RuntimeAuthorizerConfiguration

class aws_cdk.aws_bedrock_agentcore_alpha.RuntimeAuthorizerConfiguration

Bases: object

(experimental) Abstract base class for runtime authorizer configurations.

Provides static factory methods to create different authentication types.

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_bedrock_agentcore_alpha as bedrock_agentcore_alpha
from aws_cdk import aws_cognito as cognito

# runtime_custom_claim: bedrock_agentcore_alpha.RuntimeCustomClaim
# user_pool: cognito.UserPool
# user_pool_client: cognito.UserPoolClient

runtime_authorizer_configuration = bedrock_agentcore_alpha.RuntimeAuthorizerConfiguration.using_cognito(user_pool, [user_pool_client], ["allowedAudience"], ["allowedScopes"], [runtime_custom_claim])
Stability:

experimental

Static Methods

classmethod using_cognito(user_pool, user_pool_clients, allowed_audience=None, allowed_scopes=None, custom_claims=None)

(experimental) Use AWS Cognito User Pool authentication.

Validates Cognito-issued JWT tokens.

Parameters:

  • user_pool (IUserPool) – The Cognito User Pool.

  • user_pool_clients (Sequence[IUserPoolClient]) – The Cognito User Pool App Clients.

  • allowed_audience (Optional[Sequence[str]]) – Optional array of allowed audiences.

  • allowed_scopes (Optional[Sequence[str]]) – Optional array of allowed scopes.

  • custom_claims (Optional[Sequence[RuntimeCustomClaim]]) – Optional array of custom claim validations.

Return type:

RuntimeAuthorizerConfiguration

Returns:

RuntimeAuthorizerConfiguration for Cognito authentication

Stability:

experimental

classmethod using_iam()

(experimental) Use IAM authentication (default).

Requires AWS credentials to sign requests using SigV4.

Return type:

RuntimeAuthorizerConfiguration

Returns:

RuntimeAuthorizerConfiguration for IAM authentication

Stability:

experimental

classmethod using_jwt(discovery_url, allowed_clients=None, allowed_audience=None, allowed_scopes=None, custom_claims=None)

(experimental) Use custom JWT authentication.

Validates JWT tokens against the specified OIDC provider.

Parameters:

  • discovery_url (str) – The OIDC discovery URL (must end with /.well-known/openid-configuration).

  • allowed_clients (Optional[Sequence[str]]) – Optional array of allowed client IDs.

  • allowed_audience (Optional[Sequence[str]]) – Optional array of allowed audiences.

  • allowed_scopes (Optional[Sequence[str]]) – Optional array of allowed scopes.

  • custom_claims (Optional[Sequence[RuntimeCustomClaim]]) – Optional array of custom claim validations.

Return type:

RuntimeAuthorizerConfiguration

Returns:

RuntimeAuthorizerConfiguration for JWT authentication

Stability:

experimental

classmethod using_o_auth(discovery_url, client_id, allowed_audience=None, allowed_scopes=None, custom_claims=None)

(experimental) Use OAuth 2.0 authentication. Supports various OAuth providers.

Parameters:

  • discovery_url (str) – The OIDC discovery URL (must end with /.well-known/openid-configuration).

  • client_id (str) – OAuth client ID.

  • allowed_audience (Optional[Sequence[str]]) – Optional array of allowed audiences.

  • allowed_scopes (Optional[Sequence[str]]) – Optional array of allowed scopes.

  • custom_claims (Optional[Sequence[RuntimeCustomClaim]]) – Optional array of custom claim validations.

Return type:

RuntimeAuthorizerConfiguration

Returns:

RuntimeAuthorizerConfiguration for OAuth authentication

Stability:

experimental