class GatewayCredentialProvider
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.BedrockAgentCore.GatewayCredentialProvider |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsbedrockagentcore#GatewayCredentialProvider |
 Java | software.amazon.awscdk.services.bedrockagentcore.GatewayCredentialProvider |
 Python | aws_cdk.aws_bedrockagentcore.GatewayCredentialProvider |
 TypeScript (source) | aws-cdk-lib » aws_bedrockagentcore » GatewayCredentialProvider |
Factory class for creating different Gateway Credential Providers.
Example
const gateway = new agentcore.Gateway(this, "MyGateway", {
gatewayName: "my-gateway",
});
// OAuth2 (recommended): use OAuth2CredentialProvider + bindForGatewayOAuthTarget, or ARNs from console/API
const oauthProviderArn = "arn:aws:bedrock-agentcore:us-east-1:123456789012:token-vault/abc123/oauth2credentialprovider/my-oauth";
const oauthSecretArn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-oauth-secret-abc123";
// Add an MCP server target directly to the gateway
const mcpTarget = gateway.addMcpServerTarget("MyMcpServer", {
gatewayTargetName: "my-mcp-server",
description: "External MCP server integration",
endpoint: "https://my-mcp-server.example.com",
credentialProviderConfigurations: [
agentcore.GatewayCredentialProvider.fromOauthIdentityArn({
providerArn: oauthProviderArn,
secretArn: oauthSecretArn,
scopes:['mcp-runtime-server/invoke']
}),
],
});
// Grant sync permission to a Lambda function that will trigger synchronization
const syncFunction = new lambda.Function(this, "SyncFunction", {
runtime: lambda.Runtime.PYTHON_3_12,
handler: "index.handler",
code: lambda.Code.fromInline(`
import boto3
def handler(event, context):
client = boto3.client('bedrock-agentcore')
response = client.synchronize_gateway_targets(
gatewayIdentifier=event['gatewayId'],
targetIds=[event['targetId']]
)
return response
`),
});
mcpTarget.grantSync(syncFunction);
Initializer
new GatewayCredentialProvider()
Methods
| Name | Description |
|---|---|
| static from | Create an API key outbound auth configuration from a Token Vault {@link IApiKeyCredentialProvider} construct. |
| static from | Create an API key credential provider from Identity ARN Use this method when you have the Identity ARN as a string. |
| static from | Create an IAM role credential provider. |
| static from | Create an OAuth outbound auth configuration from a Token Vault {@link IOAuth2CredentialProvider} construct. |
| static from | Create an OAuth credential provider from Identity ARN Use this method when you have the Identity ARN as a string. |
static fromApiKeyIdentity(provider, options?)
public static fromApiKeyIdentity(provider: IApiKeyCredentialProvider, options?: FromApiKeyIdentityOptions): ICredentialProviderConfig
Parameters
- provider
IApiKey Credential Provider - options
FromApi Key Identity Options
Returns
Create an API key outbound auth configuration from a Token Vault {@link IApiKeyCredentialProvider} construct.
Prefer this over {@link GatewayCredentialProvider.fromApiKeyIdentityArn} when the provider is defined in CDK.
static fromApiKeyIdentityArn(props)
public static fromApiKeyIdentityArn(props: ApiKeyCredentialProviderOptions): ICredentialProviderConfig
Parameters
- props
Api— - The configuration properties for the API key credential provider.Key Credential Provider Options
Returns
Create an API key credential provider from Identity ARN Use this method when you have the Identity ARN as a string.
static fromIamRole()
public static fromIamRole(): ICredentialProviderConfig
Returns
Create an IAM role credential provider.
static fromOauthIdentity(provider, options)
public static fromOauthIdentity(provider: IOAuth2CredentialProvider, options: FromOauthIdentityOptions): ICredentialProviderConfig
Parameters
- provider
IOAuth2Credential Provider - options
FromOauth Identity Options
Returns
Create an OAuth outbound auth configuration from a Token Vault {@link IOAuth2CredentialProvider} construct.
Prefer this over {@link GatewayCredentialProvider.fromOauthIdentityArn} when the provider is defined in CDK.
static fromOauthIdentityArn(props)
public static fromOauthIdentityArn(props: OAuthConfiguration): ICredentialProviderConfig
Parameters
- props
OAuth— - The configuration properties for the OAuth credential provider.Configuration
Returns
Create an OAuth credential provider from Identity ARN Use this method when you have the Identity ARN as a string.