Architecting the Autonomous DevSecOps Analyst

DevSecOps Analyst Guide

Architecting the Autonomous DevSecOps Analyst

An Implementation Guide for AI-Powered Debugging in GitLab and AWS

Figure 1: End-to-End Workflow Overview
1. Development 👨‍💻 Developer pushes code (with bug/error) to GitLab. 2. Pipeline Failure CI/CD job (e.g., terraform apply) fails. 3. AI Analysis 🤖 Debugger component activates. Bedrock Agent analyzes logs, code, and environment. 4. Resolution Agent posts RCA note to pipeline AND/OR creates a Merge Request.

Section 1: Foundational Architecture: Secure AWS Integration

The successful implementation of an AI-powered debugging agent hinges on a secure and robust foundation. This section details the architecture for integrating GitLab Runners hosted within the AWS environment with the Amazon Bedrock service. The primary objective is to ensure secure, credential-less authentication for CI/CD jobs.

1.1 Leveraging Native AWS Authentication

When GitLab Runners are hosted on AWS infrastructure, such as Amazon EC2 instances or within an Amazon EKS cluster, they can leverage native IAM mechanisms for authentication. This eliminates the need for static AWS access keys.

EC2 Instance Roles: An IAM Role is associated with the instance via an Instance Profile. The AWS SDKs automatically retrieve temporary, rotated security credentials.

EKS IAM Roles for Service Accounts (IRSA): IRSA allows associating an IAM role with a Kubernetes service account, which the runner pod uses to get temporary credentials.

Figure 2: IAM Architecture (Two-Tiered System)
graph TD
    subgraph CI_CD ["CI/CD Infrastructure (VPC/EKS)"]
        R(GitLab Runner on AWS EC2/EKS)
    end

    subgraph AWS ["AWS Account"]
        subgraph IAM ["IAM Roles"]
            RR["Tier 1 - Runner Role
(Instance Role or IRSA)
Minimal Permissions"]
            AER["Tier 2 - Agent Execution Role
Diagnostic Permissions"]
        end

        subgraph Bedrock ["Bedrock Service"]
            A(Bedrock Agent)
            FM(Foundation Model)
        end

        L(Action Group Lambda)
        SM(Secrets Manager
GitLab API Token)
        AWSAPI(AWS APIs - IAM, S3, EC2)
        GLAPI(GitLab API)
    end

    R -- "Inherits Permissions" --> RR
    RR -- "Allows bedrock:InvokeAgent" --> A

    A -- "Assumes Role" --> AER

    AER -- "Allows bedrock:InvokeModel" --> FM
    AER -- "Allows Execution" --> L

    L -- "Allows secretsmanager:GetSecretValue" --> SM
    L -- "Allows iam:GetPolicy, s3:Get, etc." --> AWSAPI
    L -- "API Calls with Token" --> GLAPI

    style RR fill:#D1E8FF,stroke:#1976D2,stroke-width:2px
    style AER fill:#E8F5E9,stroke:#4CAF50,stroke-width:2px

The Two-Tiered Role System

Regardless of the hosting mechanism, a critical element of this architecture is the implementation of a two-tiered role system to enforce the principle of least privilege. The pipeline's sole responsibility should be to initiate the analysis, not to perform it.

  • GitLab Runner Role (Instance Role/IRSA): This is the role inherently assumed by the runner infrastructure (EC2 or EKS Pod). In this architecture, its permissions for the debugging process are minimal, restricted strictly to `bedrock:InvokeAgent`.
  • Bedrock Agent Execution Role: This role is assumed by the Bedrock service itself when the agent needs to execute an action (i.e., run a Lambda function) or use the underlying Foundation Model. It holds the specific, granular permissions required to perform diagnostic actions.

This separation (Runner infrastructure inherently has the Runner Role to invoke Agent; Bedrock service assumes Execution Role to perform actions) creates a clear separation of concerns and significantly reduces the blast radius should the runner infrastructure be compromised.

1.2 Terraform Implementation: IAM Roles

The security foundation can be codified using Terraform. This implementation assumes the GitLab Runner infrastructure (EC2/EKS) is already deployed, and focuses on defining the necessary roles.

GitLab Runner Role Definition (Example: EC2)

The Runner Role must exist and be attached to the EC2 instances hosting the GitLab runners.

# modules/iam_roles/main.tf

# Example definition for the role attached to the EC2 instances hosting the runners.
# If using EKS/IRSA, the trust policy (assume_role_policy) would reference the EKS OIDC provider instead.
resource "aws_iam_role" "gitlab_runner_instance_role" {
  name = "GitLabRunnerInstanceRole"

  # Trust Policy: Allows assumption by the EC2 service principal
  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Effect    = "Allow",
        Principal = { Service = "ec2.amazonaws.com" },
        Action    = "sts:AssumeRole"
      }
    ]
  })
}

# The Instance Profile attaches the role to the EC2 instances
resource "aws_iam_instance_profile" "gitlab_runner_profile" {
  name = "GitLabRunnerInstanceProfile"
  role = aws_iam_role.gitlab_runner_instance_role.name
}

Bedrock Agent Execution Role Definition

This role is assumed by the Amazon Bedrock service.

# modules/iam_roles/main.tf (continued)

data "aws_caller_identity" "current" {}
data "aws_region" "current" {}

# Role assumed by the Amazon Bedrock service to execute agent actions
resource "aws_iam_role" "bedrock_agent_execution_role" {
  name = "BedrockAgentExecutionRole"

  # Trust Policy: Allows assumption by the Bedrock service principal
  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Effect    = "Allow",
        Principal = { Service = "bedrock.amazonaws.com" },
        Action    = "sts:AssumeRole",
        Condition = {
            # Restrict to the specific account
            "StringEquals": {
                "aws:SourceAccount": data.aws_caller_identity.current.account_id
            },
            # Restrict to agents within the account (can be tightened to a specific agent ARN later)
            "ArnLike": {
                "aws:SourceArn": "arn:aws:bedrock:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:agent/*"
            }
        }
      }
    ]
  })
}

1.3 IAM Policies: The Principle of Least Privilege

Runner Role Policy

The policy attached to the `GitLabRunnerInstanceRole` must grant permission to invoke the specific Bedrock agent.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "bedrock:InvokeAgent",
            // The Resource ARN must be updated with the actual Agent Alias ARN after creation.
            "Resource": "arn:aws:bedrock:REGION:ACCOUNT_ID:agent-alias/AGENT_ID/ALIAS_ID"
        }
        // Other baseline runner permissions (ECR, CloudWatch, etc.) would also be included here.
    ]
}

Agent Execution Role Policies

This policy grants the necessary access for the agent and its backing Lambda functions.

Permission (Action) Resource Scope Justification
bedrock:InvokeModel arn:aws:bedrock:REGION::foundation-model/anthropic.claude-3-5-sonnet* Allows the agent to use the specified Foundation Model for reasoning.
logs:Create*, logs:PutLogEvents arn:aws:logs:REGION:ACCOUNT_ID:log-group:/aws/lambda/* Standard permissions for Lambda functions to write logs.
secretsmanager:GetSecretValue arn:aws:secretsmanager:REGION:ACCOUNT_ID:secret:gitlab-api-token-* Allows Lambda functions to securely retrieve the GitLab API token.
iam:GetPolicy*, iam:ListAttachedRolePolicies arn:aws:iam::ACCOUNT_ID:policy/*, arn:aws:iam::ACCOUNT_ID:role/* Enables the agent to inspect existing IAM policies and roles.
iam:CreatePolicy * Allows the agent to create a new IAM policy when it recommends a fix.
ec2:Describe*, ec2:Get* * Grants read-only access to describe core networking and compute resources.
s3:GetBucketPolicy, s3:ListBucket arn:aws:s3:::* Allows the agent to inspect S3 bucket configurations.

Security Note on iam:CreatePolicy: Granting this permission to an automated agent introduces a potential risk of privilege escalation. It is strongly recommended to implement IAM Permissions Boundaries or AWS Service Control Policies (SCPs) to restrict the maximum permissions the agent is allowed to create, acting as a guardrail.

Section 2: The Sentinel: Crafting the GitLab CI/CD Debugger Component

The focus shifts to the GitLab-side implementation. A formal GitLab CI/CD Component is used, offering enterprise-grade features such as versioning and a clear interface using input specifications.

2.1 Designing a Reusable GitLab Component

# templates/bedrock-debugger.yml
spec:
  inputs:
    bedrock_agent_id:
      description: "The ID of the Amazon Bedrock agent to invoke for debugging."
      type: string
    bedrock_agent_alias_id:
      description: "The ID of the Bedrock agent alias to use."
      type: string
      default: "TSTALIASID"
    aws_region:
      description: "The AWS region where the Bedrock agent is deployed."
      type: string
    # A token is required to post the analysis back to GitLab.
    # It must be provided by the consuming project as a masked variable.
    gitlab_api_token:
       description: "GitLab API Token with 'api' scope to post results."
       type: string
---
# Job definition follows...

2.2 The on-failure Job Definition

The core of the component is a conditional CI/CD job. The job runs in the .post stage (guaranteed to run last) and uses the when: on_failure rule.

# templates/bedrock-debugger.yml (continued)
bedrock_debugger:
  stage: .post
  # We use a base image that includes awscli, jq (for parsing the response), and curl (for GitLab API).
  # The GitLab aws-base image is suitable.
  image:
    name: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest
    entrypoint: ["/bin/bash", "-c"]
  rules:
    # Only run this job if a previous job in the pipeline has failed
    - when: on_failure
  # The id_tokens block used for OIDC is no longer required.
  script:
    # Script to invoke agent and process response (details in 2.3)

2.3 Context Gathering and Agent Invocation Script

The script block is significantly simplified as the AWS CLI automatically handles authentication using the Runner's Instance Role.

Configuration and Verification

# Part of the 'script:' block in bedrock_debugger job
set -e # Exit immediately if a command fails
echo "Configuring AWS environment..."

# Set the region for the AWS CLI based on the component input.
export AWS_DEFAULT_REGION="$[[ inputs.aws_region ]]"
export AWS_REGION="$[[ inputs.aws_region ]]"

# Verify the identity being used (should be the Runner Instance Role).
# This confirms the runner is correctly configured and authentication is working.
echo "Verifying AWS Caller Identity..."
aws sts get-caller-identity

Agent Invocation and Response Processing

The invocation logic remains the same, focusing on calling the agent and processing the streamed JSONL response.

# Part of the 'script:' block in bedrock_debugger job (continued)

# Construct the initial prompt for the agent.
PROMPT="A GitLab CI/CD job has failed. Please perform a root cause analysis. Context: Project ID: $CI_PROJECT_ID, Job ID: $CI_JOB_ID, Commit SHA: $CI_COMMIT_SHA, Project URL: $CI_PROJECT_URL, Triggered by: $GITLAB_USER_EMAIL, API URL: $CI_API_V4_URL, Job Name: $CI_JOB_NAME, Source Branch: $CI_COMMIT_REF_NAME."
SESSION_ID="${CI_PIPELINE_IID}-${CI_JOB_ID}"

echo "Invoking Bedrock Agent..."
# The response is streamed; we capture it into a file (response.jsonl).
# Note the command is bedrock-agent-runtime
aws bedrock-agent-runtime invoke-agent \
  --agent-id "$[[ inputs.bedrock_agent_id ]]" \
  --agent-alias-id "$[[ inputs.bedrock_agent_alias_id ]]" \
  --session-id "$SESSION_ID" \
  --input-text "$PROMPT" \
  --enable-trace false \
  /tmp/response.jsonl

# Process the Agent Response (Streamed JSONL format)
# We must extract the 'bytes' field from the 'chunk' objects, decode them from base64,
# and aggregate them to form the final agent output.
echo "Processing Agent Response..."
# Use jq to safely extract the bytes and base64 decode the result.
AGENT_OUTPUT=$(cat /tmp/response.jsonl | jq -r 'select(.chunk != null) | .chunk.bytes' | base64 -d)

echo "--- Agent Analysis Result ---"
echo "$AGENT_OUTPUT"
echo "-----------------------------"

# Post the output as a note on the failed pipeline
echo "Posting analysis to GitLab Pipeline #$CI_PIPELINE_IID..."
# Prepare the payload for the GitLab API. Use jq to ensure the agent output is properly escaped JSON.
NOTE_BODY="**Autonomous DevSecOps Analyst RCA (Job $CI_JOB_NAME):**\n\n$AGENT_OUTPUT"
JSON_PAYLOAD=$(jq -n --arg body "$NOTE_BODY" '{ "body": $body }')

curl --request POST --header "PRIVATE-TOKEN: $[[ inputs.gitlab_api_token ]]" \
     --header "Content-Type: application/json" \
     --data "$JSON_PAYLOAD" \
     "$CI_API_V4_URL/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/notes"

Section 3: The Oracle: Architecting the Amazon Bedrock Debugging Agent

The intellectual core of this solution is the Amazon Bedrock agent, an orchestrated system designed to reason, use tools, and solve complex problems autonomously.

Figure 3: Agent Reasoning Loop (Reason-Act-Observe)
graph LR
    Start(Initial Prompt
'Job Failed') --> Reason1(Reasoning)
    Reason1 -- "Need info" --> Act1(Action: Select Tool)
    Act1 -- "get_gitlab_job_logs" --> Observe1(Observation)
    Observe1 -- "Receives Logs" --> Reason2(Reasoning)

    Reason2 -- "Identified Error Type" --> Act2(Action: Select Tool)

    subgraph Iterative Analysis
        Act2 -- "e.g., read_repository_file" --> Observe2(Observation)
        Observe2 -- "Receives Data" --> Reason3(Reasoning)
        Reason3 -- "Need more info/Ready to fix" --> Act3(Action: Select Tool)
    end

    Act3 -- "e.g., propose_code_fix_mr" --> Observe3(Observation)
    Observe3 -- "Action Result" --> Reason4(Reasoning)

    Reason4 -- "Objective Complete" --> Finish(Final Response)

    style Start fill:#d4e1f5
    style Finish fill:#d4e1f5

    classDef reasoning fill:#F5D0FE,stroke:#C026D3;
    classDef action fill:#BAE6FD,stroke:#0284C7;
    classDef observation fill:#FEF08A,stroke:#CA8A04;

    class Reason1,Reason2,Reason3,Reason4 reasoning;
    class Act1,Act2,Act3 action;
    class Observe1,Observe2,Observe3 observation;

3.1 Agent Creation and Foundation Model Selection

The agent is configured within the Amazon Bedrock service with the ARN of the BedrockAgentExecutionRole. Anthropic's Claude 3.5 Sonnet is recommended for its balance of performance, speed, and reasoning capabilities.

3.2 Advanced Prompt Engineering with the COSTAR Framework

(C)ontext: "You are an autonomous DevSecOps analyst integrated into a GitLab CI/CD pipeline..."
(O)bjective: "Your primary objective is to perform a complete root cause analysis (RCA) and generate a precise, actionable remediation..."
(S)tyle: "Your analysis must be technical and precise..."
(T)one: "Maintain an authoritative, objective, and helpful tone..."
(A)udience: "Your response is intended for a Senior DevOps Engineer..."
(R)esponse Format: "Format your response in Markdown. If you successfully created an MR..., your response must start with '✅ RCA complete...'. Otherwise, structure your response as follows: ❌ RCA Findings..."

3.3 Designing the Agent's Toolkit: Action Groups

Action Groups are the agent's tools, defined by an OpenAPI 3.0 schema that serves as the contract between the Bedrock agent and the backend Lambda function.

Action Name Description for Agent Backing Lambda Function
get_gitlab_job_logs Fetches the full, raw text log for a failed GitLab job. gitlab-interaction-service
read_repository_file Reads the content of a specific file from the GitLab repository. gitlab-interaction-service
check_aws_iam_policy Inspects a specific AWS IAM policy by its ARN. aws-inspection-service
propose_code_fix_mr Creates a new branch, commits a fix, and opens a Merge Request. gitlab-interaction-service
generate_iam_policy_fix Generates a valid AWS IAM policy JSON document. remediation-service

Section 4: The Agent's Toolkit: Implementing Action Group Lambda Functions

This section provides the practical implementation details for the Action Groups. Each tool is backed by an AWS Lambda function written in Python.

4.1 Lambda Function Architecture

  • Shared Structure: A dispatcher pattern is used within the Lambda handler, utilizing the apiPath in the Bedrock event payload to route requests.
  • Secrets Management: The GitLab Private Access Token is stored securely in AWS Secrets Manager and retrieved by the functions at runtime.
  • Dependencies: Functions are packaged with python-gitlab and boto3.

4.2 The gitlab-interaction-service Lambda

Function: get_job_logs

# In gitlab-interaction-service/handler.py
import gitlab
# Assume 'gl' is the initialized GitLab client

def get_job_logs(gl, project_id, job_id):
    """Fetches the raw log for a specific GitLab job."""
    try:
        project = gl.projects.get(project_id)
        job = project.jobs.get(job_id)
        # The trace() method returns the log as bytes, which must be decoded.
        return job.trace().decode('utf-8')
    except gitlab.exceptions.GitlabError as e:
        # Return the error message so the agent can reason about the failure
        return f"Error fetching GitLab job log: {e.error_message}"

Function: get_file_content

# In gitlab-interaction-service/handler.py
import base64

def get_file_content(gl, project_id, file_path, commit_sha):
    """Reads a file from the repository at a specific commit."""
    try:
        project = gl.projects.get(project_id)
        # The 'ref' parameter specifies the commit SHA
        f = project.files.get(file_path=file_path, ref=commit_sha)
        # Content is Base64 encoded by the API, so it must be decoded
        return base64.b64decode(f.content).decode('utf-8')
    except gitlab.exceptions.GitlabError as e:
        return f"Error reading repository file {file_path} at commit {commit_sha}: {e.error_message}"

Function: create_remediation_mr

This function orchestrates three distinct GitLab API calls.

# In gitlab-interaction-service/handler.py
def create_remediation_mr(gl, project_id, source_branch, new_branch_name, commit_message, file_path, new_content, mr_title, assignee_email):
    """Orchestrates creating a branch, committing a fix, and opening an MR."""
    try:
        project = gl.projects.get(project_id)

        # 1. Create a new branch from the source branch
        project.branches.create({'branch': new_branch_name, 'ref': source_branch})

        # 2. Create a commit with the updated file on the new branch
        commit_data = {
            'branch': new_branch_name,
            'commit_message': commit_message,
            'actions': [
                {
                    'action': 'update', # Assuming the file exists; use 'create' if new
                    'file_path': file_path,
                    'content': new_content
                }
            ]
        }
        project.commits.create(commit_data)

        # 3. Attempt to find the user ID for assignment
        assignee_id = None
        if assignee_email:
            # Use search as exact email lookup might be restricted by user privacy settings
            users = gl.users.list(search=assignee_email)
            if users:
                assignee_id = users[0].id

        # 4. Create the Merge Request
        mr_data = {
            'source_branch': new_branch_name,
            'target_branch': source_branch,
            'title': mr_title,
            'description': f"Automated fix proposed by Bedrock CI/CD Analyst.\n\nDetails: {commit_message}",
            'remove_source_branch': True
        }
        if assignee_id:
            mr_data['assignee_id'] = assignee_id

        mr = project.mergerequests.create(mr_data)
        return {"status": "success", "mr_url": mr.web_url}

    except gitlab.exceptions.GitlabError as e:
        return {"status": "error", "message": str(e)}

4.3 The aws-inspection-service Lambda

Function: get_iam_policy_details

This requires a two-step process to retrieve the default policy version document.

# In aws-inspection-service/handler.py
import boto3
import json

def get_iam_policy_details(policy_arn):
    """Retrieves the default version of an IAM policy document."""
    iam = boto3.client('iam')
    try:
        # Step 1: Get policy metadata to find the DefaultVersionId
        policy_metadata = iam.get_policy(PolicyArn=policy_arn)
        default_version_id = policy_metadata['Policy']['DefaultVersionId']

        # Step 2: Get the specific policy version document
        policy_version_response = iam.get_policy_version(
            PolicyArn=policy_arn,
            VersionId=default_version_id
        )
        # The actual policy document is under the 'Document' key
        return json.dumps(policy_version_response['PolicyVersion']['Document'], indent=2)

    except iam.exceptions.NoSuchEntityException:
        return f"Error: IAM Policy ARN not found: {policy_arn}"
    except Exception as e:
        return f"Error retrieving IAM policy: {str(e)}"

4.4 The remediation-service Lambda

Function: generate_iam_policy_fix

# In remediation-service/handler.py
import json

def generate_iam_policy_fix(missing_permission, resource_arn):
    """Generates a valid IAM policy statement for a missing permission."""
    policy_statement = {
        "Effect": "Allow",
        "Action": missing_permission,
        "Resource": resource_arn
    }
    full_policy = {
        "Version": "2012-10-17",
        "Statement": [ policy_statement ]
    }
    return json.dumps(full_policy, indent=2)

Section 5: The Solution in Action: End-to-End Diagnostic Scenarios

5.1 Scenario 1: Terraform Syntax Error

The Failure: A developer pushes a commit with a typo. The terraform apply job fails: Error: Unsupported argument... Did you mean "instance_type"?

The Trace:

  1. Detection & Activation: The `terraform apply` job fails. The `when: on_failure` rule triggers the `bedrock_debugger` job.
  2. Invocation: The component's script executes, authenticates to AWS using the Instance Role, and invokes the Bedrock agent.
  3. Agent Reasoning & Action (Step 1): The agent receives the prompt and invokes the `get_gitlab_job_logs` tool.
  4. Observation (Step 1): The Lambda fetches the log and returns it. The agent sees the syntax error.
  5. Agent Reasoning & Action (Step 2): The agent recognizes a source code error and invokes `read_repository_file`.
  6. Observation (Step 2): The Lambda fetches the `.tf` file content and returns it.
  7. Agent Analysis & Final Action: The agent formulates the corrected HCL and invokes `propose_code_fix_mr`.
  8. The Result: The Lambda creates a branch, commit, and MR. The `bedrock_debugger` job posts the agent's final response with the MR link to the pipeline.

5.2 Scenario 2: AWS IAM Permission Failure

The Failure: A terraform apply job fails with an AWS API error: AccessDenied: ... does not have the 's3:CreateBucket' permission.

The Trace:

  1. Detection & Activation: The process begins identically.
  2. Invocation: The agent is invoked using the runner's native AWS credentials.
  3. Agent Reasoning & Action (Step 1): The agent calls `get_gitlab_job_logs`.
  4. Observation (Step 1): The agent receives the log containing the `AccessDenied` error.
  5. Agent Reasoning & Action (Step 2): The agent identifies a permission issue and uses `generate_iam_policy_fix`.
  6. Observation (Step 2): The Lambda returns a perfectly formatted IAM policy JSON document.
  7. Agent Analysis & Final Response: The agent constructs its final RCA report, including the root cause and the generated IAM policy.
  8. The Result: The `bedrock_debugger` job captures the agent's analysis and posts the complete RCA and recommendation as a note on the pipeline.

Section 6: Advanced Considerations and Future Enhancements

  • Implementing a Feedback Loop: Use webhooks from GitLab (e.g., 👍/👎 quick actions) to trigger an API Gateway, storing feedback in DynamoDB to refine the agent's prompt over time.
  • Integrating Knowledge Bases: Enhance agent analysis with Amazon Bedrock Knowledge Bases (RAG) populated with project-specific documentation, architecture diagrams, and coding standards.
  • Expanding the Agent's Toolkit: Add new Action Groups for Kubernetes diagnostics (wrapping kubectl), database queries, or checking third-party API health.
  • Proactive Analysis (Shifting Left): Repurpose the agent as an automated code reviewer on merge requests to predict and prevent failures before they happen.

Conclusion

The architecture detailed in this report presents a comprehensive blueprint for creating an autonomous DevSecOps analyst within a GitLab and AWS ecosystem. By leveraging native AWS authentication mechanisms (Instance Roles or IRSA) for AWS-hosted GitLab runners, the system achieves robust security and simplified integration.

The implementation provides a complete loop, from failure detection and intelligent analysis by Amazon Bedrock, to automated remediation (via MRs) and notification (via pipeline notes). By automating root cause analysis, it frees senior engineers from tactical firefighting, allowing them to focus on strategic initiatives.

© 2025 Autonomous DevSecOps Analyst Project. All rights reserved.

A guide to integrating AI for automated debugging in modern CI/CD pipelines.