class RuntimeAuthorizerConfiguration
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.RuntimeAuthorizerConfiguration |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#RuntimeAuthorizerConfiguration |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.RuntimeAuthorizerConfiguration |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.RuntimeAuthorizerConfiguration |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป RuntimeAuthorizerConfiguration |
Abstract base class for runtime authorizer configurations.
Provides static factory methods to create different authentication types.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as bedrock_agentcore_alpha from '@aws-cdk/aws-bedrock-agentcore-alpha';
import { aws_cognito as cognito } from 'aws-cdk-lib';
declare const runtimeCustomClaim: bedrock_agentcore_alpha.RuntimeCustomClaim;
declare const userPool: cognito.UserPool;
declare const userPoolClient: cognito.UserPoolClient;
const runtimeAuthorizerConfiguration = bedrock_agentcore_alpha.RuntimeAuthorizerConfiguration.usingCognito(userPool, [userPoolClient], /* all optional props */ ['allowedAudience'], /* all optional props */ ['allowedScopes'], /* all optional props */ [runtimeCustomClaim]);
Initializer
new RuntimeAuthorizerConfiguration()
Methods
| Name | Description |
|---|---|
| static using | Use AWS Cognito User Pool authentication. |
| static using | Use IAM authentication (default). |
| static using | Use custom JWT authentication. |
| static using | Use OAuth 2.0 authentication. Supports various OAuth providers. |
static usingCognito(userPool, userPoolClients, allowedAudience?, allowedScopes?, customClaims?)
public static usingCognito(userPool: IUserPool, userPoolClients: IUserPoolClient[], allowedAudience?: string[], allowedScopes?: string[], customClaims?: RuntimeCustomClaim[]): RuntimeAuthorizerConfiguration
Parameters
- userPool
IUserโ The Cognito User Pool.Pool - userPoolClients
IUserPool Client []โ The Cognito User Pool App Clients. - allowedAudience
string[]โ Optional array of allowed audiences. - allowedScopes
string[]โ Optional array of allowed scopes. - customClaims
RuntimeCustom Claim []โ Optional array of custom claim validations.
Returns
Use AWS Cognito User Pool authentication.
Validates Cognito-issued JWT tokens.
static usingIAM()
public static usingIAM(): RuntimeAuthorizerConfiguration
Returns
Use IAM authentication (default).
Requires AWS credentials to sign requests using SigV4.
static usingJWT(discoveryUrl, allowedClients?, allowedAudience?, allowedScopes?, customClaims?)
public static usingJWT(discoveryUrl: string, allowedClients?: string[], allowedAudience?: string[], allowedScopes?: string[], customClaims?: RuntimeCustomClaim[]): RuntimeAuthorizerConfiguration
Parameters
- discoveryUrl
stringโ The OIDC discovery URL (must end with /.well-known/openid-configuration). - allowedClients
string[]โ Optional array of allowed client IDs. - allowedAudience
string[]โ Optional array of allowed audiences. - allowedScopes
string[]โ Optional array of allowed scopes. - customClaims
RuntimeCustom Claim []โ Optional array of custom claim validations.
Returns
Use custom JWT authentication.
Validates JWT tokens against the specified OIDC provider.
static usingOAuth(discoveryUrl, clientId, allowedAudience?, allowedScopes?, customClaims?)
public static usingOAuth(discoveryUrl: string, clientId: string, allowedAudience?: string[], allowedScopes?: string[], customClaims?: RuntimeCustomClaim[]): RuntimeAuthorizerConfiguration
Parameters
- discoveryUrl
stringโ The OIDC discovery URL (must end with /.well-known/openid-configuration). - clientId
stringโ OAuth client ID. - allowedAudience
string[]โ Optional array of allowed audiences. - allowedScopes
string[]โ Optional array of allowed scopes. - customClaims
RuntimeCustom Claim []โ Optional array of custom claim validations.
Returns
Use OAuth 2.0 authentication. Supports various OAuth providers.