This is a sample implementation that responds to alarms sent to Slack by Amazon Q Developer in chat applications and helps analyze the root cause of the failure. This sample code provides the following feature:
Failure analysis assist
Logs are retrieved from a predefined log storage location within a time range specified by the user, information is extracted and summarized with LLM, and information useful for failure analysis is returned to Slack. For an example of how the function works, see Failure Analysis Assist.
Metrics Insights
In response to questions given by users, a function has been added to select metrics that require generative AI and answer questions based on that metric data. Please see Metrics Insights Doc
Findings Report
We've added the feature to create a report explaining Security Hub and GuardDuty Findings by LLM. Please see Findings Report Doc
main - This branch. This version uses the Slack App. chatbot-customaction - Instead of the Slack App, this is a version that implements an input form using a Custom Action of Amazon Q Developer in chat applications. If you don't have an environment where you can't use the Slack App, or if you don't want to manage the Slack App, use this. This is not updated to Agent version.The scope of existing workloads is based on the assumption that you have already been implemented. You can try this sample if the log is output to CloudWatch Logs. S3 and X-Ray are optional.

log retrieval time range and event information understood from alarms, and submit a requestThe ReACT agent, which is the core of FA2, operates with the following detailed process:
Session information includes thinking history, executed tools, collected data, etc.
Thinking Process:
The result of thinking is output in a structured format, and the next action is determined
Tool Execution:
The results of each tool execution are used as input for the next thinking cycle
Cycle Control:
maxAgentCycles parameter (default: 5)Appropriate error handling is performed when Bedrock rate limits are reached
Final Answer Generation:
$ aws secretsmanager create-secret --name slackSigningSecret --secret-string XXXXXXXXXXXXXXXXXXXX --profile {your_profile}channels:read, chat:write and files:write in [Scopes] section.$ aws secretsmanager create-secret --name slackAppToken --secret-string xxxx-111111111111111-11111111111111111-xxxxxxxxxxxxxxxxxxxxxxxxx-profile {your_profile}Refer to the following description, copy parameter_template.ts, create parameter.ts, and then change each value.
// Example: Settings for the Slack App version when using Claude 3.7 Sonnet and using CloudWatch Logs as search targets
export const devParameter: AppParameter = {
env: {
account: "123456789012",
region: "us-west-2",
},
language: "ja",
envName: "Development",
modelId: "us.anthropic.claude-3-7-sonnet-20250219-v1:0",
slackAppTokenKey: "SlackAppToken",
slackSigningSecretKey: "SlackSigningSecret",
architectureDescription: "The workload you are responsible for consists of ALB, EC2, and Aurora, and Spring applications are deployed on EC2.",
cwLogsLogGroups: [
"/ec2/demoapp",
"/ec2/messages",
"/aws/application-signals/data",
],
cwLogsInsightQuery: "fields @message | limit 100",
xrayTrace: false,
slashCommands: {
insight: true,
findingsReport: true
},
knowledgeBase: true,
embeddingModelId: "amazon.titan-embed-text-v2:0",
maxAgentCycles: 5 // Maximum number of cycles for ReAct agent
};
| Parameters | Example value | Description |
|---|---|---|
env.account |
"123456789012" |
AWS Account ID to deploy this sample |
env.region |
"us-west-2" |
AWS Region to deploy this sample |
language |
"ja" |
Language setting for prompt and UI. Choose one, en or ja. |
envName |
"Development" |
Environment name. |
modelId |
"us.anthropic.claude-3-7-sonnet-20250219-v1:0" |
Specify the model ID as defined in Amazon Bedrock. Please specify what you allow for model access. Please specify a model with a particular focus on output quality. It is used for inference of the cause of failure, etc. |
slackAppTokenKey |
"SlackAppToken" |
The key name is to get SlackAppToken from AWS Secrets Manager. You should use the same key name in Registration of Slack App. |
slackSingingSecretKey |
"SlackSigningSecret" |
The key name is to get SlackSigningSecret from AWS Secrets Manager. You should use the same key name in Registration of Slack App. |
architectureDescription |
"The workload you are responsible for consists of ALB, EC2, and Aurora, and Spring applications are deployed on EC2." |
This is a sentence explaining the system to failure analysis. It will be incorporated into the prompt, so please try to include AWS service names and element technology, and keep it simple. |
cwLogsLogGroups |
["/ec2/demoapp", "/ec2/messages", "/aws/application-signals/data"] |
Specify the log group of Amazon CloudWatch Logs for which you want to retrieve logs. Up to 50 can be specified. |
cwLogsInsightQuery |
"fields @message \| limit 100" |
Specify the query you want to use with CloudWatch Logs Insight. Due to balance with the context window, the default limit is 100 (please modify the query according to actual environment). |
databaseName |
"athenadatacatalog" |
The name of the Amazon Athena database. Required if you want to use Athena to search logs. |
albAccessLogTableName |
"alb_access_logs" |
ALB access log table name. In this sample, ALB access log search was implemented in Athena, so the ALB access log table name is specified when using it. |
cloudTrailLogTableName |
"cloud_trail_logs" |
AWS CloudTrail log table name. In this sample, we implemented a CloudTrail audit log log search in Athena, so specify the CloudTrail log table name when using it. |
xrayTrace |
true |
A parameter for deciding whether to include AWS X-Ray trace information in the analysis |
$ claude mcp add failure-analysis-assistant \
-- python -m otcore.mcp_server <graph>