Package software.amazon.awscdk.services.bedrockagentcore

Class RuntimeCustomClaim

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.bedrockagentcore.RuntimeCustomClaim
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.129.0 (build eaca441)", date="2026-05-19T08:18:44.499Z") @Stability(Stable) public class RuntimeCustomClaim extends software.amazon.jsii.JsiiObject
Represents a custom claim validation configuration for Runtime JWT authorizers.

Custom claims allow you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.

Example: 

 UserPool userPool;
 UserPoolClient userPoolClient;
 UserPoolClient anotherUserPoolClient;
 Repository repository = Repository.Builder.create(this, "TestRepository")
         .repositoryName("test-agent-runtime")
         .build();
 AgentRuntimeArtifact agentRuntimeArtifact = AgentRuntimeArtifact.fromEcrRepository(repository, "v1.0.0");
 // Optional: Create custom claims for additional validation
 RuntimeCustomClaim[] customClaims = List.of(RuntimeCustomClaim.withStringValue("department", "engineering"), RuntimeCustomClaim.withStringArrayValue("roles", List.of("admin"), CustomClaimOperator.CONTAINS), RuntimeCustomClaim.withStringArrayValue("permissions", List.of("read", "write"), CustomClaimOperator.CONTAINS_ANY));
 Runtime runtime = Runtime.Builder.create(this, "MyAgentRuntime")
         .runtimeName("myAgent")
         .agentRuntimeArtifact(agentRuntimeArtifact)
         .authorizerConfiguration(RuntimeAuthorizerConfiguration.usingCognito(userPool, List.of(userPoolClient, anotherUserPoolClient), List.of("audience1"), List.of("read", "write"), customClaims))
         .build();

  • Constructor Details

    • RuntimeCustomClaim

      protected RuntimeCustomClaim(software.amazon.jsii.JsiiObjectRef objRef)

    • RuntimeCustomClaim

      protected RuntimeCustomClaim(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

  • Method Details

    • withStringArrayValue

      @Stability(Stable) @NotNull public static RuntimeCustomClaim withStringArrayValue(@NotNull String name, @NotNull List<String> values, @Nullable CustomClaimOperator operator)
      Create a custom claim with a string array value.

      String array claims can use CONTAINS (default) or CONTAINS_ANY operator.

      Parameters:
      name - The name of the claim in the JWT token. This parameter is required.
      values - The array of string values to match. This parameter is required.
      operator - The match operator (defaults to CONTAINS).
      Returns:
      A RuntimeCustomClaim configured for string array validation

    • withStringArrayValue

      @Stability(Stable) @NotNull public static RuntimeCustomClaim withStringArrayValue(@NotNull String name, @NotNull List<String> values)
      Create a custom claim with a string array value.

      String array claims can use CONTAINS (default) or CONTAINS_ANY operator.

      Parameters:
      name - The name of the claim in the JWT token. This parameter is required.
      values - The array of string values to match. This parameter is required.
      Returns:
      A RuntimeCustomClaim configured for string array validation

    • withStringValue

      @Stability(Stable) @NotNull public static RuntimeCustomClaim withStringValue(@NotNull String name, @NotNull String value)
      Create a custom claim with a string value.

      String claims must use the EQUALS operator.

      Parameters:
      name - The name of the claim in the JWT token. This parameter is required.
      value - The string value to match (must exactly equal). This parameter is required.
      Returns:
      A RuntimeCustomClaim configured for string validation