A sample e-commerce order automation application built on Amazon Bedrock AgentCore Browser with Nova Act, Strands Agent, and Playwright MCP for secure browser automation and intelligent agent orchestration capabilities.
Note: This is a sample application for demonstration purposes. Review and modify security settings, resource configurations, and access policies according to your organization's requirements before deploying to production environments.
- AI-Powered Automation: Nova Act or Amazon Bedrock models (e.g. Sonnet 4, Opus 4.1) for intelligent order processing
- Secure Browser Automation: Amazon Bedrock AgentCore Browser Tool provides isolated, managed browser environment
- Web Bot Auth (Preview): Cryptographic authentication to reduce CAPTCHA challenges using IETF Web Bot Auth protocol
- Multi-Agent Architecture: Strands Agent orchestrates Nova Act and Playwright MCP agents for complex workflows
- Real-time Monitoring: WebSocket connections for live order tracking and browser session viewing
- Human-in-the-Loop: Manual intervention with live browser view, session replay, and manual control takeover
- Batch Processing: CSV upload support for bulk order automation with priority queuing
- Secure Credential Management: AWS Secrets Manager for encrypted credential storage with KMS encryption
- High Availability: Multi-AZ deployment with auto-scaling ECS Fargate tasks
- Enterprise Security: VPC isolation, WAF protection, encrypted storage, and IAM-based access control
This solution demonstrates a modern, cloud-native approach to e-commerce order automation using AWS services including Amazon Bedrock, AgentCore Browser Tool, ECS Fargate, and CloudFront. The system processes orders through an AI pipeline that automates web interactions, validates data, and provides real-time monitoring with human-in-the-loop capabilities.
Frontend Layer
- React 18 application with AWS Cloudscape Design System
- CloudFront distribution for global content delivery
- Real-time WebSocket connections for order status updates
- Live browser view with DCV streaming and session replay
Backend Layer
- Python FastAPI application with asynchronous job processing
- ARM64-optimized ECS Fargate containers
- Priority-based job queue with concurrent workers (1-10 configurable)
- WebSocket server for real-time updates
AI & Automation Layer
- Amazon Bedrock for Claude model access
- AgentCore Browser Tool for secure web automation
- Strands Agent for workflow orchestration
- Nova Act for AI-powered browser intelligence
- Playwright MCP Agent for browser actuation
Data & Security Layer
- Amazon RDS PostgreSQL for production, SQLite for development
- AWS Secrets Manager for credential storage with KMS encryption
- S3 for file uploads and session recordings
- CloudWatch for metrics, logging, and monitoring
graph TD
A[User Upload] --> B[Order Validation]
B --> C[Job Creation]
C --> D[Priority Queue]
D --> E[Agent Selection]
E --> F[Browser Automation]
F --> G[Real-time Monitoring]
G --> H{Success?}
H -->|Yes| I[Order Complete]
H -->|Issues| J[Human Review]
J --> K[Manual Resolution]
K --> I
Processing Flow:
- Order Creation: User uploads single order or CSV batch with priority assignment
- Queue Management: Priority-based FIFO processing with configurable workers
- Agent Orchestration: Strands Agent coordinates Nova Act (AI) and Playwright MCP (browser control)
- Browser Automation: AgentCore Browser Tool provides isolated sessions with live monitoring
- Human Review: Complex cases routed for manual intervention with live browser control
sequenceDiagram
participant U as User
participant F as Frontend
participant A as FastAPI
participant Q as Job Queue
participant S as Strands Agent
participant B as AgentCore Browser
participant SM as Secrets Manager
U->>F: Upload order/CSV
F->>A: POST /api/orders
A->>Q: Add to priority queue
A->>F: Return job ID
loop Background Processing
Q->>S: Get next job
S->>SM: Retrieve credentials
S->>B: Start browser session
B->>S: Live view URL
S->>A: Progress updates
A->>F: WebSocket updates
F->>U: Real-time status
end
Strands Agent - Main orchestrator
- Workflow coordination and state management
- Credential retrieval from AWS Secrets Manager
- Browser session lifecycle management
- Progress tracking and error handling
Nova Act - AI-powered browser intelligence
- Natural language to browser actions
- Visual understanding of web pages
- Adaptive navigation strategies
- CAPTCHA detection and human escalation
Playwright MCP - Browser actuation
- Low-level browser control and element interaction
- Form filling and submission
- Network request monitoring
Local Development
- Python 3.9+
- Node.js 16+
- AWS CLI configured with appropriate permissions
AWS Deployment
- AWS Account with Bedrock and AgentCore access
- Terraform 1.0+
- Domain registered in Route 53 (optional)
Security Setup
- Set admin password for web interface authentication (required)
# Clone the repository
git clone <repository-url>
cd browser-order-automation-agentcore
# Set up environment variables
cp .env.example backend/.env
# Edit backend/.env and set ADMIN_PASSWORD
# Backend setup
cd backend
pip install -r requirements.txt
python app.py # Starts on port 8000
# Frontend setup (new terminal)
cd frontend
npm install
npm start # Starts on port 3000Access the application at http://localhost:3000 and login with your admin password.
Backend (create backend/.env from .env.example):
AWS_REGION=us-west-2
FLASK_ENV=development
ALLOWED_ORIGINS=http://localhost:3000
# REQUIRED: Set admin password for web interface
ADMIN_PASSWORD=your-strong-password-here
# Optional - uses SQLite if not set
# DATABASE_URL=postgresql://user:pass@host:5432/dbnameFrontend (create frontend/.env):
REACT_APP_API_URL=http://localhost:8000cd terraform
cp terraform.tfvars.example terraform.tfvars
# IMPORTANT: Edit terraform.tfvars and set admin_password
# Or set via environment variable:
export TF_VAR_admin_password="your-strong-password-here"
terraform init
terraform plan
terraform apply
# Note: JWT_SECRET is automatically generated by Terraform - no manual setup neededSee terraform/README_AUTH.md for detailed authentication setup instructions.
- Single Orders: Create individual orders with product URL, customer details, and automation method
- Batch Processing: CSV upload for bulk orders with priority assignment
- Queue Management: Priority-based processing (Low, Normal, High, Urgent)
- Status Tracking: Real-time updates via WebSocket connections
- Live View: Real-time browser session viewing with DCV streaming
- Session Replay: Recorded sessions for completed orders
- Manual Control: Human takeover capability during automation
- Screenshot Capture: Automatic screenshots at each automation step
- Web Bot Auth (Preview): Cryptographic request signing to reduce CAPTCHA friction
- Verifiable agent identity using IETF HTTP Message Signatures protocol
- Automatic integration with Cloudflare, HUMAN Security, and Akamai Technologies
- Enabled by default for all browser sessions
- Configurable in Settings → Browser Security & Authentication
- AWS Secrets Manager: Encrypted credential storage with KMS
- Web UI: Secret Vault interface for managing retailer credentials
- Automatic Retrieval: Seamless credential access during automation
- Audit Logging: Full CloudTrail integration for compliance
- Real-time Dashboard: Order status, queue metrics, and system health
- WebSocket Updates: Live progress tracking and notifications
- CloudWatch Integration: Metrics, logs, and alarms
- Health Checks: Application and infrastructure monitoring## AP I Reference
POST /api/orders
Content-Type: application/json
{
"retailer": "sample_retailer",
"automation_method": "nova_act",
"product": {
"url": "https://example.com/product",
"name": "Product Name",
"size": "M",
"color": "Blue",
"price": 99.99
},
"customer_name": "John Doe",
"customer_email": "[email protected]",
"shipping_address": {...},
"priority": "normal"
}GET /api/orders/{order_id}
GET /api/orders?status=processing&limit=50
DELETE /api/orders/{order_id} # Cancel orderPOST /api/orders/upload-csv
Content-Type: multipart/form-data
file: CSV file
automation_method: "nova_act" | "strands"
ai_model: "nova_act" | "claude-sonnet-4"GET /api/orders/{order_id}/live-view
GET /api/orders/{order_id}/session-replay
POST /api/orders/{order_id}/take-control
POST /api/orders/{order_id}/release-controlGET /api/secrets
POST /api/secrets
GET /api/secrets/{site_name}
PUT /api/secrets/{site_name}
DELETE /api/secrets/{site_name}// Connect to real-time updates
const ws = new WebSocket('ws://localhost:8000/ws');
// Order status updates
{
"type": "order_updated",
"order_id": "uuid",
"status": "processing",
"progress": 45
}
// Live browser screenshots
{
"type": "screenshot",
"order_id": "uuid",
"image_url": "/api/screenshots/image.png"
}- Encryption: Automatic KMS encryption for all stored credentials
- Access Control: IAM-based permissions with least privilege
- Audit Trail: CloudTrail logging for all secret access
- Rotation: Built-in support for automatic credential rotation
- VPC Isolation: Private subnets for application and database tiers
- WAF Protection: Application firewall with common attack prevention
- TLS Encryption: HTTPS/TLS for all data in transit
- Security Groups: Least-privilege network access rules
- Isolated Sessions: AgentCore Browser Tool provides containerized environments
- Session Cleanup: Automatic cleanup after order completion
- Access Logging: Detailed audit logs for all browser interactions
- Web Bot Auth: Cryptographic authentication reduces CAPTCHA challenges
- Based on draft IETF Web Bot Auth protocol
- Provides verifiable agent identity to websites
- Works with Cloudflare, HUMAN Security, and Akamai Technologies
- Domain owners retain full control over bot policies
- Learn more: AWS Blog Post
Key variables in terraform.tfvars:
project_name = "order-automation"
environment = "prod"
aws_region = "us-west-2"
# Optional custom domain
domain_name = "orders.yourdomain.com"
# ECS Configuration
ecs_task_cpu = 512
ecs_task_memory = 1024
ecs_desired_count = 2
enable_auto_scaling = true- ECS Fargate: Containerized application with auto-scaling
- Application Load Balancer: Traffic distribution with health checks
- RDS PostgreSQL: Managed database with encryption
- CloudFront: Global content delivery network
- S3: Static assets and file storage
- Secrets Manager: Encrypted credential storage
- ECS service metrics (CPU, memory, task count)
- Application Load Balancer metrics (requests, latency)
- Custom application metrics (order processing, queue depth)
- Application health endpoint:
GET /health - ECS container health checks
- ALB target group health monitoring
- Structured JSON logging with multiple levels
- CloudWatch Logs integration
- Real-time log streaming and filtering
- Database: Automatic SQLite when
DATABASE_URLnot set - AWS Services: Configure AWS CLI with development credentials
- Hot Reload: Both frontend and backend support hot reload
# Backend tests
cd backend && python -m pytest tests/
# Frontend tests
cd frontend && npm test
# Integration tests
npm run test:integrationThis project is licensed under the MIT License. See the LICENSE file for details.
For questions, issues, or contributions:
- Check existing Issues
- Create a new issue with detailed description
- Review CONTRIBUTING.md for contribution guidelines
- Amazon Bedrock Documentation
- Amazon Bedrock AgentCore Browser Tool
- AWS Secrets Manager Best Practices
- ECS Fargate Best Practices
- React Cloudscape Design System
Note: This is a sample application for demonstration purposes. Review and modify security settings, resource configurations, and access policies according to your organization's requirements before deploying to production environments.
