Skip to main content

Configuration Overview

The Nova Act CLI uses a multi-layered configuration system:
  1. State Files: Per-region workflow tracking
  2. User Config: Global CLI preferences
  3. AWS Profiles: Credential management
  4. Environment Variables: Runtime configuration

State Management

State File Structure

Workflows are stored in separate state files per AWS account and region: 
~/.act_cli/
├── state/
│   ├── 123456789012/              # AWS Account ID
│   │   ├── us-east-1/
│   │   │   └── workflows.json     # Region-specific state
│   │   └── us-west-2/
│   │       └── workflows.json
│   └── 987654321098/
│       └── us-east-1/
│           └── workflows.json
├── builds/                        # Build artifacts
│   └── {workflow-name}/
└── config.yml                     # User preferences

State File Format

{
  "workflows": {
    "my-workflow": {
      "name": "my-workflow",
      "directory_path": "/path/to/build/dir/",
      "created_at": "2024-10-30T12:51:39.000Z",
      "workflow_definition_arn": "arn:aws:nova-act:us-east-1:123456789012:workflow-definition/my-workflow",
      "deployments": {
        "agentcore": {
          "deployment_arn": "arn:aws:bedrock-agentcore:us-east-1:123456789012:runtime/my_workflow_abc123",
          "image_uri": "123456789012.dkr.ecr.us-east-1.amazonaws.com/nova-act-cli-default:my-workflow-20241030-125139",
          "image_tag": "my-workflow-20241030-125139"
        }
      },
      "metadata": null,
      "last_image_tag": "my-workflow-20241030-125139"
    }
  },
  "last_updated": "2024-10-30T12:51:39.000Z",
  "version": "1.0"
}

State Schema Fields

WorkflowInfo Fields

FieldTypeDescription
namestringWorkflow identifier
directory_pathstringPath to source/build directory (updated on each deployment)
created_attimestampWorkflow creation timestamp
workflow_definition_arnstringARN of associated WorkflowDefinition (optional)
deployments.agentcoreobjectAgentCore deployment information
metadataobjectCustom metadata dictionary (optional)
last_image_tagstringMost recent image tag used

AgentCore Deployment Fields

FieldTypeDescription
deployment_arnstringARN of AgentCore runtime
image_uristringFull ECR image URI
image_tagstringImage tag used for deployment

File Locking

The CLI uses file locking to protect concurrent operations: 
# Lock files are automatically created
~/.act_cli/state/123456789012-us-east-1.lock
Lock Timeout: 30 secondsIf a CLI operation is already in progress, subsequent commands wait up to 30 seconds for the lock to be released.

State Isolation

State is isolated by:
  • AWS Account ID: Each account has its own directory
  • Region: Each region has its own state file
# Operations in us-east-1
act workflow create --name workflow-a --region us-east-1

# Operations in us-west-2 (completely isolated)
act workflow create --name workflow-a --region us-west-2

# Same workflow name, different regions, no conflicts

User Configuration

Config File Location

User preferences are stored in: 
~/.act_cli/config.yml

Config File Format

theme:
  name: default  # Options: default, minimal, none
  enabled: true

default_region: us-east-1

# Future configuration options will be added here

Theme Configuration

Customize CLI output styling:
Full color output with emojis and styling:
config.yml
theme:
  name: default
  enabled: true
Best for:
  • Interactive terminal usage
  • Development environments
  • Colorful, rich output

Theme via Environment Variable

Override theme configuration: 
# Set for current session
export ACT_CLI_THEME=none
act workflow deploy --source-dir /path/to/code

# Set for single command
ACT_CLI_THEME=minimal act workflow list

Default Region

Set a default region for all commands:
config.yml
default_region: us-east-1
Override with --region flag: 
act workflow deploy --name my-workflow --region us-west-2

AWS Profiles

The CLI supports AWS credential profiles from ~/.aws/credentials.

Configure Profiles

Create multiple profiles:
~/.aws/credentials
[default]
aws_access_key_id = DEFAULT_ACCESS_KEY
aws_secret_access_key = DEFAULT_SECRET_KEY

[development]
aws_access_key_id = DEV_ACCESS_KEY
aws_secret_access_key = DEV_SECRET_KEY

[production]
aws_access_key_id = PROD_ACCESS_KEY
aws_secret_access_key = PROD_SECRET_KEY
role_arn = arn:aws:iam::123456789012:role/ProductionRole

Use Profiles

Important: The --profile option must come before the subcommand.
# ✅ Correct: Profile before subcommand
act workflow --profile development deploy --name my-workflow --source-dir ./code

# ❌ Incorrect: Profile after subcommand
act workflow deploy --profile development --name my-workflow --source-dir ./code

Profile Examples

act workflow --profile production deploy \
  --name customer-workflow \
  --source-dir ./code

Environment Variables

CLI Environment Variables

Configure CLI behavior:
VariableDescriptionValues
ACT_CLI_THEMEOutput styling themedefault, minimal, none
AWS_PROFILEDefault AWS profileProfile name from ~/.aws/credentials
AWS_DEFAULT_REGIONDefault AWS regionAWS region code (e.g., us-east-1)
AWS_ACCESS_KEY_IDAWS access keyAWS access key
AWS_SECRET_ACCESS_KEYAWS secret keyAWS secret key

Set CLI Environment Variables

# Output theme
export ACT_CLI_THEME=minimal

# AWS configuration
export AWS_PROFILE=production
export AWS_DEFAULT_REGION=us-east-1

# Or set credentials directly
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"

Workflow Environment Variables

Pass environment variables to your workflow at runtime using AC_HANDLER_ENV: 
act workflow run --name my-workflow --payload '{
  "AC_HANDLER_ENV": {
    "NOVA_ACT_API_KEY": "your-api-key-here",
    "DEBUG": "true",
    "LOG_LEVEL": "info"
  },
  "input": "data"
}'

How It Works

1

Include AC_HANDLER_ENV in Payload

Add environment variables to the payload:
{
  "AC_HANDLER_ENV": {
    "NOVA_ACT_API_KEY": "your-key",
    "CUSTOM_VAR": "value"
  },
  "input": "your workflow input"
}
2

AgentCore Extracts Variables

The AgentCore handler automatically:
  1. Extracts AC_HANDLER_ENV from payload
  2. Sets variables in os.environ
  3. Removes AC_HANDLER_ENV from payload before passing to your workflow
3

Access in Workflow Code

Use os.environ in your workflow:
main.py
import os

def main(payload):
    # Access environment variables
    api_key = os.environ.get("NOVA_ACT_API_KEY")
    debug = os.environ.get("DEBUG", "false") == "true"
    
    if debug:
        print(f"API Key: {api_key[:4]}...")
    
    # Your workflow logic
    input_data = payload.get("input")
    return {"result": f"Processed: {input_data}"}

Common Use Cases

Pass sensitive credentials without hardcoding:
act workflow run --name my-workflow --payload '{
  "AC_HANDLER_ENV": {
    "NOVA_ACT_API_KEY": "prod-key-12345",
    "DATABASE_URL": "postgresql://...",
    "STRIPE_API_KEY": "sk_live_..."
  },
  "order_id": "12345"
}'
Enable/disable features dynamically:
act workflow run --name my-workflow --payload '{
  "AC_HANDLER_ENV": {
    "ENABLE_CACHING": "true",
    "ENABLE_RETRY": "false",
    "MAX_RETRIES": "3"
  },
  "input": "data"
}'
Control logging and debugging:
act workflow run --name my-workflow --payload '{
  "AC_HANDLER_ENV": {
    "DEBUG": "true",
    "LOG_LEVEL": "debug",
    "TRACE_ENABLED": "true"
  },
  "input": "test"
}'
Test with different configurations:
# Development
act workflow run --name my-workflow --payload '{
  "AC_HANDLER_ENV": {
    "ENVIRONMENT": "development",
    "API_ENDPOINT": "https://dev.api.example.com"
  },
  "input": "test"
}'

# Production
act workflow run --name my-workflow --payload '{
  "AC_HANDLER_ENV": {
    "ENVIRONMENT": "production",
    "API_ENDPOINT": "https://api.example.com"
  },
  "input": "real-data"
}'

Benefits of AC_HANDLER_ENV

No Redeployment

Change configuration without rebuilding containers

Per-Execution Config

Pass different credentials for each run

Security

Keep secrets out of code and containers

Testing

Test with different settings instantly

Region Configuration

Set Default Region

Configure a default region:
~/.act_cli/config.yml
default_region: us-east-1
Or via environment variable: 
export AWS_DEFAULT_REGION=us-east-1

Override Region

Specify region per command: 
# Create in specific region
act workflow create --name my-workflow --region us-west-2

# Deploy to specific region
act workflow deploy --name my-workflow --source-dir ./code --region us-west-2

# Run in specific region
act workflow run --name my-workflow --payload '{}' --region us-west-2

Region Precedence

Region resolution order:
  1. --region command flag (highest priority)
  2. AWS_DEFAULT_REGION environment variable
  3. default_region in ~/.act_cli/config.yml
  4. AWS CLI default region from ~/.aws/config
Important: The AWS Nova Act service is currently only available in us-east-1.

File Locations Reference

User Data

PathDescription
~/.act_cli/state/{account_id}/{region}/workflows.jsonRegion-specific workflow state
~/.act_cli/config.ymlUser configuration
~/.act_cli/builds/{workflow-name}/Build artifacts (persistent)

Lock Files

PathDescription
~/.act_cli/state/{account_id}-{region}.lockTemporary lock for concurrent access

AWS Configuration

PathDescription
~/.aws/credentialsAWS access keys and profiles
~/.aws/configAWS CLI configuration

Configuration Best Practices

Separate development and production:
~/.aws/credentials
[dev]
aws_access_key_id = DEV_KEY
aws_secret_access_key = DEV_SECRET

[prod]
aws_access_key_id = PROD_KEY
aws_secret_access_key = PROD_SECRET

# Development workflow
act workflow --profile dev create --name test-feature
act workflow --profile dev deploy --name test-feature --source-dir ./code

# Production workflow
act workflow --profile prod deploy --name stable-feature --source-dir ./code
Configure your primary region to avoid repetitive --region flags:
~/.act_cli/config.yml
default_region: us-east-1
In CI/CD pipelines, use environment variables:
.github/workflows/deploy.yml
env:
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  AWS_DEFAULT_REGION: us-east-1
  ACT_CLI_THEME: none

steps:
  - run: act workflow deploy --name production-workflow --source-dir ./code
Never hardcode secrets in code:
# ❌ Bad: Secrets in code
# main.py
API_KEY = "hardcoded-key"  # Don't do this!

# ✅ Good: Secrets in payload
act workflow run --name my-workflow --payload '{
  "AC_HANDLER_ENV": {
    "API_KEY": "your-key"
  }
}'

# main.py
import os

def main(payload):
    api_key = os.environ.get("API_KEY")  # ✅ Read from environment
Periodically remove old builds:
# Remove specific workflow builds
rm -rf ~/.act_cli/builds/old-workflow

# Remove builds older than 30 days
find ~/.act_cli/builds -type d -mtime +30 -exec rm -rf {} +

Troubleshooting Configuration

Symptom: CLI fails to read workflow stateSolution:
# Backup corrupted state
cp ~/.act_cli/state/123456789012/us-east-1/workflows.json \
   ~/.act_cli/state/123456789012/us-east-1/workflows.json.backup

# Reset state (WARNING: Loses local configuration)
rm ~/.act_cli/state/123456789012/us-east-1/workflows.json

# Recreate workflows
act workflow create --name my-workflow
Error:
Profile 'production' not found in ~/.aws/credentials
Solution:
# List available profiles
cat ~/.aws/credentials | grep '\['

# Configure missing profile
aws configure --profile production
Issue: Workflow not found in specified regionSolution:
# Check all regions
ls ~/.act_cli/state/123456789012/

# View workflows in specific region
act workflow list --region us-east-1
act workflow list --region us-west-2
Symptom: CLI hangs waiting for lockSolution:
# Remove stale lock file
rm ~/.act_cli/state/123456789012-us-east-1.lock

# Retry operation
act workflow deploy --name my-workflow --source-dir ./code
Only remove lock files if you’re certain no other CLI operations are running.

Next Steps

Commands Reference

Explore all CLI commands

Deployment Guide

Deploy your workflows

CLI Overview

Learn about CLI features

Installation

Install and configure prerequisites

Build docs developers (and LLMs) love

Get started for freeTalk to us