Skip to content

Fix: [AEA-6112] - kb logging 🤞 #271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bencegadanyi1-nhs merged 33 commits into from
Jan 16, 2026
Merged

Fix: [AEA-6112] - kb logging 🤞 #271

bencegadanyi1-nhs merged 33 commits into from
Jan 16, 2026

Conversation

@bencegadanyi1-nhs
Copy link
Contributor

@bencegadanyi1-nhs bencegadanyi1-nhs commented Jan 7, 2026
edited
Loading

summary

adds configurable aws bedrock model invocation logging so we can capture + monitor all bedrock api interactions in cloudwatch logs

details

this pr adds the infra + lambda glue to enable aws bedrock model invocation logging

cdk doesn’t currently expose bedrock’s logging config, so we wire it up via a custom cloudformation resource (backed by a lambda) that calls the bedrock api

logging is off by default. you can toggle it via the enableLogging flag in EpsAssistMeStack.ts during deployment or by invoking the lambda in aws console with the following body:

{"enable_logging": true}

           OR

{"enable_logging": false}

  • BedrockLoggingConfiguration construct

    • creates a cloudwatch log group (kms encrypted) for invocation logs
    • creates an iam role that the bedrock service can assume to write logs
    • creates a custom resource lambda to apply/remove the bedrock logging config

  • bedrockLoggingConfigFunction lambda

    • on create/update: applies the model invocation logging config
    • on delete: removes the logging config
    • supports toggling via ENABLE_LOGGING env var (so deploys can keep the resource but no-op when disabled)
    • derives log group + role arns from cdk-provided env vars

@github-actions
Copy link

github-actions bot commented Jan 7, 2026
edited
Loading

This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket:

AEA-6112

@bencegadanyi1-nhs bencegadanyi1-nhs changed the title Fix: [AEA-0000] - kb logging 🤞 Fix: [AEA-6112] - kb logging 🤞 Jan 12, 2026
kieran-wilkinson-4
kieran-wilkinson-4 reviewed Jan 16, 2026
View reviewed changes
jonathanwelch1-nhs
jonathanwelch1-nhs reviewed Jan 16, 2026
View reviewed changes
Copy link

@jonathanwelch1-nhs jonathanwelch1-nhs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

leaving to Kieran

@jonathanwelch1-nhs jonathanwelch1-nhs self-requested a review January 16, 2026 14:11
@jonathanwelch1-nhs jonathanwelch1-nhs dismissed their stale review January 16, 2026 14:11

leaving to Kieran

@bencegadanyi1-nhs bencegadanyi1-nhs enabled auto-merge (squash) January 16, 2026 14:13
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 16, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
93.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bencegadanyi1-nhs bencegadanyi1-nhs merged commit 957d45c into main Jan 16, 2026
12 checks passed
@bencegadanyi1-nhs bencegadanyi1-nhs deleted the AEA-0000-enable-kb-logging branch January 16, 2026 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kieran-wilkinson-4 kieran-wilkinson-4 kieran-wilkinson-4 approved these changes

@jonathanwelch1-nhs jonathanwelch1-nhs Awaiting requested review from jonathanwelch1-nhs

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bencegadanyi1-nhs @jonathanwelch1-nhs @kieran-wilkinson-4 @Beenyaa