The source code for this article can be found here.
Welcome to another cloud experiment! The idea behind these hands-on tutorials is to provide practical experience building cloud-native solutions of different sizes using AWS services and CDK. We’ll focus on developing expertise in Infrastructure as Code, AWS services, and cloud architecture while understanding both the “how” and “why” behind our choices.
The fantastic slop story machine
Large Language Models (LLMs) have become quite popular in the past few years, so much so that nowadays people use the generic term “Artificial Intelligence” to refer to this specific type of model. As a result, most cloud providers have started offering services that essentially behave as LLM-as-a-service, where you can use a variety of foundational models to build your own applications without ever leaving your cloud environment, making things a bit easier.
There is, of course, a huge amount of hype and unrealistic expectations about the capabilities and potential of these tools, and 95% of organizations never get any return from using LLMs. Still, they can be quite useful for automating processes across a wide range of industries and applications, so it’s a good idea to add them to your toolbelt. When used in the right context, they can help you solve problems whose solutions were previously too difficult or impractical.
We are going to take a straightforward approach and build a tiny application that wires together cloud-native development with Amazon’s Bedrock service. AWS has released a bunch of LLM-centric services, and Bedrock is kind of the … well … bedrock of the entire suite. Building simple software, no matter how dull it may seem, is the first step towards being able to build bigger and more complex systems.
So, let’s get started.
SAAS (Stories-As-A-Service)
A common application pattern we have used is that of an API gateway whose requests are backed by lambda functions.
Building on this foundation, our solution utilizes an API Gateway to provide a /tell_story endpoint. When a user provides a character, a Lambda function prompts an Amazon Bedrock foundation model to craft a three-paragraph story tailored to that character’s specific setting and motivations.
The diagram of what we will build looks like this:
For the foundation model, we will use Amazon’s Nova Lite 2 model. I decided to go with this one for five reasons:
- It’s very cheap
- It’s very cheap
- It has regional availability in Europe, and I was planning on deploying on eu-west-1
- It’s decent for simple use cases, like what we are trying to do in this lab
- It’s very cheap
You can check the regional availability of the models available on Bedrock here. In the case of Nova Lite 2, it looks like this:
You will notice that this model is not available In-Region in any of these locations, but it does have Geo availability. What this means is that when sending requests to the model, we will use an inference profile, which is (grossly simplified) something like a load balancer that finds the best regional model to send your request to.
For this project, the most complex part is the lambda function, so that’s the first thing we will build.
Calling a foundation model using Python
AWS Bedrock provides a bunch of different foundational models you can use for building applications, both their own Amazon models (like Nova) as well as models from other vendors (like Claude or Mistral).
You can interact with these models using a unified (more or less, as of May 2026) API via their SDK. There are different ways to call a model, depending on whether you need a back-and-forth conversation that maintains context, or if you are running a single prompt. We are interested in doing the latter, so we will be using the invoke API.
A call for getting a response from a prompt looks like this:
prompt = "Tell me a three paragraph story centered on Sherlock Holmes"
response = BEDROCK_CLIENT.invoke_model(
modelId=MODEL_ID,
body=json.dumps({
'messages': [{
'role': 'user',
'content': [{'text': prompt}]
}],
'inferenceConfig': {
'maxTokens': 2048
}
})
)
We are calling invoke_model and passing a few important parameters:
- We set the
message.rolevalue touser. This is a specific quirk of the Nova family models, where the first message has to have this set to user. You can ignore it for now and always pass the value ofuserwhen you are invoking the model — you can always check the documentation for the right values for each specific model. - We pass the
message.content.textvalue by setting it to the prompt we want the model to respond to. - We set the
inferenceConfig.maxTokensvalue to 2048. This sets an upper bound on the total number of tokens the model will return when responding to our prompt. Limiting the length of the response is important to avoid paying extra for answers that are way too verbose for your needs. Just remember that the number of tokens is not equal to the number of words — you can use a rule of thumb of 1 word = 1.3 tokens when working in English.
You can pass additional parameters that control the selection of the next token when the model is generating output, like top K, top P, and temperature, but we won’t touch these and will just leave them at their default values.
With this knowledge, we can write a lambda function that requests a 3-paragraph story from a Bedrock foundational model:
import logging
import json
import os
import boto3
from botocore.exceptions import ClientError
logger = logging.getLogger()
logger.setLevel("INFO")
MODEL_ID = os.environ['INFERENCE_PROFILE_ID']
REGION = os.environ['MODEL_REGION']
BEDROCK_CLIENT = boto3.client('bedrock-runtime',
region_name=REGION)
BASE_PROMPT =""""
For this task, do not use any formatting and just output plaintext.
I want you to write me a short story, 3 paragraphs in length, about a character, while maintaining
consistency with the character's motivations and background. If, at the end of this prompt you are not provided with a character, please just say that you cannot complete the request without a character.
The character is
"""
def handler(event, context):
if not event.get('body'):
logger.error("No Body Provided")
return {'statusCode': 400,
'headers': {'content-type': 'application/json'},
'body': 'No body provided'}
body = json.loads(event["body"])
character = body["character"]
if len(character) > 40:
logger.error("Character name is too long")
return {'statusCode': 400,
'headers': {'content-type': 'application/json'},
'body': 'Character name is too long, max 40 characters allowed.'}
logger.info(f"Character: {character}")
try:
prompt = BASE_PROMPT + character
response = BEDROCK_CLIENT.invoke_model(
modelId=MODEL_ID,
body=json.dumps({
'messages': [{
'role': 'user',
'content': [{'text': prompt}]
}],
'inferenceConfig': {
'maxTokens': 2048
}
})
)
response_text = extract_text_from_response(response)
return {'statusCode': 200,
'headers': {'content-type': 'application/json'},
'body': response_text}
except (ClientError, Exception) as e:
logger.error(f"ERROR: Can't invoke '{MODEL_ID}'. Reason: {e}")
return {'statusCode': 500,
'headers': {'content-type': 'application/json'},
'body': f"Request Error: {e}"}
def extract_text_from_response(response):
body = json.loads(response["body"].read())
return body['output']['message']['content'][0]['text']
The code is pretty straightforward, and most of the lines are either about unpacking data or doing error handling. Let’s go through each section to understand what each of them does:
- At the top, we import all the packages we will use, instantiate a logger, and read a few values from environment variables. These will be injected into the lambda function by CDK, and include the model ID we will be querying and the AWS region we will operate in. Finally, we instantiate a Bedrock client — because we will be using a Nova 2 model, we use the
bedrock-runtimeparameter. - We also define the base of the prompt we will feed into our model. Note that we specify the output format (simple plaintext), the task (generating a story), additional task directives (it should be a 3-paragraph story), and instruct the model on what to do if what the user provides is not a character. This last clause may help make it more difficult for users to inject arbitrary instructions into our app.
- After this, we retrieve the
body.charactervalue provided in the request body, and write two guard clauses to ensure that the field is present and has a length of no more than 40 characters. This last check limits the ability of users to inject arbitrary instructions instead of providing a character. - The core of the handler function performs a call to
invoke_modeland retrieves the response from the model. We use a little helper calledextract_text_from_responseto dig for the content in the response and, if everything is successful, we return it in a format that the API Gateway can use. If there is a problem with the response, we catch it and return a relevant error message.
We are done with the function — now we can go and build our stack and test the functionality.
Building our Stack
Project Creation
First, we need the regular project setup we’ve become accustomed to.
Create an empty folder (I named mine BedrockStoryTellerAPI) and run cdk init app --language typescript inside it.
This next change is optional, but the first thing I do after creating a new CDK project is head into the bin folder and rename the app file to main.ts. Then I open the cdk.json file and edit the app config:
{
"app": "npx ts-node --prefer-ts-exts bin/main.ts",
"watch": {
...
}
}
Now your project will recognize main.ts as the main application file. You don’t have to do this — I just like having a file named main serving as the main app file.
Stack Imports
From looking at the diagram, we know we’ll need the following imports at the top of the stack:
import * as cdk from 'aws-cdk-lib/core';
import * as path from 'node:path';
import {Construct} from 'constructs';
import {aws_lambda as lambda} from 'aws-cdk-lib';
import {aws_iam as iam} from 'aws-cdk-lib';
import {aws_apigatewayv2 as gateway} from 'aws-cdk-lib';
import {aws_apigatewayv2_integrations as api_integrations} from 'aws-cdk-lib';
Creating Custom Props
It’s a good idea to create custom stack props when you need to pass custom data into your stacks, and this is one such case. We will need to provide 3 important pieces of information:
- modelArn: The ARN of the model we want to use — in this case, it will be the ARN of the Nova 2 Lite models within the EU zones (
arn:aws:bedrock:eu-*::foundation-model/amazon.nova-2-lite-v1:0) - inferenceProfileArn: The ARN of the inference profile we will use — in this case, the Nova 2 Lite eu-west-1 inference profile (
arn:aws:bedrock:eu-west-1:515474521171:inference-profile/eu.amazon.nova-2-lite-v1:0) - inferenceProfileId: The ID of the inference profile we will be using (
eu.amazon.nova-2-lite-v1:0)
Between the imports and the definition of your stack, add the following code:
interface BedrockStoryTellerApiStackProps extends cdk.StackProps {
modelArn: string,
inferenceProfileArn: string,
inferenceProfileId: string,
}
And then change the type of the props from cdk.StackProps to BedrockStoryTellerApiStackProps, like this:
export class BedrockStoryTellerApiStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: BedrockStoryTellerApiStackProps) {
super(scope, id, props);
...
Create the Stack Resources
We will build the solution following the diagram above, left to right. The first thing is to add an API Gateway, like this:
...
super(scope, id, props);
// Add this line under super
const storyTellerAPI = new gateway.HttpApi(this, "storyTellerAPI");
The next step is to add our Lambda function. We need it to:
- Run with a recent Python runtime, like Python 3.14
- Reference the
handlerfunction in a file namedstory_retriever - Have a reasonable timeout, like 45 seconds. Foundational models can have long response times depending on the query, so it may need to be longer, but 45s is a good starting point
- Load the code from a folder called
lambdas, found at the same level as thelibandbinfolders — so..relative to the stack file - Pass in two environment variables: one for the inference profile ID, and one for the region
Accomplishing this takes just a few lines of code, so add this under your API Gateway definition:
const storyTellerLambda = new lambda.Function(this, 'StoryTellerLambda', {
runtime: lambda.Runtime.PYTHON_3_14,
handler: 'story_retriever.handler',
description: 'Used to retrieve stories from Bedrock',
timeout: cdk.Duration.seconds(45),
code: lambda.Code.fromAsset(path.join(__dirname, '../lambdas')),
environment: {
INFERENCE_PROFILE_ID: props.inferenceProfileId,
MODEL_REGION: props.env!.region!,
}
});
Now we need to link the lambda function to a route in the API Gateway. To serve responses on the tell_story endpoint, we need the following route:
storyTellerAPI.addRoutes({
path: "/tell_story",
methods: [gateway.HttpMethod.POST],
integration: new api_integrations.HttpLambdaIntegration(
"stIntegration",
storyTellerLambda
),
});
Now we need to grant the function access to both the inference profile and the underlying foundational models. Because the inference profile can route requests to one of many EU-hosted models, we used the wildcard ARN for Nova 2 European models (arn:aws:bedrock:eu-*::foundation-model/amazon.nova-2-lite-v1:0). Granting access to the bedrock:InvokeModel action is straightforward — just add the following lines:
storyTellerLambda.addToRolePolicy(new iam.PolicyStatement({
actions: ['bedrock:InvokeModel'],
resources: [props.inferenceProfileArn,
props.modelArn],
}));
Finally, totally optional and just for our convenience, we can add a CloudFormation output to display the URL of the load balancer after deployment:
new cdk.CfnOutput(this, "Load Balancer URL", { value: appLB.loadBalancerDnsName });
Add the Lambda Function
At the top level of the project (next to the lib and bin folders) create a lambdas folder, and within it, a file named story_retriever.py. The contents should be the Python code we wrote above. If you feel lazy and don’t want to scroll back, just copy it from here:
import logging
import json
import os
import boto3
from botocore.exceptions import ClientError
logger = logging.getLogger()
logger.setLevel("INFO")
MODEL_ID = os.environ['INFERENCE_PROFILE_ID']
REGION = os.environ['MODEL_REGION']
BEDROCK_CLIENT = boto3.client('bedrock-runtime',
region_name=REGION)
BASE_PROMPT =""""
For this task, do not use any formatting and just output plaintext.
I want you to write me a short story, 3 paragraphs in length, about a character, while maintaining
consistency with the character's motivations and background. If, at the end of this prompt you are not provided with a character, please just say that you cannot complete the request without a character.
The character is
"""
def handler(event, context):
if not event.get('body'):
logger.error("No Body Provided")
return {'statusCode': 400,
'headers': {'content-type': 'application/json'},
'body': 'No body provided'}
body = json.loads(event["body"])
character = body["character"]
if len(character) > 40:
logger.error("Character name is too long")
return {'statusCode': 400,
'headers': {'content-type': 'application/json'},
'body': 'Character name is too long, max 40 characters allowed.'}
logger.info(f"Character: {character}")
try:
prompt = BASE_PROMPT + character
response = BEDROCK_CLIENT.invoke_model(
modelId=MODEL_ID,
body=json.dumps({
'messages': [{
'role': 'user',
'content': [{'text': prompt}]
}],
'inferenceConfig': {
'maxTokens': 2048
}
})
)
response_text = extract_text_from_response(response)
return {'statusCode': 200,
'headers': {'content-type': 'application/json'},
'body': response_text}
except (ClientError, Exception) as e:
logger.error(f"ERROR: Can't invoke '{MODEL_ID}'. Reason: {e}")
return {'statusCode': 500,
'headers': {'content-type': 'application/json'},
'body': f"Request Error: {e}"}
def extract_text_from_response(response):
body = json.loads(response["body"].read())
return body['output']['message']['content'][0]['text']
Adding Property Values in main.ts
The final step is to open bin/main.ts and add the values for the properties our stack needs. I am deploying this in the eu-west-1 region, so mine looks like this:
#!/usr/bin/env node
import * as cdk from 'aws-cdk-lib/core';
import { BedrockStoryTellerApiStack } from '../lib/bedrock_story_teller_api-stack';
const app = new cdk.App();
new BedrockStoryTellerApiStack(app, 'BedrockStoryTellerApiStack', {
env:{
region: 'eu-west-1',
account: process.env.CDK_DEFAULT_ACCOUNT,
},
modelArn: 'arn:aws:bedrock:eu-*::foundation-model/amazon.nova-2-lite-v1:0',
inferenceProfileArn: 'arn:aws:bedrock:eu-west-1:515474521171:inference-profile/eu.amazon.nova-2-lite-v1:0',
inferenceProfileId: 'eu.amazon.nova-2-lite-v1:0',
});
I’d recommend also deploying to eu-west-1 — hunting down these ARNs can be a pain, but if you’re feeling adventurous, give it a try.
Note: It would be great if we could use constructs directly in CDK for getting the model and inference profile values, and then use a call to grantInvoke() to allow the lambda function to use the model. Unfortunately, the current version of CDK’s Bedrock construct does almost nothing. They are working on a proper set of CDK constructs, which are already in Alpha, so probably in a few months we will be able to use LLMs in an even more convenient way. You can find the docs for the alpha module here
Testing the Solution
After running cdk deploy, near the end of the output you’ll get a few lines that look like this:
Outputs:
BedrockStoryTellerApiStack.APIEndpoint = https://---------.execute-api.eu-west-1.amazonaws.com
Stack ARN:
arn:aws:cloudformation:eu-west-1:...
That APIEndpoint is what we will use for making our requests — just append the action you want to use (tell_story) and you’re ready to go.
I’m using a Linux box, so I’ll use curl, but you can use whichever tool you prefer for making requests, even fancier stuff like Postman.
Let’s first ask for a story involving a popular character — Yoda from Star Wars:
Yoda Request
curl --header "Content-Type: application/json" \
--request POST \
--data '{"character":"Yoda from Star Wars"}' \
https://yzexwyaks2.execute-api.eu-west-1.amazonaws.com/tell_story # <--THIS IS MY API GATEWAY URL, YOURS WILL BE DIFFERENT
Yoda Response
In the quiet, shadowed groves of the tranquil planet Dagobah, Master Yoda tended to the ancient trees, his small green frame moving with a deliberate grace. For centuries, he had wandered the galaxy, seeking to maintain balance in the Force. The weight of countless battles and lost Jedi rested gently on his shoulders, but here, in this secluded haven, he found peace. Each day, he meditated, his mind reaching out to the living Force, feeling the ebb and flow of life around him. It was here, beneath the whispering leaves, that Yoda sought guidance for the future, knowing that the Force would guide him to those who could help restore the light to the galaxy.
One evening, as the sun dipped below the horizon, casting long shadows across the mossy floor, a soft hum filled the air. Yoda sensed a presence, familiar yet distant. It was Luke Skywalker, the last hope of the Jedi, seeking wisdom in the ways of the Force. With a gentle smile, Yoda approached the young man, his heart heavy with the knowledge of what must be. “Much to learn, you still have,” Yoda said, his voice a soft whisper carried by the evening breeze. They sat together, the master and the apprentice, as Yoda began to impart the final pieces of wisdom he had gathered over his long life. The teachings were not just about the Force, but about surrender, acceptance, and the understanding that the path to peace often required letting go.
As days passed, Luke absorbed each word, his spirit growing stronger with every lesson. Yet, it was clear to Yoda that the time had come to pass on the mantle of guardianship. “Strong you have become, but stronger you must become,” Yoda advised, his eyes gleaming with a mixture of pride and sorrow. With a final embrace, Yoda felt the life within him begin to fade, his energy returning to the Force from whence it came. In his last moments, he looked upon Luke, seeing not just a young man, but the future of the Jedi. “Remember, the Force will be with you… always,” he whispered, before dissolving into the wind. In his passing, Yoda found solace, knowing that the seeds of the Jedi would grow once more, carried on the breath of the Force he so deeply revered.
Very well. Copyright aside, you can see that it managed to generate something that actually makes sense as a story. Now let’s try another character, something a bit more obscure.
Gideon Request
curl --header "Content-Type: application/json" \
--request POST \
--data '{"character":"Gideon Ofnir from Elden Ring"}' \
https://yzexwyaks2.execute-api.eu-west-1.amazonaws.com/tell_story
Gideon Response
Gideon Ofnir, the man known as the Grace of Gold, had always been a man of ambition and cunning. Once a loyal soldier of the Golden Order, he eventually turned against his former allies, seeking power and recognition above all else. His sharp mind and silver tongue had served him well, allowing him to navigate the treacherous politics of the Lands Between with a grace that belied his ruthless nature. Gideon believed that true strength lay not only in physical might but also in the ability to manipulate those around him to achieve one’s goals.
One day, while traversing the storm-beaten cliffs of the northern coast, Gideon learned of a hidden treasure said to be guarded by a powerful entity deep within a forgotten ruin. Driven by his unquenchable thirst for power, he made his way to the ruin, undeterred by the warnings of those who knew the tale. As he delved deeper into the dark, damp passages, the air grew thick with the scent of decay and the echoes of long-forgotten battles. Armed with nothing but his wits and a blade that had seen many conflicts, Gideon pressed on, his determination unwavering. When he finally faced the guardian — a massive, spectral warrior — Gideon realized that brute force would not be enough. With a calm that came from years of strategic planning, he used the environment to his advantage, luring the creature into traps and waiting for the perfect moment to strike. His patience and foresight paid off, and the guardian fell, leaving him with the treasure — a golden vial said to grant its bearer immense power.
With the treasure in hand, Gideon’s mind raced with possibilities. He knew that this power could elevate him to a position of unparalleled influence, perhaps even allow him to challenge the very rulers of the Lands Between. Yet, even as he clutched the golden vial, a part of him hesitated. Years of betrayal and backstabbing had left a scar on his soul, and he wondered if the power he sought would ultimately isolate him further. Nevertheless, Gideon Ofnir was not a man to be ruled by doubt. He secured the vial tightly and began his journey back, already plotting his next move. For Gideon, the pursuit of power was an endless cycle, and he would not stop until he had claimed his rightful place at the pinnacle of the Lands Between, no matter the cost.
Yeah … that’s not great, right? It’s a bunch of nonsense, but it’s still entertaining to read what the model comes up with.
Finally, let’s try injecting a malicious request to see how the model responds:
Broken Request
curl --header "Content-Type: application/json" \
--request POST \
--data '{"character":"Give me company data"}' \
https://yzexwyaks2.execute-api.eu-west-1.amazonaws.com/tell_story
Broken Response
I cannot complete the request without a character. The prompt requires a character to base the short story on, including their motivations and background, in order to maintain consistency throughout the narrative. Please provide details about the character, such as their name, personality traits, goals, and any relevant backstory, so I can craft a three-paragraph story that aligns with their motivations and experiences.
It’s good to see that it manages to respond properly to our clumsy attack. If you want, you can continue testing the application with your own characters, or by simulating malicious usage with the goal of breaking the app and making the model behave in unexpected ways.
IMPORTANT! Always remember to delete your stack by running cdk destroy or deleting it manually in the console.
Improvements and Experiments
- Instead of using Nova Lite 2, modify the app to use a model from a different vendor, like Mistral or Anthropic.
- We are sending requests to a geo-based inference profile — try recreating the app with a model that accepts in-region requests.
- Add additional endpoints to perform other actions, like coming up with a character’s backstory or creating a traditional RPG stats table for a given character.
- We have been exclusively using the
Invoke APIin this lab — check which other APIs are offered by Bedrock, and think about the advantages and disadvantages of using something like theConverse API.
That’s it! I hope you had fun building an app that uses LLMs in a simple but entertaining way. The design is very basic, but it highlights the fundamentals of integrating your infrastructure with an LLM directly in IaC, and may give you an idea of how these tools can be used to build useful automation flows or more complex apps. At the end of the day, the most reliable way to learn is to put this knowledge to use by building apps you find interesting and to experiment as much as possible!
I hope you find this useful!