feat: add gateway import command with executionRoleArn support#855
Open
jesseturner21 wants to merge 7 commits intoaws:mainfrom
Open
feat: add gateway import command with executionRoleArn support#855jesseturner21 wants to merge 7 commits intoaws:mainfrom
jesseturner21 wants to merge 7 commits intoaws:mainfrom
Conversation
Add `agentcore import gateway --arn <arn>` to import existing AWS gateways (with all targets) into a local CLI project. Also remove import from the HIDDEN_FROM_TUI list so it appears in the interactive TUI. - Add AWS SDK wrappers for gateway/target list/get APIs - Add import-gateway.ts with multi-resource CFN import support - Add resourceName schema field to preserve actual AWS gateway name during import - Register gateway in TUI ImportSelectScreen and ImportProgressScreen - Extend ARN pattern, deployed state, and CFN constants for gateway type
The ARN text input was truncating long ARNs. Use the expandable prop to wrap text across multiple lines. Also add gateway to the ARN validation pattern and resource type labels.
Remove --name (confusing local rename) and --yes (no prompts to confirm) from the gateway import command. The gateway's AWS name is used directly.
Add end-to-end tests that create a real AWS gateway with an MCP server target, import it via `agentcore import gateway --arn`, and verify the resulting agentcore.json fields and deployed-state.json entries. New files: - e2e-tests/fixtures/import/setup_gateway.py: creates gateway + target - e2e-tests/fixtures/import/common.py: gateway wait helpers - e2e-tests/fixtures/import/cleanup_resources.py: gateway cleanup Constraint: Tests follow the existing import-resources.test.ts pattern Confidence: high Scope-risk: narrow
Extract roleArn from the AWS GetGateway response and map it to executionRoleArn in agentcore.json. On deploy, CDK uses iam.Role.fromRoleArn() instead of creating a new role, keeping the original permissions intact. Constraint: imported roles use mutable: false so CDK cannot modify them Rejected: always create new role | breaks permissions on re-import Confidence: high Scope-risk: narrow
jesseturner21
had a problem deploying
to
e2e-testing
GitHub Actions
Failure
jesseturner21
temporarily deployed
to
e2e-testing
GitHub Actions
Inactive
Contributor
Package TarballHow to installnpm install https://github.com/aws/agentcore-cli/releases/download/pr-855-tarball/aws-agentcore-0.8.1.tgz |
jesseturner21
temporarily deployed
to
e2e-testing
GitHub Actions
Inactive
jesseturner21
temporarily deployed
to
e2e-testing
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
agentcore import gateway --arn <gatewayArn>command that imports an existing AWS gateway with its targets into a local agentcore projectexecutionRoleArn, matching the pattern used by runtime and memory importsiam.Role.fromRoleArn()instead of creating a new role, keeping original permissions intactimportcommand from the TUI and add gateway ARN support to the ARN input componentChanges
Gateway Import Command
src/cli/commands/import/import-gateway.ts— new import command that fetches gateway details + targets from AWS, maps them to the local schema, writes agentcore.json and deployed-state.json, then runs CDK synth for CloudFormation importsrc/cli/aws/agentcore-control.ts— extractroleArnfrom GetGateway API responseexecutionRoleArn Support
src/schema/schemas/mcp.ts— add optionalexecutionRoleArnfield to gateway schemasrc/cli/commands/import/import-gateway.ts— map AWSroleArn→executionRoleArnduring importCDK Constructs (separate PR in agentcore-l3-cdk-constructs)
Gateway.ts— usefromRoleArnwhenexecutionRoleArnis set, addaddToPolicyguard methodAgentCoreMcp.ts— usegateway.addToPolicy()for policy engine grantsmcp.ts— addexecutionRoleArnto CDK schemaE2E Tests
e2e-tests/import-resources.test.ts— gateway import test, field verification (includingexecutionRoleArn), deployed-state verificatione2e-tests/fixtures/import/setup_gateway.py— creates gateway + MCP server target for testinge2e-tests/fixtures/import/common.py— gateway wait helpersTest plan
executionRoleArnmatches original role ARNagentcore.jsoncontains all gateway fields (name, resourceName, description, authorizerType, enableSemanticSearch, exceptionLevel, executionRoleArn, tags, targets)CDK_TARBALL=<path> npm run test:e2e