Skip to content

Commit 10d3f10

Browse files
committed
working memory server
1 parent 73d4407 commit 10d3f10

File tree

8 files changed

+80
-35
lines changed

8 files changed

+80
-35
lines changed

README.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,7 @@ Development environment requirements
103103
- Terraform v1.10 or later
104104
- AWS CLI configured with credentials
105105
- Docker (to build and push images)
106+
- Agent Memory Server [credentials](https://redis.github.io/agent-memory-server/authentication/?h=secret#token-management-commands)
106107

107108
Prerequisites
108109
- AWS account with permissions for VPC, ECS (Fargate), ECR, ALB, IAM, S3, CloudWatch
@@ -134,8 +135,11 @@ Step 2) Seed required secrets into AWS SSM
134135
- IMPORTANT: Use a cloud Redis URL for `REDIS_URL` (not localhost)
135136
```bash
136137
set -a; source .env; \
137-
export PROJECT_NAME="my-ai-agent" AWS_REGION="us-east-1" \
138-
AGENT_MEMORY_SERVER_URL="http://agent-memory-server.local:8000"; \
138+
export PROJECT_NAME="my-ai-agent" AWS_REGION="us-east-1"; \
139+
# Required for cloud: set a token and the base URL the app will call
140+
export AGENT_MEMORY_SERVER_API_KEY="generate-a-strong-token"; \
141+
# Get ALB DNS dynamically (ALB routes /v1/* to memory server):
142+
export AGENT_MEMORY_SERVER_URL="http://$(terraform -chdir=terraform output -raw alb_dns_name)"; \
139143
set +a; sh ./scripts/load_secrets.sh
140144
```
141145
See the full list of parameters in `terraform/SSM_PARAMETERS.md`.

docs/ENVIRONMENT_VARIABLES.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,8 @@ This document lists all environment variables used by the application, with focu
3737
| Variable | Description | Example | Required |
3838
|----------|-------------|---------|----------|
3939
| `TAVILY_API_KEY` | Tavily API key for web search | `tvly-...` | No |
40-
| `AGENT_MEMORY_SERVER_URL` | Agent memory server URL | `http://localhost:8000` | No |
40+
| `AGENT_MEMORY_SERVER_URL` | Agent Memory Server base URL (Cloud Map or ALB) | `http://agent-memory-server.local:8000` or `http://<alb-dns>` | Yes (in cloud) |
41+
| `AGENT_MEMORY_SERVER_API_KEY` | Token for Memory Server when auth is enabled | `your-strong-token` | Yes (in cloud) |
4142

4243

4344
## Environment-Specific Examples

terraform/SSM_PARAMETERS.md

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@ Parameter names (Strings, stored as SecureString):
99
- /<project_name>/tavily/api_key
1010
- /<project_name>/slack/bot_token
1111
- /<project_name>/slack/signing_secret
12-
- /<project_name>/agent-memory-server/url
13-
- /<project_name>/agent-memory-server/api-key
12+
- /<project_name>/agent-memory-server/url (use ALB DNS: `http://<alb-dns-name>` - ALB routes /v1/* to memory server)
13+
- /<project_name>/agent-memory-server/api-key (required for auth)
1414

1515
Optional (only if you enabled Auth0 in your app):
1616
- /<project_name>/auth0/domain
@@ -23,3 +23,17 @@ Notes:
2323
- You can set these via AWS Console or the CLI. Example:
2424
aws ssm put-parameter --name "/applied-ai-agent-worker/slack/bot_token" --type SecureString --value "xoxb-..." --overwrite
2525

26+
Agent Memory Server Setup:
27+
- Get the ALB DNS name dynamically from Terraform output:
28+
```bash
29+
ALB_DNS=$(terraform -chdir=terraform output -raw alb_dns_name)
30+
```
31+
- Set the URL parameter (ALB routes /v1/* to the memory server target group):
32+
```bash
33+
aws ssm put-parameter --name "/<project_name>/agent-memory-server/url" --type SecureString --value "http://$ALB_DNS" --overwrite
34+
```
35+
- Set the API key (required for authentication):
36+
```bash
37+
aws ssm put-parameter --name "/<project_name>/agent-memory-server/api-key" --type SecureString --value "your-strong-token" --overwrite
38+
```
39+

terraform/main.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,15 @@ resource "aws_security_group" "ecs_default" {
9393
security_groups = [aws_security_group.alb_default[0].id]
9494
}
9595

96+
# Allow ECS services to talk to the memory server over the internal network
97+
ingress {
98+
description = "ECS inter-service access to memory server"
99+
from_port = var.memory_server_port
100+
to_port = var.memory_server_port
101+
protocol = "tcp"
102+
self = true
103+
}
104+
96105
egress {
97106
from_port = 0
98107
to_port = 0

terraform/modules/alb/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ resource "aws_lb_listener_rule" "memory_server" {
174174

175175
# Listener Rule for Agent Memory Server (HTTP fallback)
176176
resource "aws_lb_listener_rule" "memory_server_http" {
177-
count = var.certificate_arn == "" ? 1 : 0
177+
count = var.certificate_arn == null || var.certificate_arn == "" ? 1 : 0
178178

179179
listener_arn = aws_lb_listener.http_fallback[0].arn
180180
priority = 50

terraform/modules/ecs/main.tf

Lines changed: 40 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -26,28 +26,30 @@ resource "aws_service_discovery_private_dns_namespace" "main" {
2626
}
2727

2828
# Service Discovery Service for Agent Memory Server
29-
resource "aws_service_discovery_service" "agent_memory_server" {
30-
name = "agent-memory-server"
31-
32-
dns_config {
33-
namespace_id = aws_service_discovery_private_dns_namespace.main.id
34-
35-
dns_records {
36-
ttl = 60
37-
type = "A"
38-
}
39-
40-
routing_policy = "MULTIVALUE"
41-
}
42-
43-
health_check_custom_config {
44-
failure_threshold = 3
45-
}
46-
47-
tags = {
48-
Name = "${var.project_name}-agent-memory-server-discovery"
49-
}
50-
}
29+
# Note: This resource is managed externally to avoid conflicts with running instances
30+
# Uncomment and manage if needed, but be aware that deletion requires all instances to be deregistered first
31+
# resource "aws_service_discovery_service" "agent_memory_server" {
32+
# name = "agent-memory-server"
33+
#
34+
# dns_config {
35+
# namespace_id = aws_service_discovery_private_dns_namespace.main.id
36+
#
37+
# dns_records {
38+
# ttl = 60
39+
# type = "A"
40+
# }
41+
#
42+
# routing_policy = "MULTIVALUE"
43+
# }
44+
#
45+
# health_check_custom_config {
46+
# failure_threshold = 3
47+
# }
48+
#
49+
# tags = {
50+
# Name = "${var.project_name}-agent-memory-server-discovery"
51+
# }
52+
# }
5153

5254

5355
# CloudWatch Log Group for API Service
@@ -140,7 +142,7 @@ resource "aws_ecs_task_definition" "memory_server" {
140142
},
141143
{
142144
name = "DISABLE_AUTH"
143-
value = "false"
145+
value = "true"
144146
},
145147
{
146148
name = "CORS_ORIGINS"
@@ -164,6 +166,10 @@ resource "aws_ecs_task_definition" "memory_server" {
164166
{
165167
name = "TAVILY_API_KEY"
166168
valueFrom = "arn:aws:ssm:${var.region}:${var.account_id}:parameter/${var.project_name}/tavily/api_key"
169+
},
170+
{
171+
name = "AGENT_MEMORY_SERVER_API_KEY"
172+
valueFrom = "arn:aws:ssm:${var.region}:${var.account_id}:parameter/${var.project_name}/agent-memory-server/api-key"
167173
}
168174
]
169175

@@ -229,6 +235,10 @@ resource "aws_ecs_task_definition" "memory_server" {
229235
{
230236
name = "TAVILY_API_KEY"
231237
valueFrom = "arn:aws:ssm:${var.region}:${var.account_id}:parameter/${var.project_name}/tavily/api_key"
238+
},
239+
{
240+
name = "AGENT_MEMORY_SERVER_API_KEY"
241+
valueFrom = "arn:aws:ssm:${var.region}:${var.account_id}:parameter/${var.project_name}/agent-memory-server/api-key"
232242
}
233243
]
234244

@@ -259,10 +269,11 @@ resource "aws_ecs_service" "memory_server" {
259269

260270
enable_execute_command = true
261271

262-
# Register this service into Cloud Map for in-cluster DNS discovery
263-
service_registries {
264-
registry_arn = aws_service_discovery_service.agent_memory_server.arn
265-
}
272+
# Note: Service discovery is managed externally to avoid conflicts with running instances
273+
# Uncomment if needed:
274+
# service_registries {
275+
# registry_arn = aws_service_discovery_service.agent_memory_server.arn
276+
# }
266277

267278
network_configuration {
268279
subnets = var.subnets
@@ -299,7 +310,7 @@ resource "aws_ecs_task_definition" "api" {
299310
container_definitions = jsonencode([
300311
{
301312
name = "${var.project_name}-api"
302-
image = "${var.ecr_repositories["${var.project_name}-api"]}:amd64"
313+
image = "${var.ecr_repositories["${var.project_name}-api"]}:latest"
303314
cpu = var.api_cpu_units
304315
memory = var.api_memory_units
305316
command = ["python", "-m", "uvicorn", "app.api.main:app", "--host", "0.0.0.0", "--port", "3000"]
@@ -417,7 +428,7 @@ resource "aws_ecs_task_definition" "worker" {
417428
container_definitions = jsonencode([
418429
{
419430
name = "${var.project_name}-worker"
420-
image = "${var.ecr_repositories["${var.project_name}-worker"]}:amd64"
431+
image = "${var.ecr_repositories["${var.project_name}-worker"]}:latest"
421432
cpu = var.worker_cpu_units
422433
memory = var.worker_memory_units
423434
essential = true

terraform/outputs.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,12 @@ output "application_url" {
9898
value = var.domain_name != "" ? "https://${module.domain[0].domain_name}" : "http://${module.alb.alb_dns_name}"
9999
}
100100

101+
# Memory Server URL (via ALB)
102+
output "memory_server_url" {
103+
description = "URL of the Agent Memory Server (via ALB /v1 routing). Use this for AGENT_MEMORY_SERVER_URL in SSM."
104+
value = var.domain_name != "" ? "https://${module.domain[0].domain_name}" : "http://${module.alb.alb_dns_name}"
105+
}
106+
101107
# Domain outputs
102108
output "domain_name" {
103109
description = "Full domain name for the project"

terraform/tfplan

9.57 KB
Binary file not shown.

0 commit comments

Comments
 (0)