CognitoAuthorizerProps
- class aws_cdk.aws_bedrockagentcore.CognitoAuthorizerProps(*, user_pool, allowed_audiences=None, allowed_clients=None, allowed_scopes=None, custom_claims=None)
Bases:
object************************************************************************ Factory ***********************************************************************.
- Parameters:
user_pool (
IUserPool) – The Cognito User Pool to use for authentication.allowed_audiences (
Optional[Sequence[str]]) – The allowed audiences for JWT validation. Default: - No audience validationallowed_clients (
Optional[Sequence[IUserPoolClient]]) – The allowed User Pool clients. Default: - All clients are allowedallowed_scopes (
Optional[Sequence[str]]) – The allowed scopes for JWT validation. Default: - No scope validationcustom_claims (
Optional[Sequence[GatewayCustomClaim]]) – Custom claims for additional JWT token validation. Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations. Default: - No custom claim validation
- ExampleMetadata:
fixture=default infused
Example:
# user_pool: cognito.UserPool # user_pool_client: cognito.UserPoolClient # Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore) custom_claims = [ agentcore.GatewayCustomClaim.with_string_value("department", "engineering"), agentcore.GatewayCustomClaim.with_string_array_value("roles", ["admin"], agentcore.CustomClaimOperator.CONTAINS), agentcore.GatewayCustomClaim.with_string_array_value("permissions", ["read", "write"], agentcore.CustomClaimOperator.CONTAINS_ANY) ] gateway = agentcore.Gateway(self, "MyGateway", gateway_name="my-gateway", authorizer_configuration=agentcore.GatewayAuthorizer.using_cognito( user_pool=user_pool, allowed_clients=[user_pool_client], allowed_audiences=["audience1"], allowed_scopes=["read", "write"], custom_claims=custom_claims ) )
Attributes
- allowed_audiences
The allowed audiences for JWT validation.
- Default:
No audience validation
- allowed_clients
The allowed User Pool clients.
- Default:
All clients are allowed
- allowed_scopes
The allowed scopes for JWT validation.
- Default:
No scope validation
- custom_claims
Custom claims for additional JWT token validation.
Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.
- Default:
No custom claim validation
- user_pool
The Cognito User Pool to use for authentication.