class GatewayAuthorizer
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.BedrockAgentCore.GatewayAuthorizer |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsbedrockagentcore#GatewayAuthorizer |
 Java | software.amazon.awscdk.services.bedrockagentcore.GatewayAuthorizer |
 Python | aws_cdk.aws_bedrockagentcore.GatewayAuthorizer |
 TypeScript (source) | aws-cdk-lib » aws_bedrockagentcore » GatewayAuthorizer |
Factory class for creating Gateway Authorizers.
Example
// Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
const customClaims = [
agentcore.GatewayCustomClaim.withStringValue('department', 'engineering'),
agentcore.GatewayCustomClaim.withStringArrayValue('roles', ['admin'], agentcore.CustomClaimOperator.CONTAINS),
agentcore.GatewayCustomClaim.withStringArrayValue('permissions', ['read', 'write'], agentcore.CustomClaimOperator.CONTAINS_ANY),
];
const gateway = new agentcore.Gateway(this, "MyGateway", {
gatewayName: "my-gateway",
authorizerConfiguration: agentcore.GatewayAuthorizer.usingCustomJwt({
discoveryUrl: "https://auth.example.com/.well-known/openid-configuration",
allowedAudience: ["my-app"],
allowedClients: ["my-client-id"],
allowedScopes: ["read", "write"],
customClaims: customClaims, // Optional custom claims
}),
});
Initializer
new GatewayAuthorizer()
Methods
| Name | Description |
|---|---|
| static using | AWS IAM authorizer instance. |
| static using | Create a JWT authorizer from Cognito User Pool. |
| static using | Create a custom JWT authorizer. |
| static with | No authorization — the gateway will not perform any inbound authorization. |
static usingAwsIam()
public static usingAwsIam(): IGatewayAuthorizerConfig
Returns
AWS IAM authorizer instance.
static usingCognito(props)
public static usingCognito(props: CognitoAuthorizerProps): IGatewayAuthorizerConfig
Parameters
- props
Cognito— - The Cognito configuration.Authorizer Props
Returns
Create a JWT authorizer from Cognito User Pool.
static usingCustomJwt(configuration)
public static usingCustomJwt(configuration: CustomJwtConfiguration): IGatewayAuthorizerConfig
Parameters
- configuration
Custom— - The JWT configuration.Jwt Configuration
Returns
Create a custom JWT authorizer.
static withNoAuth()
public static withNoAuth(): IGatewayAuthorizerConfig
Returns
No authorization — the gateway will not perform any inbound authorization.
The gateway endpoint will be publicly accessible without credentials. Use this for testing/development, or for production gateways where you have implemented compensating controls such as Gateway Interceptors.