class RuntimeAuthorizerConfiguration
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.RuntimeAuthorizerConfiguration |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#RuntimeAuthorizerConfiguration |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.RuntimeAuthorizerConfiguration |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.RuntimeAuthorizerConfiguration |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป RuntimeAuthorizerConfiguration |
Abstract base class for runtime authorizer configurations.
Provides static factory methods to create different authentication types.
Example
const repository = new ecr.Repository(this, "TestRepository", {
repositoryName: "test-agent-runtime",
});
const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromEcrRepository(repository, "v1.0.0");
const runtime = new agentcore.Runtime(this, "MyAgentRuntime", {
runtimeName: "myAgent",
agentRuntimeArtifact: agentRuntimeArtifact,
authorizerConfiguration: agentcore.RuntimeAuthorizerConfiguration.usingOAuth(
"https://github.com/.well-known/openid-configuration",
"oauth_client_123",
),
});
Initializer
new RuntimeAuthorizerConfiguration()
Methods
| Name | Description |
|---|---|
| static using | Use AWS Cognito User Pool authentication. |
| static using | Use IAM authentication (default). |
| static using | Use custom JWT authentication. |
| static using | Use OAuth 2.0 authentication. Supports various OAuth providers. |
static usingCognito(userPool, userPoolClients, allowedAudience?)
public static usingCognito(userPool: IUserPool, userPoolClients: IUserPoolClient[], allowedAudience?: string[]): RuntimeAuthorizerConfiguration
Parameters
- userPool
IUserโ The Cognito User Pool.Pool - userPoolClients
IUserPool Client []โ The Cognito User Pool App Clients. - allowedAudience
string[]โ Optional array of allowed audiences.
Returns
Use AWS Cognito User Pool authentication.
Validates Cognito-issued JWT tokens.
static usingIAM()
public static usingIAM(): RuntimeAuthorizerConfiguration
Returns
Use IAM authentication (default).
Requires AWS credentials to sign requests using SigV4.
static usingJWT(discoveryUrl, allowedClients?, allowedAudience?)
public static usingJWT(discoveryUrl: string, allowedClients?: string[], allowedAudience?: string[]): RuntimeAuthorizerConfiguration
Parameters
- discoveryUrl
stringโ The OIDC discovery URL (must end with /.well-known/openid-configuration). - allowedClients
string[]โ Optional array of allowed client IDs. - allowedAudience
string[]โ Optional array of allowed audiences.
Returns
Use custom JWT authentication.
Validates JWT tokens against the specified OIDC provider.
static usingOAuth(discoveryUrl, clientId, allowedAudience?)
public static usingOAuth(discoveryUrl: string, clientId: string, allowedAudience?: string[]): RuntimeAuthorizerConfiguration
Parameters
- discoveryUrl
stringโ The OIDC discovery URL (must end with /.well-known/openid-configuration). - clientId
stringโ OAuth client ID. - allowedAudience
string[]โ Optional array of allowed audiences.
Returns
Use OAuth 2.0 authentication. Supports various OAuth providers.