANGELOG.md # Version history
βββ Makefile # Project-level build commands
βββ README.md
Have a question about how FAST works? Consider asking DeepWiki!
Note: this asset represents a proof-of-value for the services included and is not intended as a production-ready solution. You must determine how the AWS Shared Responsibility applies to their specific use case and implement the needed controls to achieve their desired security outcomes. AWS offers a broad set of security tools and configurations to enable our customers.
Ultimately it is your responsibility as the developer of a full stack application to ensure all of its aspects are secure. We provide security best practices in repository documentation and provide a secure baseline but Amazon holds no responsibility for the security of applications built from this tool.
This project is licensed under the Apache-2.0 License.