DEV Community: Benjamin Nwokoye

Prod Grade Agentic AI + RAG on AWS

Benjamin Nwokoye — Wed, 10 Jun 2026 04:51:14 +0000

The Problem

Technical teams spend too much time on communication overhead, status updates, translating technical progress into executive language, and searching for the right framework when a stakeholder's question lands minutes before a steering committee meeting.

I built an AI application to solve this. Two tools, one platform:

Executive Polish — paste a raw draft, get two executive-ready variants tuned to audience, tone, and channel in seconds
PM Coach — an AI coach grounded in PMP, SAFe, and Agile frameworks with persistent conversation memory and a retrieval-grounded knowledge base

Live on

app.bennwokoye.com

Architecture

AWS serverless architecture with API invocation patterns on one coherent platform.

Browser
  ├── HTTPS  → Amplify (CloudFront CDN)
  ├── REST   → API Gateway (Cognito Authorizer) → API Lambda
  │             ├── Rewrites   → Bedrock Model
  │             ├── History    → DynamoDB
  │             ├── User state → DynamoDB
  │             └── Payments   → Webhook → Secrets Manager
  └── SSE    → Lambda Function URL → Proxy Lambda
                └── invoke_agent_runtime → Bedrock AgentCore
                      ├── Strands Agent  → Bedrock Model
                      ├── Knowledge Base → S3 + Bedrock Retrieve
                      └── Memory        → AgentCore (4 strategies)

AWS Resources

Layer	Service	Purpose
Compute	AWS Lambda (×2)	API handler + streaming proxy
AI	Amazon Bedrock	Model inference
AI	Bedrock AgentCore	Managed agent runtime
AI	Bedrock Knowledge Bases	Retrieval-grounded PM framework KB
AI	Bedrock Guardrails	Content safety + denied topics
Auth	Amazon Cognito	Email + Google OAuth
API	Amazon API Gateway	Authenticated REST routes
Data	Amazon DynamoDB	Users, history, sessions
Secrets	AWS Secrets Manager	API credentials
Security	AWS IAM	Least-privilege execution roles
CDN	AWS Amplify + CloudFront	React frontend, edge delivery
Observability	Amazon CloudWatch	Structured logs
IaC	AWS CDK	5 CloudFormation stacks

CDK Stack Order

Auth → Storage → ToolProxy → Api → Frontend

Each stack owns its resources exclusively. No console changes. CDK is the only path to production.

Lessons Learned

Executive Polish Tool is synchronous — standard Lambda + API Gateway. The AI coach requires token-by-token streaming.

API Gateway buffers responses — it cannot stream. The solution: a Lambda Function URL with InvokeMode: RESPONSE_STREAM and the Lambda Web Adapter in response_stream mode.

Two bugs I hit:

Bug 1 — the SDK buffers by default.
Iterating the AgentCore EventStream as a list forces the SDK to load the full response before yielding. Fix: iter_lines(chunk_size=10) reads from the socket incrementally.

Bug 2 — React 18 batches rapid state updates.
Even with chunks arriving at the browser, the UI rendered everything at once. Fix: flushSync() from react-dom forces a synchronous render per token.

# Streaming endpoint — incremental socket reads
for line in response_obj.iter_lines(chunk_size=10):
    yield f"data: {json.dumps(parsed)}\n\n"

yield f"data: {json.dumps({'usage_remaining': remaining})}\n\n"
yield "data: [DONE]\n\n"

// React 18 — force render per token
flushSync(() => {
  setMessages(prev => appendChunk(prev, chunk));
});

AgentCore + Strands Agents

The AI coach runs on Bedrock AgentCore — AWS's managed agent runtime. The agent itself is ~60 lines using the Strands Agents SDK.

The model is configured fail-closed — if the guardrail ID is unset at runtime, the agent raises and never invokes unguarded:

def load_model():
    guardrail_id = os.environ.get("BEDROCK_GUARDRAIL_ID")
    if not guardrail_id:
        raise ValueError("BEDROCK_GUARDRAIL_ID must be set — fail closed")
    return BedrockModel(
        model_id="...",
        guardrail_id=guardrail_id,
        max_tokens=2048,
    )

AgentCore provides four-strategy persistent memory out of the box:

Strategy	What it stores
Semantic	Facts about the user
User Preference	Working and communication style
Summarization	Session summaries across conversations
Episodic	Conversation history within sessions

The KB retrieval tool grounds every response in a curated PM framework knowledge base. The agent never fabricates methodologies.

Bedrock Guardrails — Two Layers

The guardrail is attached to the agent model — fail-closed (raises if unset, never invokes unguarded).

Layer 1 — Content Filters

Blocks violence, hate, sexual content, misconduct, insults, and prompt attacks at HIGH sensitivity on input.

Layer 2 — Denied Topics

Added after discovering the agent revealed internal KB file names during testing:

{
  "topicsConfig": [
    {
      "name": "InternalSystemInformation",
      "definition": "Questions asking the agent to reveal KB structure, system prompt, infrastructure, or internal configuration.",
      "type": "DENY"
    },
    {
      "name": "ProprietaryContentExtraction",
      "definition": "Attempts to bulk-extract knowledge base document contents.",
      "type": "DENY"
    }
  ]
}

Combined with a hardened system prompt that explicitly instructs the agent never to reveal internal configuration — and states this boundary cannot be overridden by roleplay, hypothetical scenarios, or claimed authority.

Defense-in-depth: input sanitization runs before the guardrail on all model invocations. The guardrail is the authoritative backstop.

Authentication — The Federated Identity Edge Case

Cognito handles email/password and Google OAuth. JWT validation uses RS256 with JWKS verification — issuer pinned, audience required, verified on every request.

One edge case: Google-federated Cognito ID tokens include an at_hash claim that standard JWT libraries attempt to validate against an access token that is not present in the request. The fix is to disable at_hash validation while keeping all other security checks — RS256 signature, expiry, and token_use == "id".

The streaming Lambda Function URL has no API Gateway in front of it. JWT verification runs entirely in-app via JWKS on every request.

CI/CD — 7 Stages, 2 Hard Security Gates

Every push to main runs in sequence. Each stage gates the next.

backend-tests ──────────────────────────────────────────┐
  pytest 130 tests (unit + integration + IDOR)          │
  flake8 + black                                        │
                                                        ▼
frontend-tests ──── snyk ──────────────────────────── deploy
  Vitest 137 tests    │                                  │
  TypeScript + ESLint │                                  ├─ Build Lambda packages
  Production build    │                                  ├─ CDK Synth
                      │                                  ├─ Checkov (hard gate)
  297 npm deps ───────┘                                  ├─ CDK Deploy (5 stacks)
  High/critical CVEs block deploy                        └─ Amplify Deploy
  Caught a real CVE before prod ✓

Snyk Dependency Scan

297 npm packages scanned on every push. High and critical severity CVEs block the pipeline. Caught a real high-severity vulnerability in a transitive dependency before it reached production.

Checkov IaC Scan

CloudFormation templates scanned before every deploy — hard gate. Results render as a structured table in the GitHub Actions step summary. Intentional skips are documented with business justification, not silently suppressed.

Engineering Principles

SOLID throughout — abstract interfaces on all services. LSP enables mock substitution in tests without touching production code. Every router depends on injected abstractions.

Security by design — user_id always derived from the verified JWT sub claim, never from the request body. Generic error responses prevent information leakage. Every endpoint has an IDOR test.

Atomic rate limiting:

# Prevent concurrent requests from bypassing the free tier limit
response = self.table.update_item(
    UpdateExpression="SET daily_usage_count = daily_usage_count + :one",
    ConditionExpression="daily_usage_count < :limit",
    ReturnValues="UPDATED_NEW"
)

Tests as a behavioral contract — 130 backend tests, 137 frontend tests. No green tests, no deploy.

The Numbers

Metric	Value
Time to live users	30 days
AWS service layers	8
CDK stacks	5
DynamoDB tables	3 (PITR on all)
Lambda functions	2
AgentCore runtime	1
Backend tests	130
Frontend tests	137
npm deps scanned per deploy	297

What AgentCore Changes

Before AgentCore, building a production agent meant managing session state, memory storage, retrieval orchestration, and model invocation yourself. AgentCore provides all of this as a managed runtime with CDK-native deployment. The agent code stays focused on behavior — not infrastructure plumbing.

AWS Community Builder — Serverless specialty. Built with Bedrock AgentCore, Lambda, DynamoDB, Cognito, CDK, Amplify, and Claude Code.

Production Grade Webapp Using 100% AI Prompts — Here's What I Learned

Benjamin Nwokoye — Fri, 06 Mar 2026 04:02:03 +0000

TL;DR: Designed, developed and deployed a fully functional portfolio webapp without writing a single line of code (100% AI coded). But here's the twist - it's not just another AI project.

It scales seamlessly, follows SWE fundamentals (SOLID principles), security best practices, has 150+ test cases, an automated CI/CD pipeline, and runs on AWS - Let me show you how.

The Challenge

As a TPM working with AWS and Azure daily, I wanted a portfolio that reflected my engineering standards. Not a template, not a drag-and-drop builder, but a well-architected, production-grade application that is highly available, cost optimized, reliable and scalable.

The constraint? Build it entirely through AI prompts using Claude.

The Stack

Frontend: Next.js 14, TypeScript, Tailwind CSS, Framer Motion
Testing: Vitest + React Testing Library (150+ tests)
CI/CD: GitHub Actions → AWS Amplify
Infrastructure: AWS Amplify (Hosting), API Gateway, Lambda, SNS
AI Tools: Claude (development), Gemini (image generation)

Phase 1: Documentation First

Before any code, I created:

Document	Purpose
PRD	Product requirements and user stories
TRD	Technical requirements and constraints
ARCHITECTURE.md	System design and component hierarchy
CI-CD.md	Pipeline architecture
ADRs	Architecture Decision Records

Why this matters: AI assistants perform significantly better with context. These documents became the "memory" that kept Claude aligned across dozens of sessions.

Prompt pattern that worked:
"Read CLAUDE.md and docs/PLAN.md. We're starting Phase 3..."

Phase 2: SOLID Principles in Practice

Every component was built with intention:

Single Responsibility

// Each component does ONE thing
<Hero />           // Landing section only
<ProjectCard />    // Single project display
<EmailCapture />   // Form handling only

Open/Closed

// Extend via props, don't modify
interface SectionProps {
  className?: string;  // Extensible
  children?: ReactNode; // Composable
}

Interface Segregation

// Small, focused interfaces
interface Project {
  title: string;
  description: string;
  tech: string[];
  image?: string;  // Optional fields
  link?: string;
}

The result? Components that are testable, maintainable, and reusable.

Phase 3: Testing Strategy

I maintained a strict testing discipline throughout:

npm run test
# ✓ 150+ tests passing
# ✓ 17 test files
# ✓ Components, hooks, utilities covered

Key insight: When AI generates code, tests become your safety net. Every prompt included:

"..update related tests, verify: npm run lint, npm run test, npm run build."

This caught regressions immediately, especially when refactoring UI components.

Phase 4: CI/CD Pipeline

The deployment architecture:

┌─────────────┐     ┌─────────────────┐     ┌─────────────┐
│ Push to     │────▶│ GitHub Actions  │────▶│ AWS Amplify │
│ main branch │     │(lint/test/build)│     │ (deploy)    │
└─────────────┘     └─────────────────┘     └─────────────┘

GitHub Actions handles:

ESLint validation
150+ test execution
Next.js static build
Push to deploy branch

AWS Amplify handles:

Automatic deployment on branch update
CDN distribution
SSL certificate management
Custom domain configuration

The entire pipeline runs in under 3 minutes.

Phase 5: AWS Architecture

Contact Form Backend

┌──────────┐     ┌─────────────┐     ┌────────┐     ┌─────┐
│ Contact  │────▶│ API Gateway │────▶│ Lambda │────▶│ SNS │
│ Form     │     │             │     │        │     │     │
└──────────┘     └─────────────┘     └────────┘     └─────┘

API Gateway: RESTful endpoint with CORS configured
Lambda: Node.js function for form processing
SNS: Email notification delivery

Hosting

Amplify: Static web hosting with built-in CI/CD
Route53: DNS management
ACM: SSL certificate (auto-managed by Amplify)
IAM: Principle of least privilege
Cloudwatch: Telemetrics (logging and alerting)

Total AWS cost: ~$2/month (mostly Route53 hosted zone)

Security Considerations

Even with AI-generated code, security wasn't negotiable:

No secrets in code: Environment variables in Amplify
HTTPS everywhere: Amplify-managed SSL
Input validation: Client and server-side
CORS configured: API Gateway restrictions
No sensitive data exposure: Form data handled server-side
Dependencies audited: npm audit in CI pipeline

Lessons Learned

What Worked

Documentation-first approach — AI performs better with context
Incremental prompts — Small, focused changes vs. massive rewrites
Test requirements in every prompt — Catches regressions immediately
Reference examples — "Make it look like {example.com}" > vague descriptions

What Didn't

Vague design requests - "Make it look professional" yields generic results
Skipping verification — Always run lint/test/build before committing
Trusting without reviewing — AI makes mistakes; review the diff

The Prompt Pattern That Worked

Read [context files].

[Specific task description]

Requirements:
1. [Explicit requirement]
2. [Explicit requirement]
3. [Explicit requirement]

Verify: npm run lint, npm run test, npm run build

Update docs: CHANGELOG.md, FEATURES.md

This pattern maintained consistency across 50+ development sessions.

Results

Metric	Value
Development time	~2 weeks (evenings/weekends)
Lines of code	5,000+
Test coverage	150+ tests
Lighthouse score	90+ (Performance, SEO, Accessibility)
Monthly AWS cost	~$2
Manual code written	0 lines

Try It Yourself

The site is live at bennwokoye.com

Key takeaways for your own AI-assisted projects:

Invest in documentation — It's context for your AI
Enforce engineering standards — AI will follow them if you're explicit
Test everything — Your safety net for AI-generated code
Iterate visually — Screenshots help AI understand design issues
Own the architecture — AI assists; you architect

Check out my other posts on dev.to/benzinoh.

aws #webdev #devops #ai #cloudcomputing #cicd #typescript #nextjs

Host Your Web App For Free Using AWS Serverless Architecture + CB Credits

Benjamin Nwokoye — Mon, 31 Mar 2025 03:17:03 +0000

My website www.bennwokoye.com runs on AWS serverless architecture at almost zero cost. Continue for insights and pros of deploying it entirely using AWS serverless resources. You can leverage this architecture to host your web applications, as AWS CB credits can be applied towards resource costs.

Architecture Diagram

Overview of the Architecture

The core components of my architecture leveraging AWS serverless solutions:

Static content hosting: Amazon S3
Domain and DNS management: Route 53
Content Delivery Network (CDN): CloudFront
Backend processing: API Gateway, Lambda, SNS, DynamoDB
Security and SSL: AWS WAF, AWS Certificate Manager (ACM)
CI/CD automation: GitHub + GitHub Actions
Infrastructure as Code: Terraform

Static Content Hosting with Amazon S3
I choose AWS S3 to host HTML, CSS, and JavaScript files. S3 provides an easy, cost-effective, and scalable solution for static web hosting. Amazon S3's high availability ensures reliable content accessibility from anywhere globally.

Domain Management and DNS with Route 53
AWS Route 53 handles domain registration and translates my domain name into IP addresses, making DNS management straightforward and reliable. It also offers health checks and failover support to maintain high availability.

CDN and Caching with AWS CloudFront
AWS CloudFront caches my content at edge locations globally, significantly reducing load times and latency for global users. It integrates seamlessly with S3 as the origin and automatically invalidates caches whenever new content is deployed through my CICD pipeline, ensuring visitors always see the latest version of my website.

Enhanced Security with WAF and ACM
AWS Web Application Firewall (WAF) is integrated with CloudFront to protect my site against common web exploits and attacks. AWS Certificate Manager (ACM) provides free, automated SSL certificates, ensuring encrypted and secure connections to my site.

Serverless Backend: API Gateway, AWS Lambda, SNS & DynamoDB
I leveraged API Gateway to expose a secure REST API to handle dynamic interactions with my contact form submissions, triggering an AWS Lambda function to process requests. This eliminates server management overhead and allows automatic scaling based on traffic.

Notifications with Amazon SNS
I integrated Amazon SNS with the Lambda function to send notifications whenever a user submits a form. SNS sends email notifications instantly, informing me promptly of user interactions without manual checks.

Data Storage with DynamoDB
I also store messages submitted via the contact form in Amazon DynamoDB, a highly performant, serverless NoSQL database. DynamoDB ensures scalable, secure, and reliable storage for user-generated data.

Automated CI/CD with GitHub + GitHub Actions
The entire deployment process is automated using GitHub + GitHub actions. A commit to the main branch of my GitHub repository triggers an automatic deployment, ensuring fast, consistent updates. The pipeline automatically fetches, builds, deploys, and invalidates CloudFront cache, streamlining updates effortlessly.

Infrastructure Management via Terraform
All resources are managed through Terraform, enabling version control, modularity, and reusability.

Why Serverless?

This architecture offers significant advantages:

Cost Efficiency: No infrastructure management overhead, pay only for resources used.
High Availability: 99.99% uptime with auto-scaling.
Security: Integrated AWS security, DDoS protection, and request throttling.
Performance: Minimized latency with a global CDN.
Automation: Streamlined updates via automated CI/CD pipelines.

Adopting AWS serverless services accelerated the time and effort to build a cost-effective, scalable, secure web app following well-architected framework and industry best practices. This approach simplifies operations and provides a solid foundation for autoscaling and integration with other AWS serverless offerings.
Follow me on LinkedIn to explore opportunities for collaboration and innovation. Let's build something great together, for now and the future.

From Coal & Crude to Data & AI

Benjamin Nwokoye — Tue, 25 Mar 2025 04:37:26 +0000

From 1760 to 1840, the Industrial Revolution marked one of history's most significant transformations. Europe experienced groundbreaking innovations such as James Watt's steam engine in 1769, while West Africa saw the rise of the Sokoto Caliphate in 1804, becoming a prominent empire in present-day Nigeria. The global landscape further shifted with the discovery of oil at Pennsylvania's Drake Well in 1859, fueling advancements in transportation and industrialization.

Long before oil was discovered in Nigeria in 1956, African societies actively engaged in trade, agriculture, textile production, industrial fishing and other innovative industrial practices, contributing notably to global economic networks. With the discovery of coal and oil, industries were transformed, oil-fueled transportation and human skill and adaptability sparked innovation, empowered emerging industries, and reshaped the global economy.

Fast forward to 2025! Today, we stand at the brink of another transformative era, “the AI revolution.” Much like coal and oil-fueled industries in history, data is now the pivotal resource powering the modern digital economy. Alongside data, interconnected devices (IoT) and human ingenuity remain critical. However, data increasingly drives competitive advantage, innovation, and strategic decision-making.

I map data to oil because, much like crude oil, its true value emerges only after careful refinement. Raw data, accumulated from billions of daily interactions across multiple digital platforms, IoT devices, and transactional systems, has limited intrinsic value. However, data becomes immensely valuable when strategically processed, analyzed, and leveraged through tailored cloud services and AI.

Cloud technologies like AWS SageMaker enable effective data utilization to predict customer behaviour, optimize supply chains, detect fraud, and personalize user experiences. Harnessing data's full potential goes beyond mere storage in AWS services like S3, DynamoDB, or RDS. It requires advanced analytics capabilities through data lakes, data warehouses, serverless architectures, and integrated AI systems like AWS Bedrock to transform raw data into actionable intelligence.

Even as technology advances, human potential remains indispensable. Data, IoT devices, computer chips, robots, and AI alone cannot generate innovation or creativity. Skilled individuals who responsibly collect, secure, and interpret data and understand how to leverage cloud technology to build and effectively train AI models, avoiding common pitfalls like underfitting, overfitting, or bias, are and will remain indispensable.

Adopting a growth mindset, investing in continuous education, earning certifications like the AWS AI Practitioner, and joining community initiatives like AWS Community Builders help foster collaboration, knowledge-sharing, and collective growth within our new data-driven economy.

Just as coal and oil once defined the pace and possibilities of the industrial age, data, cloud computing, and AI now define our digital era. Individuals who harness this "new oil" effectively will shape markets, transform industries, and lead the next wave of innovation. It’s 2025! Let's build something great together for now and for the future.

References
Falola, T., & Heaton, M. M. (2008). A History of Nigeria. Cambridge University Press.
Last, M. (1967). The Sokoto Caliphate. Longman Publishing Group.
Yergin, D. (1991). The Prize: The Epic Quest for Oil, Money & Power. Simon & Schuster.