class GatewayCredentialProvider
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.GatewayCredentialProvider |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#GatewayCredentialProvider |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.GatewayCredentialProvider |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.GatewayCredentialProvider |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป GatewayCredentialProvider |
Factory class for creating different Gateway Credential Providers.
Example
const gateway = new agentcore.Gateway(this, "MyGateway", {
gatewayName: "my-gateway",
});
// OAuth2 authentication (recommended)
// Note: Create the OAuth provider using AWS console or Identity L2 construct when available
const oauthProviderArn = "arn:aws:bedrock-agentcore:us-east-1:123456789012:token-vault/abc123/oauth2credentialprovider/my-oauth";
const oauthSecretArn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-oauth-secret-abc123";
// Add an MCP server target directly to the gateway
const mcpTarget = gateway.addMcpServerTarget("MyMcpServer", {
gatewayTargetName: "my-mcp-server",
description: "External MCP server integration",
endpoint: "https://my-mcp-server.example.com",
credentialProviderConfigurations: [
agentcore.GatewayCredentialProvider.fromOauthIdentityArn({
providerArn: oauthProviderArn,
secretArn: oauthSecretArn,
scopes:['mcp-runtime-server/invoke']
}),
],
});
// Grant sync permission to a Lambda function that will trigger synchronization
const syncFunction = new lambda.Function(this, "SyncFunction", {
runtime: lambda.Runtime.PYTHON_3_12,
handler: "index.handler",
code: lambda.Code.fromInline(`
import boto3
def handler(event, context):
client = boto3.client('bedrock-agentcore')
response = client.synchronize_gateway_targets(
gatewayIdentifier=event['gatewayId'],
targetIds=[event['targetId']]
)
return response
`),
});
mcpTarget.grantSync(syncFunction);
Initializer
new GatewayCredentialProvider()
Methods
| Name | Description |
|---|---|
| static from | Create an API key credential provider from Identity ARN Use this method when you have the Identity ARN as a string. |
| static from | Create an IAM role credential provider. |
| static from | Create an OAuth credential provider from Identity ARN Use this method when you have the Identity ARN as a string. |
static fromApiKeyIdentityArn(props)
public static fromApiKeyIdentityArn(props: ApiKeyCredentialProviderProps): ICredentialProviderConfig
Parameters
- props
Apiโ - The configuration properties for the API key credential provider.Key Credential Provider Props
Returns
Create an API key credential provider from Identity ARN Use this method when you have the Identity ARN as a string.
static fromIamRole()
public static fromIamRole(): ICredentialProviderConfig
Returns
Create an IAM role credential provider.
static fromOauthIdentityArn(props)
public static fromOauthIdentityArn(props: OAuthConfiguration): ICredentialProviderConfig
Parameters
- props
OAuthโ - The configuration properties for the OAuth credential provider.Configuration
Returns
Create an OAuth credential provider from Identity ARN Use this method when you have the Identity ARN as a string.