CognitoAuthorizerProps

class aws_cdk.aws_bedrock_agentcore_alpha.CognitoAuthorizerProps(*, user_pool, allowed_audiences=None, allowed_clients=None, allowed_scopes=None, custom_claims=None)

Bases: object

(experimental) ************************************************************************ Factory ***********************************************************************.

Parameters:

  • user_pool (IUserPool) – (experimental) The Cognito User Pool to use for authentication.

  • allowed_audiences (Optional[Sequence[str]]) – (experimental) The allowed audiences for JWT validation. Default: - No audience validation

  • allowed_clients (Optional[Sequence[IUserPoolClient]]) – (experimental) The allowed User Pool clients. Default: - All clients are allowed

  • allowed_scopes (Optional[Sequence[str]]) – (experimental) The allowed scopes for JWT validation. Default: - No scope validation

  • custom_claims (Optional[Sequence[GatewayCustomClaim]]) – (experimental) Custom claims for additional JWT token validation. Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations. Default: - No custom claim validation

Stability:

experimental

ExampleMetadata:

fixture=default infused

Example:

# user_pool: cognito.UserPool
# user_pool_client: cognito.UserPoolClient


# Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
custom_claims = [
    agentcore.GatewayCustomClaim.with_string_value("department", "engineering"),
    agentcore.GatewayCustomClaim.with_string_array_value("roles", ["admin"], agentcore.CustomClaimOperator.CONTAINS),
    agentcore.GatewayCustomClaim.with_string_array_value("permissions", ["read", "write"], agentcore.CustomClaimOperator.CONTAINS_ANY)
]

gateway = agentcore.Gateway(self, "MyGateway",
    gateway_name="my-gateway",
    authorizer_configuration=agentcore.GatewayAuthorizer.using_cognito(
        user_pool=user_pool,
        allowed_clients=[user_pool_client],
        allowed_audiences=["audience1"],
        allowed_scopes=["read", "write"],
        custom_claims=custom_claims
    )
)

Attributes

allowed_audiences

(experimental) The allowed audiences for JWT validation.

Default:

  • No audience validation

Stability:

experimental

allowed_clients

(experimental) The allowed User Pool clients.

Default:

  • All clients are allowed

Stability:

experimental

allowed_scopes

(experimental) The allowed scopes for JWT validation.

Default:

  • No scope validation

Stability:

experimental

custom_claims

(experimental) Custom claims for additional JWT token validation.

Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.

Default:

  • No custom claim validation

Stability:

experimental

user_pool

(experimental) The Cognito User Pool to use for authentication.

Stability:

experimental