Merge pull request #211 from aws-samples/feat_python_container

feat: Add Python backend implementation with multi-language CDK support

Author: krokoko

samples/speech-to-speech/.gitignore

@@ -1,5 +1,5 @@
 !jest.config.js
-*.d.ts
+# *.d.ts
 node_modules
 
 # CDK asset staging directory 

samples/speech-to-speech/README.md

@@ -2,17 +2,23 @@
 
 ## Table of Contents
 
-- [Overview](#overview)
-- [Architecture](#architecture)
-- [Project Structure](#project-structure)
-- [Prerequisites](#prerequisites)
-- [Deployment](#deployment)
-- [User creation](#user-creation)
-- [Usage](#usage)
-- [Load testing](#load-testing)
-- [Clean Up](#clean-up)
-- [Content Security Legal Disclaimer](#content-security-legal-disclaimer)
-- [Operational Metrics Collection](#operational-metrics-collection)
+- [Nova Sonic Solution](#nova-sonic-solution)
+  - [Table of Contents](#table-of-contents)
+  - [Overview](#overview)
+  - [Architecture](#architecture)
+  - [Project Structure](#project-structure)
+    - [Backend Implementation Options](#backend-implementation-options)
+      - [Java WebSocket Server (Default)](#java-websocket-server-default)
+      - [Python WebSocket Server](#python-websocket-server)
+    - [Language Selection](#language-selection)
+  - [Prerequisites](#prerequisites)
+  - [Deployment](#deployment)
+  - [User creation](#user-creation)
+  - [Usage](#usage)
+  - [Load testing](#load-testing)
+  - [Clean Up](#clean-up)
+  - [Content Security Legal Disclaimer](#content-security-legal-disclaimer)
+  - [Operational Metrics Collection](#operational-metrics-collection)
 
 ## Overview
 
@@ -49,11 +55,39 @@ The solution consists of three main components:
 ├── frontend/           # React + TypeScript frontend application
 ├── backend/           # AWS CDK infrastructure and Java WebSocket server
 │   ├── app/          # Java WebSocket server implementation
+│   ├── python_app/   # Python WebSocket server implementation
 │   ├── stack/        # CDK infrastructure code
 │   └── load-test/    # WebSocket load testing suite
 └── images/           # Architecture diagrams and documentation images
 ```
 
+### Backend Implementation Options
+
+The solution supports two backend implementations with identical functionality:
+
+#### Java WebSocket Server (Default)
+- Java-based WebSocket server implementation
+- Production-ready with comprehensive error handling
+- Jetty WebSocket server with connection pooling
+- Real-time speech-to-speech communication
+- Cognito token validation
+- Connection management and logging
+
+#### Python WebSocket Server
+- Python-based alternative implementation
+- AWS Bedrock integration with `aws_sdk_bedrock_runtime` beta SDK
+- Equivalent functionality to Java implementation
+- **Python AWS SDK Notice**: This implementation uses the experimental AWS SDK for Python async clients. The SDK is in early development and may see rapid iteration with potential breaking changes between minor versions. For more details about the experimental AWS SDK, see: https://github.com/awslabs/aws-sdk-python/tree/develop
+
+### Language Selection
+
+The CDK deployment supports backend language selection:
+
+- **Java (default)**: `cdk deploy`
+- **Python**: `cdk deploy --context custom:backendLanguage=python`
+
+The `cdk.json` file contains the context parameter `custom:backendLanguage` (set to "python" for Python deployment).
+
 ## Prerequisites
 
 - [Python](https://www.python.org/downloads/) 3.11 or higher

samples/speech-to-speech/backend/cdk.json

@@ -15,6 +15,7 @@
     ]
   },
   "context": {
+    "custom:backendLanguage": "",
     "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
     "@aws-cdk/core:checkSecretUsage": true,
     "@aws-cdk/core:target-partitions": [

samples/speech-to-speech/backend/python_app/Dockerfile

@@ -0,0 +1,41 @@
+FROM python:3.13-alpine
+
+WORKDIR /app
+
+# Copy requirements file
+COPY requirements.txt ./
+
+# Install dependencies
+RUN apk add --update jq curl py-pip inotify-tools
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Create non-root user
+RUN addgroup -S appuser && adduser -S appuser -G appuser
+
+# Copy all Python files, directories, and entrypoint.sh
+# Refactored structure includes core/, clients/, events/, tools/ directories
+COPY . .
+
+# Set environment variables
+ENV LOGLEVEL=INFO
+ENV HOST=0.0.0.0
+ENV PORT=8080
+ENV AWS_DEFAULT_REGION=us-east-1
+ENV PYTHONPATH=/app
+
+# Set execute permission for entrypoint.sh
+RUN chmod +x entrypoint.sh
+
+# Change ownership of the application files to the non-root user
+RUN chown -R appuser:appuser /app
+
+# Switch to non-root user
+USER appuser
+
+# Expose single port
+EXPOSE ${PORT}
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 CMD curl -f http://localhost:${PORT}/health || exit 1
+
+ENTRYPOINT ["./entrypoint.sh"]

samples/speech-to-speech/backend/python_app/clients/__init__.py

@@ -0,0 +1,221 @@
+#!/usr/bin/env python3
+#
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+#
+import json
+import logging
+import warnings
+import os
+import time
+from aws_sdk_bedrock_runtime.client import (
+    BedrockRuntimeClient,
+    InvokeModelWithBidirectionalStreamOperationInput,
+)
+from aws_sdk_bedrock_runtime.models import (
+    InvokeModelWithBidirectionalStreamInputChunk,
+    BidirectionalInputPayloadPart,
+)
+from aws_sdk_bedrock_runtime.config import (
+    Config,
+    HTTPAuthSchemeResolver,
+    SigV4AuthScheme,
+)
+from smithy_aws_core.credentials_resolvers.environment import (
+    EnvironmentCredentialsResolver,
+)
+
+# Configure logging
+logger = logging.getLogger(__name__)
+
+# Suppress warnings
+warnings.filterwarnings("ignore")
+
+
+class BedrockInteractClient:
+    """Client for interacting with AWS Bedrock Nova Sonic model"""
+
+    def __init__(self, model_id="amazon.nova-sonic-v1:0", region="us-east-1"):
+        """Initialize the Bedrock client.
+
+        Args:
+            model_id (str): Bedrock model ID to use
+            region (str): AWS region
+        """
+        self.model_id = model_id
+        self.region = region
+        self.bedrock_client = None
+        self.last_credential_check = 0
+        self.credential_signal_file = "/tmp/credentials_refreshed"
+        logger.info(
+            f"Initializing BedrockInteractClient [model_id={model_id}, region={region}]"
+        )
+
+    def _check_credential_refresh(self):
+        """Check if credentials have been refreshed and recreate client if needed."""
+        try:
+            if os.path.exists(self.credential_signal_file):
+                signal_mtime = os.path.getmtime(self.credential_signal_file)
+                
+                if signal_mtime > self.last_credential_check:
+                    # A real credential refresh from background daemon
+                    logger.info("Credential refresh signal detected - recreating Bedrock client")
+                    self.bedrock_client = None  # Force recreation
+                    self.last_credential_check = signal_mtime
+                    # Remove the signal file after processing
+                    os.remove(self.credential_signal_file)
+        except Exception as e:
+            logger.error(f"Error checking credential refresh signal: {e}")
+
+    def initialize_client(self):
+        """Initialize the Bedrock client."""
+        # Check if credentials were refreshed
+        self._check_credential_refresh()
+        
+        if self.bedrock_client is not None:
+            return True
+            
+        logger.info(f"Initializing Bedrock client for region {self.region}")
+        try:
+            config = Config(
+                endpoint_uri=f"https://bedrock-runtime.{self.region}.amazonaws.com",
+                region=self.region,
+                aws_credentials_identity_resolver=EnvironmentCredentialsResolver(),
+                http_auth_scheme_resolver=HTTPAuthSchemeResolver(),
+                http_auth_schemes={"aws.auth#sigv4": SigV4AuthScheme()},
+            )
+            self.bedrock_client = BedrockRuntimeClient(config=config)
+            logger.info(
+                "Bedrock client initialized successfully with EnvironmentCredentialsResolver"
+            )
+            return True
+        except Exception as e:
+            logger.error(
+                f"Failed to initialize Bedrock client: {str(e)}", exc_info=True
+            )
+            return False
+
+    async def refresh_credentials_immediately(self):
+        """Refresh credentials immediately by calling the container metadata endpoint"""
+        try:
+            logger.info("Refreshing credentials due to ExpiredToken...")
+            # Get credentials from ECS container metadata endpoint
+            uri = os.environ.get('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI')
+            if not uri:
+                logger.error("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI not found in environment")
+                return False
+                
+            import aiohttp
+            try:
+                async with aiohttp.ClientSession() as session:
+                    async with session.get(f"http://169.254.170.2{uri}", timeout=2) as response:
+                        if not response.ok:
+                            logger.error(f"Failed to fetch credentials: {response.status}")
+                            return False
+                        
+                        creds = await response.json()
+            except ImportError:
+                # Fall back to requests if aiohttp is not available
+                import requests
+                response = requests.get(f"http://169.254.170.2{uri}", timeout=2)
+                if not response.ok:
+                    logger.error(f"Failed to fetch credentials: {response.status_code}")
+                    return False
+                    
+                creds = response.json()
+                
+            os.environ['AWS_ACCESS_KEY_ID'] = creds['AccessKeyId']
+            os.environ['AWS_SECRET_ACCESS_KEY'] = creds['SecretAccessKey']
+            os.environ['AWS_SESSION_TOKEN'] = creds['Token']
+            
+            logger.info(f"Successfully refreshed credentials, new key ends with: ...{creds['AccessKeyId'][-4:]}")
+            
+            # Force client recreation on next use
+            self.bedrock_client = None
+            return True
+        except Exception as e:
+            logger.error(f"Error refreshing credentials: {str(e)}")
+            return False
+    
+    async def create_stream(self):
+        """Create a bidirectional stream with Bedrock.
+
+        Returns:
+            stream: Bedrock bidirectional stream
+        """
+        logger.info(f"Creating bidirectional stream for model {self.model_id}")
+        try:
+            if not self.bedrock_client:
+                if not self.initialize_client():
+                    raise Exception("Failed to initialize Bedrock client")
+
+            stream = await self.bedrock_client.invoke_model_with_bidirectional_stream(
+                InvokeModelWithBidirectionalStreamOperationInput(model_id=self.model_id)
+            )
+            logger.info("Stream initialized successfully")
+            return stream
+        except Exception as e:
+            if "ExpiredToken" in str(e):
+                current_key = os.environ.get('AWS_ACCESS_KEY_ID', '')
+                logger.warning(f"ExpiredToken error occurred with credential ending: ...{current_key[-4:] if len(current_key) >= 4 else 'NONE'}")
+                
+                # Try to refresh and retry
+                if await self.refresh_credentials_immediately():
+                    logger.info("Retrying stream creation with new credentials")
+                    # Recursive retry once
+                    return await self.create_stream()
+                    
+            logger.error(f"Failed to initialize stream: {str(e)}", exc_info=True)
+            raise
+
+    async def send_event(self, stream, event_data):
+        """Send an event to the Bedrock stream.
+
+        Args:
+            stream: Bedrock bidirectional stream
+            event_data (dict): Event data to send
+
+        Returns:
+            bool: True if successful, False otherwise
+        """
+        try:
+            list(event_data.get("event", {}).keys())[
+                0
+            ] if "event" in event_data else "unknown"
+
+            event_json = json.dumps(event_data)
+            event = InvokeModelWithBidirectionalStreamInputChunk(
+                value=BidirectionalInputPayloadPart(bytes_=event_json.encode("utf-8"))
+            )
+            await stream.input_stream.send(event)
+            return True
+        except Exception as e:
+            logger.error(f"Error sending event: {str(e)}", exc_info=True)
+            return False
+
+    async def close_stream(self, stream):
+        """Close the Bedrock stream.
+
+        Args:
+            stream: Bedrock bidirectional stream
+
+        Returns:
+            bool: True if successful, False otherwise
+        """
+        try:
+            if stream:
+                await stream.input_stream.close()
+                logger.info("Stream closed successfully")
+                return True
+            return False
+        except Exception as e:
+            logger.error(f"Error closing stream: {str(e)}", exc_info=True)
+            return False