IWorkloadIdentity
- class aws_cdk.aws_bedrock_agentcore_alpha.IWorkloadIdentity(*args, **kwargs)
Bases:
IResource,IGrantable,IWorkloadIdentityRef,Protocol(experimental) A workload identity for Amazon Bedrock AgentCore.
Represents the stable identity of an agent within an account’s agent identity directory. It ties together IAM roles, OAuth2 flows, API keys, and workload access tokens for consistent authentication across environments.
- See:
- Stability:
experimental
Methods
- apply_removal_policy(policy)
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).- Parameters:
policy (
RemovalPolicy)- Return type:
None
- grant(grantee, *actions)
(experimental) Grants IAM actions on this workload identity, scoped to its ARN and the parent resources required by the Bedrock AgentCore authorization model.
- Parameters:
grantee (
IGrantable)actions (
str)
- Stability:
experimental
- Return type:
- grant_admin(grantee)
(experimental) Grant control plane permissions to manage this workload identity.
- Parameters:
grantee (
IGrantable)- Stability:
experimental
- Return type:
- grant_full_access(grantee)
(experimental) Grant read, list, admin, and use permissions.
- Parameters:
grantee (
IGrantable)- Stability:
experimental
- Return type:
- grant_read(grantee)
(experimental) Grant
GetWorkloadIdentityandListWorkloadIdentities, scoped to this identity and parent resources required by the Bedrock AgentCore authorization model.- Parameters:
grantee (
IGrantable)- Stability:
experimental
- Return type:
- grant_use(grantee)
(experimental) Grant data plane permissions to mint workload access tokens (
GetWorkloadAccessToken,GetWorkloadAccessTokenForJWT,GetWorkloadAccessTokenForUserId).- Parameters:
grantee (
IGrantable)- Stability:
experimental
- Return type:
- with_(*mixins)
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.
- Parameters:
mixins (
IMixin) – The mixins to apply.- Return type:
- Returns:
This construct for chaining
Attributes
- created_time
(experimental) Timestamp when the workload identity was created.
- Stability:
experimental
- Attribute:
true
- env
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by creating new class instances like
new Role(),new Bucket(), etc.), this is always the same as the environment of the stack they belong to.For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(),Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.
- grant_principal
The principal to grant permissions to.
- last_updated_time
(experimental) Timestamp when the workload identity was last updated.
- Stability:
experimental
- Attribute:
true
- node
The tree node.
- stack
The stack in which this resource is defined.
- workload_identity_arn
(experimental) The ARN of this workload identity.
- Stability:
experimental
- Attribute:
true
- workload_identity_name
(experimental) The name of this workload identity.
- Stability:
experimental
- Attribute:
true
- workload_identity_ref
(experimental) A reference to a WorkloadIdentity resource.
- Stability:
experimental