Fix: Multiple Issues and Improvements for Customer Support Assistant Setup

[aarora79]

Summary

This PR addresses all 5 issues documented in #443 to improve the customer support assistant setup experience.

Changes

1. Product Naming

• Replace "AWS Bedrock" with correct "Amazon Bedrock" product name
• Files: README.md, pyproject.toml

2. IAM Permissions Documentation

• Add comprehensive IAM permissions section to README
• Documents S3 Vector, SSM, DynamoDB, and Cognito permissions
• Includes production security best practices
• All permissions validated against official AWS documentation

3. AWS Region Configuration

• Fix shell scripts to work on EC2 instances with IAM roles
• Add fallback to AWS_DEFAULT_REGION and us-east-1 default
• Files: scripts/prereq.sh, scripts/cleanup.sh, scripts/list_ssm_parameters.sh

4. Gateway Wait Logic

• Add polling to wait for gateway ACTIVE status before creating target
• Prevents ValidationException during gateway creation
• Waits up to 5 minutes with progress feedback
• Files: scripts/agentcore_gateway.py

5. UV Package Manager Migration

• Migrate from pip to modern uv package manager
• Create pyproject.toml with all dependencies
• Update all commands to use "uv run python"
• Generate uv.lock for reproducible builds
• Files: pyproject.toml (new), uv.lock (new), README.md, scripts/*

6. .gitignore Updates

• Add customer support assistant specific files to .gitignore
• Excludes runtime config, auth tokens, and local development files

Testing

All changes validated with automated test script:

• Product naming check passed
• IAM permissions documentation exists and all 49+ permissions validated
• Region fallback logic in all 3 scripts
• Gateway wait logic implemented with time import and status polling
• UV migration complete with pyproject.toml and uv.lock
• Python syntax validation passed

Breaking Changes

None. This is backward compatible - users can still use pip if they prefer, though uv is recommended.

Impact

• Improved user experience during setup
• Eliminated trial-and-error for IAM permissions
• Fixed critical bug in gateway creation (ValidationException)
• Works correctly on EC2 instances with IAM roles
• Modernized development workflow with uv

Fixes #443

[github-actions]

Latest scan for commit: becc594 | Updated: 2025-10-22 17:16:52 UTC

Security Scan Results

Scan Metadata

• Project: ASH
• Scan executed: 2025-10-22T17:16:31+00:00
• ASH version: 3.0.0

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

• Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
• Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
• High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
• Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
• Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
• Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

• Time: Duration taken by each scanner to complete its analysis
• Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

• PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
• FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
• MISSING: Scanner could not run because required dependencies/tools are not installed or available
• SKIPPED: Scanner was intentionally disabled or excluded from this scan
• ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

• CRITICAL: Only Critical severity findings cause scanner to fail
• HIGH: High and Critical severity findings cause scanner to fail
• MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
• LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
• ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

• (g) = global: Set in the global_settings section of ASH configuration
• (c) = config: Set in the individual scanner configuration section
• (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

• All statistics are calculated from the final aggregated SARIF report
• Suppressed findings are counted separately and do not contribute to actionable findings
• Scanner status is determined by comparing actionable findings to the threshold

Scanner	S	C	H	M	L	I	Time	Action	Result	Thresh
bandit	0	0	0	0	2	0	521ms	0	PASSED	MED (g)
cdk-nag	0	0	0	0	0	0	27.2s	0	PASSED	MED (g)
cfn-nag	0	0	0	0	0	0	6ms	0	PASSED	MED (g)
checkov	0	0	0	0	0	0	5.2s	0	PASSED	MED (g)
detect-secrets	0	0	0	0	0	0	861ms	0	PASSED	MED (g)
grype	0	0	0	0	0	0	30.4s	0	PASSED	MED (g)
npm-audit	0	0	0	0	0	0	164ms	0	PASSED	MED (g)
opengrep	0	0	0	0	0	0	<1ms	0	SKIPPED	MED (g)
semgrep	0	0	0	0	0	0	13.2s	0	PASSED	MED (g)
syft	0	0	0	0	0	0	2.0s	0	PASSED	MED (g)