BedrockAgentCoreControl / Client / update_registry

update_registry

BedrockAgentCoreControl.Client.update_registry(**kwargs)

Updates an existing registry. This operation uses PATCH semantics, so you only need to specify the fields you want to change.

See also: AWS API Documentation

Request Syntax

response = client.update_registry(
    registryId='string',
    name='string',
    description={
        'optionalValue': 'string'
    },
    authorizerConfiguration={
        'optionalValue': {
            'customJWTAuthorizer': {
                'discoveryUrl': 'string',
                'allowedAudience': [
                    'string',
                ],
                'allowedClients': [
                    'string',
                ],
                'allowedScopes': [
                    'string',
                ],
                'customClaims': [
                    {
                        'inboundTokenClaimName': 'string',
                        'inboundTokenClaimValueType': 'STRING'|'STRING_ARRAY',
                        'authorizingClaimMatchValue': {
                            'claimMatchValue': {
                                'matchValueString': 'string',
                                'matchValueStringList': [
                                    'string',
                                ]
                            },
                            'claimMatchOperator': 'EQUALS'|'CONTAINS'|'CONTAINS_ANY'
                        }
                    },
                ]
            }
        }
    },
    approvalConfiguration={
        'optionalValue': {
            'autoApproval': True|False
        }
    }
)
Parameters:

  • registryId (string) –

    [REQUIRED]

    The identifier of the registry to update. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.

  • name (string) – The updated name of the registry.

  • description (dict) –

    The updated description of the registry. To clear the description, include the UpdatedDescription wrapper with optionalValue not specified.

    • optionalValue (string) –

      Represents an optional value that is used to update the human-readable description of the resource. If not specified, it will clear the current description of the resource.

  • authorizerConfiguration (dict) –

    The updated authorizer configuration for the registry. Changing the authorizer configuration can break existing consumers of the registry who are using the authorization type prior to the update.

    • optionalValue (dict) –

      The updated authorizer configuration value. If not specified, it will clear the current authorizer configuration of the resource.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: customJWTAuthorizer.

      • customJWTAuthorizer (dict) –

        The inbound JWT-based authorization, specifying how incoming requests should be authenticated.

        • discoveryUrl (string) – [REQUIRED]

          This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

        • allowedAudience (list) –

          Represents individual audience values that are validated in the incoming JWT token validation process.

          • (string) –

        • allowedClients (list) –

          Represents individual client IDs that are validated in the incoming JWT token validation process.

          • (string) –

        • allowedScopes (list) –

          An array of scopes that are allowed to access the token.

          • (string) –

        • customClaims (list) –

          An array of objects that define a custom claim validation name, value, and operation

          • (dict) –

            Defines the name of a custom claim field and rules for finding matches to authenticate its value.

            • inboundTokenClaimName (string) – [REQUIRED]

              The name of the custom claim field to check.

            • inboundTokenClaimValueType (string) – [REQUIRED]

              The data type of the claim value to check for.

              • Use STRING if you want to find an exact match to a string you define.

              • Use STRING_ARRAY if you want to fnd a match to at least one value in an array you define.

            • authorizingClaimMatchValue (dict) – [REQUIRED]

              Defines the value or values to match for and the relationship of the match.

              • claimMatchValue (dict) – [REQUIRED]

                The value or values to match for.

                Note

                This is a Tagged Union structure. Only one of the following top level keys can be set: matchValueString, matchValueStringList.

                • matchValueString (string) –

                  The string value to match for.

                • matchValueStringList (list) –

                  An array of strings to check for a match.

                  • (string) –

              • claimMatchOperator (string) – [REQUIRED]

                Defines the relationship between the claim field value and the value or values you’re matching for.

  • approvalConfiguration (dict) –

    The updated approval configuration for registry records. The updated configuration only affects new records that move to PENDING_APPROVAL status after the change. Existing records already in PENDING_APPROVAL status are not affected.

    • optionalValue (dict) –

      The updated approval configuration value. Set to null to unset the approval configuration.

      • autoApproval (boolean) –

        Whether registry records are auto-approved. When set to true, records are automatically approved upon creation. When set to false (the default), records require explicit approval for security purposes.

Return type:

dict

Returns:

Response Syntax

{
    'name': 'string',
    'description': 'string',
    'registryId': 'string',
    'registryArn': 'string',
    'authorizerType': 'CUSTOM_JWT'|'AWS_IAM',
    'authorizerConfiguration': {
        'customJWTAuthorizer': {
            'discoveryUrl': 'string',
            'allowedAudience': [
                'string',
            ],
            'allowedClients': [
                'string',
            ],
            'allowedScopes': [
                'string',
            ],
            'customClaims': [
                {
                    'inboundTokenClaimName': 'string',
                    'inboundTokenClaimValueType': 'STRING'|'STRING_ARRAY',
                    'authorizingClaimMatchValue': {
                        'claimMatchValue': {
                            'matchValueString': 'string',
                            'matchValueStringList': [
                                'string',
                            ]
                        },
                        'claimMatchOperator': 'EQUALS'|'CONTAINS'|'CONTAINS_ANY'
                    }
                },
            ]
        }
    },
    'approvalConfiguration': {
        'autoApproval': True|False
    },
    'status': 'CREATING'|'READY'|'UPDATING'|'CREATE_FAILED'|'UPDATE_FAILED'|'DELETING'|'DELETE_FAILED',
    'statusReason': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

  • (dict) –

    • name (string) –

      The name of the updated registry.

    • description (string) –

      The description of the updated registry.

    • registryId (string) –

      The unique identifier of the updated registry.

    • registryArn (string) –

      The Amazon Resource Name (ARN) of the updated registry.

    • authorizerType (string) –

      The type of authorizer used by the updated registry. This controls the authorization method for the Search and Invoke APIs used by consumers.

      • CUSTOM_JWT - Authorize with a bearer token.

      • AWS_IAM - Authorize with your Amazon Web Services IAM credentials.

    • authorizerConfiguration (dict) –

      The authorizer configuration for the updated registry. For details, see the AuthorizerConfiguration data type.

      Note

      This is a Tagged Union structure. Only one of the following top level keys will be set: customJWTAuthorizer. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

      • customJWTAuthorizer (dict) –

        The inbound JWT-based authorization, specifying how incoming requests should be authenticated.

        • discoveryUrl (string) –

          This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

        • allowedAudience (list) –

          Represents individual audience values that are validated in the incoming JWT token validation process.

          • (string) –

        • allowedClients (list) –

          Represents individual client IDs that are validated in the incoming JWT token validation process.

          • (string) –

        • allowedScopes (list) –

          An array of scopes that are allowed to access the token.

          • (string) –

        • customClaims (list) –

          An array of objects that define a custom claim validation name, value, and operation

          • (dict) –

            Defines the name of a custom claim field and rules for finding matches to authenticate its value.

            • inboundTokenClaimName (string) –

              The name of the custom claim field to check.

            • inboundTokenClaimValueType (string) –

              The data type of the claim value to check for.

              • Use STRING if you want to find an exact match to a string you define.

              • Use STRING_ARRAY if you want to fnd a match to at least one value in an array you define.

            • authorizingClaimMatchValue (dict) –

              Defines the value or values to match for and the relationship of the match.

              • claimMatchValue (dict) –

                The value or values to match for.

                Note

                This is a Tagged Union structure. Only one of the following top level keys will be set: matchValueString, matchValueStringList. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

                'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

                • matchValueString (string) –

                  The string value to match for.

                • matchValueStringList (list) –

                  An array of strings to check for a match.

                  • (string) –

              • claimMatchOperator (string) –

                Defines the relationship between the claim field value and the value or values you’re matching for.

    • approvalConfiguration (dict) –

      The approval configuration for the updated registry. For details, see the ApprovalConfiguration data type.

      • autoApproval (boolean) –

        Whether registry records are auto-approved. When set to true, records are automatically approved upon creation. When set to false (the default), records require explicit approval for security purposes.

    • status (string) –

      The current status of the updated registry. Possible values include CREATING, READY, UPDATING, CREATE_FAILED, UPDATE_FAILED, DELETING, and DELETE_FAILED.

    • statusReason (string) –

      The reason for the current status of the updated registry.

    • createdAt (datetime) –

      The timestamp when the registry was created.

    • updatedAt (datetime) –

      The timestamp when the registry was last updated.

Exceptions

  • BedrockAgentCoreControl.Client.exceptions.ServiceQuotaExceededException

  • BedrockAgentCoreControl.Client.exceptions.AccessDeniedException

  • BedrockAgentCoreControl.Client.exceptions.ConflictException

  • BedrockAgentCoreControl.Client.exceptions.ValidationException

  • BedrockAgentCoreControl.Client.exceptions.ResourceNotFoundException

  • BedrockAgentCoreControl.Client.exceptions.ThrottlingException

  • BedrockAgentCoreControl.Client.exceptions.InternalServerException