Package software.amazon.awscdk.services.bedrockagentcore

Interface CognitoAuthorizerProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CognitoAuthorizerProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.129.0 (build eaca441)",
           date="2026-05-19T08:18:44.374Z")
@Stability(Stable)
public interface CognitoAuthorizerProps
extends software.amazon.jsii.JsiiSerializable

**************************************************************************** Factory ***************************************************************************.

Example:

 UserPool userPool;
 UserPoolClient userPoolClient;
 // Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
 GatewayCustomClaim[] customClaims = List.of(GatewayCustomClaim.withStringValue("department", "engineering"), GatewayCustomClaim.withStringArrayValue("roles", List.of("admin"), CustomClaimOperator.CONTAINS), GatewayCustomClaim.withStringArrayValue("permissions", List.of("read", "write"), CustomClaimOperator.CONTAINS_ANY));
 Gateway gateway = Gateway.Builder.create(this, "MyGateway")
         .gatewayName("my-gateway")
         .authorizerConfiguration(GatewayAuthorizer.usingCognito(CognitoAuthorizerProps.builder()
                 .userPool(userPool)
                 .allowedClients(List.of(userPoolClient))
                 .allowedAudiences(List.of("audience1"))
                 .allowedScopes(List.of("read", "write"))
                 .customClaims(customClaims)
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CognitoAuthorizerProps.Builder	A builder for CognitoAuthorizerProps
static final class	CognitoAuthorizerProps.Jsii$Proxy	An implementation for CognitoAuthorizerProps

Method Summary

Modifier and Type	Method	Description
static CognitoAuthorizerProps.Builder	builder()
default List<String>	getAllowedAudiences()	The allowed audiences for JWT validation.
default List<IUserPoolClient>	getAllowedClients()	The allowed User Pool clients.
default List<String>	getAllowedScopes()	The allowed scopes for JWT validation.
default List<GatewayCustomClaim>	getCustomClaims()	Custom claims for additional JWT token validation.
IUserPool	getUserPool()	The Cognito User Pool to use for authentication.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getUserPool

@Stability(Stable)
@NotNull
IUserPool getUserPool()

The Cognito User Pool to use for authentication.

getAllowedAudiences

@Stability(Stable)
@Nullable
default List<String> getAllowedAudiences()

The allowed audiences for JWT validation.

Default: - No audience validation

getAllowedClients

@Stability(Stable)
@Nullable
default List<IUserPoolClient> getAllowedClients()

The allowed User Pool clients.

Default: - All clients are allowed

getAllowedScopes

@Stability(Stable)
@Nullable
default List<String> getAllowedScopes()

The allowed scopes for JWT validation.

Default: - No scope validation

getCustomClaims

@Stability(Stable)
@Nullable
default List<GatewayCustomClaim> getCustomClaims()

Custom claims for additional JWT token validation.

Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.

Default: - No custom claim validation

builder

@Stability(Stable)
static CognitoAuthorizerProps.Builder builder()

Returns:

a CognitoAuthorizerProps.Builder of CognitoAuthorizerProps