Metadata-Version: 2.4
Name: aws-bedrock-radar
Version: 0.1.1
Summary: Serverless radar for Amazon Bedrock — deploy a Lambda that logs prompt/latency to S3, then analyze it.
Author: aws-bedrock-radar contributors
License-Expression: MIT
Project-URL: Homepage, https://pypi.org/project/aws-bedrock-radar/
Keywords: aws,bedrock,lambda,llm,observability,cli
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: System :: Monitoring
Classifier: Topic :: Utilities
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: boto3>=1.26
Dynamic: license-file

# Prerequisites (do this before deploying)

## 0.1 Authenticate to AWS
The deploy needs valid AWS credentials in your shell. If your session has
expired you'll see "Your session has expired ... Please reauthenticate".

- AWS IAM Identity Center (SSO):
  ```
  aws sso login                      # or: aws sso login --profile <your-profile>
  ```
- Legacy / custom login wrapper:
  ```
  aws login
  ```

Verify you're authenticated before continuing:
```
aws sts get-caller-identity
```

If you use a named profile, export it so radar.py picks it up:
```
export AWS_PROFILE=<your-profile>
export AWS_REGION=us-east-1
```

## 0.2 Python environment
radar.py needs boto3. On externally-managed Python (Homebrew/PEP 668) use a venv:
```
python3 -m venv .venv
.venv/bin/python -m pip install boto3 "botocore[crt]"
```
Then run radar with that interpreter, e.g. `.venv/bin/python radar.py deploy --dry-run`.

## 0.3 Enable Bedrock model access
The `test` step (and any real invocation) needs the model enabled in the Bedrock
console for your region: Bedrock > Model access > enable
`anthropic.claude-sonnet-4-20250514-v1:0` in us-east-1. This is a one-time manual
grant that the deploy does not perform.

---

Update Lambda runtime (IMPORTANT)
When creating the lambda, use:
Runtime: python3.11
Handler: lambda_function.lambda_handler

1.1 Before creating the lambda:
create Create the IAM role
aws iam create-role \
  --role-name bedrock-lambda-role \
  --assume-role-policy-document file://trust-policy.json
1.2. Attach Lambda basic logging
aws iam attach-role-policy \
  --role-name bedrock-lambda-role \
  --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
1.3 Attach Bedrock access
aws iam attach-role-policy \
  --role-name bedrock-lambda-role \
  --policy-arn arn:aws:iam::aws:policy/AmazonBedrockFullAccess
1.4 Attach S3 access (for logging)
aws iam attach-role-policy \
  --role-name bedrock-lambda-role \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
1.5 Get the role ARN (IMPORTANT)
aws iam get-role \
  --role-name bedrock-lambda-role \
  --query 'Role.Arn' \
  --output text

  you should get something like that 
  arn:aws:iam::<ACCOUNT_ID>:role/bedrock-lambda-role

starting now let's chcek :
 aws iam get-role --role-name bedrock-lambda-role --query 'Role.Arn' --output text
 
When all seccusfully created:
1. Create Lambda (again, clean)
2. Fix handler issues
3. Test invocation
4. Add API Gateway

---

## radar.py — these steps as flags

`radar.py deploy` automates every step above. Each maps to a named step you can
run on its own with `--steps` or exclude with `--skip` (see `--list-steps`):

| readme step              | radar step |
|--------------------------|------------|
| 1.1 create IAM role      | `role`     |
| 1.2-1.4 attach policies  | `policies` (or `--least-privilege` for scoped) |
| create S3 log bucket     | `bucket`   |
| Create Lambda + fix handler | `function` |
| Add API Gateway          | `api`      |
| (write config.json)      | `config`   |
| Test invocation          | `test` (`--test-prompt "..."`) |

Examples:

```
python3 radar.py deploy --dry-run               # preview every step, no AWS calls
python3 radar.py deploy --list-steps            # show steps and what is selected
python3 radar.py deploy --steps role,policies   # just the IAM steps
python3 radar.py deploy --skip test             # everything except the test
python3 radar.py deploy                         # full deploy
```
