Add Codex CLI with OpenAI API key example on AgentCore Runtime

[Sushant20]

Issue number: #[1514]

Concise description of the PR

Add Codex CLI with OpenAI API key integration on AgentCore Runtime, demonstrating how to deploy
OpenAI-powered coding agents with persistent S3 Files storage and secure API key management via
AWS Secrets Manager. This complements the existing Claude Code examples by showing how to integrate
third-party LLM providers with AgentCore Runtime.

User experience

Before this change:

• Users only had examples using Claude Code with Bedrock models
• No examples showing how to integrate third-party LLM providers (OpenAI, etc.) with AgentCore Runtime
• No guidance on secure API key management for external services

After this change:

• Users can deploy Codex CLI agents powered by OpenAI's GPT-4o on AgentCore Runtime
• Complete example showing AWS Secrets Manager integration for secure API key storage
• Demonstrates the same persistent storage pattern (S3 Files) as Claude Code examples
• Clear documentation on setup, prerequisites, and troubleshooting
• Architecture diagram showing integration points (Runtime → Secrets Manager → OpenAI)

Key features:

• Codex CLI running in containerized AgentCore Runtime
• S3 Files mounted at /mnt/s3files for persistent cross-session storage
• Secure OpenAI API key retrieval from AWS Secrets Manager at container startup
• VPC-isolated deployment with proper IAM scoping
• Full lifecycle scripts: setup.sh, deploy.py, invoke.py, update.py, cleanup.py
• Comprehensive error handling and troubleshooting guidance

Checklist

• I have reviewed the contributing guidelines
• Add your name to CONTRIBUTORS.md
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?
• Are you uploading a dataset? N/A - No datasets
• Have you documented Introduction, Architecture Diagram, Prerequisites, Usage, Sample Prompts, and Clean Up steps in your example README?
  • ✅ Introduction: Overview of Codex CLI deployment with S3 Files
  • ✅ Architecture Diagram: Shows Runtime, S3 Files, Secrets Manager, and S3 Bucket
  • ✅ Prerequisites: Python 3.13, Docker, AWS credentials, OpenAI API key setup
  • ✅ Usage: 5-step guide (setup, deploy, invoke, exec, cleanup)
  • ✅ Sample Prompts: Creating scripts, cross-session usage examples
  • ✅ Clean Up: cleanup.py and cleanup.sh scripts
• I agree to resolve any issues created for this example in the future.
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

---

Implementation Details

Files Added:

• Dockerfile - Codex CLI container with OpenAI configuration
• README.md - Complete documentation with architecture, setup, and usage
• cfn-vpc.yaml - VPC infrastructure with S3 Files setup
• codex-config.toml - Codex configuration pointing to OpenAI models
• entrypoint.sh - Secure credential loading from Secrets Manager with error handling
• server.js - HTTP server for AgentCore Runtime protocol
• deploy.py - IAM role and runtime creation with Secrets Manager permissions
• invoke.py - Agent invocation with session management
• exec_cmd.py - Direct command execution in running sessions
• update.py - Runtime updates for image/config changes
• cleanup.py / cleanup.sh - Resource cleanup scripts
• setup.sh - Infrastructure setup and Docker image build

Key Improvements:

• ✅ Added comprehensive OpenAI API Key setup section in README with Secrets Manager commands
• ✅ Updated architecture diagram to include AWS Secrets Manager
• ✅ Added error handling in entrypoint.sh for missing secrets with helpful messages
• ✅ Fixed all Claude references to Codex CLI across all files
• ✅ Corrected model descriptions (Claude Sonnet 4.6 → OpenAI gpt-4o)
• ✅ IAM permissions include secretsmanager:GetSecretValue for secure API key retrieval
• ✅ Added Sushant20 to CONTRIBUTORS.md

Similar Examples:

This example follows the same pattern as:

• 01-claude-code-with-s3-files - Same infrastructure, different LLM provider

[Sushant20]

PR Ready for Review ✅

This PR has been updated and is now ready for review:

Completed:

• ✅ Moved from 01-tutorials to 06-workshops folder structure to align with repository reorganization
• ✅ Removed all "skills" references (changed to "scripts") to avoid confusion with Claude Code features
• ✅ Tested all examples - verified working correctly
• ✅ Issue 01-tutorials - Add Codex CLI with OpenAI API Key Example on AgentCore Runtime #1514 created and linked
• ✅ CONTRIBUTORS.md updated
• ✅ All documentation requirements met (Introduction, Architecture, Prerequisites, Usage, Sample Prompts, Clean Up)
• ✅ Self-review and testing completed
• ✅ Marked as ready for review (removed draft status)

Maintainer Action Needed:

Could a maintainer please add the review ready label? I don't have permissions to add labels as an external contributor.

The PR is now at: 06-workshops/01-AgentCore-runtime/12-coding-agents/03-codex-with-s3-files-openai-api-key

Thank you! 🙏

[Sushant20]

@BharathiSrini Could you please review this PR when you have a moment?

This PR adds a Codex CLI example with OpenAI API key integration to 06-workshops/01-AgentCore-runtime/12-coding-agents/. It follows the same pattern as the existing Claude Code examples but demonstrates third-party LLM integration.

PR Status:

• ✅ All checklist items completed
• ✅ Tested and working
• ✅ Migrated to correct folder structure
• ✅ Issue 01-tutorials - Add Codex CLI with OpenAI API Key Example on AgentCore Runtime #1514 linked
• ⏳ Needs "Review Ready" label (external contributor can't add it)

Thank you!