interface IOAuth2CredentialProvider
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.IOAuth2CredentialProvider |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#IOAuth2CredentialProvider |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.IOAuth2CredentialProvider |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.IOAuth2CredentialProvider |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป IOAuth2CredentialProvider |
Implements
IDependable, IConstruct, IEnvironment, IResource, IGrantable, IOAuth2
Implemented by
OAuth2
Obtainable from
OAuth2.fromOAuth2CredentialProviderAttributes()
An OAuth2 credential provider registered in AgentCore Token Vault.
Properties
| Name | Type | Description |
|---|---|---|
| credential | string | The ARN of this credential provider. |
| credential | string | OAuth2 vendor string passed to CloudFormation. |
| env | Resource | The environment this resource belongs to. |
| grant | IPrincipal | The principal to grant permissions to. |
| node | Node | The tree node. |
| o | OAuth2 | A reference to a OAuth2CredentialProvider resource. |
| stack | Stack | The stack in which this resource is defined. |
| callback | string | Callback URL for the OAuth2 authorization flow. |
| client | string | The ARN of the Secrets Manager secret for the OAuth2 client credentials. |
| created | string | Timestamp when the credential provider was created. |
| last | string | Timestamp when the credential provider was last updated. |
credentialProviderArn
Type:
string
The ARN of this credential provider.
credentialProviderVendor
Type:
string
OAuth2 vendor string passed to CloudFormation.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
node
Type:
Node
The tree node.
oAuth2CredentialProviderRef
Type:
OAuth2
A reference to a OAuth2CredentialProvider resource.
stack
Type:
Stack
The stack in which this resource is defined.
callbackUrl?
Type:
string
(optional)
Callback URL for the OAuth2 authorization flow.
clientSecretArn?
Type:
string
(optional)
The ARN of the Secrets Manager secret for the OAuth2 client credentials.
May be undefined for resources imported without this attribute.
createdTime?
Type:
string
(optional)
Timestamp when the credential provider was created.
lastUpdatedTime?
Type:
string
(optional)
Timestamp when the credential provider was last updated.
Methods
| Name | Description |
|---|---|
| apply | Apply the given removal policy to this resource. |
| bind | ARNs and OAuth scopes for gateway targets (GatewayCredentialProvider.fromOauthIdentity or fromOauthIdentityArn). |
| grant(grantee, ...actions) | Grants IAM actions to the IAM principal. |
| grant | Grant control plane permissions to manage this provider. |
| grant | Grant read, admin, and token retrieval permissions. |
| grant | Grant GetOauth2CredentialProvider and ListOauth2CredentialProviders, scoped to this provider and parent resources required by the Bedrock AgentCore authorization model. |
| grant | Grant permission to retrieve OAuth tokens (GetResourceOauth2Token, CompleteResourceTokenAuth). |
| with(...mixins) | Applies one or more mixins to this construct. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
bindForGatewayOAuthTarget(scopes, customParameters?)
public bindForGatewayOAuthTarget(scopes: string[], customParameters?: { [string]: string }): GatewayOAuth2IdentityBinding
Parameters
- scopes
string[] - customParameters
{ [string]: string }
Returns
ARNs and OAuth scopes for gateway targets (GatewayCredentialProvider.fromOauthIdentity or fromOauthIdentityArn).
grant(grantee, ...actions)
public grant(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantable - actions
string
Returns
Grants IAM actions to the IAM principal.
grantAdmin(grantee)
public grantAdmin(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant control plane permissions to manage this provider.
grantFullAccess(grantee)
public grantFullAccess(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant read, admin, and token retrieval permissions.
grantRead(grantee)
public grantRead(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant GetOauth2CredentialProvider and ListOauth2CredentialProviders, scoped to this provider and parent resources required by the Bedrock AgentCore authorization model.
grantUse(grantee)
public grantUse(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant permission to retrieve OAuth tokens (GetResourceOauth2Token, CompleteResourceTokenAuth).
with(...mixins)
public with(...mixins: IMixin[]): IConstruct
Parameters
- mixins
IMixinโ The mixins to apply.
Returns
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.