Interface IWorkloadIdentity
- All Superinterfaces:
software.constructs.IConstruct,software.constructs.IDependable,IEnvironmentAware,IGrantable,IResource,IWorkloadIdentityRef,software.amazon.jsii.JsiiSerializable
- All Known Subinterfaces:
IWorkloadIdentity.Jsii$Default
- All Known Implementing Classes:
IWorkloadIdentity.Jsii$Proxy,WorkloadIdentity
@Generated(value="jsii-pacmak/1.129.0 (build eaca441)",
date="2026-05-19T08:18:44.448Z")
@Stability(Stable)
public interface IWorkloadIdentity
extends software.amazon.jsii.JsiiSerializable, IResource, IGrantable, IWorkloadIdentityRef
A workload identity for Amazon Bedrock AgentCore.
Represents the stable identity of an agent within an account's agent identity directory. It ties together IAM roles, OAuth2 flows, API keys, and workload access tokens for consistent authentication across environments.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic interfaceInternal default implementation forIWorkloadIdentity.static final classA proxy class which represents a concrete javascript instance of this type. -
Method Summary
Modifier and TypeMethodDescriptiondefault StringTimestamp when the workload identity was created.default StringTimestamp when the workload identity was last updated.The ARN of this workload identity.The name of this workload identity.grant(IGrantable grantee, String... actions) Grants IAM actions on this workload identity, scoped to its ARN and the parent resources required by the Bedrock AgentCore authorization model.grantAdmin(IGrantable grantee) Grant control plane permissions to manage this workload identity.grantFullAccess(IGrantable grantee) Grant read, list, admin, and use permissions.grantRead(IGrantable grantee) GrantGetWorkloadIdentityandListWorkloadIdentities, scoped to this identity and parent resources required by the Bedrock AgentCore authorization model.grantUse(IGrantable grantee) Grant data plane permissions to mint workload access tokens (GetWorkloadAccessToken,GetWorkloadAccessTokenForJWT,GetWorkloadAccessTokenForUserId).Methods inherited from interface software.constructs.IConstruct
getNode, withMethods inherited from interface software.amazon.awscdk.interfaces.IEnvironmentAware
getEnvMethods inherited from interface software.amazon.awscdk.services.iam.IGrantable
getGrantPrincipalMethods inherited from interface software.amazon.awscdk.IResource
applyRemovalPolicy, getStackMethods inherited from interface software.amazon.awscdk.interfaces.bedrockagentcore.IWorkloadIdentityRef
getWorkloadIdentityRefMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getWorkloadIdentityArn
The ARN of this workload identity. -
getWorkloadIdentityName
The name of this workload identity. -
getCreatedTime
Timestamp when the workload identity was created. -
getLastUpdatedTime
Timestamp when the workload identity was last updated. -
grant
Grants IAM actions on this workload identity, scoped to its ARN and the parent resources required by the Bedrock AgentCore authorization model.- Parameters:
grantee- This parameter is required.actions- This parameter is required.
-
grantAdmin
Grant control plane permissions to manage this workload identity.- Parameters:
grantee- This parameter is required.
-
grantFullAccess
Grant read, list, admin, and use permissions.- Parameters:
grantee- This parameter is required.
-
grantRead
GrantGetWorkloadIdentityandListWorkloadIdentities, scoped to this identity and parent resources required by the Bedrock AgentCore authorization model.- Parameters:
grantee- This parameter is required.
-
grantUse
Grant data plane permissions to mint workload access tokens (GetWorkloadAccessToken,GetWorkloadAccessTokenForJWT,GetWorkloadAccessTokenForUserId).- Parameters:
grantee- This parameter is required.
-