interface InterceptorOptions
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.InterceptorOptions |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#InterceptorOptions |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.InterceptorOptions |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.InterceptorOptions |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป InterceptorOptions |
Options for configuring an interceptor.
Example
// Create Lambda functions for interceptors
const requestInterceptorFn = new lambda.Function(this, "RequestInterceptor", {
runtime: lambda.Runtime.PYTHON_3_12,
handler: "index.handler",
code: lambda.Code.fromInline(`
def handler(event, context):
# Validate and transform request
return {
"interceptorOutputVersion": "1.0",
"mcp": {
"transformedGatewayRequest": event["mcp"]["gatewayRequest"]
}
}
`),
});
const responseInterceptorFn = new lambda.Function(this, "ResponseInterceptor", {
runtime: lambda.Runtime.PYTHON_3_12,
handler: "index.handler",
code: lambda.Code.fromInline(`
def handler(event, context):
# Filter or transform response
return {
"interceptorOutputVersion": "1.0",
"mcp": {
"transformedGatewayResponse": event["mcp"]["gatewayResponse"]
}
}
`),
});
// Create gateway with interceptors
const gateway = new agentcore.Gateway(this, "MyGateway", {
gatewayName: "my-gateway",
interceptorConfigurations: [
agentcore.LambdaInterceptor.forRequest(requestInterceptorFn, {
passRequestHeaders: true // Only if you need to inspect headers
}),
agentcore.LambdaInterceptor.forResponse(responseInterceptorFn)
]
});
Properties
| Name | Type | Description |
|---|---|---|
| pass | boolean | Whether to pass request headers to the interceptor Lambda function. |
passRequestHeaders?
Type:
boolean
(optional, default: false - Headers are not passed to interceptor for security)
Whether to pass request headers to the interceptor Lambda function.
Security Warning: Request headers can contain sensitive information such as authentication tokens and credentials. Only enable this if your interceptor needs access to headers and you have verified that sensitive information is not logged or exposed.