AWS::BedrockAgentCore::WorkloadIdentity - AWS CloudFormation
SyntaxPropertiesReturn values

This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::BedrockAgentCore::WorkloadIdentity

Creates a workload identity for Amazon Bedrock AgentCore. A workload identity provides OAuth2-based authentication for resources associated with agent runtimes.

For more information about using workload identities in Amazon Bedrock AgentCore, see Managing workload identities.

See the Properties section below for descriptions of both the required and optional properties.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::BedrockAgentCore::WorkloadIdentity",
  "Properties" : {
      "AllowedResourceOauth2ReturnUrls" : [ String, ... ],
      "Name" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::BedrockAgentCore::WorkloadIdentity
Properties:
  AllowedResourceOauth2ReturnUrls: 
    - String
  Name: String
  Tags: 
    - Tag

Properties

AllowedResourceOauth2ReturnUrls

The list of allowed OAuth2 return URLs for resources associated with this workload identity.

Required: No

Type: Array of String

Minimum: 1

Maximum: 2048

Update requires: No interruption

Name

The name of the workload identity. The name must be unique within your account.

Required: Yes

Type: String

Pattern: [A-Za-z0-9_.-]+

Minimum: 3

Maximum: 255

Update requires: Replacement

Tags

The tags for the workload identity.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the workload identity name.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

CreatedTime

The timestamp when the workload identity was created.

LastUpdatedTime

The timestamp when the workload identity was last updated.

WorkloadIdentityArn

The Amazon Resource Name (ARN) of the workload identity.