Skip to content

awsdataarchitect/agent2agent-strands-ai21-maestro

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
aws_security_analysis.png
aws_security_analysis.png
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
strands_ai21_maestro_agent.py
strands_ai21_maestro_agent.py
Β 
Β 

Repository files navigation

AWS Security Analysis with AI21 Maestro & Strands Agents

AWS Security Analysis Architecture

This project demonstrates cutting-edge agent-to-agent AI integration using AI21 Maestro's requirement-driven report generation and Strands Agents for intelligent tool orchestration. The solution combines AWS Security Hub findings analysis and CloudTrail activity monitoring through Model Context Protocol (MCP) to provide comprehensive security insights powered by Amazon Bedrock Nova Premier and AI21's Jamba Mini 1.6 model.

πŸ€– Agent-to-Agent AI Integration: The Future is Here

β€’ Multi-Agent Architecture: Built a Strands Agent that intelligently calls AI21 Maestro agentic tools through Model Context Protocol (MCP) - showcasing true agent-to-agent communication for AWS security analysis

β€’ MCP-Powered Tool Orchestration: Leveraging Model Context Protocol to enable seamless interoperability between Amazon Bedrock Nova Premier (Strands) and AI21's Jamba Mini - proving that different AI systems can work together harmoniously

β€’ Intelligent Tool Selection: The Strands Agent automatically determines when to invoke AI21 Maestro tools based on natural language queries - "Check my security findings" triggers Security Hub analysis, while "Analyze suspicious activity" calls CloudTrail monitoring

β€’ Validated AI Output: AI21 Maestro's requirement-based validation ensures consistent, professional security reports every time - no hallucinations, no formatting inconsistencies, just reliable enterprise-grade analysis

β€’ Real-World Impact: Transforming AWS security analysis from hours of manual work to seconds of AI-powered insights - analyzing thousands of Security Hub findings and CloudTrail events with structured, actionable recommendations

β€’ Open Source Innovation: Built with MCP compatibility in mind, making these agentic tools reusable across different AI frameworks - contributing to the broader AI ecosystem interoperability

πŸš€ Features

Core Capabilities

  • Security Hub Analysis: Retrieves and analyzes AWS Security Hub findings with severity breakdown, affected resources, and issue categorization
  • CloudTrail Monitoring: Analyzes CloudTrail events for suspicious activities, user behavior patterns, and geographic anomalies
  • AI21 Maestro Requirements: Uses explicit constraints and validation cycles for consistent, professional security reports
  • Intelligent Agent: Strands Agent powered by Amazon Bedrock Nova Premier for natural language interaction

Technical Features

  • MCP Tool Integration: Two focused tools compatible with Model Context Protocol for cross-framework reusability
  • Environment-based Configuration: Secure API key management via environment variables
  • Simplified Architecture: Streamlined async/sync handling with asyncio.run()
  • Enhanced Output Processing: Clean response handling with proper text extraction
  • Robust Error Handling: Comprehensive error management for AWS API calls and AI model interactions

πŸ“‹ Requirements

  • Python 3.10+
  • AWS credentials configured with Security Hub and CloudTrail access
  • AI21 API key (set as environment variable)
  • Amazon Bedrock access (Nova Premier model)
  • Appropriate IAM permissions for:
    • securityhub:GetFindings
    • cloudtrail:LookupEvents
    • bedrock:InvokeModel

πŸ›  Installation

  1. Clone this repository
  2. Install dependencies: 
    pip install -r requirements.txt
  3. Set your AI21 API key as an environment variable: 
    export AI21_API_KEY=your_ai21_api_key_here
  4. Ensure AWS credentials are configured: 
    aws configure
# or set environment variables
export AWS_ACCESS_KEY_ID=your_key
export AWS_SECRET_ACCESS_KEY=your_secret
export AWS_DEFAULT_REGION=us-east-1

🎯 Usage

Strands Agent with Agent-to-Agent Communication

python strands_ai21_maestro_agent.py

Natural language interaction examples:

  • "Analyze my Security Hub findings" β†’ Triggers Security Hub analysis via AI21 Maestro
  • "Check CloudTrail for suspicious activity" β†’ Invokes CloudTrail monitoring tool
  • "What security issues should I prioritize?" β†’ Agent determines best analysis approach
  • "Are there any failed login attempts?" β†’ Automatically selects CloudTrail analysis

πŸ”§ MCP Tools: Agent-to-Agent Communication

1. analyze_aws_security_hub()

Purpose: Strands Agent β†’ AI21 Maestro for Security Hub analysis

Agent Communication Flow:

  1. Strands Agent (Nova Premier) receives user query
  2. Agent determines Security Hub analysis is needed
  3. Invokes MCP tool via @tool decorator
  4. Tool calls AI21 Maestro with structured requirements
  5. Maestro (Jamba Mini 1.6) validates output against requirements
  6. Returns professional security report to Strands Agent
  7. Agent presents insights to user

AI21 Maestro Requirements:

  • Markdown formatting with proper headers and code blocks
  • Include all numerical data in analysis
  • Prioritize CRITICAL and HIGH severity findings
  • Provide actionable remediation steps
  • Professional security analyst tone
  • Structured sections (Executive Summary, Severity Analysis, etc.)
  • Concise length under 300 words
  • No assumptions beyond provided data

2. analyze_aws_cloudtrail()

Purpose: Strands Agent β†’ AI21 Maestro for CloudTrail insights

Agent Communication Flow:

  1. User asks about suspicious activity or login patterns
  2. Strands Agent intelligently selects CloudTrail analysis
  3. MCP tool retrieves and processes CloudTrail events
  4. Sends structured data to AI21 Maestro with requirements
  5. Maestro generates validated security insights
  6. Agent receives and presents actionable recommendations

AI21 Maestro Requirements:

  • Markdown formatting with headers and numbered lists
  • Highlight high-risk activities requiring investigation
  • Analyze user behavior patterns for anomalies
  • Geographic insights for unusual locations
  • Focus on failed operations as security indicators
  • Actionable security recommendations
  • Threat assessment with risk rating
  • Concise insights under 350 words

🎯 AI21 Maestro Requirements System

This project showcases AI21 Maestro's powerful requirements feature for agent-to-agent communication:

How Agent-to-Agent Requirements Work

  • Explicit Constraints: Strands Agent defines up to 10 specific requirements for AI21 Maestro
  • Generate β†’ Validate β†’ Fix Cycle: Maestro creates, evaluates, and refines output until all requirements are met
  • Scoring System: Each requirement is scored 0.0 to 1.0, with refinement for scores < 1.0
  • Budget Control: Process continues until requirements are satisfied or budget is exhausted

Agent Communication Flow

Strands Agent β†’ MCP Tool β†’ AI21 Maestro β†’ Requirements Validation β†’ Refined Output β†’ Strands Agent β†’ User
     ↑                                                                                    ↓
     ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ← ←

This ensures consistent, professional security reports through validated agent-to-agent communication.

πŸ“Š Example Agent-to-Agent Output

Security Hub Analysis (Strands β†’ AI21 Maestro)

## AWS Security Hub Analysis Report

### Executive Summary
Your AWS environment shows 18 active security findings requiring attention...

### Severity Analysis
- **CRITICAL**: 2 findings requiring immediate action
- **HIGH**: 5 findings needing prompt remediation
- **MEDIUM**: 8 findings for scheduled resolution

### Recommended Actions
1. **Immediate**: Address EC2 instance vulnerabilities
2. **This Week**: Update S3 bucket policies
3. **This Month**: Review IAM permissions

πŸ— Multi-Agent Architecture

Agent Communication Components

  1. Strands Agent (Python) - Main orchestrator using Nova Premier for reasoning
  2. MCP Protocol - Enables seamless agent-to-agent communication
  3. Two Specialized AI21 Maestro Tools - Security Hub and CloudTrail analysis
  4. Requirements Validation - Ensures consistent, professional output
  5. AWS Services Integration - Real-time security data sources

Key Innovations in Agent-to-Agent Design

  • Environment Variable Configuration: Secure API key management
  • Simplified Async Handling: Clean asyncio.run() implementation for agent communication
  • Enhanced Response Processing: Proper text extraction from multi-agent responses
  • MCP Compatibility: Tools work across different AI frameworks
  • Intelligent Tool Selection: Agent automatically chooses appropriate analysis based on user intent

πŸ”’ Security Best Practices

Environment Variables

# Required for agent-to-agent communication
export AI21_API_KEY=your_ai21_api_key

# AWS (if not using aws configure)
export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_DEFAULT_REGION=us-east-1

IAM Permissions (Minimum Required)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "securityhub:GetFindings",
                "cloudtrail:LookupEvents",
                "bedrock:InvokeModel"
            ],
            "Resource": "*"
        }
    ]
}

πŸ› Troubleshooting

Common Agent Communication Issues

  1. Missing AI21 API Key

    ValueError: AI21_API_KEY environment variable is required

    Solution: Set the environment variable for agent-to-agent communication

  2. MCP Tool Response Processing

    • Enhanced response handling extracts clean text from agent communications
    • Properly processes multi-agent response chains
    • Removes thinking tags for clean output

πŸ“ Project Structure

aws-security-analysis/
β”œβ”€β”€ strands_ai21_maestro_agent.py # Main agent-to-agent implementation
β”œβ”€β”€ requirements.txt             # Python dependencies
└── README.md                   # This documentation

πŸ”„ Dependencies

ai21==2.0.0                    # AI21 Maestro agent integration
boto3>=1.28.0                  # AWS SDK
botocore>=1.31.0               # AWS core functionality
python-dateutil>=2.8.2         # Date/time handling
strands-agents>=0.1.0          # Strands agent framework
strands-agents-tools>=0.1.0    # MCP tool support

🌟 Contributing to Agent-to-Agent AI

This project demonstrates the future of AI integration through:

  • MCP Protocol adoption for cross-framework compatibility
  • Agent-to-agent communication patterns
  • Requirements-driven validation for reliable outputs
  • Open source innovation in multi-AI orchestration

Contributions welcome to advance the agent-to-agent AI ecosystem!

πŸ“„ License

MIT License

πŸ†˜ Support

For issues and questions:

About

Agent-to-Agent AI Integration: AWS Security Analysis with AI21 Maestro & Strands Agents

vivek-aws.medium.com/aws-security-analysis-with-ai21-maestro-strands-agents-6731e97b7098

Topics

ai21labs agentic-ai mcp-tools amazon-nova strands-agent

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages