aws · padmak30 · Jun 5, 2026 · Jun 4, 2026 · Jun 4, 2026 · jariy17
diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml
@@ -149,6 +149,10 @@ jobs:
           ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }}
           OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }}
           GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }}
+          E2E_EFS_ACCESS_POINT_ARN: ${{ env.E2E_EFS_ACCESS_POINT_ARN }}
+          E2E_S3_ACCESS_POINT_ARN: ${{ env.E2E_S3_ACCESS_POINT_ARN }}
+          E2E_FILESYSTEM_SUBNET_ID: ${{ env.E2E_FILESYSTEM_SUBNET_ID }}
+          E2E_FILESYSTEM_SECURITY_GROUP_ID: ${{ env.E2E_FILESYSTEM_SECURITY_GROUP_ID }}
         run: npx vitest run --project e2e e2e-tests/strands-bedrock.test.ts ${{ steps.changed.outputs.ga_extra }}
 
       - name: Install preview CLI globally
@@ -161,5 +165,9 @@ jobs:
           ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }}
           OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }}
           GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }}
+          E2E_EFS_ACCESS_POINT_ARN: ${{ env.E2E_EFS_ACCESS_POINT_ARN }}
+          E2E_S3_ACCESS_POINT_ARN: ${{ env.E2E_S3_ACCESS_POINT_ARN }}
+          E2E_FILESYSTEM_SUBNET_ID: ${{ env.E2E_FILESYSTEM_SUBNET_ID }}
+          E2E_FILESYSTEM_SECURITY_GROUP_ID: ${{ env.E2E_FILESYSTEM_SECURITY_GROUP_ID }}
           BUILD_PREVIEW: '1'
         run: npx vitest run --project e2e e2e-tests/harness-bedrock.test.ts ${{ steps.changed.outputs.harness_extra }}
diff --git a/e2e-tests/e2e-helper.ts b/e2e-tests/e2e-helper.ts
@@ -25,7 +25,10 @@ const baseCanRun = prereqs.npm && prereqs.git && prereqs.uv && hasAws;
 interface E2EConfig {
   framework: string;
   modelProvider: string;
-  requiredEnvVar?: string;
+  /** Env var holding the API key — must be set for the suite to run, and its value is passed as --api-key. */
+  apiKeyEnvVar?: string;
+  /** Additional env vars that must all be set for the suite to run. */
+  requiredEnvVars?: string[];
   build?: string;
   memory?: string;
   /** Language for the agent project. Defaults to 'Python'. */
@@ -38,12 +41,27 @@ interface E2EConfig {
     idleTimeout?: number;
     maxLifetime?: number;
   };
+  /** Custom prompt for the invoke test. Defaults to 'Say hello'. */
+  invokePrompt?: string;
+  /** Optional assertion on the invoke response string. */
+  invokeResponseCheck?: (response: string) => void;
+  /** EFS access point mounts. Requires VPC network mode. */
+  efsAccessPoints?: { accessPointArn: string; mountPath: string }[];
+  /** S3 Files access point mounts. Requires VPC network mode. */
+  s3AccessPoints?: { accessPointArn: string; mountPath: string }[];
+  /** VPC network mode config. Required when using filesystem mounts. */
+  networkConfig?: {
+    networkMode: 'VPC';
+    subnets: string;
+    securityGroups: string;
+  };
 }
 
 export function createE2ESuite(cfg: E2EConfig) {
-  const hasApiKey = !cfg.requiredEnvVar || !!process.env[cfg.requiredEnvVar];
+  const hasRequiredEnvVars =
+    (!cfg.apiKeyEnvVar || !!process.env[cfg.apiKeyEnvVar]) && (cfg.requiredEnvVars ?? []).every(v => !!process.env[v]);
   const needsUv = cfg.language !== 'TypeScript';
-  const canRun = prereqs.npm && prereqs.git && hasAws && hasApiKey && (!needsUv || prereqs.uv);
+  const canRun = prereqs.npm && prereqs.git && hasAws && hasRequiredEnvVars && (!needsUv || prereqs.uv);
 
   describe.sequential(`e2e: ${cfg.framework}/${cfg.modelProvider} — create → deploy → invoke`, () => {
     let testDir: string;
@@ -86,11 +104,27 @@ export function createE2ESuite(cfg: E2EConfig) {
       }
 
       // Pass API key so the credential is registered in the project and .env.local
-      const apiKey = cfg.requiredEnvVar ? process.env[cfg.requiredEnvVar] : undefined;
+      const apiKey = cfg.apiKeyEnvVar ? process.env[cfg.apiKeyEnvVar] : undefined;
       if (apiKey) {
         createArgs.push('--api-key', apiKey);
       }
 
+      if (cfg.networkConfig) {
+        createArgs.push('--network-mode', cfg.networkConfig.networkMode);
+        createArgs.push('--subnets', cfg.networkConfig.subnets);
+        createArgs.push('--security-groups', cfg.networkConfig.securityGroups);
+      }
+
+      for (const ap of cfg.efsAccessPoints ?? []) {
+        createArgs.push('--efs-access-point-arn', ap.accessPointArn);
+        createArgs.push('--efs-mount-path', ap.mountPath);
+      }
+
+      for (const ap of cfg.s3AccessPoints ?? []) {
+        createArgs.push('--s3-access-point-arn', ap.accessPointArn);
+        createArgs.push('--s3-mount-path', ap.mountPath);
+      }
+
       const result = await runAgentCoreCLI(createArgs, testDir);
 
       expect(result.exitCode, `Create failed: ${result.stderr}`).toBe(0);
@@ -148,7 +182,7 @@ export function createE2ESuite(cfg: E2EConfig) {
         await retry(
           async () => {
             const result = await runAgentCoreCLI(
-              ['invoke', '--prompt', 'Say hello', '--runtime', agentName, '--json'],
+              ['invoke', '--prompt', cfg.invokePrompt ?? 'Say hello', '--runtime', agentName, '--json'],
               projectPath
             );
 
@@ -159,8 +193,12 @@ export function createE2ESuite(cfg: E2EConfig) {
 
             expect(result.exitCode, `Invoke failed: ${result.stderr}`).toBe(0);
 
-            const json = parseJsonOutput(result.stdout) as { success: boolean };
+            const json = parseJsonOutput(result.stdout) as { success: boolean; response?: string };
             expect(json.success, 'Invoke should report success').toBe(true);
+            if (cfg.invokeResponseCheck) {
+              expect(json.response, 'Invoke should return a non-empty response').toBeTruthy();
+              cfg.invokeResponseCheck(json.response!);
+            }
           },
           3,
           15000