Class PolicyValidationMode

(experimental) Validation mode for Cedar policy definitions.

Inheritance

object

PolicyValidationMode

Namespace: Amazon.CDK.AWS.Bedrock.Agentcore.Alpha

Assembly: Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.dll

Syntax (csharp)

public class PolicyValidationMode : DeputyBase

Syntax (vb)

Public Class PolicyValidationMode Inherits DeputyBase

Remarks

Stability: Experimental

ExampleMetadata: fixture=default infused

Examples

PolicyEngine policyEngine;
             Gateway gateway;


             // Allow access unless the user is suspended
             var policyWithUnless = new Policy(this, "UnlessPolicy", new PolicyProps {
                 PolicyEngine = policyEngine,
                 PolicyName = "unless_suspended",
                 Statement = PolicyStatement.Permit().ForPrincipal("AgentCore::OAuthUser").OnAllActions().OnResource("AgentCore::Gateway", gateway.GatewayArn).Unless().PrincipalAttribute("suspended").EqualTo(true).Done(),
                 Description = "Allow all actions unless user is suspended",
                 ValidationMode = PolicyValidationMode.FAIL_ON_ANY_FINDINGS
             });

Synopsis

Constructors

PolicyValidationMode(string)

(experimental) Validation mode for Cedar policy definitions.

Properties

FAIL_ON_ANY_FINDINGS	(experimental) Fail policy creation if any validation findings are detected.
IGNORE_ALL_FINDINGS	(experimental) Ignore all validation findings and create the policy anyway.
Value	(experimental) The string value of the validation mode.

Constructors

PolicyValidationMode(string)

(experimental) Validation mode for Cedar policy definitions.

public PolicyValidationMode(string value)

Parameters

value string

Remarks

Stability: Experimental

Properties

FAIL_ON_ANY_FINDINGS

(experimental) Fail policy creation if any validation findings are detected.

public static PolicyValidationMode FAIL_ON_ANY_FINDINGS { get; }

Property Value

PolicyValidationMode

Remarks

This is the safer default - catches policy errors early.

Stability: Experimental

IGNORE_ALL_FINDINGS

(experimental) Ignore all validation findings and create the policy anyway.

public static PolicyValidationMode IGNORE_ALL_FINDINGS { get; }

Property Value

PolicyValidationMode

Remarks

Use with caution - may result in runtime authorization errors.

Stability: Experimental

Value

(experimental) The string value of the validation mode.

public virtual string Value { get; }

Property Value

string

Remarks

Stability: Experimental