interface ApiKeyCredentialProviderResourceProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.ApiKeyCredentialProviderResourceProps |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#ApiKeyCredentialProviderResourceProps |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.ApiKeyCredentialProviderResourceProps |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.ApiKeyCredentialProviderResourceProps |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป ApiKeyCredentialProviderResourceProps |
Properties for a new {@link ApiKeyCredentialProvider} (Token Vault resource).
Example
const gateway = new agentcore.Gateway(this, "MyGateway", {
gatewayName: "my-gateway",
});
// Create an API key credential provider in Token Vault
const apiKeyProvider = new agentcore.ApiKeyCredentialProvider(this, "MyApiKeyProvider", {
apiKeyCredentialProviderName: "my-apikey",
});
const bucket = s3.Bucket.fromBucketName(this, "ExistingBucket", "my-schema-bucket");
const s3mySchema = agentcore.ApiSchema.fromS3File(bucket, "schemas/myschema.yaml");
// Add an OpenAPI target using the L2 construct directly
const target = gateway.addOpenApiTarget("MyTarget", {
gatewayTargetName: "my-api-target",
description: "Target for external API integration",
apiSchema: s3mySchema,
credentialProviderConfigurations: [
agentcore.GatewayCredentialProvider.fromApiKeyIdentity(apiKeyProvider, {
credentialLocation: agentcore.ApiKeyCredentialLocation.header({
credentialParameterName: "X-API-Key",
}),
}),
],
});
// This makes sure your s3 bucket is available before target
target.node.addDependency(bucket);
Properties
| Name | Type | Description |
|---|---|---|
| api | Secret | The API key value. |
| api | string | Name of the credential provider. |
| tags? | { [string]: string } | Tags for this credential provider. |
apiKey?
Type:
Secret
(optional, default: no key in template (provider may still be created depending on service behavior))
The API key value.
NOTE: The API key will be included in the CloudFormation template as part of synthesis.
The service stores the key in Secrets Manager after creation, but the value is visible
in the template and deployment history. Use SecretValue.unsafePlainText() to explicitly
acknowledge plaintext, or pass a reference from another construct to avoid embedding the
literal value.
If omitted, you can supply the key through another mechanism supported by the service.
apiKeyCredentialProviderName?
Type:
string
(optional, default: a name generated by CDK)
Name of the credential provider.
tags?
Type:
{ [string]: string }
(optional, default: no tags)
Tags for this credential provider.