PolicyValidationMode

class aws_cdk.aws_bedrock_agentcore_alpha.PolicyValidationMode(value)

Bases: object

(experimental) Validation mode for Cedar policy definitions.

Stability:

experimental

ExampleMetadata:

fixture=default infused

Example:

# policy_engine: agentcore.PolicyEngine
# gateway: agentcore.Gateway


# Allow access unless the user is suspended
policy_with_unless = agentcore.Policy(self, "UnlessPolicy",
    policy_engine=policy_engine,
    policy_name="unless_suspended",
    statement=agentcore.PolicyStatement.permit().for_principal("AgentCore::OAuthUser").on_all_actions().on_resource("AgentCore::Gateway", gateway.gateway_arn).unless().principal_attribute("suspended").equal_to(True).done(),
    description="Allow all actions unless user is suspended",
    validation_mode=agentcore.PolicyValidationMode.FAIL_ON_ANY_FINDINGS
)

Parameters:

value (str)

Stability:

experimental

Attributes

FAIL_ON_ANY_FINDINGS = <aws_cdk.aws_bedrock_agentcore_alpha.PolicyValidationMode object>

IGNORE_ALL_FINDINGS = <aws_cdk.aws_bedrock_agentcore_alpha.PolicyValidationMode object>

value

(experimental) The string value of the validation mode.

Stability:

experimental