View a markdown version of this page

AWS::BedrockAgentCore::OAuth2CredentialProvider IncludedOauth2ProviderConfigInput - AWS CloudFormation
SyntaxProperties

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::BedrockAgentCore::OAuth2CredentialProvider IncludedOauth2ProviderConfigInput

Configuration settings for connecting to a supported OAuth2 provider. This includes client credentials and OAuth2 discovery information for providers that have built-in support.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "AuthorizationEndpoint" : String,
  "ClientId" : String,
  "ClientSecret" : String,
  "ClientSecretConfig" : SecretReference,
  "ClientSecretSource" : String,
  "Issuer" : String,
  "TokenEndpoint" : String
}

Properties

AuthorizationEndpoint

OAuth2 authorization endpoint for your isolated OAuth2 application tenant. This is where users are redirected to authenticate and authorize access to their resources.

Required: No

Type: String

Update requires: No interruption

ClientId

The client ID for the supported OAuth2 provider. This identifier is assigned by the OAuth2 provider when you register your application.

Required: Yes

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption

ClientSecret

The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: No interruption

ClientSecretConfig

A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.

Required: No

Type: SecretReference

Update requires: No interruption

ClientSecretSource

The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.

Required: No

Type: String

Allowed values: MANAGED | EXTERNAL

Update requires: No interruption

Issuer

Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.

Required: No

Type: String

Update requires: No interruption

TokenEndpoint

OAuth2 token endpoint for your isolated OAuth2 application tenant. This is where authorization codes are exchanged for access tokens.

Required: No

Type: String

Update requires: No interruption