AWS::BedrockAgentCore::PolicyEngine - AWS CloudFormation
SyntaxPropertiesReturn values

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::BedrockAgentCore::PolicyEngine

Specifies a policy engine for Amazon Bedrock AgentCore. A policy engine provides Cedar-based authorization to control what actions your AI agents can perform.

For more information, see Control agent actions with Amazon Bedrock AgentCore policy engines.

See the Properties section below for descriptions of both the required and optional properties.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::BedrockAgentCore::PolicyEngine",
  "Properties" : {
      "Description" : String,
      "EncryptionKeyArn" : String,
      "Name" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::BedrockAgentCore::PolicyEngine
Properties:
  Description: String
  EncryptionKeyArn: String
  Name: String
  Tags: 
    - Tag

Properties

Description

A human-readable description of the policy engine's purpose and scope. Limited to 4,096 characters, this helps administrators understand the policy engine's role in the overall governance strategy.

Required: No

Type: String

Minimum: 1

Maximum: 4096

Update requires: No interruption

EncryptionKeyArn

The ARN of the KMS key used to encrypt the policy engine data.

Required: No

Type: String

Pattern: ^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$

Minimum: 1

Maximum: 2048

Update requires: Replacement

Name

The customer-assigned immutable name for the policy engine. This human-readable identifier must be unique within the account and cannot exceed 48 characters.

Required: Yes

Type: String

Pattern: ^[A-Za-z][A-Za-z0-9_]*$

Minimum: 1

Maximum: 48

Update requires: Replacement

Tags

The tags for the policy engine.

Required: No

Type: Array of Tag

Maximum: 50

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ARN of the policy engine. For example:

arn:aws:bedrock-agentcore:us-east-1:123456789012:policy-engine/MyPolicyEngine-a1b2c3d4e5

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

CreatedAt

The timestamp when the policy engine was created.

PolicyEngineArn

The Amazon Resource Name (ARN) of the policy engine.

PolicyEngineId

The unique identifier of the policy engine.

Status

The current status of the policy engine.

StatusReasons

Additional information about the current status of the policy engine.

UpdatedAt

The timestamp when the policy engine was last updated.