Skip to content

AWS Bedrock SpiraApp

Some of this SpiraApp's functionality is not compatible with SpiraTest

This SpiraApp lets you generate downstream artifacts from Spira requirements, test cases and risks using a variety of LLM models hosted in AWS Bedrock. The current functionality uses the power of generative AI to suggest probable test cases with steps from requirements, generate the likely development tasks for the requirement, generate the BDD scenarios for the requirement, and identify common business and technical risks. It also will let you generate the test steps for an existing test case, and suggest mitigations for an existing risk.

It can provide an easy and effective way for users to create a foundational set of items that they can refine and tailor easily and effectively. Note that Tasks and Risks are not available in SpiraTest.

By using this SpiraApp users will, by necessity, share information with AWS Bedrock. For that reason, system admins must configure this SpiraApp to an existing AWS Bedrock service for your organization.

About this SpiraApp

  • system settings
  • product settings
  • product template setup required
  • toolbar button on requirement details page
  • toolbar button on test case details page
  • toolbar button on risk details page
  • toolbar button on task details page

AWS Bedrock Setup

Log into your AWS Console and navigate to the Bedrock services section. Then click on the sidebar menu entry for **Model access*:

AWS Bedrock Model Access

On this page you can request access to various LLM model families and models. Please request access to at least one Anthropic Claude model and/or Meta Llama model:

AWS IAM Users

Once you have been granted access to the models, navigate over to the IAM AWS Service page, and create a new IAM user called aws-bedrock-service-user.

AWS IAM Groups

In line with AWS best practices, we will also create an IAM group called aws-bedrock-service-group. Make sure to add your new user to this new group.

AWS IAM Group Membership

Now that you have the IAM group created, attach the following policies/permissions to the group:

AWS IAM Group Policies

  • AmazonBedrockReadOnly - this is a built-in AWS managed permission
  • Invoke-Any-Foundational-Model - this is an inline permission that we need to create.

To create the new Invoke Any Foundational Model permission, we need to use the inline policy editor:

AWS IAM Policy Creator

To simplify things, simply use the following JSON policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "bedrock:InvokeModel",
            "Resource": "arn:aws:bedrock:*::foundation-model/*"
        }
    ]
}

Finally, we need to create an Access Key for this user so that we can call it from our SpiraApp. Click on the section Access Keys:

AWS IAM User Access Keys

Click on the button Create access key to start the access key creation wizard. On the first page, choose Application running outside AWS.

On the second page, enter in a description of what this access key will be used for. For example, Used to connect the AWS SpiraApp to Bedrock:

AWS Access Key Creation

Once the access key has been created, you will be given two pieces of information: - Access Key - Secret Access Key

Copy both of these values into your secure credential storage. You will need them in the next section for setting up the SpiraApp.

SpiraApp Setup

System Settings

  • Enter the AWS region you want to connect to. Leaving this setting blank uses the default region of us-east-1
  • Enter the Access Key created for accessing AWS Bedrock
  • Enter the Secret Access Key created for accessing AWS Bedrock

system settings page

Product Settings

Once the SpiraApp has been activated system wide, and enabled for a product you can edit its product settings. All of these settings are optional. You can use the SpiraApp without editing any of the product settings. The settings are here to help you customize the results from the SpiraApp, including if using languages other than English.

General Settings

This is where you can specify the general SpiraApp product settings:

product general settings

  • Model Family: Which LLM model family do you want to use in this product. The only accepted values currently are llama or claude, the default is claude.
  • Detailed Test Steps: Should we create detailed test steps for test cases, or just a single step
  • Use Artifact Descriptions: Should we use the artifact descriptions as well as the names in the prompts

Llama Model Settings

This is where you can specify settings specific to the Llama model:

product llama settings

Setting name Default Value Explanation
Model meta.llama3-70b-instruct-v1:0 The name of the Llama model we want to use
Temperature 0.2 Use a lower value to decrease randomness in the response (minimum 0, maximum 1, default 0.5)
Top p 0.9 Use a lower value to ignore less probable options. Set to 0 or 1.0 to disable (minimum 0, maximum 1, default 0.9)
Max Generated Tokens 2048 Specify the maximum number of tokens to use in the generated response. The model truncates the response once the generated text exceeds (minimum 1, maximum 2048, default 2048)

Claude Model Settings

This is where you can specify settings specific to the Claude model:

product claude settings

Setting name Default Value Explanation
Model anthropic.claude-3-haiku-20240307-v1:0 The name of the Claude model we want to use
Temperature 0.5 Use a lower value to decrease randomness in the response (minimum 0, maximum 1, default 0.5)
Max Tokens 2048 Specify the maximum number of tokens to use in the generated response. The model truncates the response once the generated text exceeds (minimum 1, maximum 4096, default 2048)

Code Generation

This is where you can customize the list of programming languages available:

product settings page

  • Coding Languages: In this text box, provide a comma-separated list of programming languages that the user can pick from. If you don't provide a value, the default list of languages will be provided.
  • Unit Test Frameworks: In this text box, provide a comma-separated list of programming languages and unit test frameworks that the user can pick from. The programming language and unit test framework should be separated by a pipe (|) symbol If you don't provide a value, the default list of languages and unit test frameworks will be provided.

Prompt Customization

This is where you can customize the prompts sent to the LLM:

product prompt settings

Setting name Default Value Explanation
Global Prompt You are a business analyst that only speaks in JSON. Do not generate output that isn't in properly formatted JSON. This prompt is used to control the output format of all the repsonses to be JSON.
Test Case Prompt Write the test cases for the following software requirement as { \"TestCases\": [] }. For each test case include the description, input and expected output in the following format This prompt is used to generate the test cases from the requirement
Task Prompt Write the development tasks for the following software requirement as { \"Tasks\": [] }. For each task include the name and description in the following format This prompt is used to generate the tasks from the requirement
Risk Prompt Identify the possible business and technical risks for the following software requirement as { \"Risks\": [] }. For each risk include the name and description in the following format This prompt is used to generate the risks from the requirement.
BDD Prompt Write the BDD scenarios for the following software requirement as { \"Scenarios\": [] }. For each scenario use the following Gherkin format This prompt is used to generate the BDD steps for the requirement.
Test Step Prompt Write at least 10 test steps for the following test case as { \"TestSteps\": [] }. For each test step include the description, expected result, and sample data in the following format This prompt is used to generate the test steps steps for the test case.
Requirement Prompt Write the requirements for the following test case as { \"Requirements\": [] }. For each requirement include the name and description in the following format This prompt is used to generate the requirements for the test case.
Mitigation Prompt Write the possible mitigations for the following risk as { \"Mitigations\": [] }. For each mitigation include the description in the following format This prompt is used to generate the mitigations for the risk.

Using the SpiraApp

The user can navigate to different pages to use the SpiraApp, each one will have a toolbar with various generation options.

Requirement Details Page

When a user goes to the requirement details page, they will see an extra button in the toolbar. To generate relevant data they should follow these steps:

  • Click the "Azure OpenAI" button
  • Select the artifact to generate (e.g. Tasks)

toolbar button

  • This will send the requirement name (and optionally the description) to Azure OpenAI
  • The information coming back is parsed and analyzed by the SpiraApp and then created in Spira

A message will show at the top of the page informing the user when information is sent or if there was a problem.

Test Case Details Page

When a user goes to the testc ase details page, they will see an extra button in the toolbar. To generate relevant data they should follow these steps:

  • Click the "Azure OpenAI" button
  • Select the artifact to generate (e.g. Test Steps)

toolbar button

  • This will send the test case name (and optionally the description) to Azure OpenAI
  • The information coming back is parsed and analyzed by the SpiraApp and then created in Spira

A message will show at the top of the page informing the user when information is sent or if there was a problem.

Task Details Page

When a user goes to the task details page, they will see an extra button in the toolbar. To generate relevant data they should follow these steps:

  • Click the "Azure OpenAI" button
  • Select the type of code to generate (e.g. Source Code)

toolbar button

Once you choose the appropriate code generation option, a dialog box will be displayed where you can choose which programming langauage (and optionally unit test framework) to use:

code generation dialog box

  • This will send the task name (and optionally the description) to Azure OpenAI
  • The information coming back is parsed and analyzed by the SpiraApp and then created in Spira

A message will show at the top of the page informing the user when information is sent or if there was a problem.

Risk Details Page

When a user goes to the risk details page, they will see an extra button in the toolbar. To generate relevant data they should follow these steps:

  • Click the "Azure OpenAI" button
  • Select the artifact to generate (e.g. Mitigations)

toolbar button

  • This will send the risk name (and optionally the description) to Azure OpenAI
  • The information coming back is parsed and analyzed by the SpiraApp and then created in Spira

A message will show at the top of the page informing the user when information is sent or if there was a problem.

Extra details to be aware of

  • The generated artifacts only have their names and descriptions populated, with the exception of test cases that will have detailed test steps.
  • To generate artifacts the user must have create permission for that artifact.
  • BDD steps can only be generated on requirements of types that support steps.