Viewing docs for AWS v7.26.0
published on Thursday, Apr 16, 2026 by Pulumi
published on Thursday, Apr 16, 2026 by Pulumi
Viewing docs for AWS v7.26.0
published on Thursday, Apr 16, 2026 by Pulumi
published on Thursday, Apr 16, 2026 by Pulumi
Manages an AWS Bedrock AgentCore Gateway. With Gateway, developers can convert APIs, Lambda functions, and existing services into Model Context Protocol (MCP)-compatible tools.
Example Usage
Gateway with JWT Authorization
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: ["sts:AssumeRole"],
principals: [{
type: "Service",
identifiers: ["bedrock-agentcore.amazonaws.com"],
}],
}],
});
const example = new aws.iam.Role("example", {
name: "bedrock-agentcore-gateway-role",
assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const exampleAgentcoreGateway = new aws.bedrock.AgentcoreGateway("example", {
name: "example-gateway",
roleArn: example.arn,
authorizerType: "CUSTOM_JWT",
authorizerConfiguration: {
customJwtAuthorizer: {
discoveryUrl: "https://accounts.google.com/.well-known/openid-configuration",
allowedAudiences: [
"test1",
"test2",
],
},
},
protocolType: "MCP",
});
import pulumi
import pulumi_aws as aws
assume_role = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"actions": ["sts:AssumeRole"],
"principals": [{
"type": "Service",
"identifiers": ["bedrock-agentcore.amazonaws.com"],
}],
}])
example = aws.iam.Role("example",
name="bedrock-agentcore-gateway-role",
assume_role_policy=assume_role.json)
example_agentcore_gateway = aws.bedrock.AgentcoreGateway("example",
name="example-gateway",
role_arn=example.arn,
authorizer_type="CUSTOM_JWT",
authorizer_configuration={
"custom_jwt_authorizer": {
"discovery_url": "https://accounts.google.com/.well-known/openid-configuration",
"allowed_audiences": [
"test1",
"test2",
],
},
},
protocol_type="MCP")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/bedrock"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"sts:AssumeRole",
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"bedrock-agentcore.amazonaws.com",
},
},
},
},
},
}, nil)
if err != nil {
return err
}
example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
Name: pulumi.String("bedrock-agentcore-gateway-role"),
AssumeRolePolicy: pulumi.String(pulumi.String(assumeRole.Json)),
})
if err != nil {
return err
}
_, err = bedrock.NewAgentcoreGateway(ctx, "example", &bedrock.AgentcoreGatewayArgs{
Name: pulumi.String("example-gateway"),
RoleArn: example.Arn,
AuthorizerType: pulumi.String("CUSTOM_JWT"),
AuthorizerConfiguration: &bedrock.AgentcoreGatewayAuthorizerConfigurationArgs{
CustomJwtAuthorizer: &bedrock.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs{
DiscoveryUrl: pulumi.String("https://accounts.google.com/.well-known/openid-configuration"),
AllowedAudiences: pulumi.StringArray{
pulumi.String("test1"),
pulumi.String("test2"),
},
},
},
ProtocolType: pulumi.String("MCP"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"sts:AssumeRole",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"bedrock-agentcore.amazonaws.com",
},
},
},
},
},
});
var example = new Aws.Iam.Role("example", new()
{
Name = "bedrock-agentcore-gateway-role",
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var exampleAgentcoreGateway = new Aws.Bedrock.AgentcoreGateway("example", new()
{
Name = "example-gateway",
RoleArn = example.Arn,
AuthorizerType = "CUSTOM_JWT",
AuthorizerConfiguration = new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationArgs
{
CustomJwtAuthorizer = new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs
{
DiscoveryUrl = "https://accounts.google.com/.well-known/openid-configuration",
AllowedAudiences = new[]
{
"test1",
"test2",
},
},
},
ProtocolType = "MCP",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.bedrock.AgentcoreGateway;
import com.pulumi.aws.bedrock.AgentcoreGatewayArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayAuthorizerConfigurationArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("bedrock-agentcore.amazonaws.com")
.build())
.build())
.build());
var example = new Role("example", RoleArgs.builder()
.name("bedrock-agentcore-gateway-role")
.assumeRolePolicy(assumeRole.json())
.build());
var exampleAgentcoreGateway = new AgentcoreGateway("exampleAgentcoreGateway", AgentcoreGatewayArgs.builder()
.name("example-gateway")
.roleArn(example.arn())
.authorizerType("CUSTOM_JWT")
.authorizerConfiguration(AgentcoreGatewayAuthorizerConfigurationArgs.builder()
.customJwtAuthorizer(AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs.builder()
.discoveryUrl("https://accounts.google.com/.well-known/openid-configuration")
.allowedAudiences(
"test1",
"test2")
.build())
.build())
.protocolType("MCP")
.build());
}
}
resources:
example:
type: aws:iam:Role
properties:
name: bedrock-agentcore-gateway-role
assumeRolePolicy: ${assumeRole.json}
exampleAgentcoreGateway:
type: aws:bedrock:AgentcoreGateway
name: example
properties:
name: example-gateway
roleArn: ${example.arn}
authorizerType: CUSTOM_JWT
authorizerConfiguration:
customJwtAuthorizer:
discoveryUrl: https://accounts.google.com/.well-known/openid-configuration
allowedAudiences:
- test1
- test2
protocolType: MCP
variables:
assumeRole:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
actions:
- sts:AssumeRole
principals:
- type: Service
identifiers:
- bedrock-agentcore.amazonaws.com
Gateway with advanced JWT Authorization and MCP Configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.bedrock.AgentcoreGateway("example", {
name: "mcp-gateway",
description: "Gateway for MCP communication",
roleArn: exampleAwsIamRole.arn,
authorizerType: "CUSTOM_JWT",
authorizerConfiguration: {
customJwtAuthorizer: {
discoveryUrl: "https://auth.example.com/.well-known/openid-configuration",
allowedAudiences: [
"app-client",
"web-client",
],
allowedClients: [
"client-123",
"client-456",
],
allowedScopes: [
"openid",
"email",
],
},
},
protocolType: "MCP",
protocolConfiguration: {
mcp: {
instructions: "Gateway for handling MCP requests",
searchType: "HYBRID",
supportedVersions: [
"2025-03-26",
"2025-06-18",
],
},
},
});
import pulumi
import pulumi_aws as aws
example = aws.bedrock.AgentcoreGateway("example",
name="mcp-gateway",
description="Gateway for MCP communication",
role_arn=example_aws_iam_role["arn"],
authorizer_type="CUSTOM_JWT",
authorizer_configuration={
"custom_jwt_authorizer": {
"discovery_url": "https://auth.example.com/.well-known/openid-configuration",
"allowed_audiences": [
"app-client",
"web-client",
],
"allowed_clients": [
"client-123",
"client-456",
],
"allowed_scopes": [
"openid",
"email",
],
},
},
protocol_type="MCP",
protocol_configuration={
"mcp": {
"instructions": "Gateway for handling MCP requests",
"search_type": "HYBRID",
"supported_versions": [
"2025-03-26",
"2025-06-18",
],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/bedrock"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := bedrock.NewAgentcoreGateway(ctx, "example", &bedrock.AgentcoreGatewayArgs{
Name: pulumi.String("mcp-gateway"),
Description: pulumi.String("Gateway for MCP communication"),
RoleArn: pulumi.Any(exampleAwsIamRole.Arn),
AuthorizerType: pulumi.String("CUSTOM_JWT"),
AuthorizerConfiguration: &bedrock.AgentcoreGatewayAuthorizerConfigurationArgs{
CustomJwtAuthorizer: &bedrock.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs{
DiscoveryUrl: pulumi.String("https://auth.example.com/.well-known/openid-configuration"),
AllowedAudiences: pulumi.StringArray{
pulumi.String("app-client"),
pulumi.String("web-client"),
},
AllowedClients: pulumi.StringArray{
pulumi.String("client-123"),
pulumi.String("client-456"),
},
AllowedScopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
},
},
ProtocolType: pulumi.String("MCP"),
ProtocolConfiguration: &bedrock.AgentcoreGatewayProtocolConfigurationArgs{
Mcp: &bedrock.AgentcoreGatewayProtocolConfigurationMcpArgs{
Instructions: pulumi.String("Gateway for handling MCP requests"),
SearchType: pulumi.String("HYBRID"),
SupportedVersions: pulumi.StringArray{
pulumi.String("2025-03-26"),
pulumi.String("2025-06-18"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Bedrock.AgentcoreGateway("example", new()
{
Name = "mcp-gateway",
Description = "Gateway for MCP communication",
RoleArn = exampleAwsIamRole.Arn,
AuthorizerType = "CUSTOM_JWT",
AuthorizerConfiguration = new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationArgs
{
CustomJwtAuthorizer = new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs
{
DiscoveryUrl = "https://auth.example.com/.well-known/openid-configuration",
AllowedAudiences = new[]
{
"app-client",
"web-client",
},
AllowedClients = new[]
{
"client-123",
"client-456",
},
AllowedScopes = new[]
{
"openid",
"email",
},
},
},
ProtocolType = "MCP",
ProtocolConfiguration = new Aws.Bedrock.Inputs.AgentcoreGatewayProtocolConfigurationArgs
{
Mcp = new Aws.Bedrock.Inputs.AgentcoreGatewayProtocolConfigurationMcpArgs
{
Instructions = "Gateway for handling MCP requests",
SearchType = "HYBRID",
SupportedVersions = new[]
{
"2025-03-26",
"2025-06-18",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.bedrock.AgentcoreGateway;
import com.pulumi.aws.bedrock.AgentcoreGatewayArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayAuthorizerConfigurationArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayProtocolConfigurationArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayProtocolConfigurationMcpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new AgentcoreGateway("example", AgentcoreGatewayArgs.builder()
.name("mcp-gateway")
.description("Gateway for MCP communication")
.roleArn(exampleAwsIamRole.arn())
.authorizerType("CUSTOM_JWT")
.authorizerConfiguration(AgentcoreGatewayAuthorizerConfigurationArgs.builder()
.customJwtAuthorizer(AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs.builder()
.discoveryUrl("https://auth.example.com/.well-known/openid-configuration")
.allowedAudiences(
"app-client",
"web-client")
.allowedClients(
"client-123",
"client-456")
.allowedScopes(
"openid",
"email")
.build())
.build())
.protocolType("MCP")
.protocolConfiguration(AgentcoreGatewayProtocolConfigurationArgs.builder()
.mcp(AgentcoreGatewayProtocolConfigurationMcpArgs.builder()
.instructions("Gateway for handling MCP requests")
.searchType("HYBRID")
.supportedVersions(
"2025-03-26",
"2025-06-18")
.build())
.build())
.build());
}
}
resources:
example:
type: aws:bedrock:AgentcoreGateway
properties:
name: mcp-gateway
description: Gateway for MCP communication
roleArn: ${exampleAwsIamRole.arn}
authorizerType: CUSTOM_JWT
authorizerConfiguration:
customJwtAuthorizer:
discoveryUrl: https://auth.example.com/.well-known/openid-configuration
allowedAudiences:
- app-client
- web-client
allowedClients:
- client-123
- client-456
allowedScopes:
- openid
- email
protocolType: MCP
protocolConfiguration:
mcp:
instructions: Gateway for handling MCP requests
searchType: HYBRID
supportedVersions:
- 2025-03-26
- 2025-06-18
Gateway with Interceptor Configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const interceptor = new aws.lambda.Function("interceptor", {
code: new pulumi.asset.FileArchive("interceptor.zip"),
name: "gateway-interceptor",
role: lambda.arn,
handler: "index.handler",
runtime: aws.lambda.Runtime.Python3d12,
});
const example = new aws.bedrock.AgentcoreGateway("example", {
name: "gateway-with-interceptor",
roleArn: exampleAwsIamRole.arn,
authorizerType: "AWS_IAM",
protocolType: "MCP",
interceptorConfigurations: [{
interceptionPoints: [
"REQUEST",
"RESPONSE",
],
interceptor: {
lambda: {
arn: interceptor.arn,
},
},
inputConfiguration: {
passRequestHeaders: true,
},
}],
});
import pulumi
import pulumi_aws as aws
interceptor = aws.lambda_.Function("interceptor",
code=pulumi.FileArchive("interceptor.zip"),
name="gateway-interceptor",
role=lambda_["arn"],
handler="index.handler",
runtime=aws.lambda_.Runtime.PYTHON3D12)
example = aws.bedrock.AgentcoreGateway("example",
name="gateway-with-interceptor",
role_arn=example_aws_iam_role["arn"],
authorizer_type="AWS_IAM",
protocol_type="MCP",
interceptor_configurations=[{
"interception_points": [
"REQUEST",
"RESPONSE",
],
"interceptor": {
"lambda_": {
"arn": interceptor.arn,
},
},
"input_configuration": {
"pass_request_headers": True,
},
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/bedrock"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
interceptor, err := lambda.NewFunction(ctx, "interceptor", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("interceptor.zip"),
Name: pulumi.String("gateway-interceptor"),
Role: pulumi.Any(lambda.Arn),
Handler: pulumi.String("index.handler"),
Runtime: pulumi.String(lambda.RuntimePython3d12),
})
if err != nil {
return err
}
_, err = bedrock.NewAgentcoreGateway(ctx, "example", &bedrock.AgentcoreGatewayArgs{
Name: pulumi.String("gateway-with-interceptor"),
RoleArn: pulumi.Any(exampleAwsIamRole.Arn),
AuthorizerType: pulumi.String("AWS_IAM"),
ProtocolType: pulumi.String("MCP"),
InterceptorConfigurations: bedrock.AgentcoreGatewayInterceptorConfigurationArray{
&bedrock.AgentcoreGatewayInterceptorConfigurationArgs{
InterceptionPoints: pulumi.StringArray{
pulumi.String("REQUEST"),
pulumi.String("RESPONSE"),
},
Interceptor: &bedrock.AgentcoreGatewayInterceptorConfigurationInterceptorArgs{
Lambda: &bedrock.AgentcoreGatewayInterceptorConfigurationInterceptorLambdaArgs{
Arn: interceptor.Arn,
},
},
InputConfiguration: &bedrock.AgentcoreGatewayInterceptorConfigurationInputConfigurationArgs{
PassRequestHeaders: pulumi.Bool(true),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var interceptor = new Aws.Lambda.Function("interceptor", new()
{
Code = new FileArchive("interceptor.zip"),
Name = "gateway-interceptor",
Role = lambda.Arn,
Handler = "index.handler",
Runtime = Aws.Lambda.Runtime.Python3d12,
});
var example = new Aws.Bedrock.AgentcoreGateway("example", new()
{
Name = "gateway-with-interceptor",
RoleArn = exampleAwsIamRole.Arn,
AuthorizerType = "AWS_IAM",
ProtocolType = "MCP",
InterceptorConfigurations = new[]
{
new Aws.Bedrock.Inputs.AgentcoreGatewayInterceptorConfigurationArgs
{
InterceptionPoints = new[]
{
"REQUEST",
"RESPONSE",
},
Interceptor = new Aws.Bedrock.Inputs.AgentcoreGatewayInterceptorConfigurationInterceptorArgs
{
Lambda = new Aws.Bedrock.Inputs.AgentcoreGatewayInterceptorConfigurationInterceptorLambdaArgs
{
Arn = interceptor.Arn,
},
},
InputConfiguration = new Aws.Bedrock.Inputs.AgentcoreGatewayInterceptorConfigurationInputConfigurationArgs
{
PassRequestHeaders = true,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.bedrock.AgentcoreGateway;
import com.pulumi.aws.bedrock.AgentcoreGatewayArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayInterceptorConfigurationArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayInterceptorConfigurationInterceptorArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayInterceptorConfigurationInterceptorLambdaArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreGatewayInterceptorConfigurationInputConfigurationArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var interceptor = new Function("interceptor", FunctionArgs.builder()
.code(new FileArchive("interceptor.zip"))
.name("gateway-interceptor")
.role(lambda.arn())
.handler("index.handler")
.runtime("python3.12")
.build());
var example = new AgentcoreGateway("example", AgentcoreGatewayArgs.builder()
.name("gateway-with-interceptor")
.roleArn(exampleAwsIamRole.arn())
.authorizerType("AWS_IAM")
.protocolType("MCP")
.interceptorConfigurations(AgentcoreGatewayInterceptorConfigurationArgs.builder()
.interceptionPoints(
"REQUEST",
"RESPONSE")
.interceptor(AgentcoreGatewayInterceptorConfigurationInterceptorArgs.builder()
.lambda(AgentcoreGatewayInterceptorConfigurationInterceptorLambdaArgs.builder()
.arn(interceptor.arn())
.build())
.build())
.inputConfiguration(AgentcoreGatewayInterceptorConfigurationInputConfigurationArgs.builder()
.passRequestHeaders(true)
.build())
.build())
.build());
}
}
resources:
interceptor:
type: aws:lambda:Function
properties:
code:
fn::FileArchive: interceptor.zip
name: gateway-interceptor
role: ${lambda.arn}
handler: index.handler
runtime: python3.12
example:
type: aws:bedrock:AgentcoreGateway
properties:
name: gateway-with-interceptor
roleArn: ${exampleAwsIamRole.arn}
authorizerType: AWS_IAM
protocolType: MCP
interceptorConfigurations:
- interceptionPoints:
- REQUEST
- RESPONSE
interceptor:
lambda:
arn: ${interceptor.arn}
inputConfiguration:
passRequestHeaders: true
Create AgentcoreGateway Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AgentcoreGateway(name: string, args: AgentcoreGatewayArgs, opts?: CustomResourceOptions);@overload
def AgentcoreGateway(resource_name: str,
args: AgentcoreGatewayArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AgentcoreGateway(resource_name: str,
opts: Optional[ResourceOptions] = None,
protocol_type: Optional[str] = None,
authorizer_type: Optional[str] = None,
role_arn: Optional[str] = None,
name: Optional[str] = None,
interceptor_configurations: Optional[Sequence[AgentcoreGatewayInterceptorConfigurationArgs]] = None,
kms_key_arn: Optional[str] = None,
authorizer_configuration: Optional[AgentcoreGatewayAuthorizerConfigurationArgs] = None,
protocol_configuration: Optional[AgentcoreGatewayProtocolConfigurationArgs] = None,
exception_level: Optional[str] = None,
region: Optional[str] = None,
description: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
timeouts: Optional[AgentcoreGatewayTimeoutsArgs] = None)func NewAgentcoreGateway(ctx *Context, name string, args AgentcoreGatewayArgs, opts ...ResourceOption) (*AgentcoreGateway, error)public AgentcoreGateway(string name, AgentcoreGatewayArgs args, CustomResourceOptions? opts = null)
public AgentcoreGateway(String name, AgentcoreGatewayArgs args)
public AgentcoreGateway(String name, AgentcoreGatewayArgs args, CustomResourceOptions options)
type: aws:bedrock:AgentcoreGateway
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AgentcoreGatewayArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AgentcoreGatewayArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AgentcoreGatewayArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AgentcoreGatewayArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AgentcoreGatewayArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var agentcoreGatewayResource = new Aws.Bedrock.AgentcoreGateway("agentcoreGatewayResource", new()
{
ProtocolType = "string",
AuthorizerType = "string",
RoleArn = "string",
Name = "string",
InterceptorConfigurations = new[]
{
new Aws.Bedrock.Inputs.AgentcoreGatewayInterceptorConfigurationArgs
{
InterceptionPoints = new[]
{
"string",
},
InputConfiguration = new Aws.Bedrock.Inputs.AgentcoreGatewayInterceptorConfigurationInputConfigurationArgs
{
PassRequestHeaders = false,
},
Interceptor = new Aws.Bedrock.Inputs.AgentcoreGatewayInterceptorConfigurationInterceptorArgs
{
Lambda = new Aws.Bedrock.Inputs.AgentcoreGatewayInterceptorConfigurationInterceptorLambdaArgs
{
Arn = "string",
},
},
},
},
KmsKeyArn = "string",
AuthorizerConfiguration = new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationArgs
{
CustomJwtAuthorizer = new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs
{
DiscoveryUrl = "string",
AllowedAudiences = new[]
{
"string",
},
AllowedClients = new[]
{
"string",
},
AllowedScopes = new[]
{
"string",
},
CustomClaims = new[]
{
new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimArgs
{
AuthorizingClaimMatchValue = new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueArgs
{
ClaimMatchOperator = "string",
ClaimMatchValue = new Aws.Bedrock.Inputs.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueClaimMatchValueArgs
{
MatchValueString = "string",
MatchValueStringLists = new[]
{
"string",
},
},
},
InboundTokenClaimName = "string",
InboundTokenClaimValueType = "string",
},
},
},
},
ProtocolConfiguration = new Aws.Bedrock.Inputs.AgentcoreGatewayProtocolConfigurationArgs
{
Mcp = new Aws.Bedrock.Inputs.AgentcoreGatewayProtocolConfigurationMcpArgs
{
Instructions = "string",
SearchType = "string",
SupportedVersions = new[]
{
"string",
},
},
},
ExceptionLevel = "string",
Region = "string",
Description = "string",
Tags =
{
{ "string", "string" },
},
Timeouts = new Aws.Bedrock.Inputs.AgentcoreGatewayTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
});
example, err := bedrock.NewAgentcoreGateway(ctx, "agentcoreGatewayResource", &bedrock.AgentcoreGatewayArgs{
ProtocolType: pulumi.String("string"),
AuthorizerType: pulumi.String("string"),
RoleArn: pulumi.String("string"),
Name: pulumi.String("string"),
InterceptorConfigurations: bedrock.AgentcoreGatewayInterceptorConfigurationArray{
&bedrock.AgentcoreGatewayInterceptorConfigurationArgs{
InterceptionPoints: pulumi.StringArray{
pulumi.String("string"),
},
InputConfiguration: &bedrock.AgentcoreGatewayInterceptorConfigurationInputConfigurationArgs{
PassRequestHeaders: pulumi.Bool(false),
},
Interceptor: &bedrock.AgentcoreGatewayInterceptorConfigurationInterceptorArgs{
Lambda: &bedrock.AgentcoreGatewayInterceptorConfigurationInterceptorLambdaArgs{
Arn: pulumi.String("string"),
},
},
},
},
KmsKeyArn: pulumi.String("string"),
AuthorizerConfiguration: &bedrock.AgentcoreGatewayAuthorizerConfigurationArgs{
CustomJwtAuthorizer: &bedrock.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs{
DiscoveryUrl: pulumi.String("string"),
AllowedAudiences: pulumi.StringArray{
pulumi.String("string"),
},
AllowedClients: pulumi.StringArray{
pulumi.String("string"),
},
AllowedScopes: pulumi.StringArray{
pulumi.String("string"),
},
CustomClaims: bedrock.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimArray{
&bedrock.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimArgs{
AuthorizingClaimMatchValue: &bedrock.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueArgs{
ClaimMatchOperator: pulumi.String("string"),
ClaimMatchValue: &bedrock.AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueClaimMatchValueArgs{
MatchValueString: pulumi.String("string"),
MatchValueStringLists: pulumi.StringArray{
pulumi.String("string"),
},
},
},
InboundTokenClaimName: pulumi.String("string"),
InboundTokenClaimValueType: pulumi.String("string"),
},
},
},
},
ProtocolConfiguration: &bedrock.AgentcoreGatewayProtocolConfigurationArgs{
Mcp: &bedrock.AgentcoreGatewayProtocolConfigurationMcpArgs{
Instructions: pulumi.String("string"),
SearchType: pulumi.String("string"),
SupportedVersions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ExceptionLevel: pulumi.String("string"),
Region: pulumi.String("string"),
Description: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Timeouts: &bedrock.AgentcoreGatewayTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var agentcoreGatewayResource = new AgentcoreGateway("agentcoreGatewayResource", AgentcoreGatewayArgs.builder()
.protocolType("string")
.authorizerType("string")
.roleArn("string")
.name("string")
.interceptorConfigurations(AgentcoreGatewayInterceptorConfigurationArgs.builder()
.interceptionPoints("string")
.inputConfiguration(AgentcoreGatewayInterceptorConfigurationInputConfigurationArgs.builder()
.passRequestHeaders(false)
.build())
.interceptor(AgentcoreGatewayInterceptorConfigurationInterceptorArgs.builder()
.lambda(AgentcoreGatewayInterceptorConfigurationInterceptorLambdaArgs.builder()
.arn("string")
.build())
.build())
.build())
.kmsKeyArn("string")
.authorizerConfiguration(AgentcoreGatewayAuthorizerConfigurationArgs.builder()
.customJwtAuthorizer(AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs.builder()
.discoveryUrl("string")
.allowedAudiences("string")
.allowedClients("string")
.allowedScopes("string")
.customClaims(AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimArgs.builder()
.authorizingClaimMatchValue(AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueArgs.builder()
.claimMatchOperator("string")
.claimMatchValue(AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueClaimMatchValueArgs.builder()
.matchValueString("string")
.matchValueStringLists("string")
.build())
.build())
.inboundTokenClaimName("string")
.inboundTokenClaimValueType("string")
.build())
.build())
.build())
.protocolConfiguration(AgentcoreGatewayProtocolConfigurationArgs.builder()
.mcp(AgentcoreGatewayProtocolConfigurationMcpArgs.builder()
.instructions("string")
.searchType("string")
.supportedVersions("string")
.build())
.build())
.exceptionLevel("string")
.region("string")
.description("string")
.tags(Map.of("string", "string"))
.timeouts(AgentcoreGatewayTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.build());
agentcore_gateway_resource = aws.bedrock.AgentcoreGateway("agentcoreGatewayResource",
protocol_type="string",
authorizer_type="string",
role_arn="string",
name="string",
interceptor_configurations=[{
"interception_points": ["string"],
"input_configuration": {
"pass_request_headers": False,
},
"interceptor": {
"lambda_": {
"arn": "string",
},
},
}],
kms_key_arn="string",
authorizer_configuration={
"custom_jwt_authorizer": {
"discovery_url": "string",
"allowed_audiences": ["string"],
"allowed_clients": ["string"],
"allowed_scopes": ["string"],
"custom_claims": [{
"authorizing_claim_match_value": {
"claim_match_operator": "string",
"claim_match_value": {
"match_value_string": "string",
"match_value_string_lists": ["string"],
},
},
"inbound_token_claim_name": "string",
"inbound_token_claim_value_type": "string",
}],
},
},
protocol_configuration={
"mcp": {
"instructions": "string",
"search_type": "string",
"supported_versions": ["string"],
},
},
exception_level="string",
region="string",
description="string",
tags={
"string": "string",
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
})
const agentcoreGatewayResource = new aws.bedrock.AgentcoreGateway("agentcoreGatewayResource", {
protocolType: "string",
authorizerType: "string",
roleArn: "string",
name: "string",
interceptorConfigurations: [{
interceptionPoints: ["string"],
inputConfiguration: {
passRequestHeaders: false,
},
interceptor: {
lambda: {
arn: "string",
},
},
}],
kmsKeyArn: "string",
authorizerConfiguration: {
customJwtAuthorizer: {
discoveryUrl: "string",
allowedAudiences: ["string"],
allowedClients: ["string"],
allowedScopes: ["string"],
customClaims: [{
authorizingClaimMatchValue: {
claimMatchOperator: "string",
claimMatchValue: {
matchValueString: "string",
matchValueStringLists: ["string"],
},
},
inboundTokenClaimName: "string",
inboundTokenClaimValueType: "string",
}],
},
},
protocolConfiguration: {
mcp: {
instructions: "string",
searchType: "string",
supportedVersions: ["string"],
},
},
exceptionLevel: "string",
region: "string",
description: "string",
tags: {
string: "string",
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
});
type: aws:bedrock:AgentcoreGateway
properties:
authorizerConfiguration:
customJwtAuthorizer:
allowedAudiences:
- string
allowedClients:
- string
allowedScopes:
- string
customClaims:
- authorizingClaimMatchValue:
claimMatchOperator: string
claimMatchValue:
matchValueString: string
matchValueStringLists:
- string
inboundTokenClaimName: string
inboundTokenClaimValueType: string
discoveryUrl: string
authorizerType: string
description: string
exceptionLevel: string
interceptorConfigurations:
- inputConfiguration:
passRequestHeaders: false
interceptionPoints:
- string
interceptor:
lambda:
arn: string
kmsKeyArn: string
name: string
protocolConfiguration:
mcp:
instructions: string
searchType: string
supportedVersions:
- string
protocolType: string
region: string
roleArn: string
tags:
string: string
timeouts:
create: string
delete: string
update: string
AgentcoreGateway Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AgentcoreGateway resource accepts the following input properties:
- string
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - Protocol
Type string - Protocol type for the gateway. Valid values:
MCP. - Role
Arn string ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
-
Agentcore
Gateway Authorizer Configuration - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - Description string
- Description of the gateway.
- Exception
Level string - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - Interceptor
Configurations List<AgentcoreGateway Interceptor Configuration> - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - Kms
Key stringArn - ARN of the KMS key used to encrypt the gateway data.
- Name string
- Name of the gateway.
- Protocol
Configuration AgentcoreGateway Protocol Configuration - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Agentcore
Gateway Timeouts
- string
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - Protocol
Type string - Protocol type for the gateway. Valid values:
MCP. - Role
Arn string ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
-
Agentcore
Gateway Authorizer Configuration Args - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - Description string
- Description of the gateway.
- Exception
Level string - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - Interceptor
Configurations []AgentcoreGateway Interceptor Configuration Args - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - Kms
Key stringArn - ARN of the KMS key used to encrypt the gateway data.
- Name string
- Name of the gateway.
- Protocol
Configuration AgentcoreGateway Protocol Configuration Args - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Agentcore
Gateway Timeouts Args
- String
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - protocol
Type String - Protocol type for the gateway. Valid values:
MCP. - role
Arn String ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
-
Agentcore
Gateway Authorizer Configuration - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - description String
- Description of the gateway.
- exception
Level String - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - interceptor
Configurations List<AgentcoreGateway Interceptor Configuration> - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - kms
Key StringArn - ARN of the KMS key used to encrypt the gateway data.
- name String
- Name of the gateway.
- protocol
Configuration AgentcoreGateway Protocol Configuration - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Agentcore
Gateway Timeouts
- string
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - protocol
Type string - Protocol type for the gateway. Valid values:
MCP. - role
Arn string ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
-
Agentcore
Gateway Authorizer Configuration - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - description string
- Description of the gateway.
- exception
Level string - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - interceptor
Configurations AgentcoreGateway Interceptor Configuration[] - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - kms
Key stringArn - ARN of the KMS key used to encrypt the gateway data.
- name string
- Name of the gateway.
- protocol
Configuration AgentcoreGateway Protocol Configuration - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Agentcore
Gateway Timeouts
- str
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - protocol_
type str - Protocol type for the gateway. Valid values:
MCP. - role_
arn str ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
-
Agentcore
Gateway Authorizer Configuration Args - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - description str
- Description of the gateway.
- exception_
level str - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - interceptor_
configurations Sequence[AgentcoreGateway Interceptor Configuration Args] - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - kms_
key_ strarn - ARN of the KMS key used to encrypt the gateway data.
- name str
- Name of the gateway.
- protocol_
configuration AgentcoreGateway Protocol Configuration Args - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Agentcore
Gateway Timeouts Args
- String
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - protocol
Type String - Protocol type for the gateway. Valid values:
MCP. - role
Arn String ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
- Property Map
- Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - description String
- Description of the gateway.
- exception
Level String - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - interceptor
Configurations List<Property Map> - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - kms
Key StringArn - ARN of the KMS key used to encrypt the gateway data.
- name String
- Name of the gateway.
- protocol
Configuration Property Map - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the AgentcoreGateway resource produces the following output properties:
- Gateway
Arn string - ARN of the Gateway.
- Gateway
Id string - Unique identifier of the Gateway.
- Gateway
Url string - URL endpoint for the gateway.
- Id string
- The provider-assigned unique ID for this managed resource.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - Workload
Identity List<AgentcoreDetails Gateway Workload Identity Detail> - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
- Gateway
Arn string - ARN of the Gateway.
- Gateway
Id string - Unique identifier of the Gateway.
- Gateway
Url string - URL endpoint for the gateway.
- Id string
- The provider-assigned unique ID for this managed resource.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - Workload
Identity []AgentcoreDetails Gateway Workload Identity Detail - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
- gateway
Arn String - ARN of the Gateway.
- gateway
Id String - Unique identifier of the Gateway.
- gateway
Url String - URL endpoint for the gateway.
- id String
- The provider-assigned unique ID for this managed resource.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - workload
Identity List<AgentcoreDetails Gateway Workload Identity Detail> - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
- gateway
Arn string - ARN of the Gateway.
- gateway
Id string - Unique identifier of the Gateway.
- gateway
Url string - URL endpoint for the gateway.
- id string
- The provider-assigned unique ID for this managed resource.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - workload
Identity AgentcoreDetails Gateway Workload Identity Detail[] - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
- gateway_
arn str - ARN of the Gateway.
- gateway_
id str - Unique identifier of the Gateway.
- gateway_
url str - URL endpoint for the gateway.
- id str
- The provider-assigned unique ID for this managed resource.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - workload_
identity_ Sequence[Agentcoredetails Gateway Workload Identity Detail] - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
- gateway
Arn String - ARN of the Gateway.
- gateway
Id String - Unique identifier of the Gateway.
- gateway
Url String - URL endpoint for the gateway.
- id String
- The provider-assigned unique ID for this managed resource.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - workload
Identity List<Property Map>Details - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
Look up Existing AgentcoreGateway Resource
Get an existing AgentcoreGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AgentcoreGatewayState, opts?: CustomResourceOptions): AgentcoreGateway@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authorizer_configuration: Optional[AgentcoreGatewayAuthorizerConfigurationArgs] = None,
authorizer_type: Optional[str] = None,
description: Optional[str] = None,
exception_level: Optional[str] = None,
gateway_arn: Optional[str] = None,
gateway_id: Optional[str] = None,
gateway_url: Optional[str] = None,
interceptor_configurations: Optional[Sequence[AgentcoreGatewayInterceptorConfigurationArgs]] = None,
kms_key_arn: Optional[str] = None,
name: Optional[str] = None,
protocol_configuration: Optional[AgentcoreGatewayProtocolConfigurationArgs] = None,
protocol_type: Optional[str] = None,
region: Optional[str] = None,
role_arn: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
timeouts: Optional[AgentcoreGatewayTimeoutsArgs] = None,
workload_identity_details: Optional[Sequence[AgentcoreGatewayWorkloadIdentityDetailArgs]] = None) -> AgentcoreGatewayfunc GetAgentcoreGateway(ctx *Context, name string, id IDInput, state *AgentcoreGatewayState, opts ...ResourceOption) (*AgentcoreGateway, error)public static AgentcoreGateway Get(string name, Input<string> id, AgentcoreGatewayState? state, CustomResourceOptions? opts = null)public static AgentcoreGateway get(String name, Output<String> id, AgentcoreGatewayState state, CustomResourceOptions options)resources: _: type: aws:bedrock:AgentcoreGateway get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
-
Agentcore
Gateway Authorizer Configuration - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - string
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - Description string
- Description of the gateway.
- Exception
Level string - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - Gateway
Arn string - ARN of the Gateway.
- Gateway
Id string - Unique identifier of the Gateway.
- Gateway
Url string - URL endpoint for the gateway.
- Interceptor
Configurations List<AgentcoreGateway Interceptor Configuration> - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - Kms
Key stringArn - ARN of the KMS key used to encrypt the gateway data.
- Name string
- Name of the gateway.
- Protocol
Configuration AgentcoreGateway Protocol Configuration - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - Protocol
Type string - Protocol type for the gateway. Valid values:
MCP. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Role
Arn string ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - Timeouts
Agentcore
Gateway Timeouts - Workload
Identity List<AgentcoreDetails Gateway Workload Identity Detail> - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
-
Agentcore
Gateway Authorizer Configuration Args - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - string
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - Description string
- Description of the gateway.
- Exception
Level string - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - Gateway
Arn string - ARN of the Gateway.
- Gateway
Id string - Unique identifier of the Gateway.
- Gateway
Url string - URL endpoint for the gateway.
- Interceptor
Configurations []AgentcoreGateway Interceptor Configuration Args - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - Kms
Key stringArn - ARN of the KMS key used to encrypt the gateway data.
- Name string
- Name of the gateway.
- Protocol
Configuration AgentcoreGateway Protocol Configuration Args - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - Protocol
Type string - Protocol type for the gateway. Valid values:
MCP. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Role
Arn string ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
- map[string]string
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - Timeouts
Agentcore
Gateway Timeouts Args - Workload
Identity []AgentcoreDetails Gateway Workload Identity Detail Args - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
-
Agentcore
Gateway Authorizer Configuration - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - String
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - description String
- Description of the gateway.
- exception
Level String - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - gateway
Arn String - ARN of the Gateway.
- gateway
Id String - Unique identifier of the Gateway.
- gateway
Url String - URL endpoint for the gateway.
- interceptor
Configurations List<AgentcoreGateway Interceptor Configuration> - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - kms
Key StringArn - ARN of the KMS key used to encrypt the gateway data.
- name String
- Name of the gateway.
- protocol
Configuration AgentcoreGateway Protocol Configuration - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - protocol
Type String - Protocol type for the gateway. Valid values:
MCP. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- role
Arn String ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - timeouts
Agentcore
Gateway Timeouts - workload
Identity List<AgentcoreDetails Gateway Workload Identity Detail> - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
-
Agentcore
Gateway Authorizer Configuration - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - string
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - description string
- Description of the gateway.
- exception
Level string - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - gateway
Arn string - ARN of the Gateway.
- gateway
Id string - Unique identifier of the Gateway.
- gateway
Url string - URL endpoint for the gateway.
- interceptor
Configurations AgentcoreGateway Interceptor Configuration[] - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - kms
Key stringArn - ARN of the KMS key used to encrypt the gateway data.
- name string
- Name of the gateway.
- protocol
Configuration AgentcoreGateway Protocol Configuration - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - protocol
Type string - Protocol type for the gateway. Valid values:
MCP. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- role
Arn string ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - timeouts
Agentcore
Gateway Timeouts - workload
Identity AgentcoreDetails Gateway Workload Identity Detail[] - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
-
Agentcore
Gateway Authorizer Configuration Args - Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - str
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - description str
- Description of the gateway.
- exception_
level str - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - gateway_
arn str - ARN of the Gateway.
- gateway_
id str - Unique identifier of the Gateway.
- gateway_
url str - URL endpoint for the gateway.
- interceptor_
configurations Sequence[AgentcoreGateway Interceptor Configuration Args] - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - kms_
key_ strarn - ARN of the KMS key used to encrypt the gateway data.
- name str
- Name of the gateway.
- protocol_
configuration AgentcoreGateway Protocol Configuration Args - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - protocol_
type str - Protocol type for the gateway. Valid values:
MCP. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- role_
arn str ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - timeouts
Agentcore
Gateway Timeouts Args - workload_
identity_ Sequence[Agentcoredetails Gateway Workload Identity Detail Args] - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
- Property Map
- Configuration for request authorization. Required when
authorizerTypeis set toCUSTOM_JWT. SeeauthorizerConfigurationbelow. - String
- Type of authorizer to use. Valid values:
CUSTOM_JWT,AWS_IAM. When set toCUSTOM_JWT,authorizerConfigurationblock is required. - description String
- Description of the gateway.
- exception
Level String - Exception level for the gateway. Valid values:
INFO,WARN,ERROR. - gateway
Arn String - ARN of the Gateway.
- gateway
Id String - Unique identifier of the Gateway.
- gateway
Url String - URL endpoint for the gateway.
- interceptor
Configurations List<Property Map> - List of interceptor configurations for the gateway. Minimum of 1, maximum of 2. See
interceptorConfigurationbelow. - kms
Key StringArn - ARN of the KMS key used to encrypt the gateway data.
- name String
- Name of the gateway.
- protocol
Configuration Property Map - Protocol-specific configuration for the gateway. See
protocolConfigurationbelow. - protocol
Type String - Protocol type for the gateway. Valid values:
MCP. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- role
Arn String ARN of the IAM role that the gateway assumes to access AWS services.
The following arguments are optional:
- Map<String>
- Key-value map of resource tags. If configured with a provider
defaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
defaultTagsconfiguration block. - timeouts Property Map
- workload
Identity List<Property Map>Details - Workload identity details for the gateway. See
workloadIdentityDetailsbelow.
Supporting Types
AgentcoreGatewayAuthorizerConfiguration, AgentcoreGatewayAuthorizerConfigurationArgs
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer - JWT-based authorization configuration block. See
customJwtAuthorizerbelow.
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer - JWT-based authorization configuration block. See
customJwtAuthorizerbelow.
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer - JWT-based authorization configuration block. See
customJwtAuthorizerbelow.
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer - JWT-based authorization configuration block. See
customJwtAuthorizerbelow.
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer - JWT-based authorization configuration block. See
customJwtAuthorizerbelow.
- Property Map
- JWT-based authorization configuration block. See
customJwtAuthorizerbelow.
AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizer, AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerArgs
- Discovery
Url string - URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with
.well-known/openid-configuration. - Allowed
Audiences List<string> - Set of allowed audience values for JWT token validation.
- Allowed
Clients List<string> - Set of allowed client IDs for JWT token validation.
- Allowed
Scopes List<string> - Set of scopes that are allowed to access the token.
- Custom
Claims List<AgentcoreGateway Authorizer Configuration Custom Jwt Authorizer Custom Claim> - Repeatable block to define a custom claim validation name, value, and operation. See
customClaimbelow.
- Discovery
Url string - URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with
.well-known/openid-configuration. - Allowed
Audiences []string - Set of allowed audience values for JWT token validation.
- Allowed
Clients []string - Set of allowed client IDs for JWT token validation.
- Allowed
Scopes []string - Set of scopes that are allowed to access the token.
- Custom
Claims []AgentcoreGateway Authorizer Configuration Custom Jwt Authorizer Custom Claim - Repeatable block to define a custom claim validation name, value, and operation. See
customClaimbelow.
- discovery
Url String - URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with
.well-known/openid-configuration. - allowed
Audiences List<String> - Set of allowed audience values for JWT token validation.
- allowed
Clients List<String> - Set of allowed client IDs for JWT token validation.
- allowed
Scopes List<String> - Set of scopes that are allowed to access the token.
- custom
Claims List<AgentcoreGateway Authorizer Configuration Custom Jwt Authorizer Custom Claim> - Repeatable block to define a custom claim validation name, value, and operation. See
customClaimbelow.
- discovery
Url string - URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with
.well-known/openid-configuration. - allowed
Audiences string[] - Set of allowed audience values for JWT token validation.
- allowed
Clients string[] - Set of allowed client IDs for JWT token validation.
- allowed
Scopes string[] - Set of scopes that are allowed to access the token.
- custom
Claims AgentcoreGateway Authorizer Configuration Custom Jwt Authorizer Custom Claim[] - Repeatable block to define a custom claim validation name, value, and operation. See
customClaimbelow.
- discovery_
url str - URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with
.well-known/openid-configuration. - allowed_
audiences Sequence[str] - Set of allowed audience values for JWT token validation.
- allowed_
clients Sequence[str] - Set of allowed client IDs for JWT token validation.
- allowed_
scopes Sequence[str] - Set of scopes that are allowed to access the token.
- custom_
claims Sequence[AgentcoreGateway Authorizer Configuration Custom Jwt Authorizer Custom Claim] - Repeatable block to define a custom claim validation name, value, and operation. See
customClaimbelow.
- discovery
Url String - URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with
.well-known/openid-configuration. - allowed
Audiences List<String> - Set of allowed audience values for JWT token validation.
- allowed
Clients List<String> - Set of allowed client IDs for JWT token validation.
- allowed
Scopes List<String> - Set of scopes that are allowed to access the token.
- custom
Claims List<Property Map> - Repeatable block to define a custom claim validation name, value, and operation. See
customClaimbelow.
AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaim, AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimArgs
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value - Configuration block to define the value or values to match for and the relationship of the match. See
authorizingClaimMatchValuebelow. - Inbound
Token stringClaim Name - Name of the custom claim field to check.
- Inbound
Token stringClaim Value Type - Data type of the claim value to check for. Valid values are
STRINGandSTRING_ARRAY.
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value - Configuration block to define the value or values to match for and the relationship of the match. See
authorizingClaimMatchValuebelow. - Inbound
Token stringClaim Name - Name of the custom claim field to check.
- Inbound
Token stringClaim Value Type - Data type of the claim value to check for. Valid values are
STRINGandSTRING_ARRAY.
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value - Configuration block to define the value or values to match for and the relationship of the match. See
authorizingClaimMatchValuebelow. - inbound
Token StringClaim Name - Name of the custom claim field to check.
- inbound
Token StringClaim Value Type - Data type of the claim value to check for. Valid values are
STRINGandSTRING_ARRAY.
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value - Configuration block to define the value or values to match for and the relationship of the match. See
authorizingClaimMatchValuebelow. - inbound
Token stringClaim Name - Name of the custom claim field to check.
- inbound
Token stringClaim Value Type - Data type of the claim value to check for. Valid values are
STRINGandSTRING_ARRAY.
-
Agentcore
Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value - Configuration block to define the value or values to match for and the relationship of the match. See
authorizingClaimMatchValuebelow. - inbound_
token_ strclaim_ name - Name of the custom claim field to check.
- inbound_
token_ strclaim_ value_ type - Data type of the claim value to check for. Valid values are
STRINGandSTRING_ARRAY.
- Property Map
- Configuration block to define the value or values to match for and the relationship of the match. See
authorizingClaimMatchValuebelow. - inbound
Token StringClaim Name - Name of the custom claim field to check.
- inbound
Token StringClaim Value Type - Data type of the claim value to check for. Valid values are
STRINGandSTRING_ARRAY.
AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValue, AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueArgs
- Claim
Match stringOperator - Relationship between the claim field value and the value or values to match for. Valid values are
EQUALS,CONTAINS, andCONTAINS_ANY.EQUALScan be used only wheninboundTokenClaimValueTypeisSTRING.CONTAINSorCONTAINS_ANYcan be used only wheninboundTokenClaimValueTypeisSTRING_ARRAY. - Claim
Match AgentcoreValue Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value Claim Match Value - Value or values to match for. See
claimMatchValuebelow.
- Claim
Match stringOperator - Relationship between the claim field value and the value or values to match for. Valid values are
EQUALS,CONTAINS, andCONTAINS_ANY.EQUALScan be used only wheninboundTokenClaimValueTypeisSTRING.CONTAINSorCONTAINS_ANYcan be used only wheninboundTokenClaimValueTypeisSTRING_ARRAY. - Claim
Match AgentcoreValue Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value Claim Match Value - Value or values to match for. See
claimMatchValuebelow.
- claim
Match StringOperator - Relationship between the claim field value and the value or values to match for. Valid values are
EQUALS,CONTAINS, andCONTAINS_ANY.EQUALScan be used only wheninboundTokenClaimValueTypeisSTRING.CONTAINSorCONTAINS_ANYcan be used only wheninboundTokenClaimValueTypeisSTRING_ARRAY. - claim
Match AgentcoreValue Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value Claim Match Value - Value or values to match for. See
claimMatchValuebelow.
- claim
Match stringOperator - Relationship between the claim field value and the value or values to match for. Valid values are
EQUALS,CONTAINS, andCONTAINS_ANY.EQUALScan be used only wheninboundTokenClaimValueTypeisSTRING.CONTAINSorCONTAINS_ANYcan be used only wheninboundTokenClaimValueTypeisSTRING_ARRAY. - claim
Match AgentcoreValue Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value Claim Match Value - Value or values to match for. See
claimMatchValuebelow.
- claim_
match_ stroperator - Relationship between the claim field value and the value or values to match for. Valid values are
EQUALS,CONTAINS, andCONTAINS_ANY.EQUALScan be used only wheninboundTokenClaimValueTypeisSTRING.CONTAINSorCONTAINS_ANYcan be used only wheninboundTokenClaimValueTypeisSTRING_ARRAY. - claim_
match_ Agentcorevalue Gateway Authorizer Configuration Custom Jwt Authorizer Custom Claim Authorizing Claim Match Value Claim Match Value - Value or values to match for. See
claimMatchValuebelow.
- claim
Match StringOperator - Relationship between the claim field value and the value or values to match for. Valid values are
EQUALS,CONTAINS, andCONTAINS_ANY.EQUALScan be used only wheninboundTokenClaimValueTypeisSTRING.CONTAINSorCONTAINS_ANYcan be used only wheninboundTokenClaimValueTypeisSTRING_ARRAY. - claim
Match Property MapValue - Value or values to match for. See
claimMatchValuebelow.
AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueClaimMatchValue, AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizerCustomClaimAuthorizingClaimMatchValueClaimMatchValueArgs
- Match
Value stringString - String value to match for. Must be specified when
claimMatchOperatorisEQUALSorCONTAINS. Exactly one ofmatchValueStringormatchValueStringListmust be specified. - Match
Value List<string>String Lists - List of strings to check for a match. Must be specified when
claimMatchOperatorisCONTAINS_ANY. Exactly one ofmatchValueStringormatchValueStringListmust be specified.
- Match
Value stringString - String value to match for. Must be specified when
claimMatchOperatorisEQUALSorCONTAINS. Exactly one ofmatchValueStringormatchValueStringListmust be specified. - Match
Value []stringString Lists - List of strings to check for a match. Must be specified when
claimMatchOperatorisCONTAINS_ANY. Exactly one ofmatchValueStringormatchValueStringListmust be specified.
- match
Value StringString - String value to match for. Must be specified when
claimMatchOperatorisEQUALSorCONTAINS. Exactly one ofmatchValueStringormatchValueStringListmust be specified. - match
Value List<String>String Lists - List of strings to check for a match. Must be specified when
claimMatchOperatorisCONTAINS_ANY. Exactly one ofmatchValueStringormatchValueStringListmust be specified.
- match
Value stringString - String value to match for. Must be specified when
claimMatchOperatorisEQUALSorCONTAINS. Exactly one ofmatchValueStringormatchValueStringListmust be specified. - match
Value string[]String Lists - List of strings to check for a match. Must be specified when
claimMatchOperatorisCONTAINS_ANY. Exactly one ofmatchValueStringormatchValueStringListmust be specified.
- match_
value_ strstring - String value to match for. Must be specified when
claimMatchOperatorisEQUALSorCONTAINS. Exactly one ofmatchValueStringormatchValueStringListmust be specified. - match_
value_ Sequence[str]string_ lists - List of strings to check for a match. Must be specified when
claimMatchOperatorisCONTAINS_ANY. Exactly one ofmatchValueStringormatchValueStringListmust be specified.
- match
Value StringString - String value to match for. Must be specified when
claimMatchOperatorisEQUALSorCONTAINS. Exactly one ofmatchValueStringormatchValueStringListmust be specified. - match
Value List<String>String Lists - List of strings to check for a match. Must be specified when
claimMatchOperatorisCONTAINS_ANY. Exactly one ofmatchValueStringormatchValueStringListmust be specified.
AgentcoreGatewayInterceptorConfiguration, AgentcoreGatewayInterceptorConfigurationArgs
- Interception
Points List<string> - Set of interception points. Valid values:
REQUEST,RESPONSE. - Input
Configuration AgentcoreGateway Interceptor Configuration Input Configuration - Input configuration for the interceptor. See
inputConfigurationbelow. - Interceptor
Agentcore
Gateway Interceptor Configuration Interceptor - Interceptor infrastructure configuration. See
interceptorbelow.
- Interception
Points []string - Set of interception points. Valid values:
REQUEST,RESPONSE. - Input
Configuration AgentcoreGateway Interceptor Configuration Input Configuration - Input configuration for the interceptor. See
inputConfigurationbelow. - Interceptor
Agentcore
Gateway Interceptor Configuration Interceptor - Interceptor infrastructure configuration. See
interceptorbelow.
- interception
Points List<String> - Set of interception points. Valid values:
REQUEST,RESPONSE. - input
Configuration AgentcoreGateway Interceptor Configuration Input Configuration - Input configuration for the interceptor. See
inputConfigurationbelow. - interceptor
Agentcore
Gateway Interceptor Configuration Interceptor - Interceptor infrastructure configuration. See
interceptorbelow.
- interception
Points string[] - Set of interception points. Valid values:
REQUEST,RESPONSE. - input
Configuration AgentcoreGateway Interceptor Configuration Input Configuration - Input configuration for the interceptor. See
inputConfigurationbelow. - interceptor
Agentcore
Gateway Interceptor Configuration Interceptor - Interceptor infrastructure configuration. See
interceptorbelow.
- interception_
points Sequence[str] - Set of interception points. Valid values:
REQUEST,RESPONSE. - input_
configuration AgentcoreGateway Interceptor Configuration Input Configuration - Input configuration for the interceptor. See
inputConfigurationbelow. - interceptor
Agentcore
Gateway Interceptor Configuration Interceptor - Interceptor infrastructure configuration. See
interceptorbelow.
- interception
Points List<String> - Set of interception points. Valid values:
REQUEST,RESPONSE. - input
Configuration Property Map - Input configuration for the interceptor. See
inputConfigurationbelow. - interceptor Property Map
- Interceptor infrastructure configuration. See
interceptorbelow.
AgentcoreGatewayInterceptorConfigurationInputConfiguration, AgentcoreGatewayInterceptorConfigurationInputConfigurationArgs
- Pass
Request boolHeaders - Whether to pass request headers to the interceptor.
- Pass
Request boolHeaders - Whether to pass request headers to the interceptor.
- pass
Request BooleanHeaders - Whether to pass request headers to the interceptor.
- pass
Request booleanHeaders - Whether to pass request headers to the interceptor.
- pass_
request_ boolheaders - Whether to pass request headers to the interceptor.
- pass
Request BooleanHeaders - Whether to pass request headers to the interceptor.
AgentcoreGatewayInterceptorConfigurationInterceptor, AgentcoreGatewayInterceptorConfigurationInterceptorArgs
- Lambda
Agentcore
Gateway Interceptor Configuration Interceptor Lambda - Lambda function configuration for the interceptor. See
lambdabelow.
- Lambda
Agentcore
Gateway Interceptor Configuration Interceptor Lambda - Lambda function configuration for the interceptor. See
lambdabelow.
- lambda
Agentcore
Gateway Interceptor Configuration Interceptor Lambda - Lambda function configuration for the interceptor. See
lambdabelow.
- lambda
Agentcore
Gateway Interceptor Configuration Interceptor Lambda - Lambda function configuration for the interceptor. See
lambdabelow.
- lambda_
Agentcore
Gateway Interceptor Configuration Interceptor Lambda - Lambda function configuration for the interceptor. See
lambdabelow.
- lambda Property Map
- Lambda function configuration for the interceptor. See
lambdabelow.
AgentcoreGatewayInterceptorConfigurationInterceptorLambda, AgentcoreGatewayInterceptorConfigurationInterceptorLambdaArgs
- Arn string
- ARN of the Lambda function to invoke for the interceptor.
- Arn string
- ARN of the Lambda function to invoke for the interceptor.
- arn String
- ARN of the Lambda function to invoke for the interceptor.
- arn string
- ARN of the Lambda function to invoke for the interceptor.
- arn str
- ARN of the Lambda function to invoke for the interceptor.
- arn String
- ARN of the Lambda function to invoke for the interceptor.
AgentcoreGatewayProtocolConfiguration, AgentcoreGatewayProtocolConfigurationArgs
- Mcp
Agentcore
Gateway Protocol Configuration Mcp - Model Context Protocol (MCP) configuration block. See
mcpbelow.
- Mcp
Agentcore
Gateway Protocol Configuration Mcp - Model Context Protocol (MCP) configuration block. See
mcpbelow.
- mcp
Agentcore
Gateway Protocol Configuration Mcp - Model Context Protocol (MCP) configuration block. See
mcpbelow.
- mcp
Agentcore
Gateway Protocol Configuration Mcp - Model Context Protocol (MCP) configuration block. See
mcpbelow.
- mcp
Agentcore
Gateway Protocol Configuration Mcp - Model Context Protocol (MCP) configuration block. See
mcpbelow.
- mcp Property Map
- Model Context Protocol (MCP) configuration block. See
mcpbelow.
AgentcoreGatewayProtocolConfigurationMcp, AgentcoreGatewayProtocolConfigurationMcpArgs
- Instructions string
- Instructions for the MCP protocol configuration.
- Search
Type string - Search type for MCP. Valid values:
SEMANTIC. - Supported
Versions List<string> - Set of supported MCP protocol versions.
- Instructions string
- Instructions for the MCP protocol configuration.
- Search
Type string - Search type for MCP. Valid values:
SEMANTIC. - Supported
Versions []string - Set of supported MCP protocol versions.
- instructions String
- Instructions for the MCP protocol configuration.
- search
Type String - Search type for MCP. Valid values:
SEMANTIC. - supported
Versions List<String> - Set of supported MCP protocol versions.
- instructions string
- Instructions for the MCP protocol configuration.
- search
Type string - Search type for MCP. Valid values:
SEMANTIC. - supported
Versions string[] - Set of supported MCP protocol versions.
- instructions str
- Instructions for the MCP protocol configuration.
- search_
type str - Search type for MCP. Valid values:
SEMANTIC. - supported_
versions Sequence[str] - Set of supported MCP protocol versions.
- instructions String
- Instructions for the MCP protocol configuration.
- search
Type String - Search type for MCP. Valid values:
SEMANTIC. - supported
Versions List<String> - Set of supported MCP protocol versions.
AgentcoreGatewayTimeouts, AgentcoreGatewayTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
AgentcoreGatewayWorkloadIdentityDetail, AgentcoreGatewayWorkloadIdentityDetailArgs
- Workload
Identity stringArn - ARN of the workload identity.
- Workload
Identity stringArn - ARN of the workload identity.
- workload
Identity StringArn - ARN of the workload identity.
- workload
Identity stringArn - ARN of the workload identity.
- workload_
identity_ strarn - ARN of the workload identity.
- workload
Identity StringArn - ARN of the workload identity.
Import
Using pulumi import, import Bedrock AgentCore Gateway using the gateway ID. For example:
$ pulumi import aws:bedrock/agentcoreGateway:AgentcoreGateway example GATEWAY1234567890
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Viewing docs for AWS v7.26.0
published on Thursday, Apr 16, 2026 by Pulumi
published on Thursday, Apr 16, 2026 by Pulumi
