class RuntimeCustomClaim
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.RuntimeCustomClaim |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#RuntimeCustomClaim |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.RuntimeCustomClaim |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.RuntimeCustomClaim |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป RuntimeCustomClaim |
Represents a custom claim validation configuration for Runtime JWT authorizers.
Custom claims allow you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.
Example
declare const userPool: cognito.UserPool;
declare const userPoolClient: cognito.UserPoolClient;
declare const anotherUserPoolClient: cognito.UserPoolClient;
const repository = new ecr.Repository(this, "TestRepository", {
repositoryName: "test-agent-runtime",
});
const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromEcrRepository(repository, "v1.0.0");
// Optional: Create custom claims for additional validation
const customClaims = [
agentcore.RuntimeCustomClaim.withStringValue('department', 'engineering'),
agentcore.RuntimeCustomClaim.withStringArrayValue('roles', ['admin'], agentcore.CustomClaimOperator.CONTAINS),
agentcore.RuntimeCustomClaim.withStringArrayValue('permissions', ['read', 'write'], agentcore.CustomClaimOperator.CONTAINS_ANY),
];
const runtime = new agentcore.Runtime(this, "MyAgentRuntime", {
runtimeName: "myAgent",
agentRuntimeArtifact: agentRuntimeArtifact,
authorizerConfiguration: agentcore.RuntimeAuthorizerConfiguration.usingCognito(
userPool, // User Pool (required)
[userPoolClient, anotherUserPoolClient], // User Pool Clients
["audience1"], // Allowed Audiences (optional)
["read", "write"], // Allowed Scopes (optional)
customClaims, // Custom claims (optional) - see Custom Claims Validation section
),
});
Methods
| Name | Description |
|---|---|
| static with | Create a custom claim with a string array value. |
| static with | Create a custom claim with a string value. |
static withStringArrayValue(name, values, operator?)
public static withStringArrayValue(name: string, values: string[], operator?: CustomClaimOperator): RuntimeCustomClaim
Parameters
- name
stringโ The name of the claim in the JWT token. - values
string[]โ The array of string values to match. - operator
Customโ The match operator (defaults to CONTAINS).Claim Operator
Returns
Create a custom claim with a string array value.
String array claims can use CONTAINS (default) or CONTAINS_ANY operator.
static withStringValue(name, value)
public static withStringValue(name: string, value: string): RuntimeCustomClaim
Parameters
- name
stringโ The name of the claim in the JWT token. - value
stringโ The string value to match (must exactly equal).
Returns
Create a custom claim with a string value.
String claims must use the EQUALS operator.