AWS::BedrockAgentCore::Runtime CustomJWTAuthorizerConfiguration

Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON


{
  "AllowedAudience" : [ String, ... ],
  "AllowedClients" : [ String, ... ],
  "AllowedScopes" : [ String, ... ],
  "CustomClaims" : [ CustomClaimValidationType, ... ],
  "DiscoveryUrl" : String
}

YAML


  AllowedAudience: 
    - String
  AllowedClients: 
    - String
  AllowedScopes: 
    - String
  CustomClaims: 
    - CustomClaimValidationType
  DiscoveryUrl: String

Properties

AllowedAudience

Represents individual audience values that are validated in the incoming JWT token validation process.

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption

AllowedClients

Represents individual client IDs that are validated in the incoming JWT token validation process.

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption

AllowedScopes

An array of scopes that are allowed to access the token.

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption

CustomClaims

An array of objects that define a custom claim validation name, value, and operation

Required: No

Type: Array of CustomClaimValidationType

Minimum: 1

Update requires: No interruption

DiscoveryUrl

This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

Required: Yes

Type: String

Pattern: ^.+/\.well-known/openid-configuration$

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CustomClaimValidationType

FilesystemConfiguration