Cloud Agent Studio
Sign inGet started →

platform

An agent runtime, deployed as CDK.

Cloud Agent Studio is not a SaaS. It is a CDK app that provisions a Fargate-hosted agent runtime, a Lambda-hosted control API, and a single-table DynamoDB state store inside your AWS account — the same account you already run everything else in.

vcpu per agent

16

memory

120 GiB

scratch disk

200 GiB

hard cap

2 hr

three stacks

Foundation. Agent. API.

The runtime deploys as three sibling CDK stacks. Each owns its own boundary, its own IAM, and its own failure domain. Deploy independently, roll back independently.

foundation

Shared primitives

Single-table DynamoDB, five LLM provider secrets in Secrets Manager, a 2-AZ VPC, an ECS cluster with Container Insights v2, and an ECR repository that keeps the last ten images.

  • DynamoDB (single table)
  • Secrets Manager (Anthropic, OpenAI, Gemini, xAI, OpenRouter)
  • VPC · ECS cluster · ECR · CloudWatch Logs

agent

Max-Fargate task

A single ECS task definition pinned to the largest Fargate shape available. Runs the pi coding agent on Node 24 under a non-root operator user, signal-forwarded, with a 2-hour hard cap.

  • 16 vCPU / 120 GiB / 200 GiB ephemeral
  • Non-root operator · writable /workspace
  • SIGTERM → 30s → SIGKILL escalation

api

Control plane

Express on Lambda, fronted by CloudFront with a managed WAF rule set. Admin-only provisioning Lambda gated by a GitHub OIDC role scoped to this repo and environment.

  • Express + Lambda (esbuild bundle)
  • CloudFront + WAF (cloudagent ruleset)
  • GitHub OIDC trust (repo + env pinned)

runtime

A bare container. Your model keys.

The agent image is Node 24 plus ripgrep, fd, and the pi coding agent. No MCP servers baked in. No skills baked in. No models baked in. No credentials baked in. Provider keys are injected from Secrets Manager at task-start; provider and model selection happen at runtime.

Headless run

Set JOB_PROMPT and pi executes in --mode json, streams structured output to CloudWatch, and exits with the agent's exit code. One task per prompt.

Interactive session

No JOB_PROMPT and the task idles for ECS Exec. aws ecs execute-command drops you into /bin/bash inside the live container — same VPC, same IAM, same disk.

security

Least-privilege, pinned to this repo.

The deploy and invoke paths trust a single GitHub OIDC subject — repo:org/cloudagent:environment:ENV — and nothing else. No long-lived access keys. No wildcarded IAM. Admin actions run via lambda:InvokeFunction on a named, scoped function, not a permissive role.

OIDC-only trust

Deploy and invoke roles trust a GitHub OIDC subject pinned to this repo and environment. No static credentials in the pipeline.

Scoped task role

Agent tasks read the specific secrets they need, read/write the one table, and get ECS Exec. No S3, no IAM, no org-wide reach.

Audit surface

Every tool call logs to CloudWatch with 2-week retention. Container Insights v2 emits per-task CPU and memory. CloudTrail sees every AWS action.

ready to deploy

Clone the stack. Run cdk deploy.

Get startedSee pricing