SDK for PHP V3
Amazon Bedrock AgentCore Control 2023-06-05
- Client: Aws\BedrockAgentCoreControl\BedrockAgentCoreControlClient
- Service ID: bedrock-agentcore-control
- Version: 2023-06-05
This page describes the parameters and results for the operations of the Amazon Bedrock AgentCore Control (2023-06-05), and shows how to use the Aws\BedrockAgentCoreControl\BedrockAgentCoreControlClient object to call the described operations. This documentation is specific to the 2023-06-05 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- CreateAgentRuntime ( array $params = [] )
- Creates an Amazon Bedrock AgentCore Runtime.
- CreateAgentRuntimeEndpoint ( array $params = [] )
- Creates an AgentCore Runtime endpoint.
- CreateApiKeyCredentialProvider ( array $params = [] )
- Creates a new API key credential provider.
- CreateBrowser ( array $params = [] )
- Creates a custom browser.
- CreateCodeInterpreter ( array $params = [] )
- Creates a custom code interpreter.
- CreateEvaluator ( array $params = [] )
- Creates a custom evaluator for agent quality assessment.
- CreateGateway ( array $params = [] )
- Creates a gateway for Amazon Bedrock Agent.
- CreateGatewayTarget ( array $params = [] )
- Creates a target for a gateway.
- CreateMemory ( array $params = [] )
- Creates a new Amazon Bedrock AgentCore Memory resource.
- CreateOauth2CredentialProvider ( array $params = [] )
- Creates a new OAuth2 credential provider.
- CreateOnlineEvaluationConfig ( array $params = [] )
- Creates an online evaluation configuration for continuous monitoring of agent performance.
- CreatePolicy ( array $params = [] )
- Creates a policy within the AgentCore Policy system.
- CreatePolicyEngine ( array $params = [] )
- Creates a new policy engine within the AgentCore Policy system.
- CreateWorkloadIdentity ( array $params = [] )
- Creates a new workload identity.
- DeleteAgentRuntime ( array $params = [] )
- Deletes an Amazon Bedrock AgentCore Runtime.
- DeleteAgentRuntimeEndpoint ( array $params = [] )
- Deletes an AAgentCore Runtime endpoint.
- DeleteApiKeyCredentialProvider ( array $params = [] )
- Deletes an API key credential provider.
- DeleteBrowser ( array $params = [] )
- Deletes a custom browser.
- DeleteCodeInterpreter ( array $params = [] )
- Deletes a custom code interpreter.
- DeleteEvaluator ( array $params = [] )
- Deletes a custom evaluator.
- DeleteGateway ( array $params = [] )
- Deletes a gateway.
- DeleteGatewayTarget ( array $params = [] )
- Deletes a gateway target.
- DeleteMemory ( array $params = [] )
- Deletes an Amazon Bedrock AgentCore Memory resource.
- DeleteOauth2CredentialProvider ( array $params = [] )
- Deletes an OAuth2 credential provider.
- DeleteOnlineEvaluationConfig ( array $params = [] )
- Deletes an online evaluation configuration and stops any ongoing evaluation processes associated with it.
- DeletePolicy ( array $params = [] )
- Deletes an existing policy from the AgentCore Policy system.
- DeletePolicyEngine ( array $params = [] )
- Deletes an existing policy engine from the AgentCore Policy system.
- DeleteResourcePolicy ( array $params = [] )
- Deletes the resource-based policy for a specified resource.
- DeleteWorkloadIdentity ( array $params = [] )
- Deletes a workload identity.
- GetAgentRuntime ( array $params = [] )
- Gets an Amazon Bedrock AgentCore Runtime.
- GetAgentRuntimeEndpoint ( array $params = [] )
- Gets information about an Amazon Secure AgentEndpoint.
- GetApiKeyCredentialProvider ( array $params = [] )
- Retrieves information about an API key credential provider.
- GetBrowser ( array $params = [] )
- Gets information about a custom browser.
- GetCodeInterpreter ( array $params = [] )
- Gets information about a custom code interpreter.
- GetEvaluator ( array $params = [] )
- Retrieves detailed information about an evaluator, including its configuration, status, and metadata.
- GetGateway ( array $params = [] )
- Retrieves information about a specific Gateway.
- GetGatewayTarget ( array $params = [] )
- Retrieves information about a specific gateway target.
- GetMemory ( array $params = [] )
- Retrieve an existing Amazon Bedrock AgentCore Memory resource.
- GetOauth2CredentialProvider ( array $params = [] )
- Retrieves information about an OAuth2 credential provider.
- GetOnlineEvaluationConfig ( array $params = [] )
- Retrieves detailed information about an online evaluation configuration, including its rules, data sources, evaluators, and execution status.
- GetPolicy ( array $params = [] )
- Retrieves detailed information about a specific policy within the AgentCore Policy system.
- GetPolicyEngine ( array $params = [] )
- Retrieves detailed information about a specific policy engine within the AgentCore Policy system.
- GetPolicyGeneration ( array $params = [] )
- Retrieves information about a policy generation request within the AgentCore Policy system.
- GetResourcePolicy ( array $params = [] )
- Retrieves the resource-based policy for a specified resource.
- GetTokenVault ( array $params = [] )
- Retrieves information about a token vault.
- GetWorkloadIdentity ( array $params = [] )
- Retrieves information about a workload identity.
- ListAgentRuntimeEndpoints ( array $params = [] )
- Lists all endpoints for a specific Amazon Secure Agent.
- ListAgentRuntimeVersions ( array $params = [] )
- Lists all versions of a specific Amazon Secure Agent.
- ListAgentRuntimes ( array $params = [] )
- Lists all Amazon Secure Agents in your account.
- ListApiKeyCredentialProviders ( array $params = [] )
- Lists all API key credential providers in your account.
- ListBrowsers ( array $params = [] )
- Lists all custom browsers in your account.
- ListCodeInterpreters ( array $params = [] )
- Lists all custom code interpreters in your account.
- ListEvaluators ( array $params = [] )
- Lists all available evaluators, including both builtin evaluators provided by the service and custom evaluators created by the user.
- ListGatewayTargets ( array $params = [] )
- Lists all targets for a specific gateway.
- ListGateways ( array $params = [] )
- Lists all gateways in the account.
- ListMemories ( array $params = [] )
- Lists the available Amazon Bedrock AgentCore Memory resources in the current Amazon Web Services Region.
- ListOauth2CredentialProviders ( array $params = [] )
- Lists all OAuth2 credential providers in your account.
- ListOnlineEvaluationConfigs ( array $params = [] )
- Lists all online evaluation configurations in the account, providing summary information about each configuration's status and settings.
- ListPolicies ( array $params = [] )
- Retrieves a list of policies within the AgentCore Policy engine.
- ListPolicyEngines ( array $params = [] )
- Retrieves a list of policy engines within the AgentCore Policy system.
- ListPolicyGenerationAssets ( array $params = [] )
- Retrieves a list of generated policy assets from a policy generation request within the AgentCore Policy system.
- ListPolicyGenerations ( array $params = [] )
- Retrieves a list of policy generation requests within the AgentCore Policy system.
- ListTagsForResource ( array $params = [] )
- Lists the tags associated with the specified resource.
- ListWorkloadIdentities ( array $params = [] )
- Lists all workload identities in your account.
- PutResourcePolicy ( array $params = [] )
- Creates or updates a resource-based policy for a resource with the specified resourceArn.
- SetTokenVaultCMK ( array $params = [] )
- Sets the customer master key (CMK) for a token vault.
- StartPolicyGeneration ( array $params = [] )
- Initiates the AI-powered generation of Cedar policies from natural language descriptions within the AgentCore Policy system.
- SynchronizeGatewayTargets ( array $params = [] )
- The gateway targets.
- TagResource ( array $params = [] )
- Associates the specified tags to a resource with the specified resourceArn.
- UntagResource ( array $params = [] )
- Removes the specified tags from the specified resource.
- UpdateAgentRuntime ( array $params = [] )
- Updates an existing Amazon Secure Agent.
- UpdateAgentRuntimeEndpoint ( array $params = [] )
- Updates an existing Amazon Bedrock AgentCore Runtime endpoint.
- UpdateApiKeyCredentialProvider ( array $params = [] )
- Updates an existing API key credential provider.
- UpdateEvaluator ( array $params = [] )
- Updates a custom evaluator's configuration, description, or evaluation level.
- UpdateGateway ( array $params = [] )
- Updates an existing gateway.
- UpdateGatewayTarget ( array $params = [] )
- Updates an existing gateway target.
- UpdateMemory ( array $params = [] )
- Update an Amazon Bedrock AgentCore Memory resource memory.
- UpdateOauth2CredentialProvider ( array $params = [] )
- Updates an existing OAuth2 credential provider.
- UpdateOnlineEvaluationConfig ( array $params = [] )
- Updates an online evaluation configuration's settings, including rules, data sources, evaluators, and execution status.
- UpdatePolicy ( array $params = [] )
- Updates an existing policy within the AgentCore Policy system.
- UpdatePolicyEngine ( array $params = [] )
- Updates an existing policy engine within the AgentCore Policy system.
- UpdateWorkloadIdentity ( array $params = [] )
- Updates an existing workload identity.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- ListAgentRuntimeEndpoints
- ListAgentRuntimeVersions
- ListAgentRuntimes
- ListApiKeyCredentialProviders
- ListBrowsers
- ListCodeInterpreters
- ListEvaluators
- ListGatewayTargets
- ListGateways
- ListMemories
- ListOauth2CredentialProviders
- ListOnlineEvaluationConfigs
- ListPolicies
- ListPolicyEngines
- ListPolicyGenerationAssets
- ListPolicyGenerations
- ListWorkloadIdentities
Waiters
Waiters allow you to poll a resource until it enters into a desired state. A waiter has a name used to describe what it does, and is associated with an API operation. When creating a waiter, you can provide the API operation parameters associated with the corresponding operation. Waiters can be accessed using the getWaiter($waiterName, $operationParameters) method of a client object. This client supports the following waiters:
| Waiter name | API Operation | Delay | Max Attempts |
|---|---|---|---|
| MemoryCreated | GetMemory | 2 | 60 |
| PolicyActive | GetPolicy | 2 | 60 |
| PolicyDeleted | GetPolicy | 2 | 60 |
| PolicyEngineActive | GetPolicyEngine | 2 | 60 |
| PolicyEngineDeleted | GetPolicyEngine | 2 | 60 |
| PolicyGenerationCompleted | GetPolicyGeneration | 2 | 60 |
Operations
CreateAgentRuntime
$result = $client->createAgentRuntime([/* ... */]); $promise = $client->createAgentRuntimeAsync([/* ... */]);
Creates an Amazon Bedrock AgentCore Runtime.
Parameter Syntax
$result = $client->createAgentRuntime([
'agentRuntimeArtifact' => [ // REQUIRED
'codeConfiguration' => [
'code' => [ // REQUIRED
's3' => [
'bucket' => '<string>', // REQUIRED
'prefix' => '<string>', // REQUIRED
'versionId' => '<string>',
],
],
'entryPoint' => ['<string>', ...], // REQUIRED
'runtime' => 'PYTHON_3_10|PYTHON_3_11|PYTHON_3_12|PYTHON_3_13', // REQUIRED
],
'containerConfiguration' => [
'containerUri' => '<string>', // REQUIRED
],
],
'agentRuntimeName' => '<string>', // REQUIRED
'authorizerConfiguration' => [
'customJWTAuthorizer' => [
'allowedAudience' => ['<string>', ...],
'allowedClients' => ['<string>', ...],
'allowedScopes' => ['<string>', ...],
'customClaims' => [
[
'authorizingClaimMatchValue' => [ // REQUIRED
'claimMatchOperator' => 'EQUALS|CONTAINS|CONTAINS_ANY', // REQUIRED
'claimMatchValue' => [ // REQUIRED
'matchValueString' => '<string>',
'matchValueStringList' => ['<string>', ...],
],
],
'inboundTokenClaimName' => '<string>', // REQUIRED
'inboundTokenClaimValueType' => 'STRING|STRING_ARRAY', // REQUIRED
],
// ...
],
'discoveryUrl' => '<string>', // REQUIRED
],
],
'clientToken' => '<string>',
'description' => '<string>',
'environmentVariables' => ['<string>', ...],
'lifecycleConfiguration' => [
'idleRuntimeSessionTimeout' => <integer>,
'maxLifetime' => <integer>,
],
'networkConfiguration' => [ // REQUIRED
'networkMode' => 'PUBLIC|VPC', // REQUIRED
'networkModeConfig' => [
'securityGroups' => ['<string>', ...], // REQUIRED
'subnets' => ['<string>', ...], // REQUIRED
],
],
'protocolConfiguration' => [
'serverProtocol' => 'MCP|HTTP|A2A', // REQUIRED
],
'requestHeaderConfiguration' => [
'requestHeaderAllowlist' => ['<string>', ...],
],
'roleArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- agentRuntimeArtifact
-
- Required: Yes
- Type: AgentRuntimeArtifact structure
The artifact of the AgentCore Runtime.
- agentRuntimeName
-
- Required: Yes
- Type: string
The name of the AgentCore Runtime.
- authorizerConfiguration
-
- Type: AuthorizerConfiguration structure
The authorizer configuration for the AgentCore Runtime.
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure idempotency of the request.
- description
-
- Type: string
The description of the AgentCore Runtime.
- environmentVariables
-
- Type: Associative array of custom strings keys (EnvironmentVariableKey) to strings
Environment variables to set in the AgentCore Runtime environment.
- lifecycleConfiguration
-
- Type: LifecycleConfiguration structure
The life cycle configuration for the AgentCore Runtime.
- networkConfiguration
-
- Required: Yes
- Type: NetworkConfiguration structure
The network configuration for the AgentCore Runtime.
- protocolConfiguration
-
- Type: ProtocolConfiguration structure
The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.
- requestHeaderConfiguration
-
- Type: RequestHeaderConfiguration structure
Configuration for HTTP request headers that will be passed through to the runtime.
- roleArn
-
- Required: Yes
- Type: string
The IAM role ARN that provides permissions for the AgentCore Runtime.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of tag keys and values to assign to the agent runtime. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
Result Syntax
[
'agentRuntimeArn' => '<string>',
'agentRuntimeId' => '<string>',
'agentRuntimeVersion' => '<string>',
'createdAt' => <DateTime>,
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
'workloadIdentityDetails' => [
'workloadIdentityArn' => '<string>',
],
]
Result Details
Members
- agentRuntimeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AgentCore Runtime.
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime.
- agentRuntimeVersion
-
- Required: Yes
- Type: string
The version of the AgentCore Runtime.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime was created.
- status
-
- Required: Yes
- Type: string
The current status of the AgentCore Runtime.
- workloadIdentityDetails
-
- Type: WorkloadIdentityDetails structure
The workload identity details for the AgentCore Runtime.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreateAgentRuntimeEndpoint
$result = $client->createAgentRuntimeEndpoint([/* ... */]); $promise = $client->createAgentRuntimeEndpointAsync([/* ... */]);
Creates an AgentCore Runtime endpoint.
Parameter Syntax
$result = $client->createAgentRuntimeEndpoint([
'agentRuntimeId' => '<string>', // REQUIRED
'agentRuntimeVersion' => '<string>',
'clientToken' => '<string>',
'description' => '<string>',
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime to create an endpoint for.
- agentRuntimeVersion
-
- Type: string
The version of the AgentCore Runtime to use for the endpoint.
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure idempotency of the request.
- description
-
- Type: string
The description of the AgentCore Runtime endpoint.
- name
-
- Required: Yes
- Type: string
The name of the AgentCore Runtime endpoint.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of tag keys and values to assign to the agent runtime endpoint. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
Result Syntax
[
'agentRuntimeArn' => '<string>',
'agentRuntimeEndpointArn' => '<string>',
'agentRuntimeId' => '<string>',
'createdAt' => <DateTime>,
'endpointName' => '<string>',
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
'targetVersion' => '<string>',
]
Result Details
Members
- agentRuntimeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AgentCore Runtime.
- agentRuntimeEndpointArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
- agentRuntimeId
-
- Type: string
The unique identifier of the AgentCore Runtime.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime endpoint was created.
- endpointName
-
- Type: string
The name of the AgentCore Runtime endpoint.
- status
-
- Required: Yes
- Type: string
The current status of the AgentCore Runtime endpoint.
- targetVersion
-
- Required: Yes
- Type: string
The target version of the AgentCore Runtime for the endpoint.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreateApiKeyCredentialProvider
$result = $client->createApiKeyCredentialProvider([/* ... */]); $promise = $client->createApiKeyCredentialProviderAsync([/* ... */]);
Creates a new API key credential provider.
Parameter Syntax
$result = $client->createApiKeyCredentialProvider([
'apiKey' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- apiKey
-
- Required: Yes
- Type: string
The API key to use for authentication. This value is encrypted and stored securely.
- name
-
- Required: Yes
- Type: string
The name of the API key credential provider. The name must be unique within your account.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of tag keys and values to assign to the API key credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
Result Syntax
[
'apiKeySecretArn' => [
'secretArn' => '<string>',
],
'credentialProviderArn' => '<string>',
'name' => '<string>',
]
Result Details
Members
- apiKeySecretArn
-
- Required: Yes
- Type: Secret structure
The Amazon Resource Name (ARN) of the secret containing the API key.
- credentialProviderArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created API key credential provider.
- name
-
- Required: Yes
- Type: string
The name of the created API key credential provider.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ResourceLimitExceededException:
Exception thrown when a resource limit is exceeded.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- DecryptionFailure:
Exception thrown when decryption of a secret fails.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
- EncryptionFailure:
Exception thrown when encryption of a secret fails.
CreateBrowser
$result = $client->createBrowser([/* ... */]); $promise = $client->createBrowserAsync([/* ... */]);
Creates a custom browser.
Parameter Syntax
$result = $client->createBrowser([
'browserSigning' => [
'enabled' => true || false, // REQUIRED
],
'clientToken' => '<string>',
'description' => '<string>',
'executionRoleArn' => '<string>',
'name' => '<string>', // REQUIRED
'networkConfiguration' => [ // REQUIRED
'networkMode' => 'PUBLIC|VPC', // REQUIRED
'vpcConfig' => [
'securityGroups' => ['<string>', ...], // REQUIRED
'subnets' => ['<string>', ...], // REQUIRED
],
],
'recording' => [
'enabled' => true || false,
's3Location' => [
'bucket' => '<string>', // REQUIRED
'prefix' => '<string>', // REQUIRED
'versionId' => '<string>',
],
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- browserSigning
-
- Type: BrowserSigningConfigInput structure
The browser signing configuration that enables cryptographic agent identification using HTTP message signatures for web bot authentication.
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.
- description
-
- Type: string
The description of the browser.
- executionRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the browser to access Amazon Web Services services.
- name
-
- Required: Yes
- Type: string
The name of the browser. The name must be unique within your account.
- networkConfiguration
-
- Required: Yes
- Type: BrowserNetworkConfiguration structure
The network configuration for the browser. This configuration specifies the network mode for the browser.
- recording
-
- Type: RecordingConfig structure
The recording configuration for the browser. When enabled, browser sessions are recorded and stored in the specified Amazon S3 location.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of tag keys and values to assign to the browser. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
Result Syntax
[
'browserArn' => '<string>',
'browserId' => '<string>',
'createdAt' => <DateTime>,
'status' => 'CREATING|CREATE_FAILED|READY|DELETING|DELETE_FAILED|DELETED',
]
Result Details
Members
- browserArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created browser.
- browserId
-
- Required: Yes
- Type: string
The unique identifier of the created browser.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the browser was created.
- status
-
- Required: Yes
- Type: string
The current status of the browser.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreateCodeInterpreter
$result = $client->createCodeInterpreter([/* ... */]); $promise = $client->createCodeInterpreterAsync([/* ... */]);
Creates a custom code interpreter.
Parameter Syntax
$result = $client->createCodeInterpreter([
'clientToken' => '<string>',
'description' => '<string>',
'executionRoleArn' => '<string>',
'name' => '<string>', // REQUIRED
'networkConfiguration' => [ // REQUIRED
'networkMode' => 'PUBLIC|SANDBOX|VPC', // REQUIRED
'vpcConfig' => [
'securityGroups' => ['<string>', ...], // REQUIRED
'subnets' => ['<string>', ...], // REQUIRED
],
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.
- description
-
- Type: string
The description of the code interpreter.
- executionRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the code interpreter to access Amazon Web Services services.
- name
-
- Required: Yes
- Type: string
The name of the code interpreter. The name must be unique within your account.
- networkConfiguration
-
- Required: Yes
- Type: CodeInterpreterNetworkConfiguration structure
The network configuration for the code interpreter. This configuration specifies the network mode for the code interpreter.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of tag keys and values to assign to the code interpreter. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
Result Syntax
[
'codeInterpreterArn' => '<string>',
'codeInterpreterId' => '<string>',
'createdAt' => <DateTime>,
'status' => 'CREATING|CREATE_FAILED|READY|DELETING|DELETE_FAILED|DELETED',
]
Result Details
Members
- codeInterpreterArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created code interpreter.
- codeInterpreterId
-
- Required: Yes
- Type: string
The unique identifier of the created code interpreter.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code interpreter was created.
- status
-
- Required: Yes
- Type: string
The current status of the code interpreter.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreateEvaluator
$result = $client->createEvaluator([/* ... */]); $promise = $client->createEvaluatorAsync([/* ... */]);
Creates a custom evaluator for agent quality assessment. Custom evaluators use LLM-as-a-Judge configurations with user-defined prompts, rating scales, and model settings to evaluate agent performance at tool call, trace, or session levels.
Parameter Syntax
$result = $client->createEvaluator([
'clientToken' => '<string>',
'description' => '<string>',
'evaluatorConfig' => [ // REQUIRED
'llmAsAJudge' => [
'instructions' => '<string>', // REQUIRED
'modelConfig' => [ // REQUIRED
'bedrockEvaluatorModelConfig' => [
'additionalModelRequestFields' => [
],
'inferenceConfig' => [
'maxTokens' => <integer>,
'stopSequences' => ['<string>', ...],
'temperature' => <float>,
'topP' => <float>,
],
'modelId' => '<string>', // REQUIRED
],
],
'ratingScale' => [ // REQUIRED
'categorical' => [
[
'definition' => '<string>', // REQUIRED
'label' => '<string>', // REQUIRED
],
// ...
],
'numerical' => [
[
'definition' => '<string>', // REQUIRED
'label' => '<string>', // REQUIRED
'value' => <float>, // REQUIRED
],
// ...
],
],
],
],
'evaluatorName' => '<string>', // REQUIRED
'level' => 'TOOL_CALL|TRACE|SESSION', // REQUIRED
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
- description
-
- Type: string
The description of the evaluator that explains its purpose and evaluation criteria.
- evaluatorConfig
-
- Required: Yes
- Type: EvaluatorConfig structure
The configuration for the evaluator, including LLM-as-a-Judge settings with instructions, rating scale, and model configuration.
- evaluatorName
-
- Required: Yes
- Type: string
The name of the evaluator. Must be unique within your account.
- level
-
- Required: Yes
- Type: string
The evaluation level that determines the scope of evaluation. Valid values are
TOOL_CALLfor individual tool invocations,TRACEfor single request-response interactions, orSESSIONfor entire conversation sessions.
Result Syntax
[
'createdAt' => <DateTime>,
'evaluatorArn' => '<string>',
'evaluatorId' => '<string>',
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the evaluator was created.
- evaluatorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created evaluator.
- evaluatorId
-
- Required: Yes
- Type: string
The unique identifier of the created evaluator.
- status
-
- Required: Yes
- Type: string
The status of the evaluator creation operation.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreateGateway
$result = $client->createGateway([/* ... */]); $promise = $client->createGatewayAsync([/* ... */]);
Creates a gateway for Amazon Bedrock Agent. A gateway serves as an integration point between your agent and external services.
If you specify CUSTOM_JWT as the authorizerType, you must provide an authorizerConfiguration.
Parameter Syntax
$result = $client->createGateway([
'authorizerConfiguration' => [
'customJWTAuthorizer' => [
'allowedAudience' => ['<string>', ...],
'allowedClients' => ['<string>', ...],
'allowedScopes' => ['<string>', ...],
'customClaims' => [
[
'authorizingClaimMatchValue' => [ // REQUIRED
'claimMatchOperator' => 'EQUALS|CONTAINS|CONTAINS_ANY', // REQUIRED
'claimMatchValue' => [ // REQUIRED
'matchValueString' => '<string>',
'matchValueStringList' => ['<string>', ...],
],
],
'inboundTokenClaimName' => '<string>', // REQUIRED
'inboundTokenClaimValueType' => 'STRING|STRING_ARRAY', // REQUIRED
],
// ...
],
'discoveryUrl' => '<string>', // REQUIRED
],
],
'authorizerType' => 'CUSTOM_JWT|AWS_IAM|NONE', // REQUIRED
'clientToken' => '<string>',
'description' => '<string>',
'exceptionLevel' => 'DEBUG',
'interceptorConfigurations' => [
[
'inputConfiguration' => [
'passRequestHeaders' => true || false, // REQUIRED
],
'interceptionPoints' => ['<string>', ...], // REQUIRED
'interceptor' => [ // REQUIRED
'lambda' => [
'arn' => '<string>', // REQUIRED
],
],
],
// ...
],
'kmsKeyArn' => '<string>',
'name' => '<string>', // REQUIRED
'policyEngineConfiguration' => [
'arn' => '<string>', // REQUIRED
'mode' => 'LOG_ONLY|ENFORCE', // REQUIRED
],
'protocolConfiguration' => [
'mcp' => [
'instructions' => '<string>',
'searchType' => 'SEMANTIC',
'supportedVersions' => ['<string>', ...],
],
],
'protocolType' => 'MCP', // REQUIRED
'roleArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- authorizerConfiguration
-
- Type: AuthorizerConfiguration structure
The authorizer configuration for the gateway. Required if
authorizerTypeisCUSTOM_JWT. - authorizerType
-
- Required: Yes
- Type: string
The type of authorizer to use for the gateway.
-
CUSTOM_JWT- Authorize with a bearer token. -
AWS_IAM- Authorize with your Amazon Web Services IAM credentials. -
NONE- No authorization
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
- description
-
- Type: string
The description of the gateway.
- exceptionLevel
-
- Type: string
The level of detail in error messages returned when invoking the gateway.
-
If the value is
DEBUG, granular exception messages are returned to help a user debug the gateway. -
If the value is omitted, a generic error message is returned to the end user.
- interceptorConfigurations
-
- Type: Array of GatewayInterceptorConfiguration structures
A list of configuration settings for a gateway interceptor. Gateway interceptors allow custom code to be invoked during gateway invocations.
- kmsKeyArn
-
- Type: string
The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
- name
-
- Required: Yes
- Type: string
The name of the gateway. The name must be unique within your account.
- policyEngineConfiguration
-
- Type: GatewayPolicyEngineConfiguration structure
The policy engine configuration for the gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
- protocolConfiguration
-
- Type: GatewayProtocolConfiguration structure
The configuration settings for the protocol specified in the
protocolTypeparameter. - protocolType
-
- Required: Yes
- Type: string
The protocol type for the gateway.
- roleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the gateway to access Amazon Web Services services.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of key-value pairs to associate with the gateway as metadata tags.
Result Syntax
[
'authorizerConfiguration' => [
'customJWTAuthorizer' => [
'allowedAudience' => ['<string>', ...],
'allowedClients' => ['<string>', ...],
'allowedScopes' => ['<string>', ...],
'customClaims' => [
[
'authorizingClaimMatchValue' => [
'claimMatchOperator' => 'EQUALS|CONTAINS|CONTAINS_ANY',
'claimMatchValue' => [
'matchValueString' => '<string>',
'matchValueStringList' => ['<string>', ...],
],
],
'inboundTokenClaimName' => '<string>',
'inboundTokenClaimValueType' => 'STRING|STRING_ARRAY',
],
// ...
],
'discoveryUrl' => '<string>',
],
],
'authorizerType' => 'CUSTOM_JWT|AWS_IAM|NONE',
'createdAt' => <DateTime>,
'description' => '<string>',
'exceptionLevel' => 'DEBUG',
'gatewayArn' => '<string>',
'gatewayId' => '<string>',
'gatewayUrl' => '<string>',
'interceptorConfigurations' => [
[
'inputConfiguration' => [
'passRequestHeaders' => true || false,
],
'interceptionPoints' => ['<string>', ...],
'interceptor' => [
'lambda' => [
'arn' => '<string>',
],
],
],
// ...
],
'kmsKeyArn' => '<string>',
'name' => '<string>',
'policyEngineConfiguration' => [
'arn' => '<string>',
'mode' => 'LOG_ONLY|ENFORCE',
],
'protocolConfiguration' => [
'mcp' => [
'instructions' => '<string>',
'searchType' => 'SEMANTIC',
'supportedVersions' => ['<string>', ...],
],
],
'protocolType' => 'MCP',
'roleArn' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
'workloadIdentityDetails' => [
'workloadIdentityArn' => '<string>',
],
]
Result Details
Members
- authorizerConfiguration
-
- Type: AuthorizerConfiguration structure
The authorizer configuration for the created gateway.
- authorizerType
-
- Required: Yes
- Type: string
The type of authorizer used by the gateway.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway was created.
- description
-
- Type: string
The description of the gateway.
- exceptionLevel
-
- Type: string
The level of detail in error messages returned when invoking the gateway.
-
If the value is
DEBUG, granular exception messages are returned to help a user debug the gateway. -
If the value is omitted, a generic error message is returned to the end user.
- gatewayArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created gateway.
- gatewayId
-
- Required: Yes
- Type: string
The unique identifier of the created gateway.
- gatewayUrl
-
- Type: string
The URL endpoint for the created gateway.
- interceptorConfigurations
-
- Type: Array of GatewayInterceptorConfiguration structures
The list of interceptor configurations for the created gateway.
- kmsKeyArn
-
- Type: string
The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
- name
-
- Required: Yes
- Type: string
The name of the gateway.
- policyEngineConfiguration
-
- Type: GatewayPolicyEngineConfiguration structure
The policy engine configuration for the created gateway.
- protocolConfiguration
-
- Type: GatewayProtocolConfiguration structure
The configuration settings for the protocol used by the gateway.
- protocolType
-
- Required: Yes
- Type: string
The protocol type of the gateway.
- roleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role associated with the gateway.
- status
-
- Required: Yes
- Type: string
The current status of the gateway.
- statusReasons
-
- Type: Array of strings
The reasons for the current status of the gateway.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway was last updated.
- workloadIdentityDetails
-
- Type: WorkloadIdentityDetails structure
The workload identity details for the created gateway.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreateGatewayTarget
$result = $client->createGatewayTarget([/* ... */]); $promise = $client->createGatewayTargetAsync([/* ... */]);
Creates a target for a gateway. A target defines an endpoint that the gateway can connect to.
Parameter Syntax
$result = $client->createGatewayTarget([
'clientToken' => '<string>',
'credentialProviderConfigurations' => [
[
'credentialProvider' => [
'apiKeyCredentialProvider' => [
'credentialLocation' => 'HEADER|QUERY_PARAMETER',
'credentialParameterName' => '<string>',
'credentialPrefix' => '<string>',
'providerArn' => '<string>', // REQUIRED
],
'oauthCredentialProvider' => [
'customParameters' => ['<string>', ...],
'defaultReturnUrl' => '<string>',
'grantType' => 'CLIENT_CREDENTIALS|AUTHORIZATION_CODE',
'providerArn' => '<string>', // REQUIRED
'scopes' => ['<string>', ...], // REQUIRED
],
],
'credentialProviderType' => 'GATEWAY_IAM_ROLE|OAUTH|API_KEY', // REQUIRED
],
// ...
],
'description' => '<string>',
'gatewayIdentifier' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
'targetConfiguration' => [ // REQUIRED
'mcp' => [
'apiGateway' => [
'apiGatewayToolConfiguration' => [ // REQUIRED
'toolFilters' => [ // REQUIRED
[
'filterPath' => '<string>', // REQUIRED
'methods' => ['<string>', ...], // REQUIRED
],
// ...
],
'toolOverrides' => [
[
'description' => '<string>',
'method' => 'GET|DELETE|HEAD|OPTIONS|PATCH|PUT|POST', // REQUIRED
'name' => '<string>', // REQUIRED
'path' => '<string>', // REQUIRED
],
// ...
],
],
'restApiId' => '<string>', // REQUIRED
'stage' => '<string>', // REQUIRED
],
'lambda' => [
'lambdaArn' => '<string>', // REQUIRED
'toolSchema' => [ // REQUIRED
'inlinePayload' => [
[
'description' => '<string>', // REQUIRED
'inputSchema' => [ // REQUIRED
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer', // REQUIRED
],
'name' => '<string>', // REQUIRED
'outputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer', // REQUIRED
],
],
// ...
],
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
'mcpServer' => [
'endpoint' => '<string>', // REQUIRED
],
'openApiSchema' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
'smithyModel' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
],
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
- credentialProviderConfigurations
-
- Type: Array of CredentialProviderConfiguration structures
The credential provider configurations for the target. These configurations specify how the gateway authenticates with the target endpoint.
- description
-
- Type: string
The description of the gateway target.
- gatewayIdentifier
-
- Required: Yes
- Type: string
The identifier of the gateway to create a target for.
- name
-
- Required: Yes
- Type: string
The name of the gateway target. The name must be unique within the gateway.
- targetConfiguration
-
- Required: Yes
- Type: TargetConfiguration structure
The configuration settings for the target, including endpoint information and schema definitions.
Result Syntax
[
'createdAt' => <DateTime>,
'credentialProviderConfigurations' => [
[
'credentialProvider' => [
'apiKeyCredentialProvider' => [
'credentialLocation' => 'HEADER|QUERY_PARAMETER',
'credentialParameterName' => '<string>',
'credentialPrefix' => '<string>',
'providerArn' => '<string>',
],
'oauthCredentialProvider' => [
'customParameters' => ['<string>', ...],
'defaultReturnUrl' => '<string>',
'grantType' => 'CLIENT_CREDENTIALS|AUTHORIZATION_CODE',
'providerArn' => '<string>',
'scopes' => ['<string>', ...],
],
],
'credentialProviderType' => 'GATEWAY_IAM_ROLE|OAUTH|API_KEY',
],
// ...
],
'description' => '<string>',
'gatewayArn' => '<string>',
'lastSynchronizedAt' => <DateTime>,
'name' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED|SYNCHRONIZING|SYNCHRONIZE_UNSUCCESSFUL',
'statusReasons' => ['<string>', ...],
'targetConfiguration' => [
'mcp' => [
'apiGateway' => [
'apiGatewayToolConfiguration' => [
'toolFilters' => [
[
'filterPath' => '<string>',
'methods' => ['<string>', ...],
],
// ...
],
'toolOverrides' => [
[
'description' => '<string>',
'method' => 'GET|DELETE|HEAD|OPTIONS|PATCH|PUT|POST',
'name' => '<string>',
'path' => '<string>',
],
// ...
],
],
'restApiId' => '<string>',
'stage' => '<string>',
],
'lambda' => [
'lambdaArn' => '<string>',
'toolSchema' => [
'inlinePayload' => [
[
'description' => '<string>',
'inputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer',
],
'name' => '<string>',
'outputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer',
],
],
// ...
],
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
'mcpServer' => [
'endpoint' => '<string>',
],
'openApiSchema' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
'smithyModel' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
],
'targetId' => '<string>',
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the target was created.
- credentialProviderConfigurations
-
- Required: Yes
- Type: Array of CredentialProviderConfiguration structures
The credential provider configurations for the target.
- description
-
- Type: string
The description of the target.
- gatewayArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the gateway.
- lastSynchronizedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last synchronization of the target.
- name
-
- Required: Yes
- Type: string
The name of the target.
- status
-
- Required: Yes
- Type: string
The current status of the target.
- statusReasons
-
- Type: Array of strings
The reasons for the current status of the target.
- targetConfiguration
-
- Required: Yes
- Type: TargetConfiguration structure
The configuration settings for the target.
- targetId
-
- Required: Yes
- Type: string
The unique identifier of the created target.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the target was last updated.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreateMemory
$result = $client->createMemory([/* ... */]); $promise = $client->createMemoryAsync([/* ... */]);
Creates a new Amazon Bedrock AgentCore Memory resource.
Parameter Syntax
$result = $client->createMemory([
'clientToken' => '<string>',
'description' => '<string>',
'encryptionKeyArn' => '<string>',
'eventExpiryDuration' => <integer>, // REQUIRED
'memoryExecutionRoleArn' => '<string>',
'memoryStrategies' => [
[
'customMemoryStrategy' => [
'configuration' => [
'episodicOverride' => [
'consolidation' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'extraction' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'reflection' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
],
'selfManagedConfiguration' => [
'historicalContextWindowSize' => <integer>,
'invocationConfiguration' => [ // REQUIRED
'payloadDeliveryBucketName' => '<string>', // REQUIRED
'topicArn' => '<string>', // REQUIRED
],
'triggerConditions' => [
[
'messageBasedTrigger' => [
'messageCount' => <integer>,
],
'timeBasedTrigger' => [
'idleSessionTimeout' => <integer>,
],
'tokenBasedTrigger' => [
'tokenCount' => <integer>,
],
],
// ...
],
],
'semanticOverride' => [
'consolidation' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'extraction' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
],
'summaryOverride' => [
'consolidation' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
],
'userPreferenceOverride' => [
'consolidation' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'extraction' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
],
],
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
'episodicMemoryStrategy' => [
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
'reflectionConfiguration' => [
'namespaces' => ['<string>', ...], // REQUIRED
],
],
'semanticMemoryStrategy' => [
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
'summaryMemoryStrategy' => [
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
'userPreferenceMemoryStrategy' => [
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
],
// ...
],
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.
- description
-
- Type: string
The description of the memory.
- encryptionKeyArn
-
- Type: string
The Amazon Resource Name (ARN) of the KMS key used to encrypt the memory data.
- eventExpiryDuration
-
- Required: Yes
- Type: int
The duration after which memory events expire. Specified as an ISO 8601 duration.
- memoryExecutionRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the memory to access Amazon Web Services services.
- memoryStrategies
-
- Type: Array of MemoryStrategyInput structures
The memory strategies to use for this memory. Strategies define how information is extracted, processed, and consolidated.
- name
-
- Required: Yes
- Type: string
The name of the memory. The name must be unique within your account.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of tag keys and values to assign to an AgentCore Memory. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
Result Syntax
[
'memory' => [
'arn' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'encryptionKeyArn' => '<string>',
'eventExpiryDuration' => <integer>,
'failureReason' => '<string>',
'id' => '<string>',
'memoryExecutionRoleArn' => '<string>',
'name' => '<string>',
'status' => 'CREATING|ACTIVE|FAILED|DELETING',
'strategies' => [
[
'configuration' => [
'consolidation' => [
'customConsolidationConfiguration' => [
'episodicConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'semanticConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'summaryConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'userPreferenceConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
],
],
'extraction' => [
'customExtractionConfiguration' => [
'episodicExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'semanticExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'userPreferenceExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
],
],
'reflection' => [
'customReflectionConfiguration' => [
'episodicReflectionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
'namespaces' => ['<string>', ...],
],
],
'episodicReflectionConfiguration' => [
'namespaces' => ['<string>', ...],
],
],
'selfManagedConfiguration' => [
'historicalContextWindowSize' => <integer>,
'invocationConfiguration' => [
'payloadDeliveryBucketName' => '<string>',
'topicArn' => '<string>',
],
'triggerConditions' => [
[
'messageBasedTrigger' => [
'messageCount' => <integer>,
],
'timeBasedTrigger' => [
'idleSessionTimeout' => <integer>,
],
'tokenBasedTrigger' => [
'tokenCount' => <integer>,
],
],
// ...
],
],
'type' => 'SEMANTIC_OVERRIDE|SUMMARY_OVERRIDE|USER_PREFERENCE_OVERRIDE|SELF_MANAGED|EPISODIC_OVERRIDE',
],
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'namespaces' => ['<string>', ...],
'status' => 'CREATING|ACTIVE|DELETING|FAILED',
'strategyId' => '<string>',
'type' => 'SEMANTIC|SUMMARIZATION|USER_PREFERENCE|CUSTOM|EPISODIC',
'updatedAt' => <DateTime>,
],
// ...
],
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- memory
-
- Type: Memory structure
The details of the created memory, including its ID, ARN, name, description, and configuration settings.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ServiceException:
An internal error occurred.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottledException:
API rate limit has been exceeded.
CreateOauth2CredentialProvider
$result = $client->createOauth2CredentialProvider([/* ... */]); $promise = $client->createOauth2CredentialProviderAsync([/* ... */]);
Creates a new OAuth2 credential provider.
Parameter Syntax
$result = $client->createOauth2CredentialProvider([
'credentialProviderVendor' => 'GoogleOauth2|GithubOauth2|SlackOauth2|SalesforceOauth2|MicrosoftOauth2|CustomOauth2|AtlassianOauth2|LinkedinOauth2|XOauth2|OktaOauth2|OneLoginOauth2|PingOneOauth2|FacebookOauth2|YandexOauth2|RedditOauth2|ZoomOauth2|TwitchOauth2|SpotifyOauth2|DropboxOauth2|NotionOauth2|HubspotOauth2|CyberArkOauth2|FusionAuthOauth2|Auth0Oauth2|CognitoOauth2', // REQUIRED
'name' => '<string>', // REQUIRED
'oauth2ProviderConfigInput' => [ // REQUIRED
'atlassianOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'customOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
'oauthDiscovery' => [ // REQUIRED
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>', // REQUIRED
'issuer' => '<string>', // REQUIRED
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>', // REQUIRED
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'githubOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'googleOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'includedOauth2ProviderConfig' => [
'authorizationEndpoint' => '<string>',
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
'issuer' => '<string>',
'tokenEndpoint' => '<string>',
],
'linkedinOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'microsoftOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
'tenantId' => '<string>',
],
'salesforceOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'slackOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- credentialProviderVendor
-
- Required: Yes
- Type: string
The vendor of the OAuth2 credential provider. This specifies which OAuth2 implementation to use.
- name
-
- Required: Yes
- Type: string
The name of the OAuth2 credential provider. The name must be unique within your account.
- oauth2ProviderConfigInput
-
- Required: Yes
- Type: Oauth2ProviderConfigInput structure
The configuration settings for the OAuth2 provider, including client ID, client secret, and other vendor-specific settings.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of tag keys and values to assign to the OAuth2 credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
Result Syntax
[
'callbackUrl' => '<string>',
'clientSecretArn' => [
'secretArn' => '<string>',
],
'credentialProviderArn' => '<string>',
'name' => '<string>',
'oauth2ProviderConfigOutput' => [
'atlassianOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'customOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'githubOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'googleOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'includedOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'linkedinOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'microsoftOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'salesforceOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'slackOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
],
]
Result Details
Members
- callbackUrl
-
- Type: string
Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
- clientSecretArn
-
- Required: Yes
- Type: Secret structure
The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
- credentialProviderArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the OAuth2 credential provider.
- name
-
- Required: Yes
- Type: string
The name of the OAuth2 credential provider.
- oauth2ProviderConfigOutput
-
- Type: Oauth2ProviderConfigOutput structure
Contains the output configuration for an OAuth2 provider.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ResourceLimitExceededException:
Exception thrown when a resource limit is exceeded.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- DecryptionFailure:
Exception thrown when decryption of a secret fails.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
- EncryptionFailure:
Exception thrown when encryption of a secret fails.
CreateOnlineEvaluationConfig
$result = $client->createOnlineEvaluationConfig([/* ... */]); $promise = $client->createOnlineEvaluationConfigAsync([/* ... */]);
Creates an online evaluation configuration for continuous monitoring of agent performance. Online evaluation automatically samples live traffic from CloudWatch logs at specified rates and applies evaluators to assess agent quality in production.
Parameter Syntax
$result = $client->createOnlineEvaluationConfig([
'clientToken' => '<string>',
'dataSourceConfig' => [ // REQUIRED
'cloudWatchLogs' => [
'logGroupNames' => ['<string>', ...], // REQUIRED
'serviceNames' => ['<string>', ...], // REQUIRED
],
],
'description' => '<string>',
'enableOnCreate' => true || false, // REQUIRED
'evaluationExecutionRoleArn' => '<string>', // REQUIRED
'evaluators' => [ // REQUIRED
[
'evaluatorId' => '<string>',
],
// ...
],
'onlineEvaluationConfigName' => '<string>', // REQUIRED
'rule' => [ // REQUIRED
'filters' => [
[
'key' => '<string>', // REQUIRED
'operator' => 'Equals|NotEquals|GreaterThan|LessThan|GreaterThanOrEqual|LessThanOrEqual|Contains|NotContains', // REQUIRED
'value' => [ // REQUIRED
'booleanValue' => true || false,
'doubleValue' => <float>,
'stringValue' => '<string>',
],
],
// ...
],
'samplingConfig' => [ // REQUIRED
'samplingPercentage' => <float>, // REQUIRED
],
'sessionConfig' => [
'sessionTimeoutMinutes' => <integer>, // REQUIRED
],
],
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
- dataSourceConfig
-
- Required: Yes
- Type: DataSourceConfig structure
The data source configuration that specifies CloudWatch log groups and service names to monitor for agent traces.
- description
-
- Type: string
The description of the online evaluation configuration that explains its monitoring purpose and scope.
- enableOnCreate
-
- Required: Yes
- Type: boolean
Whether to enable the online evaluation configuration immediately upon creation. If true, evaluation begins automatically.
- evaluationExecutionRoleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the IAM role that grants permissions to read from CloudWatch logs, write evaluation results, and invoke Amazon Bedrock models for evaluation.
- evaluators
-
- Required: Yes
- Type: Array of EvaluatorReference structures
The list of evaluators to apply during online evaluation. Can include both built-in evaluators and custom evaluators created with
CreateEvaluator. - onlineEvaluationConfigName
-
- Required: Yes
- Type: string
The name of the online evaluation configuration. Must be unique within your account.
- rule
-
- Required: Yes
- Type: Rule structure
The evaluation rule that defines sampling configuration, filters, and session detection settings for the online evaluation.
Result Syntax
[
'createdAt' => <DateTime>,
'executionStatus' => 'ENABLED|DISABLED',
'failureReason' => '<string>',
'onlineEvaluationConfigArn' => '<string>',
'onlineEvaluationConfigId' => '<string>',
'outputConfig' => [
'cloudWatchConfig' => [
'logGroupName' => '<string>',
],
],
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the online evaluation configuration was created.
- executionStatus
-
- Required: Yes
- Type: string
The execution status indicating whether the online evaluation is currently running.
- failureReason
-
- Type: string
The reason for failure if the online evaluation configuration creation or execution failed.
- onlineEvaluationConfigArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created online evaluation configuration.
- onlineEvaluationConfigId
-
- Required: Yes
- Type: string
The unique identifier of the created online evaluation configuration.
- outputConfig
-
- Type: OutputConfig structure
The configuration that specifies where evaluation results should be written for monitoring and analysis.
- status
-
- Required: Yes
- Type: string
The status of the online evaluation configuration.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreatePolicy
$result = $client->createPolicy([/* ... */]); $promise = $client->createPolicyAsync([/* ... */]);
Creates a policy within the AgentCore Policy system. Policies provide real-time, deterministic control over agentic interactions with AgentCore Gateway. Using the Cedar policy language, you can define fine-grained policies that specify which interactions with Gateway tools are permitted based on input parameters and OAuth claims, ensuring agents operate within defined boundaries and business rules. The policy is validated during creation against the Cedar schema generated from the Gateway's tools' input schemas, which defines the available tools, their parameters, and expected data types. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Parameter Syntax
$result = $client->createPolicy([
'clientToken' => '<string>',
'definition' => [ // REQUIRED
'cedar' => [
'statement' => '<string>', // REQUIRED
],
],
'description' => '<string>',
'name' => '<string>', // REQUIRED
'policyEngineId' => '<string>', // REQUIRED
'validationMode' => 'FAIL_ON_ANY_FINDINGS|IGNORE_ALL_FINDINGS',
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure the idempotency of the request. The AWS SDK automatically generates this token, so you don't need to provide it in most cases. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy.
- definition
-
- Required: Yes
- Type: PolicyDefinition structure
The Cedar policy statement that defines the access control rules. This contains the actual policy logic written in Cedar policy language, specifying effect (permit or forbid), principals, actions, resources, and conditions for agent behavior control.
- description
-
- Type: string
A human-readable description of the policy's purpose and functionality (1-4,096 characters). This helps policy administrators understand the policy's intent, business rules, and operational scope. Use this field to document why the policy exists, what business requirement it addresses, and any special considerations for maintenance. Clear descriptions are essential for policy governance, auditing, and troubleshooting.
- name
-
- Required: Yes
- Type: string
The customer-assigned immutable name for the policy. Must be unique within the account. This name is used for policy identification and cannot be changed after creation.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine which contains this policy. Policy engines group related policies and provide the execution context for policy evaluation.
- validationMode
-
- Type: string
The validation mode for the policy creation. Determines how Cedar analyzer validation results are handled during policy creation. FAIL_ON_ANY_FINDINGS (default) runs the Cedar analyzer to validate the policy against the Cedar schema and tool context, failing creation if the analyzer detects any validation issues to ensure strict conformance. IGNORE_ALL_FINDINGS runs the Cedar analyzer but allows policy creation even if validation issues are detected, useful for testing or when the policy schema is evolving. Use FAIL_ON_ANY_FINDINGS for production policies to ensure correctness, and IGNORE_ALL_FINDINGS only when you understand and accept the analyzer findings.
Result Syntax
[
'createdAt' => <DateTime>,
'definition' => [
'cedar' => [
'statement' => '<string>',
],
],
'description' => '<string>',
'name' => '<string>',
'policyArn' => '<string>',
'policyEngineId' => '<string>',
'policyId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy was created. This is automatically set by the service and used for auditing and lifecycle management.
- definition
-
- Required: Yes
- Type: PolicyDefinition structure
The Cedar policy statement that was created. This is the validated policy definition that will be used for agent behavior control and access decisions.
- description
-
- Type: string
The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.
- name
-
- Required: Yes
- Type: string
The customer-assigned name of the created policy. This matches the name provided in the request and serves as the human-readable identifier for the policy.
- policyArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine that manages this policy. This confirms the policy engine assignment and is used for policy evaluation routing.
- policyId
-
- Required: Yes
- Type: string
The unique identifier for the created policy. This is a system-generated identifier consisting of the user name plus a 10-character generated suffix, used for all subsequent policy operations.
- status
-
- Required: Yes
- Type: string
The current status of the policy. A status of
ACTIVEindicates the policy is ready for use. - statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the policy status. This provides details about any failures or the current state of the policy creation process.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy was last updated. For newly created policies, this matches the createdAt timestamp.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreatePolicyEngine
$result = $client->createPolicyEngine([/* ... */]); $promise = $client->createPolicyEngineAsync([/* ... */]);
Creates a new policy engine within the AgentCore Policy system. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with Gateways (each Gateway can be associated with at most one policy engine, but multiple Gateways can be associated with the same engine), the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Parameter Syntax
$result = $client->createPolicyEngine([
'clientToken' => '<string>',
'description' => '<string>',
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy engine.
- description
-
- Type: string
A human-readable description of the policy engine's purpose and scope (1-4,096 characters). This helps administrators understand the policy engine's role in the overall governance strategy. Document which Gateway this engine will be associated with, what types of tools or workflows it governs, and the team or service responsible for maintaining it. Clear descriptions are essential when managing multiple policy engines across different services or environments.
- name
-
- Required: Yes
- Type: string
The customer-assigned immutable name for the policy engine. This name identifies the policy engine and cannot be changed after creation.
Result Syntax
[
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'policyEngineArn' => '<string>',
'policyEngineId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy engine was created. This is automatically set by the service and used for auditing and lifecycle management.
- description
-
- Type: string
A human-readable description of the policy engine's purpose.
- name
-
- Required: Yes
- Type: string
The customer-assigned name of the created policy engine. This matches the name provided in the request and serves as the human-readable identifier.
- policyEngineArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier for the created policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and is used for all subsequent policy engine operations.
- status
-
- Required: Yes
- Type: string
The current status of the policy engine. A status of
ACTIVEindicates the policy engine is ready for use. - statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine creation process.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy engine was last updated. For newly created policy engines, this matches the
createdAttimestamp.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
CreateWorkloadIdentity
$result = $client->createWorkloadIdentity([/* ... */]); $promise = $client->createWorkloadIdentityAsync([/* ... */]);
Creates a new workload identity.
Parameter Syntax
$result = $client->createWorkloadIdentity([
'allowedResourceOauth2ReturnUrls' => ['<string>', ...],
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- allowedResourceOauth2ReturnUrls
-
- Type: Array of strings
The list of allowed OAuth2 return URLs for resources associated with this workload identity.
- name
-
- Required: Yes
- Type: string
The name of the workload identity. The name must be unique within your account.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
A map of tag keys and values to assign to the workload identity. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
Result Syntax
[
'allowedResourceOauth2ReturnUrls' => ['<string>', ...],
'name' => '<string>',
'workloadIdentityArn' => '<string>',
]
Result Details
Members
- allowedResourceOauth2ReturnUrls
-
- Type: Array of strings
The list of allowed OAuth2 return URLs for resources associated with this workload identity.
- name
-
- Required: Yes
- Type: string
The name of the workload identity.
- workloadIdentityArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the workload identity.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteAgentRuntime
$result = $client->deleteAgentRuntime([/* ... */]); $promise = $client->deleteAgentRuntimeAsync([/* ... */]);
Deletes an Amazon Bedrock AgentCore Runtime.
Parameter Syntax
$result = $client->deleteAgentRuntime([
'agentRuntimeId' => '<string>', // REQUIRED
'clientToken' => '<string>',
]);
Parameter Details
Members
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime to delete.
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service ignores the request but does not return an error.
Result Syntax
[
'agentRuntimeId' => '<string>',
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
]
Result Details
Members
- agentRuntimeId
-
- Type: string
The unique identifier of the AgentCore Runtime.
- status
-
- Required: Yes
- Type: string
The current status of the AgentCore Runtime deletion.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteAgentRuntimeEndpoint
$result = $client->deleteAgentRuntimeEndpoint([/* ... */]); $promise = $client->deleteAgentRuntimeEndpointAsync([/* ... */]);
Deletes an AAgentCore Runtime endpoint.
Parameter Syntax
$result = $client->deleteAgentRuntimeEndpoint([
'agentRuntimeId' => '<string>', // REQUIRED
'clientToken' => '<string>',
'endpointName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime associated with the endpoint.
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure idempotency of the request.
- endpointName
-
- Required: Yes
- Type: string
The name of the AgentCore Runtime endpoint to delete.
Result Syntax
[
'agentRuntimeId' => '<string>',
'endpointName' => '<string>',
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
]
Result Details
Members
- agentRuntimeId
-
- Type: string
The unique identifier of the AgentCore Runtime.
- endpointName
-
- Type: string
The name of the AgentCore Runtime endpoint.
- status
-
- Required: Yes
- Type: string
The current status of the AgentCore Runtime endpoint deletion.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteApiKeyCredentialProvider
$result = $client->deleteApiKeyCredentialProvider([/* ... */]); $promise = $client->deleteApiKeyCredentialProviderAsync([/* ... */]);
Deletes an API key credential provider.
Parameter Syntax
$result = $client->deleteApiKeyCredentialProvider([
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- name
-
- Required: Yes
- Type: string
The name of the API key credential provider to delete.
Result Syntax
[]
Result Details
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteBrowser
$result = $client->deleteBrowser([/* ... */]); $promise = $client->deleteBrowserAsync([/* ... */]);
Deletes a custom browser.
Parameter Syntax
$result = $client->deleteBrowser([
'browserId' => '<string>', // REQUIRED
'clientToken' => '<string>',
]);
Parameter Details
Members
- browserId
-
- Required: Yes
- Type: string
The unique identifier of the browser to delete.
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure idempotency of the request.
Result Syntax
[
'browserId' => '<string>',
'lastUpdatedAt' => <DateTime>,
'status' => 'CREATING|CREATE_FAILED|READY|DELETING|DELETE_FAILED|DELETED',
]
Result Details
Members
- browserId
-
- Required: Yes
- Type: string
The unique identifier of the deleted browser.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the browser was last updated.
- status
-
- Required: Yes
- Type: string
The current status of the browser deletion.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteCodeInterpreter
$result = $client->deleteCodeInterpreter([/* ... */]); $promise = $client->deleteCodeInterpreterAsync([/* ... */]);
Deletes a custom code interpreter.
Parameter Syntax
$result = $client->deleteCodeInterpreter([
'clientToken' => '<string>',
'codeInterpreterId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure idempotency of the request.
- codeInterpreterId
-
- Required: Yes
- Type: string
The unique identifier of the code interpreter to delete.
Result Syntax
[
'codeInterpreterId' => '<string>',
'lastUpdatedAt' => <DateTime>,
'status' => 'CREATING|CREATE_FAILED|READY|DELETING|DELETE_FAILED|DELETED',
]
Result Details
Members
- codeInterpreterId
-
- Required: Yes
- Type: string
The unique identifier of the deleted code interpreter.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code interpreter was last updated.
- status
-
- Required: Yes
- Type: string
The current status of the code interpreter deletion.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteEvaluator
$result = $client->deleteEvaluator([/* ... */]); $promise = $client->deleteEvaluatorAsync([/* ... */]);
Deletes a custom evaluator. Builtin evaluators cannot be deleted. The evaluator must not be referenced by any active online evaluation configurations.
Parameter Syntax
$result = $client->deleteEvaluator([
'evaluatorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- evaluatorId
-
- Required: Yes
- Type: string
The unique identifier of the evaluator to delete.
Result Syntax
[
'evaluatorArn' => '<string>',
'evaluatorId' => '<string>',
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
]
Result Details
Members
- evaluatorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the deleted evaluator.
- evaluatorId
-
- Required: Yes
- Type: string
The unique identifier of the deleted evaluator.
- status
-
- Required: Yes
- Type: string
The status of the evaluator deletion operation.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteGateway
$result = $client->deleteGateway([/* ... */]); $promise = $client->deleteGatewayAsync([/* ... */]);
Deletes a gateway.
Parameter Syntax
$result = $client->deleteGateway([
'gatewayIdentifier' => '<string>', // REQUIRED
]);
Parameter Details
Members
- gatewayIdentifier
-
- Required: Yes
- Type: string
The identifier of the gateway to delete.
Result Syntax
[
'gatewayId' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED',
'statusReasons' => ['<string>', ...],
]
Result Details
Members
- gatewayId
-
- Required: Yes
- Type: string
The unique identifier of the deleted gateway.
- status
-
- Required: Yes
- Type: string
The current status of the gateway deletion.
- statusReasons
-
- Type: Array of strings
The reasons for the current status of the gateway deletion.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteGatewayTarget
$result = $client->deleteGatewayTarget([/* ... */]); $promise = $client->deleteGatewayTargetAsync([/* ... */]);
Deletes a gateway target.
Parameter Syntax
$result = $client->deleteGatewayTarget([
'gatewayIdentifier' => '<string>', // REQUIRED
'targetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- gatewayIdentifier
-
- Required: Yes
- Type: string
The unique identifier of the gateway associated with the target.
- targetId
-
- Required: Yes
- Type: string
The unique identifier of the gateway target to delete.
Result Syntax
[
'gatewayArn' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED|SYNCHRONIZING|SYNCHRONIZE_UNSUCCESSFUL',
'statusReasons' => ['<string>', ...],
'targetId' => '<string>',
]
Result Details
Members
- gatewayArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the gateway.
- status
-
- Required: Yes
- Type: string
The current status of the gateway target deletion.
- statusReasons
-
- Type: Array of strings
The reasons for the current status of the gateway target deletion.
- targetId
-
- Required: Yes
- Type: string
The unique identifier of the deleted gateway target.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteMemory
$result = $client->deleteMemory([/* ... */]); $promise = $client->deleteMemoryAsync([/* ... */]);
Deletes an Amazon Bedrock AgentCore Memory resource.
Parameter Syntax
$result = $client->deleteMemory([
'clientToken' => '<string>',
'memoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- clientToken
-
- Type: string
A client token is used for keeping track of idempotent requests. It can contain a session id which can be around 250 chars, combined with a unique AWS identifier.
- memoryId
-
- Required: Yes
- Type: string
The unique identifier of the memory to delete.
Result Syntax
[
'memoryId' => '<string>',
'status' => 'CREATING|ACTIVE|FAILED|DELETING',
]
Result Details
Members
- memoryId
-
- Required: Yes
- Type: string
The unique identifier of the deleted AgentCore Memory resource.
- status
-
- Type: string
The current status of the AgentCore Memory resource deletion.
Errors
- ServiceException:
An internal error occurred.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottledException:
API rate limit has been exceeded.
DeleteOauth2CredentialProvider
$result = $client->deleteOauth2CredentialProvider([/* ... */]); $promise = $client->deleteOauth2CredentialProviderAsync([/* ... */]);
Deletes an OAuth2 credential provider.
Parameter Syntax
$result = $client->deleteOauth2CredentialProvider([
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- name
-
- Required: Yes
- Type: string
The name of the OAuth2 credential provider to delete.
Result Syntax
[]
Result Details
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteOnlineEvaluationConfig
$result = $client->deleteOnlineEvaluationConfig([/* ... */]); $promise = $client->deleteOnlineEvaluationConfigAsync([/* ... */]);
Deletes an online evaluation configuration and stops any ongoing evaluation processes associated with it.
Parameter Syntax
$result = $client->deleteOnlineEvaluationConfig([
'onlineEvaluationConfigId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- onlineEvaluationConfigId
-
- Required: Yes
- Type: string
The unique identifier of the online evaluation configuration to delete.
Result Syntax
[
'onlineEvaluationConfigArn' => '<string>',
'onlineEvaluationConfigId' => '<string>',
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
]
Result Details
Members
- onlineEvaluationConfigArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the deleted online evaluation configuration.
- onlineEvaluationConfigId
-
- Required: Yes
- Type: string
The unique identifier of the deleted online evaluation configuration.
- status
-
- Required: Yes
- Type: string
The status of the online evaluation configuration deletion operation.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeletePolicy
$result = $client->deletePolicy([/* ... */]); $promise = $client->deletePolicyAsync([/* ... */]);
Deletes an existing policy from the AgentCore Policy system. Once deleted, the policy can no longer be used for agent behavior control and all references to it become invalid. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Parameter Syntax
$result = $client->deletePolicy([
'policyEngineId' => '<string>', // REQUIRED
'policyId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine that manages the policy to be deleted. This ensures the policy is deleted from the correct policy engine context.
- policyId
-
- Required: Yes
- Type: string
The unique identifier of the policy to be deleted. This must be a valid policy ID that exists within the specified policy engine.
Result Syntax
[
'createdAt' => <DateTime>,
'definition' => [
'cedar' => [
'statement' => '<string>',
],
],
'description' => '<string>',
'name' => '<string>',
'policyArn' => '<string>',
'policyEngineId' => '<string>',
'policyId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the deleted policy was originally created.
- definition
-
- Required: Yes
- Type: PolicyDefinition structure
Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.
- description
-
- Type: string
The human-readable description of the deleted policy.
- name
-
- Required: Yes
- Type: string
The customer-assigned name of the deleted policy. This confirms which policy was successfully removed from the system and matches the name that was originally assigned during policy creation.
- policyArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the deleted policy. This globally unique identifier confirms which policy resource was successfully removed.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine from which the policy was deleted. This confirms the policy engine context for the deletion operation.
- policyId
-
- Required: Yes
- Type: string
The unique identifier of the policy being deleted. This confirms which policy the deletion operation targets.
- status
-
- Required: Yes
- Type: string
The status of the policy deletion operation. This provides information about any issues that occurred during the deletion process.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the deleted policy was last modified before deletion. This tracks the final state of the policy before it was removed from the system.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeletePolicyEngine
$result = $client->deletePolicyEngine([/* ... */]); $promise = $client->deletePolicyEngineAsync([/* ... */]);
Deletes an existing policy engine from the AgentCore Policy system. The policy engine must not have any associated policies before deletion. Once deleted, the policy engine and all its configurations become unavailable for policy management and evaluation. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Parameter Syntax
$result = $client->deletePolicyEngine([
'policyEngineId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier of the policy engine to be deleted. This must be a valid policy engine ID that exists within the account.
Result Syntax
[
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'policyEngineArn' => '<string>',
'policyEngineId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the deleted policy engine was originally created.
- description
-
- Type: string
The human-readable description of the deleted policy engine.
- name
-
- Required: Yes
- Type: string
The customer-assigned name of the deleted policy engine.
- policyEngineArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the deleted policy engine. This globally unique identifier confirms which policy engine resource was successfully removed.
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier of the policy engine being deleted. This confirms which policy engine the deletion operation targets.
- status
-
- Required: Yes
- Type: string
The status of the policy engine deletion operation. This provides status about any issues that occurred during the deletion process.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the deleted policy engine was last modified before deletion. This tracks the final state of the policy engine before it was removed from the system.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteResourcePolicy
$result = $client->deleteResourcePolicy([/* ... */]); $promise = $client->deleteResourcePolicyAsync([/* ... */]);
Deletes the resource-based policy for a specified resource.
This feature is currently available only for AgentCore Runtime and Gateway.
Parameter Syntax
$result = $client->deleteResourcePolicy([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource for which to delete the resource policy.
Result Syntax
[]
Result Details
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
DeleteWorkloadIdentity
$result = $client->deleteWorkloadIdentity([/* ... */]); $promise = $client->deleteWorkloadIdentityAsync([/* ... */]);
Deletes a workload identity.
Parameter Syntax
$result = $client->deleteWorkloadIdentity([
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- name
-
- Required: Yes
- Type: string
The name of the workload identity to delete.
Result Syntax
[]
Result Details
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetAgentRuntime
$result = $client->getAgentRuntime([/* ... */]); $promise = $client->getAgentRuntimeAsync([/* ... */]);
Gets an Amazon Bedrock AgentCore Runtime.
Parameter Syntax
$result = $client->getAgentRuntime([
'agentRuntimeId' => '<string>', // REQUIRED
'agentRuntimeVersion' => '<string>',
]);
Parameter Details
Members
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime to retrieve.
- agentRuntimeVersion
-
- Type: string
The version of the AgentCore Runtime to retrieve.
Result Syntax
[
'agentRuntimeArn' => '<string>',
'agentRuntimeArtifact' => [
'codeConfiguration' => [
'code' => [
's3' => [
'bucket' => '<string>',
'prefix' => '<string>',
'versionId' => '<string>',
],
],
'entryPoint' => ['<string>', ...],
'runtime' => 'PYTHON_3_10|PYTHON_3_11|PYTHON_3_12|PYTHON_3_13',
],
'containerConfiguration' => [
'containerUri' => '<string>',
],
],
'agentRuntimeId' => '<string>',
'agentRuntimeName' => '<string>',
'agentRuntimeVersion' => '<string>',
'authorizerConfiguration' => [
'customJWTAuthorizer' => [
'allowedAudience' => ['<string>', ...],
'allowedClients' => ['<string>', ...],
'allowedScopes' => ['<string>', ...],
'customClaims' => [
[
'authorizingClaimMatchValue' => [
'claimMatchOperator' => 'EQUALS|CONTAINS|CONTAINS_ANY',
'claimMatchValue' => [
'matchValueString' => '<string>',
'matchValueStringList' => ['<string>', ...],
],
],
'inboundTokenClaimName' => '<string>',
'inboundTokenClaimValueType' => 'STRING|STRING_ARRAY',
],
// ...
],
'discoveryUrl' => '<string>',
],
],
'createdAt' => <DateTime>,
'description' => '<string>',
'environmentVariables' => ['<string>', ...],
'failureReason' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lifecycleConfiguration' => [
'idleRuntimeSessionTimeout' => <integer>,
'maxLifetime' => <integer>,
],
'networkConfiguration' => [
'networkMode' => 'PUBLIC|VPC',
'networkModeConfig' => [
'securityGroups' => ['<string>', ...],
'subnets' => ['<string>', ...],
],
],
'protocolConfiguration' => [
'serverProtocol' => 'MCP|HTTP|A2A',
],
'requestHeaderConfiguration' => [
'requestHeaderAllowlist' => ['<string>', ...],
],
'roleArn' => '<string>',
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
'workloadIdentityDetails' => [
'workloadIdentityArn' => '<string>',
],
]
Result Details
Members
- agentRuntimeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AgentCore Runtime.
- agentRuntimeArtifact
-
- Type: AgentRuntimeArtifact structure
The artifact of the AgentCore Runtime.
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime.
- agentRuntimeName
-
- Required: Yes
- Type: string
The name of the AgentCore Runtime.
- agentRuntimeVersion
-
- Required: Yes
- Type: string
The version of the AgentCore Runtime.
- authorizerConfiguration
-
- Type: AuthorizerConfiguration structure
The authorizer configuration for the AgentCore Runtime.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime was created.
- description
-
- Type: string
The description of the AgentCore Runtime.
- environmentVariables
-
- Type: Associative array of custom strings keys (EnvironmentVariableKey) to strings
Environment variables set in the AgentCore Runtime environment.
- failureReason
-
- Type: string
The reason for failure if the AgentCore Runtime is in a failed state.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime was last updated.
- lifecycleConfiguration
-
- Required: Yes
- Type: LifecycleConfiguration structure
The life cycle configuration for the AgentCore Runtime.
- networkConfiguration
-
- Required: Yes
- Type: NetworkConfiguration structure
The network configuration for the AgentCore Runtime.
- protocolConfiguration
-
- Type: ProtocolConfiguration structure
The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.
- requestHeaderConfiguration
-
- Type: RequestHeaderConfiguration structure
Configuration for HTTP request headers that will be passed through to the runtime.
- roleArn
-
- Required: Yes
- Type: string
The IAM role ARN that provides permissions for the AgentCore Runtime.
- status
-
- Required: Yes
- Type: string
The current status of the AgentCore Runtime.
- workloadIdentityDetails
-
- Type: WorkloadIdentityDetails structure
The workload identity details for the AgentCore Runtime.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetAgentRuntimeEndpoint
$result = $client->getAgentRuntimeEndpoint([/* ... */]); $promise = $client->getAgentRuntimeEndpointAsync([/* ... */]);
Gets information about an Amazon Secure AgentEndpoint.
Parameter Syntax
$result = $client->getAgentRuntimeEndpoint([
'agentRuntimeId' => '<string>', // REQUIRED
'endpointName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime associated with the endpoint.
- endpointName
-
- Required: Yes
- Type: string
The name of the AgentCore Runtime endpoint to retrieve.
Result Syntax
[
'agentRuntimeArn' => '<string>',
'agentRuntimeEndpointArn' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'failureReason' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'liveVersion' => '<string>',
'name' => '<string>',
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
'targetVersion' => '<string>',
]
Result Details
Members
- agentRuntimeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AgentCore Runtime.
- agentRuntimeEndpointArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime endpoint was created.
- description
-
- Type: string
The description of the AgentCore Runtime endpoint.
- failureReason
-
- Type: string
The reason for failure if the AgentCore Runtime endpoint is in a failed state.
- id
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime endpoint.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime endpoint was last updated.
- liveVersion
-
- Type: string
The currently deployed version of the AgentCore Runtime on the endpoint.
- name
-
- Required: Yes
- Type: string
The name of the AgentCore Runtime endpoint.
- status
-
- Required: Yes
- Type: string
The current status of the AgentCore Runtime endpoint.
- targetVersion
-
- Type: string
The target version of the AgentCore Runtime for the endpoint.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetApiKeyCredentialProvider
$result = $client->getApiKeyCredentialProvider([/* ... */]); $promise = $client->getApiKeyCredentialProviderAsync([/* ... */]);
Retrieves information about an API key credential provider.
Parameter Syntax
$result = $client->getApiKeyCredentialProvider([
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- name
-
- Required: Yes
- Type: string
The name of the API key credential provider to retrieve.
Result Syntax
[
'apiKeySecretArn' => [
'secretArn' => '<string>',
],
'createdTime' => <DateTime>,
'credentialProviderArn' => '<string>',
'lastUpdatedTime' => <DateTime>,
'name' => '<string>',
]
Result Details
Members
- apiKeySecretArn
-
- Required: Yes
- Type: Secret structure
The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.
- createdTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the API key credential provider was created.
- credentialProviderArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the API key credential provider.
- lastUpdatedTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the API key credential provider was last updated.
- name
-
- Required: Yes
- Type: string
The name of the API key credential provider.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- DecryptionFailure:
Exception thrown when decryption of a secret fails.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetBrowser
$result = $client->getBrowser([/* ... */]); $promise = $client->getBrowserAsync([/* ... */]);
Gets information about a custom browser.
Parameter Syntax
$result = $client->getBrowser([
'browserId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- browserId
-
- Required: Yes
- Type: string
The unique identifier of the browser to retrieve.
Result Syntax
[
'browserArn' => '<string>',
'browserId' => '<string>',
'browserSigning' => [
'enabled' => true || false,
],
'createdAt' => <DateTime>,
'description' => '<string>',
'executionRoleArn' => '<string>',
'failureReason' => '<string>',
'lastUpdatedAt' => <DateTime>,
'name' => '<string>',
'networkConfiguration' => [
'networkMode' => 'PUBLIC|VPC',
'vpcConfig' => [
'securityGroups' => ['<string>', ...],
'subnets' => ['<string>', ...],
],
],
'recording' => [
'enabled' => true || false,
's3Location' => [
'bucket' => '<string>',
'prefix' => '<string>',
'versionId' => '<string>',
],
],
'status' => 'CREATING|CREATE_FAILED|READY|DELETING|DELETE_FAILED|DELETED',
]
Result Details
Members
- browserArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the browser.
- browserId
-
- Required: Yes
- Type: string
The unique identifier of the browser.
- browserSigning
-
- Type: BrowserSigningConfigOutput structure
The browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the browser was created.
- description
-
- Type: string
The description of the browser.
- executionRoleArn
-
- Type: string
The IAM role ARN that provides permissions for the browser.
- failureReason
-
- Type: string
The reason for failure if the browser is in a failed state.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the browser was last updated.
- name
-
- Required: Yes
- Type: string
The name of the browser.
- networkConfiguration
-
- Required: Yes
- Type: BrowserNetworkConfiguration structure
The network configuration for a browser. This structure defines how the browser connects to the network.
- recording
-
- Type: RecordingConfig structure
The recording configuration for a browser. This structure defines how browser sessions are recorded.
- status
-
- Required: Yes
- Type: string
The current status of the browser.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetCodeInterpreter
$result = $client->getCodeInterpreter([/* ... */]); $promise = $client->getCodeInterpreterAsync([/* ... */]);
Gets information about a custom code interpreter.
Parameter Syntax
$result = $client->getCodeInterpreter([
'codeInterpreterId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- codeInterpreterId
-
- Required: Yes
- Type: string
The unique identifier of the code interpreter to retrieve.
Result Syntax
[
'codeInterpreterArn' => '<string>',
'codeInterpreterId' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'executionRoleArn' => '<string>',
'failureReason' => '<string>',
'lastUpdatedAt' => <DateTime>,
'name' => '<string>',
'networkConfiguration' => [
'networkMode' => 'PUBLIC|SANDBOX|VPC',
'vpcConfig' => [
'securityGroups' => ['<string>', ...],
'subnets' => ['<string>', ...],
],
],
'status' => 'CREATING|CREATE_FAILED|READY|DELETING|DELETE_FAILED|DELETED',
]
Result Details
Members
- codeInterpreterArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the code interpreter.
- codeInterpreterId
-
- Required: Yes
- Type: string
The unique identifier of the code interpreter.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code interpreter was created.
- description
-
- Type: string
The description of the code interpreter.
- executionRoleArn
-
- Type: string
The IAM role ARN that provides permissions for the code interpreter.
- failureReason
-
- Type: string
The reason for failure if the code interpreter is in a failed state.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code interpreter was last updated.
- name
-
- Required: Yes
- Type: string
The name of the code interpreter.
- networkConfiguration
-
- Required: Yes
- Type: CodeInterpreterNetworkConfiguration structure
The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.
- status
-
- Required: Yes
- Type: string
The current status of the code interpreter.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetEvaluator
$result = $client->getEvaluator([/* ... */]); $promise = $client->getEvaluatorAsync([/* ... */]);
Retrieves detailed information about an evaluator, including its configuration, status, and metadata. Works with both built-in and custom evaluators.
Parameter Syntax
$result = $client->getEvaluator([
'evaluatorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- evaluatorId
-
- Required: Yes
- Type: string
The unique identifier of the evaluator to retrieve. Can be a built-in evaluator ID (e.g., Builtin.Helpfulness) or a custom evaluator ID.
Result Syntax
[
'createdAt' => <DateTime>,
'description' => '<string>',
'evaluatorArn' => '<string>',
'evaluatorConfig' => [
'llmAsAJudge' => [
'instructions' => '<string>',
'modelConfig' => [
'bedrockEvaluatorModelConfig' => [
'additionalModelRequestFields' => [
],
'inferenceConfig' => [
'maxTokens' => <integer>,
'stopSequences' => ['<string>', ...],
'temperature' => <float>,
'topP' => <float>,
],
'modelId' => '<string>',
],
],
'ratingScale' => [
'categorical' => [
[
'definition' => '<string>',
'label' => '<string>',
],
// ...
],
'numerical' => [
[
'definition' => '<string>',
'label' => '<string>',
'value' => <float>,
],
// ...
],
],
],
],
'evaluatorId' => '<string>',
'evaluatorName' => '<string>',
'level' => 'TOOL_CALL|TRACE|SESSION',
'lockedForModification' => true || false,
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the evaluator was created.
- description
-
- Type: string
The description of the evaluator.
- evaluatorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the evaluator.
- evaluatorConfig
-
- Required: Yes
- Type: EvaluatorConfig structure
The configuration of the evaluator, including LLM-as-a-Judge settings for custom evaluators.
- evaluatorId
-
- Required: Yes
- Type: string
The unique identifier of the evaluator.
- evaluatorName
-
- Required: Yes
- Type: string
The name of the evaluator.
- level
-
- Required: Yes
- Type: string
The evaluation level (
TOOL_CALL,TRACE, orSESSION) that determines the scope of evaluation. - lockedForModification
-
- Type: boolean
Whether the evaluator is locked for modification due to being referenced by active online evaluation configurations.
- status
-
- Required: Yes
- Type: string
The current status of the evaluator.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the evaluator was last updated.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetGateway
$result = $client->getGateway([/* ... */]); $promise = $client->getGatewayAsync([/* ... */]);
Retrieves information about a specific Gateway.
Parameter Syntax
$result = $client->getGateway([
'gatewayIdentifier' => '<string>', // REQUIRED
]);
Parameter Details
Members
- gatewayIdentifier
-
- Required: Yes
- Type: string
The identifier of the gateway to retrieve.
Result Syntax
[
'authorizerConfiguration' => [
'customJWTAuthorizer' => [
'allowedAudience' => ['<string>', ...],
'allowedClients' => ['<string>', ...],
'allowedScopes' => ['<string>', ...],
'customClaims' => [
[
'authorizingClaimMatchValue' => [
'claimMatchOperator' => 'EQUALS|CONTAINS|CONTAINS_ANY',
'claimMatchValue' => [
'matchValueString' => '<string>',
'matchValueStringList' => ['<string>', ...],
],
],
'inboundTokenClaimName' => '<string>',
'inboundTokenClaimValueType' => 'STRING|STRING_ARRAY',
],
// ...
],
'discoveryUrl' => '<string>',
],
],
'authorizerType' => 'CUSTOM_JWT|AWS_IAM|NONE',
'createdAt' => <DateTime>,
'description' => '<string>',
'exceptionLevel' => 'DEBUG',
'gatewayArn' => '<string>',
'gatewayId' => '<string>',
'gatewayUrl' => '<string>',
'interceptorConfigurations' => [
[
'inputConfiguration' => [
'passRequestHeaders' => true || false,
],
'interceptionPoints' => ['<string>', ...],
'interceptor' => [
'lambda' => [
'arn' => '<string>',
],
],
],
// ...
],
'kmsKeyArn' => '<string>',
'name' => '<string>',
'policyEngineConfiguration' => [
'arn' => '<string>',
'mode' => 'LOG_ONLY|ENFORCE',
],
'protocolConfiguration' => [
'mcp' => [
'instructions' => '<string>',
'searchType' => 'SEMANTIC',
'supportedVersions' => ['<string>', ...],
],
],
'protocolType' => 'MCP',
'roleArn' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
'workloadIdentityDetails' => [
'workloadIdentityArn' => '<string>',
],
]
Result Details
Members
- authorizerConfiguration
-
- Type: AuthorizerConfiguration structure
The authorizer configuration for the gateway.
- authorizerType
-
- Required: Yes
- Type: string
Authorizer type for the gateway.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway was created.
- description
-
- Type: string
The description of the gateway.
- exceptionLevel
-
- Type: string
The level of detail in error messages returned when invoking the gateway.
-
If the value is
DEBUG, granular exception messages are returned to help a user debug the gateway. -
If the value is omitted, a generic error message is returned to the end user.
- gatewayArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the gateway.
- gatewayId
-
- Required: Yes
- Type: string
The unique identifier of the gateway.
- gatewayUrl
-
- Type: string
An endpoint for invoking gateway.
- interceptorConfigurations
-
- Type: Array of GatewayInterceptorConfiguration structures
The interceptors configured on the gateway.
- kmsKeyArn
-
- Type: string
The Amazon Resource Name (ARN) of the KMS key used to encrypt the gateway.
- name
-
- Required: Yes
- Type: string
The name of the gateway.
- policyEngineConfiguration
-
- Type: GatewayPolicyEngineConfiguration structure
The policy engine configuration for the gateway.
- protocolConfiguration
-
- Type: GatewayProtocolConfiguration structure
The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.
- protocolType
-
- Required: Yes
- Type: string
Protocol applied to a gateway.
- roleArn
-
- Type: string
The IAM role ARN that provides permissions for the gateway.
- status
-
- Required: Yes
- Type: string
The current status of the gateway.
- statusReasons
-
- Type: Array of strings
The reasons for the current status of the gateway.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway was last updated.
- workloadIdentityDetails
-
- Type: WorkloadIdentityDetails structure
The workload identity details for the gateway.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetGatewayTarget
$result = $client->getGatewayTarget([/* ... */]); $promise = $client->getGatewayTargetAsync([/* ... */]);
Retrieves information about a specific gateway target.
Parameter Syntax
$result = $client->getGatewayTarget([
'gatewayIdentifier' => '<string>', // REQUIRED
'targetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- gatewayIdentifier
-
- Required: Yes
- Type: string
The identifier of the gateway that contains the target.
- targetId
-
- Required: Yes
- Type: string
The unique identifier of the target to retrieve.
Result Syntax
[
'createdAt' => <DateTime>,
'credentialProviderConfigurations' => [
[
'credentialProvider' => [
'apiKeyCredentialProvider' => [
'credentialLocation' => 'HEADER|QUERY_PARAMETER',
'credentialParameterName' => '<string>',
'credentialPrefix' => '<string>',
'providerArn' => '<string>',
],
'oauthCredentialProvider' => [
'customParameters' => ['<string>', ...],
'defaultReturnUrl' => '<string>',
'grantType' => 'CLIENT_CREDENTIALS|AUTHORIZATION_CODE',
'providerArn' => '<string>',
'scopes' => ['<string>', ...],
],
],
'credentialProviderType' => 'GATEWAY_IAM_ROLE|OAUTH|API_KEY',
],
// ...
],
'description' => '<string>',
'gatewayArn' => '<string>',
'lastSynchronizedAt' => <DateTime>,
'name' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED|SYNCHRONIZING|SYNCHRONIZE_UNSUCCESSFUL',
'statusReasons' => ['<string>', ...],
'targetConfiguration' => [
'mcp' => [
'apiGateway' => [
'apiGatewayToolConfiguration' => [
'toolFilters' => [
[
'filterPath' => '<string>',
'methods' => ['<string>', ...],
],
// ...
],
'toolOverrides' => [
[
'description' => '<string>',
'method' => 'GET|DELETE|HEAD|OPTIONS|PATCH|PUT|POST',
'name' => '<string>',
'path' => '<string>',
],
// ...
],
],
'restApiId' => '<string>',
'stage' => '<string>',
],
'lambda' => [
'lambdaArn' => '<string>',
'toolSchema' => [
'inlinePayload' => [
[
'description' => '<string>',
'inputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer',
],
'name' => '<string>',
'outputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer',
],
],
// ...
],
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
'mcpServer' => [
'endpoint' => '<string>',
],
'openApiSchema' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
'smithyModel' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
],
'targetId' => '<string>',
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway target was created.
- credentialProviderConfigurations
-
- Required: Yes
- Type: Array of CredentialProviderConfiguration structures
The credential provider configurations for the gateway target.
- description
-
- Type: string
The description of the gateway target.
- gatewayArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the gateway.
- lastSynchronizedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last synchronization of the target.
- name
-
- Required: Yes
- Type: string
The name of the gateway target.
- status
-
- Required: Yes
- Type: string
The current status of the gateway target.
- statusReasons
-
- Type: Array of strings
The reasons for the current status of the gateway target.
- targetConfiguration
-
- Required: Yes
- Type: TargetConfiguration structure
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
- targetId
-
- Required: Yes
- Type: string
The unique identifier of the gateway target.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway target was last updated.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetMemory
$result = $client->getMemory([/* ... */]); $promise = $client->getMemoryAsync([/* ... */]);
Retrieve an existing Amazon Bedrock AgentCore Memory resource.
Parameter Syntax
$result = $client->getMemory([
'memoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- memoryId
-
- Required: Yes
- Type: string
The unique identifier of the memory to retrieve.
Result Syntax
[
'memory' => [
'arn' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'encryptionKeyArn' => '<string>',
'eventExpiryDuration' => <integer>,
'failureReason' => '<string>',
'id' => '<string>',
'memoryExecutionRoleArn' => '<string>',
'name' => '<string>',
'status' => 'CREATING|ACTIVE|FAILED|DELETING',
'strategies' => [
[
'configuration' => [
'consolidation' => [
'customConsolidationConfiguration' => [
'episodicConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'semanticConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'summaryConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'userPreferenceConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
],
],
'extraction' => [
'customExtractionConfiguration' => [
'episodicExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'semanticExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'userPreferenceExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
],
],
'reflection' => [
'customReflectionConfiguration' => [
'episodicReflectionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
'namespaces' => ['<string>', ...],
],
],
'episodicReflectionConfiguration' => [
'namespaces' => ['<string>', ...],
],
],
'selfManagedConfiguration' => [
'historicalContextWindowSize' => <integer>,
'invocationConfiguration' => [
'payloadDeliveryBucketName' => '<string>',
'topicArn' => '<string>',
],
'triggerConditions' => [
[
'messageBasedTrigger' => [
'messageCount' => <integer>,
],
'timeBasedTrigger' => [
'idleSessionTimeout' => <integer>,
],
'tokenBasedTrigger' => [
'tokenCount' => <integer>,
],
],
// ...
],
],
'type' => 'SEMANTIC_OVERRIDE|SUMMARY_OVERRIDE|USER_PREFERENCE_OVERRIDE|SELF_MANAGED|EPISODIC_OVERRIDE',
],
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'namespaces' => ['<string>', ...],
'status' => 'CREATING|ACTIVE|DELETING|FAILED',
'strategyId' => '<string>',
'type' => 'SEMANTIC|SUMMARIZATION|USER_PREFERENCE|CUSTOM|EPISODIC',
'updatedAt' => <DateTime>,
],
// ...
],
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- memory
-
- Required: Yes
- Type: Memory structure
The retrieved AgentCore Memory resource details.
Errors
- ServiceException:
An internal error occurred.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottledException:
API rate limit has been exceeded.
GetOauth2CredentialProvider
$result = $client->getOauth2CredentialProvider([/* ... */]); $promise = $client->getOauth2CredentialProviderAsync([/* ... */]);
Retrieves information about an OAuth2 credential provider.
Parameter Syntax
$result = $client->getOauth2CredentialProvider([
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- name
-
- Required: Yes
- Type: string
The name of the OAuth2 credential provider to retrieve.
Result Syntax
[
'callbackUrl' => '<string>',
'clientSecretArn' => [
'secretArn' => '<string>',
],
'createdTime' => <DateTime>,
'credentialProviderArn' => '<string>',
'credentialProviderVendor' => 'GoogleOauth2|GithubOauth2|SlackOauth2|SalesforceOauth2|MicrosoftOauth2|CustomOauth2|AtlassianOauth2|LinkedinOauth2|XOauth2|OktaOauth2|OneLoginOauth2|PingOneOauth2|FacebookOauth2|YandexOauth2|RedditOauth2|ZoomOauth2|TwitchOauth2|SpotifyOauth2|DropboxOauth2|NotionOauth2|HubspotOauth2|CyberArkOauth2|FusionAuthOauth2|Auth0Oauth2|CognitoOauth2',
'lastUpdatedTime' => <DateTime>,
'name' => '<string>',
'oauth2ProviderConfigOutput' => [
'atlassianOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'customOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'githubOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'googleOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'includedOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'linkedinOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'microsoftOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'salesforceOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'slackOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
],
]
Result Details
Members
- callbackUrl
-
- Type: string
Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
- clientSecretArn
-
- Required: Yes
- Type: Secret structure
The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
- createdTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the OAuth2 credential provider was created.
- credentialProviderArn
-
- Required: Yes
- Type: string
ARN of the credential provider requested.
- credentialProviderVendor
-
- Required: Yes
- Type: string
The vendor of the OAuth2 credential provider.
- lastUpdatedTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the OAuth2 credential provider was last updated.
- name
-
- Required: Yes
- Type: string
The name of the OAuth2 credential provider.
- oauth2ProviderConfigOutput
-
- Required: Yes
- Type: Oauth2ProviderConfigOutput structure
The configuration output for the OAuth2 provider.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- DecryptionFailure:
Exception thrown when decryption of a secret fails.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetOnlineEvaluationConfig
$result = $client->getOnlineEvaluationConfig([/* ... */]); $promise = $client->getOnlineEvaluationConfigAsync([/* ... */]);
Retrieves detailed information about an online evaluation configuration, including its rules, data sources, evaluators, and execution status.
Parameter Syntax
$result = $client->getOnlineEvaluationConfig([
'onlineEvaluationConfigId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- onlineEvaluationConfigId
-
- Required: Yes
- Type: string
The unique identifier of the online evaluation configuration to retrieve.
Result Syntax
[
'createdAt' => <DateTime>,
'dataSourceConfig' => [
'cloudWatchLogs' => [
'logGroupNames' => ['<string>', ...],
'serviceNames' => ['<string>', ...],
],
],
'description' => '<string>',
'evaluationExecutionRoleArn' => '<string>',
'evaluators' => [
[
'evaluatorId' => '<string>',
],
// ...
],
'executionStatus' => 'ENABLED|DISABLED',
'failureReason' => '<string>',
'onlineEvaluationConfigArn' => '<string>',
'onlineEvaluationConfigId' => '<string>',
'onlineEvaluationConfigName' => '<string>',
'outputConfig' => [
'cloudWatchConfig' => [
'logGroupName' => '<string>',
],
],
'rule' => [
'filters' => [
[
'key' => '<string>',
'operator' => 'Equals|NotEquals|GreaterThan|LessThan|GreaterThanOrEqual|LessThanOrEqual|Contains|NotContains',
'value' => [
'booleanValue' => true || false,
'doubleValue' => <float>,
'stringValue' => '<string>',
],
],
// ...
],
'samplingConfig' => [
'samplingPercentage' => <float>,
],
'sessionConfig' => [
'sessionTimeoutMinutes' => <integer>,
],
],
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the online evaluation configuration was created.
- dataSourceConfig
-
- Required: Yes
- Type: DataSourceConfig structure
The data source configuration specifying CloudWatch log groups and service names to monitor.
- description
-
- Type: string
The description of the online evaluation configuration.
- evaluationExecutionRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role used for evaluation execution.
- evaluators
-
- Required: Yes
- Type: Array of EvaluatorReference structures
The list of evaluators applied during online evaluation.
- executionStatus
-
- Required: Yes
- Type: string
The execution status indicating whether the online evaluation is currently running.
- failureReason
-
- Type: string
The reason for failure if the online evaluation configuration execution failed.
- onlineEvaluationConfigArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the online evaluation configuration.
- onlineEvaluationConfigId
-
- Required: Yes
- Type: string
The unique identifier of the online evaluation configuration.
- onlineEvaluationConfigName
-
- Required: Yes
- Type: string
The name of the online evaluation configuration.
- outputConfig
-
- Type: OutputConfig structure
The output configuration specifying where evaluation results are written.
- rule
-
- Required: Yes
- Type: Rule structure
The evaluation rule containing sampling configuration, filters, and session settings.
- status
-
- Required: Yes
- Type: string
The status of the online evaluation configuration.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the online evaluation configuration was last updated.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetPolicy
$result = $client->getPolicy([/* ... */]); $promise = $client->getPolicyAsync([/* ... */]);
Retrieves detailed information about a specific policy within the AgentCore Policy system. This operation returns the complete policy definition, metadata, and current status, allowing administrators to review and manage policy configurations.
Parameter Syntax
$result = $client->getPolicy([
'policyEngineId' => '<string>', // REQUIRED
'policyId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine that manages the policy to be retrieved.
- policyId
-
- Required: Yes
- Type: string
The unique identifier of the policy to be retrieved. This must be a valid policy ID that exists within the specified policy engine.
Result Syntax
[
'createdAt' => <DateTime>,
'definition' => [
'cedar' => [
'statement' => '<string>',
],
],
'description' => '<string>',
'name' => '<string>',
'policyArn' => '<string>',
'policyEngineId' => '<string>',
'policyId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy was originally created.
- definition
-
- Required: Yes
- Type: PolicyDefinition structure
The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.
- description
-
- Type: string
The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.
- name
-
- Required: Yes
- Type: string
The customer-assigned name of the policy. This is the human-readable identifier that was specified when the policy was created.
- policyArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine that manages this policy. This confirms the policy engine context for the retrieved policy.
- policyId
-
- Required: Yes
- Type: string
The unique identifier of the retrieved policy. This matches the policy ID provided in the request and serves as the system identifier for the policy.
- status
-
- Required: Yes
- Type: string
The current status of the policy.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the policy status. This provides details about any failures or the current state of the policy.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetPolicyEngine
$result = $client->getPolicyEngine([/* ... */]); $promise = $client->getPolicyEngineAsync([/* ... */]);
Retrieves detailed information about a specific policy engine within the AgentCore Policy system. This operation returns the complete policy engine configuration, metadata, and current status, allowing administrators to review and manage policy engine settings.
Parameter Syntax
$result = $client->getPolicyEngine([
'policyEngineId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier of the policy engine to be retrieved. This must be a valid policy engine ID that exists within the account.
Result Syntax
[
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'policyEngineArn' => '<string>',
'policyEngineId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy engine was originally created.
- description
-
- Type: string
The human-readable description of the policy engine's purpose and scope. This helps administrators understand the policy engine's role in governance.
- name
-
- Required: Yes
- Type: string
The customer-assigned name of the policy engine. This is the human-readable identifier that was specified when the policy engine was created.
- policyEngineArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier of the retrieved policy engine. This matches the policy engine ID provided in the request and serves as the system identifier.
- status
-
- Required: Yes
- Type: string
The current status of the policy engine.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetPolicyGeneration
$result = $client->getPolicyGeneration([/* ... */]); $promise = $client->getPolicyGenerationAsync([/* ... */]);
Retrieves information about a policy generation request within the AgentCore Policy system. Policy generation converts natural language descriptions into Cedar policy statements using AI-powered translation, enabling non-technical users to create policies.
Parameter Syntax
$result = $client->getPolicyGeneration([
'policyEngineId' => '<string>', // REQUIRED
'policyGenerationId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine associated with the policy generation request. This provides the context for the generation operation and schema validation.
- policyGenerationId
-
- Required: Yes
- Type: string
The unique identifier of the policy generation request to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call.
Result Syntax
[
'createdAt' => <DateTime>,
'findings' => '<string>',
'name' => '<string>',
'policyEngineId' => '<string>',
'policyGenerationArn' => '<string>',
'policyGenerationId' => '<string>',
'resource' => [
'arn' => '<string>',
],
'status' => 'GENERATING|GENERATED|GENERATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy generation request was created. This is used for tracking and auditing generation operations and their lifecycle.
- findings
-
- Type: string
The findings and results from the policy generation process. This includes any issues, recommendations, validation results, or insights from the generated policies.
- name
-
- Required: Yes
- Type: string
The customer-assigned name for the policy generation request. This helps identify and track generation operations across multiple requests.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine associated with this policy generation. This confirms the policy engine context for the generation operation.
- policyGenerationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the policy generation. This globally unique identifier can be used for tracking, auditing, and cross-service references.
- policyGenerationId
-
- Required: Yes
- Type: string
The unique identifier of the policy generation request. This matches the generation ID provided in the request and serves as the tracking identifier.
- resource
-
- Required: Yes
- Type: Resource structure
The resource information associated with the policy generation. This provides context about the target resources for which the policies are being generated.
- status
-
- Required: Yes
- Type: string
The current status of the policy generation. This indicates whether the generation is in progress, completed successfully, or failed during processing.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the generation status. This provides details about any failures, warnings, or the current state of the generation process.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy generation was last updated. This tracks the progress of the generation process and any status changes.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetResourcePolicy
$result = $client->getResourcePolicy([/* ... */]); $promise = $client->getResourcePolicyAsync([/* ... */]);
Retrieves the resource-based policy for a specified resource.
This feature is currently available only for AgentCore Runtime and Gateway.
Parameter Syntax
$result = $client->getResourcePolicy([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource for which to retrieve the resource policy.
Result Syntax
[
'policy' => '<string>',
]
Result Details
Members
- policy
-
- Type: string
The resource policy associated with the specified resource.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetTokenVault
$result = $client->getTokenVault([/* ... */]); $promise = $client->getTokenVaultAsync([/* ... */]);
Retrieves information about a token vault.
Parameter Syntax
$result = $client->getTokenVault([
'tokenVaultId' => '<string>',
]);
Parameter Details
Members
- tokenVaultId
-
- Type: string
The unique identifier of the token vault to retrieve.
Result Syntax
[
'kmsConfiguration' => [
'keyType' => 'CustomerManagedKey|ServiceManagedKey',
'kmsKeyArn' => '<string>',
],
'lastModifiedDate' => <DateTime>,
'tokenVaultId' => '<string>',
]
Result Details
Members
- kmsConfiguration
-
- Required: Yes
- Type: KmsConfiguration structure
The KMS configuration for the token vault.
- lastModifiedDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the token vault was last modified.
- tokenVaultId
-
- Required: Yes
- Type: string
The ID of the token vault.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
GetWorkloadIdentity
$result = $client->getWorkloadIdentity([/* ... */]); $promise = $client->getWorkloadIdentityAsync([/* ... */]);
Retrieves information about a workload identity.
Parameter Syntax
$result = $client->getWorkloadIdentity([
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- name
-
- Required: Yes
- Type: string
The name of the workload identity to retrieve.
Result Syntax
[
'allowedResourceOauth2ReturnUrls' => ['<string>', ...],
'createdTime' => <DateTime>,
'lastUpdatedTime' => <DateTime>,
'name' => '<string>',
'workloadIdentityArn' => '<string>',
]
Result Details
Members
- allowedResourceOauth2ReturnUrls
-
- Type: Array of strings
The list of allowed OAuth2 return URLs for resources associated with this workload identity.
- createdTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the workload identity was created.
- lastUpdatedTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the workload identity was last updated.
- name
-
- Required: Yes
- Type: string
The name of the workload identity.
- workloadIdentityArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the workload identity.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListAgentRuntimeEndpoints
$result = $client->listAgentRuntimeEndpoints([/* ... */]); $promise = $client->listAgentRuntimeEndpointsAsync([/* ... */]);
Lists all endpoints for a specific Amazon Secure Agent.
Parameter Syntax
$result = $client->listAgentRuntimeEndpoints([
'agentRuntimeId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime to list endpoints for.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
Result Syntax
[
'nextToken' => '<string>',
'runtimeEndpoints' => [
[
'agentRuntimeArn' => '<string>',
'agentRuntimeEndpointArn' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'liveVersion' => '<string>',
'name' => '<string>',
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
'targetVersion' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token to retrieve the next page of results.
- runtimeEndpoints
-
- Required: Yes
- Type: Array of AgentRuntimeEndpoint structures
The list of AgentCore Runtime endpoints.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListAgentRuntimeVersions
$result = $client->listAgentRuntimeVersions([/* ... */]); $promise = $client->listAgentRuntimeVersionsAsync([/* ... */]);
Lists all versions of a specific Amazon Secure Agent.
Parameter Syntax
$result = $client->listAgentRuntimeVersions([
'agentRuntimeId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime to list versions for.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
Result Syntax
[
'agentRuntimes' => [
[
'agentRuntimeArn' => '<string>',
'agentRuntimeId' => '<string>',
'agentRuntimeName' => '<string>',
'agentRuntimeVersion' => '<string>',
'description' => '<string>',
'lastUpdatedAt' => <DateTime>,
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- agentRuntimes
-
- Required: Yes
- Type: Array of AgentRuntime structures
The list of AgentCore Runtime versions.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListAgentRuntimes
$result = $client->listAgentRuntimes([/* ... */]); $promise = $client->listAgentRuntimesAsync([/* ... */]);
Lists all Amazon Secure Agents in your account.
Parameter Syntax
$result = $client->listAgentRuntimes([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
Result Syntax
[
'agentRuntimes' => [
[
'agentRuntimeArn' => '<string>',
'agentRuntimeId' => '<string>',
'agentRuntimeName' => '<string>',
'agentRuntimeVersion' => '<string>',
'description' => '<string>',
'lastUpdatedAt' => <DateTime>,
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- agentRuntimes
-
- Required: Yes
- Type: Array of AgentRuntime structures
The list of AgentCore Runtime resources.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListApiKeyCredentialProviders
$result = $client->listApiKeyCredentialProviders([/* ... */]); $promise = $client->listApiKeyCredentialProvidersAsync([/* ... */]);
Lists all API key credential providers in your account.
Parameter Syntax
$result = $client->listApiKeyCredentialProviders([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Maximum number of results to return.
- nextToken
-
- Type: string
Pagination token.
Result Syntax
[
'credentialProviders' => [
[
'createdTime' => <DateTime>,
'credentialProviderArn' => '<string>',
'lastUpdatedTime' => <DateTime>,
'name' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- credentialProviders
-
- Required: Yes
- Type: Array of ApiKeyCredentialProviderItem structures
The list of API key credential providers.
- nextToken
-
- Type: string
Pagination token for the next page of results.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListBrowsers
$result = $client->listBrowsers([/* ... */]); $promise = $client->listBrowsersAsync([/* ... */]);
Lists all custom browsers in your account.
Parameter Syntax
$result = $client->listBrowsers([
'maxResults' => <integer>,
'nextToken' => '<string>',
'type' => 'SYSTEM|CUSTOM',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in a single call. The default value is 10. The maximum value is 50.
- nextToken
-
- Type: string
The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
- type
-
- Type: string
The type of browsers to list. If not specified, all browser types are returned.
Result Syntax
[
'browserSummaries' => [
[
'browserArn' => '<string>',
'browserId' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'lastUpdatedAt' => <DateTime>,
'name' => '<string>',
'status' => 'CREATING|CREATE_FAILED|READY|DELETING|DELETE_FAILED|DELETED',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- browserSummaries
-
- Required: Yes
- Type: Array of BrowserSummary structures
The list of browser summaries.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListCodeInterpreters
$result = $client->listCodeInterpreters([/* ... */]); $promise = $client->listCodeInterpretersAsync([/* ... */]);
Lists all custom code interpreters in your account.
Parameter Syntax
$result = $client->listCodeInterpreters([
'maxResults' => <integer>,
'nextToken' => '<string>',
'type' => 'SYSTEM|CUSTOM',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
- type
-
- Type: string
The type of code interpreters to list.
Result Syntax
[
'codeInterpreterSummaries' => [
[
'codeInterpreterArn' => '<string>',
'codeInterpreterId' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'lastUpdatedAt' => <DateTime>,
'name' => '<string>',
'status' => 'CREATING|CREATE_FAILED|READY|DELETING|DELETE_FAILED|DELETED',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- codeInterpreterSummaries
-
- Required: Yes
- Type: Array of CodeInterpreterSummary structures
The list of code interpreter summaries.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListEvaluators
$result = $client->listEvaluators([/* ... */]); $promise = $client->listEvaluatorsAsync([/* ... */]);
Lists all available evaluators, including both builtin evaluators provided by the service and custom evaluators created by the user.
Parameter Syntax
$result = $client->listEvaluators([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of evaluators to return in a single response.
- nextToken
-
- Type: string
The pagination token from a previous request to retrieve the next page of results.
Result Syntax
[
'evaluators' => [
[
'createdAt' => <DateTime>,
'description' => '<string>',
'evaluatorArn' => '<string>',
'evaluatorId' => '<string>',
'evaluatorName' => '<string>',
'evaluatorType' => 'Builtin|Custom',
'level' => 'TOOL_CALL|TRACE|SESSION',
'lockedForModification' => true || false,
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- evaluators
-
- Required: Yes
- Type: Array of EvaluatorSummary structures
The list of evaluator summaries containing basic information about each evaluator.
- nextToken
-
- Type: string
The pagination token to use in a subsequent request to retrieve the next page of results.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListGatewayTargets
$result = $client->listGatewayTargets([/* ... */]); $promise = $client->listGatewayTargetsAsync([/* ... */]);
Lists all targets for a specific gateway.
Parameter Syntax
$result = $client->listGatewayTargets([
'gatewayIdentifier' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- gatewayIdentifier
-
- Required: Yes
- Type: string
The identifier of the gateway to list targets for.
- maxResults
-
- Type: int
The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the
nextTokenfield when making another request to return the next batch of results. - nextToken
-
- Type: string
If the total number of results is greater than the
maxResultsvalue provided in the request, enter the token returned in thenextTokenfield in the response in this field to return the next batch of results.
Result Syntax
[
'items' => [
[
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED|SYNCHRONIZING|SYNCHRONIZE_UNSUCCESSFUL',
'targetId' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- items
-
- Required: Yes
- Type: Array of TargetSummary structures
The list of gateway target summaries.
- nextToken
-
- Type: string
If the total number of results is greater than the
maxResultsvalue provided in the request, use this token when making another request in thenextTokenfield to return the next batch of results.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListGateways
$result = $client->listGateways([/* ... */]); $promise = $client->listGatewaysAsync([/* ... */]);
Lists all gateways in the account.
Parameter Syntax
$result = $client->listGateways([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the
nextTokenfield when making another request to return the next batch of results. - nextToken
-
- Type: string
If the total number of results is greater than the
maxResultsvalue provided in the request, enter the token returned in thenextTokenfield in the response in this field to return the next batch of results.
Result Syntax
[
'items' => [
[
'authorizerType' => 'CUSTOM_JWT|AWS_IAM|NONE',
'createdAt' => <DateTime>,
'description' => '<string>',
'gatewayId' => '<string>',
'name' => '<string>',
'protocolType' => 'MCP',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- items
-
- Required: Yes
- Type: Array of GatewaySummary structures
The list of gateway summaries.
- nextToken
-
- Type: string
If the total number of results is greater than the
maxResultsvalue provided in the request, use this token when making another request in thenextTokenfield to return the next batch of results.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListMemories
$result = $client->listMemories([/* ... */]); $promise = $client->listMemoriesAsync([/* ... */]);
Lists the available Amazon Bedrock AgentCore Memory resources in the current Amazon Web Services Region.
Parameter Syntax
$result = $client->listMemories([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in a single call. The default value is 10. The maximum value is 50.
- nextToken
-
- Type: string
The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
Result Syntax
[
'memories' => [
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'id' => '<string>',
'status' => 'CREATING|ACTIVE|FAILED|DELETING',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- memories
-
- Required: Yes
- Type: Array of MemorySummary structures
The list of AgentCore Memory resource summaries.
- nextToken
-
- Type: string
A token to retrieve the next page of results.
Errors
- ServiceException:
An internal error occurred.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottledException:
API rate limit has been exceeded.
ListOauth2CredentialProviders
$result = $client->listOauth2CredentialProviders([/* ... */]); $promise = $client->listOauth2CredentialProvidersAsync([/* ... */]);
Lists all OAuth2 credential providers in your account.
Parameter Syntax
$result = $client->listOauth2CredentialProviders([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Maximum number of results to return.
- nextToken
-
- Type: string
Pagination token.
Result Syntax
[
'credentialProviders' => [
[
'createdTime' => <DateTime>,
'credentialProviderArn' => '<string>',
'credentialProviderVendor' => 'GoogleOauth2|GithubOauth2|SlackOauth2|SalesforceOauth2|MicrosoftOauth2|CustomOauth2|AtlassianOauth2|LinkedinOauth2|XOauth2|OktaOauth2|OneLoginOauth2|PingOneOauth2|FacebookOauth2|YandexOauth2|RedditOauth2|ZoomOauth2|TwitchOauth2|SpotifyOauth2|DropboxOauth2|NotionOauth2|HubspotOauth2|CyberArkOauth2|FusionAuthOauth2|Auth0Oauth2|CognitoOauth2',
'lastUpdatedTime' => <DateTime>,
'name' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- credentialProviders
-
- Required: Yes
- Type: Array of Oauth2CredentialProviderItem structures
The list of OAuth2 credential providers.
- nextToken
-
- Type: string
Pagination token for the next page of results.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListOnlineEvaluationConfigs
$result = $client->listOnlineEvaluationConfigs([/* ... */]); $promise = $client->listOnlineEvaluationConfigsAsync([/* ... */]);
Lists all online evaluation configurations in the account, providing summary information about each configuration's status and settings.
Parameter Syntax
$result = $client->listOnlineEvaluationConfigs([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of online evaluation configurations to return in a single response.
- nextToken
-
- Type: string
The pagination token from a previous request to retrieve the next page of results.
Result Syntax
[
'nextToken' => '<string>',
'onlineEvaluationConfigs' => [
[
'createdAt' => <DateTime>,
'description' => '<string>',
'executionStatus' => 'ENABLED|DISABLED',
'failureReason' => '<string>',
'onlineEvaluationConfigArn' => '<string>',
'onlineEvaluationConfigId' => '<string>',
'onlineEvaluationConfigName' => '<string>',
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination token to use in a subsequent request to retrieve the next page of results.
- onlineEvaluationConfigs
-
- Required: Yes
- Type: Array of OnlineEvaluationConfigSummary structures
The list of online evaluation configuration summaries containing basic information about each configuration.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListPolicies
$result = $client->listPolicies([/* ... */]); $promise = $client->listPoliciesAsync([/* ... */]);
Retrieves a list of policies within the AgentCore Policy engine. This operation supports pagination and filtering to help administrators manage and discover policies across policy engines. Results can be filtered by policy engine or resource associations.
Parameter Syntax
$result = $client->listPolicies([
'maxResults' => <integer>,
'nextToken' => '<string>',
'policyEngineId' => '<string>', // REQUIRED
'targetResourceScope' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of policies to return in a single response. If not specified, the default is 10 policies per page, with a maximum of 100 per page.
- nextToken
-
- Type: string
A pagination token returned from a previous ListPolicies call. Use this token to retrieve the next page of results when the response is paginated.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine whose policies to retrieve.
- targetResourceScope
-
- Type: string
Optional filter to list policies that apply to a specific resource scope or resource type. This helps narrow down policy results to those relevant for particular Amazon Web Services resources, agent tools, or operational contexts within the policy engine ecosystem.
Result Syntax
[
'nextToken' => '<string>',
'policies' => [
[
'createdAt' => <DateTime>,
'definition' => [
'cedar' => [
'statement' => '<string>',
],
],
'description' => '<string>',
'name' => '<string>',
'policyArn' => '<string>',
'policyEngineId' => '<string>',
'policyId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A pagination token that can be used in subsequent ListPolicies calls to retrieve additional results. This token is only present when there are more results available.
- policies
-
- Required: Yes
- Type: Array of Policy structures
An array of policy objects that match the specified criteria. Each policy object contains the policy metadata, status, and key identifiers for further operations.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListPolicyEngines
$result = $client->listPolicyEngines([/* ... */]); $promise = $client->listPolicyEnginesAsync([/* ... */]);
Retrieves a list of policy engines within the AgentCore Policy system. This operation supports pagination to help administrators discover and manage policy engines across their account. Each policy engine serves as a container for related policies.
Parameter Syntax
$result = $client->listPolicyEngines([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of policy engines to return in a single response. If not specified, the default is 10 policy engines per page, with a maximum of 100 per page.
- nextToken
-
- Type: string
A pagination token returned from a previous ListPolicyEngines call. Use this token to retrieve the next page of results when the response is paginated.
Result Syntax
[
'nextToken' => '<string>',
'policyEngines' => [
[
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'policyEngineArn' => '<string>',
'policyEngineId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A pagination token that can be used in subsequent ListPolicyEngines calls to retrieve additional results. This token is only present when there are more results available.
- policyEngines
-
- Required: Yes
- Type: Array of PolicyEngine structures
An array of policy engine objects that exist in the account. Each policy engine object contains the engine metadata, status, and key identifiers for further operations.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListPolicyGenerationAssets
$result = $client->listPolicyGenerationAssets([/* ... */]); $promise = $client->listPolicyGenerationAssetsAsync([/* ... */]);
Retrieves a list of generated policy assets from a policy generation request within the AgentCore Policy system. This operation returns the actual Cedar policies and related artifacts produced by the AI-powered policy generation process, allowing users to review and select from multiple generated policy options.
Parameter Syntax
$result = $client->listPolicyGenerationAssets([
'maxResults' => <integer>,
'nextToken' => '<string>',
'policyEngineId' => '<string>', // REQUIRED
'policyGenerationId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of policy generation assets to return in a single response. If not specified, the default is 10 assets per page, with a maximum of 100 per page. This helps control response size when dealing with policy generations that produce many alternative policy options.
- nextToken
-
- Type: string
A pagination token returned from a previous ListPolicyGenerationAssets call. Use this token to retrieve the next page of assets when the response is paginated due to large numbers of generated policy options.
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier of the policy engine associated with the policy generation request. This provides the context for the generation operation and ensures assets are retrieved from the correct policy engine.
- policyGenerationId
-
- Required: Yes
- Type: string
The unique identifier of the policy generation request whose assets are to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call that has completed processing.
Result Syntax
[
'nextToken' => '<string>',
'policyGenerationAssets' => [
[
'definition' => [
'cedar' => [
'statement' => '<string>',
],
],
'findings' => [
[
'description' => '<string>',
'type' => 'VALID|INVALID|NOT_TRANSLATABLE|ALLOW_ALL|ALLOW_NONE|DENY_ALL|DENY_NONE',
],
// ...
],
'policyGenerationAssetId' => '<string>',
'rawTextFragment' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A pagination token that can be used in subsequent ListPolicyGenerationAssets calls to retrieve additional assets. This token is only present when there are more generated policy assets available beyond the current response.
- policyGenerationAssets
-
- Type: Array of PolicyGenerationAsset structures
An array of generated policy assets including Cedar policies and related artifacts from the AI-powered policy generation process. Each asset represents a different policy option or variation generated from the original natural language input.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListPolicyGenerations
$result = $client->listPolicyGenerations([/* ... */]); $promise = $client->listPolicyGenerationsAsync([/* ... */]);
Retrieves a list of policy generation requests within the AgentCore Policy system. This operation supports pagination and filtering to help track and manage AI-powered policy generation operations.
Parameter Syntax
$result = $client->listPolicyGenerations([
'maxResults' => <integer>,
'nextToken' => '<string>',
'policyEngineId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of policy generations to return in a single response.
- nextToken
-
- Type: string
A pagination token for retrieving additional policy generations when results are paginated.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine whose policy generations to retrieve.
Result Syntax
[
'nextToken' => '<string>',
'policyGenerations' => [
[
'createdAt' => <DateTime>,
'findings' => '<string>',
'name' => '<string>',
'policyEngineId' => '<string>',
'policyGenerationArn' => '<string>',
'policyGenerationId' => '<string>',
'resource' => [
'arn' => '<string>',
],
'status' => 'GENERATING|GENERATED|GENERATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A pagination token for retrieving additional policy generations if more results are available.
- policyGenerations
-
- Required: Yes
- Type: Array of PolicyGeneration structures
An array of policy generation objects that match the specified criteria.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Lists the tags associated with the specified resource.
This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource for which you want to list tags.
Result Syntax
[
'tags' => ['<string>', ...],
]
Result Details
Members
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags associated with the resource.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
ListWorkloadIdentities
$result = $client->listWorkloadIdentities([/* ... */]); $promise = $client->listWorkloadIdentitiesAsync([/* ... */]);
Lists all workload identities in your account.
Parameter Syntax
$result = $client->listWorkloadIdentities([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Maximum number of results to return.
- nextToken
-
- Type: string
Pagination token.
Result Syntax
[
'nextToken' => '<string>',
'workloadIdentities' => [
[
'name' => '<string>',
'workloadIdentityArn' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
Pagination token for the next page of results.
- workloadIdentities
-
- Required: Yes
- Type: Array of WorkloadIdentityType structures
The list of workload identities.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
PutResourcePolicy
$result = $client->putResourcePolicy([/* ... */]); $promise = $client->putResourcePolicyAsync([/* ... */]);
Creates or updates a resource-based policy for a resource with the specified resourceArn.
This feature is currently available only for AgentCore Runtime and Gateway.
Parameter Syntax
$result = $client->putResourcePolicy([
'policy' => '<string>', // REQUIRED
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- policy
-
- Required: Yes
- Type: string
The resource policy to create or update.
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource for which to create or update the resource policy.
Result Syntax
[
'policy' => '<string>',
]
Result Details
Members
- policy
-
- Required: Yes
- Type: string
The resource policy that was created or updated.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
SetTokenVaultCMK
$result = $client->setTokenVaultCMK([/* ... */]); $promise = $client->setTokenVaultCMKAsync([/* ... */]);
Sets the customer master key (CMK) for a token vault.
Parameter Syntax
$result = $client->setTokenVaultCMK([
'kmsConfiguration' => [ // REQUIRED
'keyType' => 'CustomerManagedKey|ServiceManagedKey', // REQUIRED
'kmsKeyArn' => '<string>',
],
'tokenVaultId' => '<string>',
]);
Parameter Details
Members
- kmsConfiguration
-
- Required: Yes
- Type: KmsConfiguration structure
The KMS configuration for the token vault, including the key type and KMS key ARN.
- tokenVaultId
-
- Type: string
The unique identifier of the token vault to update.
Result Syntax
[
'kmsConfiguration' => [
'keyType' => 'CustomerManagedKey|ServiceManagedKey',
'kmsKeyArn' => '<string>',
],
'lastModifiedDate' => <DateTime>,
'tokenVaultId' => '<string>',
]
Result Details
Members
- kmsConfiguration
-
- Required: Yes
- Type: KmsConfiguration structure
The KMS configuration for the token vault.
- lastModifiedDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the token vault was last modified.
- tokenVaultId
-
- Required: Yes
- Type: string
The ID of the token vault.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ConcurrentModificationException:
Exception thrown when a resource is modified concurrently by multiple requests.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
StartPolicyGeneration
$result = $client->startPolicyGeneration([/* ... */]); $promise = $client->startPolicyGenerationAsync([/* ... */]);
Initiates the AI-powered generation of Cedar policies from natural language descriptions within the AgentCore Policy system. This feature enables both technical and non-technical users to create policies by describing their authorization requirements in plain English, which is then automatically translated into formal Cedar policy statements. The generation process analyzes the natural language input along with the Gateway's tool context to produce validated policy options. Generated policy assets are automatically deleted after 7 days, so you should review and create policies from the generated assets within this timeframe. Once created, policies are permanent and not subject to this expiration. Generated policies should be reviewed and tested in log-only mode before deploying to production. Use this when you want to describe policy intent naturally rather than learning Cedar syntax, though generated policies may require refinement for complex scenarios.
Parameter Syntax
$result = $client->startPolicyGeneration([
'clientToken' => '<string>',
'content' => [ // REQUIRED
'rawText' => '<string>',
],
'name' => '<string>', // REQUIRED
'policyEngineId' => '<string>', // REQUIRED
'resource' => [ // REQUIRED
'arn' => '<string>',
],
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure the idempotency of the request. The AWS SDK automatically generates this token, so you don't need to provide it in most cases. If you retry a request with the same client token, the service returns the same response without starting a duplicate generation.
- content
-
- Required: Yes
- Type: Content structure
The natural language description of the desired policy behavior. This content is processed by AI to generate corresponding Cedar policy statements that match the described intent.
- name
-
- Required: Yes
- Type: string
A customer-assigned name for the policy generation request. This helps track and identify generation operations, especially when running multiple generations simultaneously.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine that provides the context for policy generation. This engine's schema and tool context are used to ensure generated policies are valid and applicable.
- resource
-
- Required: Yes
- Type: Resource structure
The resource information that provides context for policy generation. This helps the AI understand the target resources and generate appropriate access control rules.
Result Syntax
[
'createdAt' => <DateTime>,
'findings' => '<string>',
'name' => '<string>',
'policyEngineId' => '<string>',
'policyGenerationArn' => '<string>',
'policyGenerationId' => '<string>',
'resource' => [
'arn' => '<string>',
],
'status' => 'GENERATING|GENERATED|GENERATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy generation request was created.
- findings
-
- Type: string
Initial findings from the policy generation process.
- name
-
- Required: Yes
- Type: string
The customer-assigned name for the policy generation request.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine associated with the started policy generation.
- policyGenerationArn
-
- Required: Yes
- Type: string
The ARN of the created policy generation request.
- policyGenerationId
-
- Required: Yes
- Type: string
The unique identifier assigned to the policy generation request for tracking progress.
- resource
-
- Required: Yes
- Type: Resource structure
The resource information associated with the policy generation request.
- status
-
- Required: Yes
- Type: string
The initial status of the policy generation request.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the generation status.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy generation was last updated.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
SynchronizeGatewayTargets
$result = $client->synchronizeGatewayTargets([/* ... */]); $promise = $client->synchronizeGatewayTargetsAsync([/* ... */]);
The gateway targets.
Parameter Syntax
$result = $client->synchronizeGatewayTargets([
'gatewayIdentifier' => '<string>', // REQUIRED
'targetIdList' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- gatewayIdentifier
-
- Required: Yes
- Type: string
The gateway Identifier.
- targetIdList
-
- Required: Yes
- Type: Array of strings
The target ID list.
Result Syntax
[
'targets' => [
[
'createdAt' => <DateTime>,
'credentialProviderConfigurations' => [
[
'credentialProvider' => [
'apiKeyCredentialProvider' => [
'credentialLocation' => 'HEADER|QUERY_PARAMETER',
'credentialParameterName' => '<string>',
'credentialPrefix' => '<string>',
'providerArn' => '<string>',
],
'oauthCredentialProvider' => [
'customParameters' => ['<string>', ...],
'defaultReturnUrl' => '<string>',
'grantType' => 'CLIENT_CREDENTIALS|AUTHORIZATION_CODE',
'providerArn' => '<string>',
'scopes' => ['<string>', ...],
],
],
'credentialProviderType' => 'GATEWAY_IAM_ROLE|OAUTH|API_KEY',
],
// ...
],
'description' => '<string>',
'gatewayArn' => '<string>',
'lastSynchronizedAt' => <DateTime>,
'name' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED|SYNCHRONIZING|SYNCHRONIZE_UNSUCCESSFUL',
'statusReasons' => ['<string>', ...],
'targetConfiguration' => [
'mcp' => [
'apiGateway' => [
'apiGatewayToolConfiguration' => [
'toolFilters' => [
[
'filterPath' => '<string>',
'methods' => ['<string>', ...],
],
// ...
],
'toolOverrides' => [
[
'description' => '<string>',
'method' => 'GET|DELETE|HEAD|OPTIONS|PATCH|PUT|POST',
'name' => '<string>',
'path' => '<string>',
],
// ...
],
],
'restApiId' => '<string>',
'stage' => '<string>',
],
'lambda' => [
'lambdaArn' => '<string>',
'toolSchema' => [
'inlinePayload' => [
[
'description' => '<string>',
'inputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer',
],
'name' => '<string>',
'outputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer',
],
],
// ...
],
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
'mcpServer' => [
'endpoint' => '<string>',
],
'openApiSchema' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
'smithyModel' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
],
'targetId' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- targets
-
- Type: Array of GatewayTarget structures
The gateway targets for synchronization.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are also deleted.
This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource that you want to tag.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to add to the resource. A tag is a key-value pair.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes the specified tags from the specified resource.
This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource that you want to untag.
- tagKeys
-
- Required: Yes
- Type: Array of strings
The tag keys of the tags to remove from the resource.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdateAgentRuntime
$result = $client->updateAgentRuntime([/* ... */]); $promise = $client->updateAgentRuntimeAsync([/* ... */]);
Updates an existing Amazon Secure Agent.
Parameter Syntax
$result = $client->updateAgentRuntime([
'agentRuntimeArtifact' => [ // REQUIRED
'codeConfiguration' => [
'code' => [ // REQUIRED
's3' => [
'bucket' => '<string>', // REQUIRED
'prefix' => '<string>', // REQUIRED
'versionId' => '<string>',
],
],
'entryPoint' => ['<string>', ...], // REQUIRED
'runtime' => 'PYTHON_3_10|PYTHON_3_11|PYTHON_3_12|PYTHON_3_13', // REQUIRED
],
'containerConfiguration' => [
'containerUri' => '<string>', // REQUIRED
],
],
'agentRuntimeId' => '<string>', // REQUIRED
'authorizerConfiguration' => [
'customJWTAuthorizer' => [
'allowedAudience' => ['<string>', ...],
'allowedClients' => ['<string>', ...],
'allowedScopes' => ['<string>', ...],
'customClaims' => [
[
'authorizingClaimMatchValue' => [ // REQUIRED
'claimMatchOperator' => 'EQUALS|CONTAINS|CONTAINS_ANY', // REQUIRED
'claimMatchValue' => [ // REQUIRED
'matchValueString' => '<string>',
'matchValueStringList' => ['<string>', ...],
],
],
'inboundTokenClaimName' => '<string>', // REQUIRED
'inboundTokenClaimValueType' => 'STRING|STRING_ARRAY', // REQUIRED
],
// ...
],
'discoveryUrl' => '<string>', // REQUIRED
],
],
'clientToken' => '<string>',
'description' => '<string>',
'environmentVariables' => ['<string>', ...],
'lifecycleConfiguration' => [
'idleRuntimeSessionTimeout' => <integer>,
'maxLifetime' => <integer>,
],
'networkConfiguration' => [ // REQUIRED
'networkMode' => 'PUBLIC|VPC', // REQUIRED
'networkModeConfig' => [
'securityGroups' => ['<string>', ...], // REQUIRED
'subnets' => ['<string>', ...], // REQUIRED
],
],
'protocolConfiguration' => [
'serverProtocol' => 'MCP|HTTP|A2A', // REQUIRED
],
'requestHeaderConfiguration' => [
'requestHeaderAllowlist' => ['<string>', ...],
],
'roleArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentRuntimeArtifact
-
- Required: Yes
- Type: AgentRuntimeArtifact structure
The updated artifact of the AgentCore Runtime.
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime to update.
- authorizerConfiguration
-
- Type: AuthorizerConfiguration structure
The updated authorizer configuration for the AgentCore Runtime.
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure idempotency of the request.
- description
-
- Type: string
The updated description of the AgentCore Runtime.
- environmentVariables
-
- Type: Associative array of custom strings keys (EnvironmentVariableKey) to strings
Updated environment variables to set in the AgentCore Runtime environment.
- lifecycleConfiguration
-
- Type: LifecycleConfiguration structure
The updated life cycle configuration for the AgentCore Runtime.
- networkConfiguration
-
- Required: Yes
- Type: NetworkConfiguration structure
The updated network configuration for the AgentCore Runtime.
- protocolConfiguration
-
- Type: ProtocolConfiguration structure
The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.
- requestHeaderConfiguration
-
- Type: RequestHeaderConfiguration structure
The updated configuration for HTTP request headers that will be passed through to the runtime.
- roleArn
-
- Required: Yes
- Type: string
The updated IAM role ARN that provides permissions for the AgentCore Runtime.
Result Syntax
[
'agentRuntimeArn' => '<string>',
'agentRuntimeId' => '<string>',
'agentRuntimeVersion' => '<string>',
'createdAt' => <DateTime>,
'lastUpdatedAt' => <DateTime>,
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
'workloadIdentityDetails' => [
'workloadIdentityArn' => '<string>',
],
]
Result Details
Members
- agentRuntimeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the updated AgentCore Runtime.
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the updated AgentCore Runtime.
- agentRuntimeVersion
-
- Required: Yes
- Type: string
The version of the updated AgentCore Runtime.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime was created.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime was last updated.
- status
-
- Required: Yes
- Type: string
The current status of the updated AgentCore Runtime.
- workloadIdentityDetails
-
- Type: WorkloadIdentityDetails structure
The workload identity details for the updated AgentCore Runtime.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdateAgentRuntimeEndpoint
$result = $client->updateAgentRuntimeEndpoint([/* ... */]); $promise = $client->updateAgentRuntimeEndpointAsync([/* ... */]);
Updates an existing Amazon Bedrock AgentCore Runtime endpoint.
Parameter Syntax
$result = $client->updateAgentRuntimeEndpoint([
'agentRuntimeId' => '<string>', // REQUIRED
'agentRuntimeVersion' => '<string>',
'clientToken' => '<string>',
'description' => '<string>',
'endpointName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the AgentCore Runtime associated with the endpoint.
- agentRuntimeVersion
-
- Type: string
The updated version of the AgentCore Runtime for the endpoint.
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure idempotency of the request.
- description
-
- Type: string
The updated description of the AgentCore Runtime endpoint.
- endpointName
-
- Required: Yes
- Type: string
The name of the AgentCore Runtime endpoint to update.
Result Syntax
[
'agentRuntimeArn' => '<string>',
'agentRuntimeEndpointArn' => '<string>',
'createdAt' => <DateTime>,
'lastUpdatedAt' => <DateTime>,
'liveVersion' => '<string>',
'status' => 'CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|READY|DELETING',
'targetVersion' => '<string>',
]
Result Details
Members
- agentRuntimeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AgentCore Runtime.
- agentRuntimeEndpointArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime endpoint was created.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the AgentCore Runtime endpoint was last updated.
- liveVersion
-
- Type: string
The currently deployed version of the AgentCore Runtime on the endpoint.
- status
-
- Required: Yes
- Type: string
The current status of the updated AgentCore Runtime endpoint.
- targetVersion
-
- Type: string
The target version of the AgentCore Runtime for the endpoint.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdateApiKeyCredentialProvider
$result = $client->updateApiKeyCredentialProvider([/* ... */]); $promise = $client->updateApiKeyCredentialProviderAsync([/* ... */]);
Updates an existing API key credential provider.
Parameter Syntax
$result = $client->updateApiKeyCredentialProvider([
'apiKey' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- apiKey
-
- Required: Yes
- Type: string
The new API key to use for authentication. This value replaces the existing API key and is encrypted and stored securely.
- name
-
- Required: Yes
- Type: string
The name of the API key credential provider to update.
Result Syntax
[
'apiKeySecretArn' => [
'secretArn' => '<string>',
],
'createdTime' => <DateTime>,
'credentialProviderArn' => '<string>',
'lastUpdatedTime' => <DateTime>,
'name' => '<string>',
]
Result Details
Members
- apiKeySecretArn
-
- Required: Yes
- Type: Secret structure
The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.
- createdTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the API key credential provider was created.
- credentialProviderArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the API key credential provider.
- lastUpdatedTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the API key credential provider was last updated.
- name
-
- Required: Yes
- Type: string
The name of the API key credential provider.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- DecryptionFailure:
Exception thrown when decryption of a secret fails.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
- EncryptionFailure:
Exception thrown when encryption of a secret fails.
UpdateEvaluator
$result = $client->updateEvaluator([/* ... */]); $promise = $client->updateEvaluatorAsync([/* ... */]);
Updates a custom evaluator's configuration, description, or evaluation level. Built-in evaluators cannot be updated. The evaluator must not be locked for modification.
Parameter Syntax
$result = $client->updateEvaluator([
'clientToken' => '<string>',
'description' => '<string>',
'evaluatorConfig' => [
'llmAsAJudge' => [
'instructions' => '<string>', // REQUIRED
'modelConfig' => [ // REQUIRED
'bedrockEvaluatorModelConfig' => [
'additionalModelRequestFields' => [
],
'inferenceConfig' => [
'maxTokens' => <integer>,
'stopSequences' => ['<string>', ...],
'temperature' => <float>,
'topP' => <float>,
],
'modelId' => '<string>', // REQUIRED
],
],
'ratingScale' => [ // REQUIRED
'categorical' => [
[
'definition' => '<string>', // REQUIRED
'label' => '<string>', // REQUIRED
],
// ...
],
'numerical' => [
[
'definition' => '<string>', // REQUIRED
'label' => '<string>', // REQUIRED
'value' => <float>, // REQUIRED
],
// ...
],
],
],
],
'evaluatorId' => '<string>', // REQUIRED
'level' => 'TOOL_CALL|TRACE|SESSION',
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
- description
-
- Type: string
The updated description of the evaluator.
- evaluatorConfig
-
- Type: EvaluatorConfig structure
The updated configuration for the evaluator, including LLM-as-a-Judge settings with instructions, rating scale, and model configuration.
- evaluatorId
-
- Required: Yes
- Type: string
The unique identifier of the evaluator to update.
- level
-
- Type: string
The updated evaluation level (
TOOL_CALL,TRACE, orSESSION) that determines the scope of evaluation.
Result Syntax
[
'evaluatorArn' => '<string>',
'evaluatorId' => '<string>',
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
'updatedAt' => <DateTime>,
]
Result Details
Members
- evaluatorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the updated evaluator.
- evaluatorId
-
- Required: Yes
- Type: string
The unique identifier of the updated evaluator.
- status
-
- Required: Yes
- Type: string
The status of the evaluator update operation.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the evaluator was last updated.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdateGateway
$result = $client->updateGateway([/* ... */]); $promise = $client->updateGatewayAsync([/* ... */]);
Updates an existing gateway.
Parameter Syntax
$result = $client->updateGateway([
'authorizerConfiguration' => [
'customJWTAuthorizer' => [
'allowedAudience' => ['<string>', ...],
'allowedClients' => ['<string>', ...],
'allowedScopes' => ['<string>', ...],
'customClaims' => [
[
'authorizingClaimMatchValue' => [ // REQUIRED
'claimMatchOperator' => 'EQUALS|CONTAINS|CONTAINS_ANY', // REQUIRED
'claimMatchValue' => [ // REQUIRED
'matchValueString' => '<string>',
'matchValueStringList' => ['<string>', ...],
],
],
'inboundTokenClaimName' => '<string>', // REQUIRED
'inboundTokenClaimValueType' => 'STRING|STRING_ARRAY', // REQUIRED
],
// ...
],
'discoveryUrl' => '<string>', // REQUIRED
],
],
'authorizerType' => 'CUSTOM_JWT|AWS_IAM|NONE', // REQUIRED
'description' => '<string>',
'exceptionLevel' => 'DEBUG',
'gatewayIdentifier' => '<string>', // REQUIRED
'interceptorConfigurations' => [
[
'inputConfiguration' => [
'passRequestHeaders' => true || false, // REQUIRED
],
'interceptionPoints' => ['<string>', ...], // REQUIRED
'interceptor' => [ // REQUIRED
'lambda' => [
'arn' => '<string>', // REQUIRED
],
],
],
// ...
],
'kmsKeyArn' => '<string>',
'name' => '<string>', // REQUIRED
'policyEngineConfiguration' => [
'arn' => '<string>', // REQUIRED
'mode' => 'LOG_ONLY|ENFORCE', // REQUIRED
],
'protocolConfiguration' => [
'mcp' => [
'instructions' => '<string>',
'searchType' => 'SEMANTIC',
'supportedVersions' => ['<string>', ...],
],
],
'protocolType' => 'MCP', // REQUIRED
'roleArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- authorizerConfiguration
-
- Type: AuthorizerConfiguration structure
The updated authorizer configuration for the gateway.
- authorizerType
-
- Required: Yes
- Type: string
The updated authorizer type for the gateway.
- description
-
- Type: string
The updated description for the gateway.
- exceptionLevel
-
- Type: string
The level of detail in error messages returned when invoking the gateway.
-
If the value is
DEBUG, granular exception messages are returned to help a user debug the gateway. -
If the value is omitted, a generic error message is returned to the end user.
- gatewayIdentifier
-
- Required: Yes
- Type: string
The identifier of the gateway to update.
- interceptorConfigurations
-
- Type: Array of GatewayInterceptorConfiguration structures
The updated interceptor configurations for the gateway.
- kmsKeyArn
-
- Type: string
The updated ARN of the KMS key used to encrypt the gateway.
- name
-
- Required: Yes
- Type: string
The name of the gateway. This name must be the same as the one when the gateway was created.
- policyEngineConfiguration
-
- Type: GatewayPolicyEngineConfiguration structure
The updated policy engine configuration for the gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
- protocolConfiguration
-
- Type: GatewayProtocolConfiguration structure
The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.
- protocolType
-
- Required: Yes
- Type: string
The updated protocol type for the gateway.
- roleArn
-
- Required: Yes
- Type: string
The updated IAM role ARN that provides permissions for the gateway.
Result Syntax
[
'authorizerConfiguration' => [
'customJWTAuthorizer' => [
'allowedAudience' => ['<string>', ...],
'allowedClients' => ['<string>', ...],
'allowedScopes' => ['<string>', ...],
'customClaims' => [
[
'authorizingClaimMatchValue' => [
'claimMatchOperator' => 'EQUALS|CONTAINS|CONTAINS_ANY',
'claimMatchValue' => [
'matchValueString' => '<string>',
'matchValueStringList' => ['<string>', ...],
],
],
'inboundTokenClaimName' => '<string>',
'inboundTokenClaimValueType' => 'STRING|STRING_ARRAY',
],
// ...
],
'discoveryUrl' => '<string>',
],
],
'authorizerType' => 'CUSTOM_JWT|AWS_IAM|NONE',
'createdAt' => <DateTime>,
'description' => '<string>',
'exceptionLevel' => 'DEBUG',
'gatewayArn' => '<string>',
'gatewayId' => '<string>',
'gatewayUrl' => '<string>',
'interceptorConfigurations' => [
[
'inputConfiguration' => [
'passRequestHeaders' => true || false,
],
'interceptionPoints' => ['<string>', ...],
'interceptor' => [
'lambda' => [
'arn' => '<string>',
],
],
],
// ...
],
'kmsKeyArn' => '<string>',
'name' => '<string>',
'policyEngineConfiguration' => [
'arn' => '<string>',
'mode' => 'LOG_ONLY|ENFORCE',
],
'protocolConfiguration' => [
'mcp' => [
'instructions' => '<string>',
'searchType' => 'SEMANTIC',
'supportedVersions' => ['<string>', ...],
],
],
'protocolType' => 'MCP',
'roleArn' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
'workloadIdentityDetails' => [
'workloadIdentityArn' => '<string>',
],
]
Result Details
Members
- authorizerConfiguration
-
- Type: AuthorizerConfiguration structure
The updated authorizer configuration for the gateway.
- authorizerType
-
- Required: Yes
- Type: string
The updated authorizer type for the gateway.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway was created.
- description
-
- Type: string
The updated description of the gateway.
- exceptionLevel
-
- Type: string
The level of detail in error messages returned when invoking the gateway.
-
If the value is
DEBUG, granular exception messages are returned to help a user debug the gateway. -
If the value is omitted, a generic error message is returned to the end user.
- gatewayArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the updated gateway.
- gatewayId
-
- Required: Yes
- Type: string
The unique identifier of the updated gateway.
- gatewayUrl
-
- Type: string
An endpoint for invoking the updated gateway.
- interceptorConfigurations
-
- Type: Array of GatewayInterceptorConfiguration structures
The updated interceptor configurations for the gateway.
- kmsKeyArn
-
- Type: string
The updated ARN of the KMS key used to encrypt the gateway.
- name
-
- Required: Yes
- Type: string
The name of the gateway.
- policyEngineConfiguration
-
- Type: GatewayPolicyEngineConfiguration structure
The updated policy engine configuration for the gateway.
- protocolConfiguration
-
- Type: GatewayProtocolConfiguration structure
The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.
- protocolType
-
- Required: Yes
- Type: string
The updated protocol type for the gateway.
- roleArn
-
- Type: string
The updated IAM role ARN that provides permissions for the gateway.
- status
-
- Required: Yes
- Type: string
The current status of the updated gateway.
- statusReasons
-
- Type: Array of strings
The reasons for the current status of the updated gateway.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway was last updated.
- workloadIdentityDetails
-
- Type: WorkloadIdentityDetails structure
The workload identity details for the updated gateway.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdateGatewayTarget
$result = $client->updateGatewayTarget([/* ... */]); $promise = $client->updateGatewayTargetAsync([/* ... */]);
Updates an existing gateway target.
Parameter Syntax
$result = $client->updateGatewayTarget([
'credentialProviderConfigurations' => [
[
'credentialProvider' => [
'apiKeyCredentialProvider' => [
'credentialLocation' => 'HEADER|QUERY_PARAMETER',
'credentialParameterName' => '<string>',
'credentialPrefix' => '<string>',
'providerArn' => '<string>', // REQUIRED
],
'oauthCredentialProvider' => [
'customParameters' => ['<string>', ...],
'defaultReturnUrl' => '<string>',
'grantType' => 'CLIENT_CREDENTIALS|AUTHORIZATION_CODE',
'providerArn' => '<string>', // REQUIRED
'scopes' => ['<string>', ...], // REQUIRED
],
],
'credentialProviderType' => 'GATEWAY_IAM_ROLE|OAUTH|API_KEY', // REQUIRED
],
// ...
],
'description' => '<string>',
'gatewayIdentifier' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
'targetConfiguration' => [ // REQUIRED
'mcp' => [
'apiGateway' => [
'apiGatewayToolConfiguration' => [ // REQUIRED
'toolFilters' => [ // REQUIRED
[
'filterPath' => '<string>', // REQUIRED
'methods' => ['<string>', ...], // REQUIRED
],
// ...
],
'toolOverrides' => [
[
'description' => '<string>',
'method' => 'GET|DELETE|HEAD|OPTIONS|PATCH|PUT|POST', // REQUIRED
'name' => '<string>', // REQUIRED
'path' => '<string>', // REQUIRED
],
// ...
],
],
'restApiId' => '<string>', // REQUIRED
'stage' => '<string>', // REQUIRED
],
'lambda' => [
'lambdaArn' => '<string>', // REQUIRED
'toolSchema' => [ // REQUIRED
'inlinePayload' => [
[
'description' => '<string>', // REQUIRED
'inputSchema' => [ // REQUIRED
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer', // REQUIRED
],
'name' => '<string>', // REQUIRED
'outputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer', // REQUIRED
],
],
// ...
],
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
'mcpServer' => [
'endpoint' => '<string>', // REQUIRED
],
'openApiSchema' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
'smithyModel' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
],
'targetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- credentialProviderConfigurations
-
- Type: Array of CredentialProviderConfiguration structures
The updated credential provider configurations for the gateway target.
- description
-
- Type: string
The updated description for the gateway target.
- gatewayIdentifier
-
- Required: Yes
- Type: string
The unique identifier of the gateway associated with the target.
- name
-
- Required: Yes
- Type: string
The updated name for the gateway target.
- targetConfiguration
-
- Required: Yes
- Type: TargetConfiguration structure
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
- targetId
-
- Required: Yes
- Type: string
The unique identifier of the gateway target to update.
Result Syntax
[
'createdAt' => <DateTime>,
'credentialProviderConfigurations' => [
[
'credentialProvider' => [
'apiKeyCredentialProvider' => [
'credentialLocation' => 'HEADER|QUERY_PARAMETER',
'credentialParameterName' => '<string>',
'credentialPrefix' => '<string>',
'providerArn' => '<string>',
],
'oauthCredentialProvider' => [
'customParameters' => ['<string>', ...],
'defaultReturnUrl' => '<string>',
'grantType' => 'CLIENT_CREDENTIALS|AUTHORIZATION_CODE',
'providerArn' => '<string>',
'scopes' => ['<string>', ...],
],
],
'credentialProviderType' => 'GATEWAY_IAM_ROLE|OAUTH|API_KEY',
],
// ...
],
'description' => '<string>',
'gatewayArn' => '<string>',
'lastSynchronizedAt' => <DateTime>,
'name' => '<string>',
'status' => 'CREATING|UPDATING|UPDATE_UNSUCCESSFUL|DELETING|READY|FAILED|SYNCHRONIZING|SYNCHRONIZE_UNSUCCESSFUL',
'statusReasons' => ['<string>', ...],
'targetConfiguration' => [
'mcp' => [
'apiGateway' => [
'apiGatewayToolConfiguration' => [
'toolFilters' => [
[
'filterPath' => '<string>',
'methods' => ['<string>', ...],
],
// ...
],
'toolOverrides' => [
[
'description' => '<string>',
'method' => 'GET|DELETE|HEAD|OPTIONS|PATCH|PUT|POST',
'name' => '<string>',
'path' => '<string>',
],
// ...
],
],
'restApiId' => '<string>',
'stage' => '<string>',
],
'lambda' => [
'lambdaArn' => '<string>',
'toolSchema' => [
'inlinePayload' => [
[
'description' => '<string>',
'inputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer',
],
'name' => '<string>',
'outputSchema' => [
'description' => '<string>',
'items' => [...], // RECURSIVE
'properties' => [
'<String>' => [...], // RECURSIVE
// ...
],
'required' => ['<string>', ...],
'type' => 'string|number|object|array|boolean|integer',
],
],
// ...
],
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
'mcpServer' => [
'endpoint' => '<string>',
],
'openApiSchema' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
'smithyModel' => [
'inlinePayload' => '<string>',
's3' => [
'bucketOwnerAccountId' => '<string>',
'uri' => '<string>',
],
],
],
],
'targetId' => '<string>',
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway target was created.
- credentialProviderConfigurations
-
- Required: Yes
- Type: Array of CredentialProviderConfiguration structures
The updated credential provider configurations for the gateway target.
- description
-
- Type: string
The updated description of the gateway target.
- gatewayArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the gateway.
- lastSynchronizedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time at which the targets were last synchronized.
- name
-
- Required: Yes
- Type: string
The updated name of the gateway target.
- status
-
- Required: Yes
- Type: string
The current status of the updated gateway target.
- statusReasons
-
- Type: Array of strings
The reasons for the current status of the updated gateway target.
- targetConfiguration
-
- Required: Yes
- Type: TargetConfiguration structure
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
- targetId
-
- Required: Yes
- Type: string
The unique identifier of the updated gateway target.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway target was last updated.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdateMemory
$result = $client->updateMemory([/* ... */]); $promise = $client->updateMemoryAsync([/* ... */]);
Update an Amazon Bedrock AgentCore Memory resource memory.
Parameter Syntax
$result = $client->updateMemory([
'clientToken' => '<string>',
'description' => '<string>',
'eventExpiryDuration' => <integer>,
'memoryExecutionRoleArn' => '<string>',
'memoryId' => '<string>', // REQUIRED
'memoryStrategies' => [
'addMemoryStrategies' => [
[
'customMemoryStrategy' => [
'configuration' => [
'episodicOverride' => [
'consolidation' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'extraction' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'reflection' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
],
'selfManagedConfiguration' => [
'historicalContextWindowSize' => <integer>,
'invocationConfiguration' => [ // REQUIRED
'payloadDeliveryBucketName' => '<string>', // REQUIRED
'topicArn' => '<string>', // REQUIRED
],
'triggerConditions' => [
[
'messageBasedTrigger' => [
'messageCount' => <integer>,
],
'timeBasedTrigger' => [
'idleSessionTimeout' => <integer>,
],
'tokenBasedTrigger' => [
'tokenCount' => <integer>,
],
],
// ...
],
],
'semanticOverride' => [
'consolidation' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'extraction' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
],
'summaryOverride' => [
'consolidation' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
],
'userPreferenceOverride' => [
'consolidation' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'extraction' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
],
],
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
'episodicMemoryStrategy' => [
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
'reflectionConfiguration' => [
'namespaces' => ['<string>', ...], // REQUIRED
],
],
'semanticMemoryStrategy' => [
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
'summaryMemoryStrategy' => [
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
'userPreferenceMemoryStrategy' => [
'description' => '<string>',
'name' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
],
// ...
],
'deleteMemoryStrategies' => [
[
'memoryStrategyId' => '<string>', // REQUIRED
],
// ...
],
'modifyMemoryStrategies' => [
[
'configuration' => [
'consolidation' => [
'customConsolidationConfiguration' => [
'episodicConsolidationOverride' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'semanticConsolidationOverride' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'summaryConsolidationOverride' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'userPreferenceConsolidationOverride' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
],
],
'extraction' => [
'customExtractionConfiguration' => [
'episodicExtractionOverride' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'semanticExtractionOverride' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
'userPreferenceExtractionOverride' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
],
],
],
'reflection' => [
'customReflectionConfiguration' => [
'episodicReflectionOverride' => [
'appendToPrompt' => '<string>', // REQUIRED
'modelId' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
],
'episodicReflectionConfiguration' => [
'namespaces' => ['<string>', ...], // REQUIRED
],
],
'selfManagedConfiguration' => [
'historicalContextWindowSize' => <integer>,
'invocationConfiguration' => [
'payloadDeliveryBucketName' => '<string>',
'topicArn' => '<string>',
],
'triggerConditions' => [
[
'messageBasedTrigger' => [
'messageCount' => <integer>,
],
'timeBasedTrigger' => [
'idleSessionTimeout' => <integer>,
],
'tokenBasedTrigger' => [
'tokenCount' => <integer>,
],
],
// ...
],
],
],
'description' => '<string>',
'memoryStrategyId' => '<string>', // REQUIRED
'namespaces' => ['<string>', ...],
],
// ...
],
],
]);
Parameter Details
Members
- clientToken
-
- Type: string
A client token is used for keeping track of idempotent requests. It can contain a session id which can be around 250 chars, combined with a unique AWS identifier.
- description
-
- Type: string
The updated description of the AgentCore Memory resource.
- eventExpiryDuration
-
- Type: int
The number of days after which memory events will expire, between 7 and 365 days.
- memoryExecutionRoleArn
-
- Type: string
The ARN of the IAM role that provides permissions for the AgentCore Memory resource.
- memoryId
-
- Required: Yes
- Type: string
The unique identifier of the memory to update.
- memoryStrategies
-
- Type: ModifyMemoryStrategies structure
The memory strategies to add, modify, or delete.
Result Syntax
[
'memory' => [
'arn' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'encryptionKeyArn' => '<string>',
'eventExpiryDuration' => <integer>,
'failureReason' => '<string>',
'id' => '<string>',
'memoryExecutionRoleArn' => '<string>',
'name' => '<string>',
'status' => 'CREATING|ACTIVE|FAILED|DELETING',
'strategies' => [
[
'configuration' => [
'consolidation' => [
'customConsolidationConfiguration' => [
'episodicConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'semanticConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'summaryConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'userPreferenceConsolidationOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
],
],
'extraction' => [
'customExtractionConfiguration' => [
'episodicExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'semanticExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
'userPreferenceExtractionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
],
],
],
'reflection' => [
'customReflectionConfiguration' => [
'episodicReflectionOverride' => [
'appendToPrompt' => '<string>',
'modelId' => '<string>',
'namespaces' => ['<string>', ...],
],
],
'episodicReflectionConfiguration' => [
'namespaces' => ['<string>', ...],
],
],
'selfManagedConfiguration' => [
'historicalContextWindowSize' => <integer>,
'invocationConfiguration' => [
'payloadDeliveryBucketName' => '<string>',
'topicArn' => '<string>',
],
'triggerConditions' => [
[
'messageBasedTrigger' => [
'messageCount' => <integer>,
],
'timeBasedTrigger' => [
'idleSessionTimeout' => <integer>,
],
'tokenBasedTrigger' => [
'tokenCount' => <integer>,
],
],
// ...
],
],
'type' => 'SEMANTIC_OVERRIDE|SUMMARY_OVERRIDE|USER_PREFERENCE_OVERRIDE|SELF_MANAGED|EPISODIC_OVERRIDE',
],
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'namespaces' => ['<string>', ...],
'status' => 'CREATING|ACTIVE|DELETING|FAILED',
'strategyId' => '<string>',
'type' => 'SEMANTIC|SUMMARIZATION|USER_PREFERENCE|CUSTOM|EPISODIC',
'updatedAt' => <DateTime>,
],
// ...
],
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- memory
-
- Type: Memory structure
The updated AgentCore Memory resource details.
Errors
- ServiceException:
An internal error occurred.
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottledException:
API rate limit has been exceeded.
UpdateOauth2CredentialProvider
$result = $client->updateOauth2CredentialProvider([/* ... */]); $promise = $client->updateOauth2CredentialProviderAsync([/* ... */]);
Updates an existing OAuth2 credential provider.
Parameter Syntax
$result = $client->updateOauth2CredentialProvider([
'credentialProviderVendor' => 'GoogleOauth2|GithubOauth2|SlackOauth2|SalesforceOauth2|MicrosoftOauth2|CustomOauth2|AtlassianOauth2|LinkedinOauth2|XOauth2|OktaOauth2|OneLoginOauth2|PingOneOauth2|FacebookOauth2|YandexOauth2|RedditOauth2|ZoomOauth2|TwitchOauth2|SpotifyOauth2|DropboxOauth2|NotionOauth2|HubspotOauth2|CyberArkOauth2|FusionAuthOauth2|Auth0Oauth2|CognitoOauth2', // REQUIRED
'name' => '<string>', // REQUIRED
'oauth2ProviderConfigInput' => [ // REQUIRED
'atlassianOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'customOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
'oauthDiscovery' => [ // REQUIRED
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>', // REQUIRED
'issuer' => '<string>', // REQUIRED
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>', // REQUIRED
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'githubOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'googleOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'includedOauth2ProviderConfig' => [
'authorizationEndpoint' => '<string>',
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
'issuer' => '<string>',
'tokenEndpoint' => '<string>',
],
'linkedinOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'microsoftOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
'tenantId' => '<string>',
],
'salesforceOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
'slackOauth2ProviderConfig' => [
'clientId' => '<string>', // REQUIRED
'clientSecret' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- credentialProviderVendor
-
- Required: Yes
- Type: string
The vendor of the OAuth2 credential provider.
- name
-
- Required: Yes
- Type: string
The name of the OAuth2 credential provider to update.
- oauth2ProviderConfigInput
-
- Required: Yes
- Type: Oauth2ProviderConfigInput structure
The configuration input for the OAuth2 provider.
Result Syntax
[
'callbackUrl' => '<string>',
'clientSecretArn' => [
'secretArn' => '<string>',
],
'createdTime' => <DateTime>,
'credentialProviderArn' => '<string>',
'credentialProviderVendor' => 'GoogleOauth2|GithubOauth2|SlackOauth2|SalesforceOauth2|MicrosoftOauth2|CustomOauth2|AtlassianOauth2|LinkedinOauth2|XOauth2|OktaOauth2|OneLoginOauth2|PingOneOauth2|FacebookOauth2|YandexOauth2|RedditOauth2|ZoomOauth2|TwitchOauth2|SpotifyOauth2|DropboxOauth2|NotionOauth2|HubspotOauth2|CyberArkOauth2|FusionAuthOauth2|Auth0Oauth2|CognitoOauth2',
'lastUpdatedTime' => <DateTime>,
'name' => '<string>',
'oauth2ProviderConfigOutput' => [
'atlassianOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'customOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'githubOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'googleOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'includedOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'linkedinOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'microsoftOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'salesforceOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
'slackOauth2ProviderConfig' => [
'clientId' => '<string>',
'oauthDiscovery' => [
'authorizationServerMetadata' => [
'authorizationEndpoint' => '<string>',
'issuer' => '<string>',
'responseTypes' => ['<string>', ...],
'tokenEndpoint' => '<string>',
'tokenEndpointAuthMethods' => ['<string>', ...],
],
'discoveryUrl' => '<string>',
],
],
],
]
Result Details
Members
- callbackUrl
-
- Type: string
Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
- clientSecretArn
-
- Required: Yes
- Type: Secret structure
The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
- createdTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the OAuth2 credential provider was created.
- credentialProviderArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the OAuth2 credential provider.
- credentialProviderVendor
-
- Required: Yes
- Type: string
The vendor of the OAuth2 credential provider.
- lastUpdatedTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the OAuth2 credential provider was last updated.
- name
-
- Required: Yes
- Type: string
The name of the OAuth2 credential provider.
- oauth2ProviderConfigOutput
-
- Required: Yes
- Type: Oauth2ProviderConfigOutput structure
The configuration output for the OAuth2 provider.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- DecryptionFailure:
Exception thrown when decryption of a secret fails.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
- EncryptionFailure:
Exception thrown when encryption of a secret fails.
UpdateOnlineEvaluationConfig
$result = $client->updateOnlineEvaluationConfig([/* ... */]); $promise = $client->updateOnlineEvaluationConfigAsync([/* ... */]);
Updates an online evaluation configuration's settings, including rules, data sources, evaluators, and execution status. Changes take effect immediately for ongoing evaluations.
Parameter Syntax
$result = $client->updateOnlineEvaluationConfig([
'clientToken' => '<string>',
'dataSourceConfig' => [
'cloudWatchLogs' => [
'logGroupNames' => ['<string>', ...], // REQUIRED
'serviceNames' => ['<string>', ...], // REQUIRED
],
],
'description' => '<string>',
'evaluationExecutionRoleArn' => '<string>',
'evaluators' => [
[
'evaluatorId' => '<string>',
],
// ...
],
'executionStatus' => 'ENABLED|DISABLED',
'onlineEvaluationConfigId' => '<string>', // REQUIRED
'rule' => [
'filters' => [
[
'key' => '<string>', // REQUIRED
'operator' => 'Equals|NotEquals|GreaterThan|LessThan|GreaterThanOrEqual|LessThanOrEqual|Contains|NotContains', // REQUIRED
'value' => [ // REQUIRED
'booleanValue' => true || false,
'doubleValue' => <float>,
'stringValue' => '<string>',
],
],
// ...
],
'samplingConfig' => [ // REQUIRED
'samplingPercentage' => <float>, // REQUIRED
],
'sessionConfig' => [
'sessionTimeoutMinutes' => <integer>, // REQUIRED
],
],
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
- dataSourceConfig
-
- Type: DataSourceConfig structure
The updated data source configuration specifying CloudWatch log groups and service names to monitor.
- description
-
- Type: string
The updated description of the online evaluation configuration.
- evaluationExecutionRoleArn
-
- Type: string
The updated Amazon Resource Name (ARN) of the IAM role used for evaluation execution.
- evaluators
-
- Type: Array of EvaluatorReference structures
The updated list of evaluators to apply during online evaluation.
- executionStatus
-
- Type: string
The updated execution status to enable or disable the online evaluation.
- onlineEvaluationConfigId
-
- Required: Yes
- Type: string
The unique identifier of the online evaluation configuration to update.
- rule
-
- Type: Rule structure
The updated evaluation rule containing sampling configuration, filters, and session settings.
Result Syntax
[
'executionStatus' => 'ENABLED|DISABLED',
'failureReason' => '<string>',
'onlineEvaluationConfigArn' => '<string>',
'onlineEvaluationConfigId' => '<string>',
'status' => 'ACTIVE|CREATING|CREATE_FAILED|UPDATING|UPDATE_FAILED|DELETING',
'updatedAt' => <DateTime>,
]
Result Details
Members
- executionStatus
-
- Required: Yes
- Type: string
The execution status indicating whether the online evaluation is currently running.
- failureReason
-
- Type: string
The reason for failure if the online evaluation configuration update or execution failed.
- onlineEvaluationConfigArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the updated online evaluation configuration.
- onlineEvaluationConfigId
-
- Required: Yes
- Type: string
The unique identifier of the updated online evaluation configuration.
- status
-
- Required: Yes
- Type: string
The status of the online evaluation configuration.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the online evaluation configuration was last updated.
Errors
- ServiceQuotaExceededException:
This exception is thrown when a request is made beyond the service quota
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdatePolicy
$result = $client->updatePolicy([/* ... */]); $promise = $client->updatePolicyAsync([/* ... */]);
Updates an existing policy within the AgentCore Policy system. This operation allows modification of the policy description and definition while maintaining the policy's identity. The updated policy is validated against the Cedar schema before being applied. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Parameter Syntax
$result = $client->updatePolicy([
'definition' => [ // REQUIRED
'cedar' => [
'statement' => '<string>', // REQUIRED
],
],
'description' => '<string>',
'policyEngineId' => '<string>', // REQUIRED
'policyId' => '<string>', // REQUIRED
'validationMode' => 'FAIL_ON_ANY_FINDINGS|IGNORE_ALL_FINDINGS',
]);
Parameter Details
Members
- definition
-
- Required: Yes
- Type: PolicyDefinition structure
The new Cedar policy statement that defines the access control rules. This replaces the existing policy definition with new logic while maintaining the policy's identity.
- description
-
- Type: string
The new human-readable description for the policy. This optional field allows updating the policy's documentation while keeping the same policy logic.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine that manages the policy to be updated. This ensures the policy is updated within the correct policy engine context.
- policyId
-
- Required: Yes
- Type: string
The unique identifier of the policy to be updated. This must be a valid policy ID that exists within the specified policy engine.
- validationMode
-
- Type: string
The validation mode for the policy update. Determines how Cedar analyzer validation results are handled during policy updates. FAIL_ON_ANY_FINDINGS runs the Cedar analyzer and fails the update if validation issues are detected, ensuring the policy conforms to the Cedar schema and tool context. IGNORE_ALL_FINDINGS runs the Cedar analyzer but allows updates despite validation warnings. Use FAIL_ON_ANY_FINDINGS to ensure policy correctness during updates, especially when modifying policy logic or conditions.
Result Syntax
[
'createdAt' => <DateTime>,
'definition' => [
'cedar' => [
'statement' => '<string>',
],
],
'description' => '<string>',
'name' => '<string>',
'policyArn' => '<string>',
'policyEngineId' => '<string>',
'policyId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The original creation timestamp of the policy.
- definition
-
- Required: Yes
- Type: PolicyDefinition structure
The updated Cedar policy statement.
- description
-
- Type: string
The updated description of the policy.
- name
-
- Required: Yes
- Type: string
The name of the updated policy.
- policyArn
-
- Required: Yes
- Type: string
The ARN of the updated policy.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine managing the updated policy.
- policyId
-
- Required: Yes
- Type: string
The unique identifier of the updated policy.
- status
-
- Required: Yes
- Type: string
The current status of the updated policy.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the update status.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy was last updated.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdatePolicyEngine
$result = $client->updatePolicyEngine([/* ... */]); $promise = $client->updatePolicyEngineAsync([/* ... */]);
Updates an existing policy engine within the AgentCore Policy system. This operation allows modification of the policy engine description while maintaining its identity. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Parameter Syntax
$result = $client->updatePolicyEngine([
'description' => '<string>',
'policyEngineId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- description
-
- Type: string
The new description for the policy engine.
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier of the policy engine to be updated.
Result Syntax
[
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'policyEngineArn' => '<string>',
'policyEngineId' => '<string>',
'status' => 'CREATING|ACTIVE|UPDATING|DELETING|CREATE_FAILED|UPDATE_FAILED|DELETE_FAILED',
'statusReasons' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The original creation timestamp of the policy engine.
- description
-
- Type: string
The updated description of the policy engine.
- name
-
- Required: Yes
- Type: string
The name of the updated policy engine.
- policyEngineArn
-
- Required: Yes
- Type: string
The ARN of the updated policy engine.
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier of the updated policy engine.
- status
-
- Required: Yes
- Type: string
The current status of the updated policy engine.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the update status.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy engine was last updated.
Errors
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ConflictException:
This exception is thrown when there is a conflict performing an operation
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
UpdateWorkloadIdentity
$result = $client->updateWorkloadIdentity([/* ... */]); $promise = $client->updateWorkloadIdentityAsync([/* ... */]);
Updates an existing workload identity.
Parameter Syntax
$result = $client->updateWorkloadIdentity([
'allowedResourceOauth2ReturnUrls' => ['<string>', ...],
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- allowedResourceOauth2ReturnUrls
-
- Type: Array of strings
The new list of allowed OAuth2 return URLs for resources associated with this workload identity. This list replaces the existing list.
- name
-
- Required: Yes
- Type: string
The name of the workload identity to update.
Result Syntax
[
'allowedResourceOauth2ReturnUrls' => ['<string>', ...],
'createdTime' => <DateTime>,
'lastUpdatedTime' => <DateTime>,
'name' => '<string>',
'workloadIdentityArn' => '<string>',
]
Result Details
Members
- allowedResourceOauth2ReturnUrls
-
- Type: Array of strings
The list of allowed OAuth2 return URLs for resources associated with this workload identity.
- createdTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the workload identity was created.
- lastUpdatedTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the workload identity was last updated.
- name
-
- Required: Yes
- Type: string
The name of the workload identity.
- workloadIdentityArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the workload identity.
Errors
- UnauthorizedException:
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- AccessDeniedException:
This exception is thrown when a request is denied per access permissions
- ResourceNotFoundException:
This exception is thrown when a resource referenced by the operation does not exist
- ThrottlingException:
This exception is thrown when the number of requests exceeds the limit
- InternalServerException:
This exception is thrown if there was an unexpected error during processing of request
Shapes
AccessDeniedException
Description
This exception is thrown when a request is denied per access permissions
Members
- message
-
- Type: string
AdditionalModelRequestFields
Members
AgentRuntime
Description
Contains information about an agent runtime. An agent runtime is the execution environment for a Amazon Bedrock Agent.
Members
- agentRuntimeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the agent runtime.
- agentRuntimeId
-
- Required: Yes
- Type: string
The unique identifier of the agent runtime.
- agentRuntimeName
-
- Required: Yes
- Type: string
The name of the agent runtime.
- agentRuntimeVersion
-
- Required: Yes
- Type: string
The version of the agent runtime.
- description
-
- Required: Yes
- Type: string
The description of the agent runtime.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the agent runtime was last updated.
- status
-
- Required: Yes
- Type: string
The current status of the agent runtime.
AgentRuntimeArtifact
Description
The artifact of the agent.
Members
- codeConfiguration
-
- Type: CodeConfiguration structure
The code configuration for the agent runtime artifact, including the source code location and execution settings.
- containerConfiguration
-
- Type: ContainerConfiguration structure
The container configuration for the agent artifact.
AgentRuntimeEndpoint
Description
Contains information about an agent runtime endpoint. An endpoint provides a way to connect to and interact with an agent runtime.
Members
- agentRuntimeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the agent runtime associated with the endpoint.
- agentRuntimeEndpointArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the agent runtime endpoint.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the agent runtime endpoint was created.
- description
-
- Type: string
The description of the agent runtime endpoint.
- id
-
- Required: Yes
- Type: string
The unique identifier of the agent runtime endpoint.
- lastUpdatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the agent runtime endpoint was last updated.
- liveVersion
-
- Type: string
The live version of the agent runtime endpoint. This is the version that is currently serving requests.
- name
-
- Required: Yes
- Type: string
The name of the agent runtime endpoint.
- status
-
- Required: Yes
- Type: string
The current status of the agent runtime endpoint.
- targetVersion
-
- Type: string
The target version of the agent runtime endpoint. This is the version that the endpoint is being updated to.
ApiGatewayTargetConfiguration
Description
The configuration for an Amazon API Gateway target.
Members
- apiGatewayToolConfiguration
-
- Required: Yes
- Type: ApiGatewayToolConfiguration structure
The configuration for defining REST API tool filters and overrides for the gateway target.
- restApiId
-
- Required: Yes
- Type: string
The ID of the API Gateway REST API.
- stage
-
- Required: Yes
- Type: string
The ID of the stage of the REST API to add as a target.
ApiGatewayToolConfiguration
Description
The configuration for defining REST API tool filters and overrides for the gateway target.
Members
- toolFilters
-
- Required: Yes
- Type: Array of ApiGatewayToolFilter structures
A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
- toolOverrides
-
- Type: Array of ApiGatewayToolOverride structures
A list of explicit tool definitions with optional custom names and descriptions.
ApiGatewayToolFilter
Description
Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
Members
- filterPath
-
- Required: Yes
- Type: string
Resource path to match in the REST API. Supports exact paths (for example,
/pets) or wildcard paths (for example,/pets/*to match all paths under/pets). Must match existing paths in the REST API. - methods
-
- Required: Yes
- Type: Array of strings
The methods to filter for.
ApiGatewayToolOverride
Description
Settings to override configurations for a tool.
Members
- description
-
- Type: string
The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
- method
-
- Required: Yes
- Type: string
The HTTP method to expose for the specified path.
- name
-
- Required: Yes
- Type: string
The name of tool. Identifies the tool in the Model Context Protocol.
- path
-
- Required: Yes
- Type: string
Resource path in the REST API (e.g.,
/pets). Must explicitly match an existing path in the REST API.
ApiKeyCredentialProvider
Description
An API key credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using an API key.
Members
- credentialLocation
-
- Type: string
The location of the API key credential. This field specifies where in the request the API key should be placed.
- credentialParameterName
-
- Type: string
The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
- credentialPrefix
-
- Type: string
The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
- providerArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
ApiKeyCredentialProviderItem
Description
Contains information about an API key credential provider.
Members
- createdTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the API key credential provider was created.
- credentialProviderArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the API key credential provider.
- lastUpdatedTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the API key credential provider was last updated.
- name
-
- Required: Yes
- Type: string
The name of the API key credential provider.
ApiSchemaConfiguration
Description
Configuration for API schema.
Members
- inlinePayload
-
- Type: string
The inline payload containing the API schema definition.
- s3
-
- Type: S3Configuration structure
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
AtlassianOauth2ProviderConfigInput
Description
Configuration settings for connecting to Atlassian services using OAuth2 authentication. This includes the client credentials required to authenticate with Atlassian's OAuth2 authorization server.
Members
- clientId
-
- Required: Yes
- Type: string
The client ID for the Atlassian OAuth2 provider. This identifier is assigned by Atlassian when you register your application.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the Atlassian OAuth2 provider. This secret is assigned by Atlassian and used along with the client ID to authenticate your application.
AtlassianOauth2ProviderConfigOutput
Description
The configuration details returned for an Atlassian OAuth2 provider, including the client ID and OAuth2 discovery information.
Members
- clientId
-
- Type: string
The client ID for the Atlassian OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
Contains the discovery information for an OAuth2 provider.
AuthorizerConfiguration
Description
Represents inbound authorization configuration options used to authenticate incoming requests.
Members
- customJWTAuthorizer
-
- Type: CustomJWTAuthorizerConfiguration structure
The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
AuthorizingClaimMatchValueType
Description
Defines the value or values to match for and the relationship of the match.
Members
- claimMatchOperator
-
- Required: Yes
- Type: string
Defines the relationship between the claim field value and the value or values you're matching for.
- claimMatchValue
-
- Required: Yes
- Type: ClaimMatchValueType structure
The value or values to match for.
BedrockEvaluatorModelConfig
Description
The configuration for using Amazon Bedrock models in evaluator assessments, including model selection and inference parameters.
Members
- additionalModelRequestFields
-
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
Additional model-specific request fields to customize model behavior beyond the standard inference configuration.
- inferenceConfig
-
- Type: InferenceConfiguration structure
The inference configuration parameters that control model behavior during evaluation, including temperature, token limits, and sampling settings.
- modelId
-
- Required: Yes
- Type: string
The identifier of the Amazon Bedrock model to use for evaluation. Must be a supported foundation model available in your region.
BrowserNetworkConfiguration
Description
The network configuration for a browser. This structure defines how the browser connects to the network.
Members
- networkMode
-
- Required: Yes
- Type: string
The network mode for the browser. This field specifies how the browser connects to the network.
- vpcConfig
-
- Type: VpcConfig structure
VpcConfig for the Agent.
BrowserSigningConfigInput
Description
Configuration for enabling browser signing capabilities that allow agents to cryptographically identify themselves to websites using HTTP message signatures.
Members
- enabled
-
- Required: Yes
- Type: boolean
Specifies whether browser signing is enabled. When enabled, the browser will cryptographically sign HTTP requests to identify itself as an AI agent to bot control vendors.
BrowserSigningConfigOutput
Description
The current browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
Members
- enabled
-
- Required: Yes
- Type: boolean
Indicates whether browser signing is currently enabled for cryptographic agent identification using HTTP message signatures.
BrowserSummary
Description
Contains summary information about a browser. A browser enables Amazon Bedrock Agent to interact with web content.
Members
- browserArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the browser.
- browserId
-
- Required: Yes
- Type: string
The unique identifier of the browser.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the browser was created.
- description
-
- Type: string
The description of the browser.
- lastUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the browser was last updated.
- name
-
- Type: string
The name of the browser.
- status
-
- Required: Yes
- Type: string
The current status of the browser.
CategoricalScaleDefinition
Description
The definition of a categorical rating scale option that provides a named category with its description for evaluation scoring.
Members
- definition
-
- Required: Yes
- Type: string
The description that explains what this categorical rating represents and when it should be used.
- label
-
- Required: Yes
- Type: string
The label or name of this categorical rating option.
CedarPolicy
Description
Represents a Cedar policy statement within the AgentCore Policy system. Cedar is a policy language designed for authorization that provides human-readable, analyzable, and high-performance policy evaluation for controlling agent behavior and access decisions.
Members
- statement
-
- Required: Yes
- Type: string
The Cedar policy statement that defines the authorization logic. This statement follows Cedar syntax and specifies principals, actions, resources, and conditions that determine when access should be allowed or denied.
ClaimMatchValueType
Description
The value or values to match for.
-
Include a
matchValueStringwith theEQUALSoperator to specify a string that matches the claim field value. -
Include a
matchValueArrayto specify an array of string values. You can use the following operators:-
Use
CONTAINSto yield a match if the claim field value is in the array. -
Use
CONTAINS_ANYto yield a match if the claim field value contains any of the strings in the array.
-
Members
- matchValueString
-
- Type: string
The string value to match for.
- matchValueStringList
-
- Type: Array of strings
An array of strings to check for a match.
CloudWatchLogsInputConfig
Description
The configuration for reading agent traces from CloudWatch logs as input for online evaluation.
Members
- logGroupNames
-
- Required: Yes
- Type: Array of strings
The list of CloudWatch log group names to monitor for agent traces.
- serviceNames
-
- Required: Yes
- Type: Array of strings
The list of service names to filter traces within the specified log groups. Used to identify relevant agent sessions.
CloudWatchOutputConfig
Description
The configuration for writing evaluation results to CloudWatch logs with embedded metric format (EMF) for monitoring.
Members
- logGroupName
-
- Required: Yes
- Type: string
The name of the CloudWatch log group where evaluation results will be written. The log group will be created if it doesn't exist.
Code
Description
The source code configuration that specifies the location and details of the code to be executed.
Members
- s3
-
- Type: S3Location structure
The Amazon Amazon S3 object that contains the source code for the agent runtime.
CodeConfiguration
Description
The configuration for the source code that defines how the agent runtime code should be executed, including the code location, runtime environment, and entry point.
Members
- code
-
- Required: Yes
- Type: Code structure
The source code location and configuration details.
- entryPoint
-
- Required: Yes
- Type: Array of strings
The entry point for the code execution, specifying the function or method that should be invoked when the code runs.
- runtime
-
- Required: Yes
- Type: string
The runtime environment for executing the code (for example, Python 3.9 or Node.js 18).
CodeInterpreterNetworkConfiguration
Description
The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.
Members
- networkMode
-
- Required: Yes
- Type: string
The network mode for the code interpreter. This field specifies how the code interpreter connects to the network.
- vpcConfig
-
- Type: VpcConfig structure
VpcConfig for the Agent.
CodeInterpreterSummary
Description
Contains summary information about a code interpreter. A code interpreter enables Amazon Bedrock Agent to execute code.
Members
- codeInterpreterArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the code interpreter.
- codeInterpreterId
-
- Required: Yes
- Type: string
The unique identifier of the code interpreter.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code interpreter was created.
- description
-
- Type: string
The description of the code interpreter.
- lastUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code interpreter was last updated.
- name
-
- Type: string
The name of the code interpreter.
- status
-
- Required: Yes
- Type: string
The current status of the code interpreter.
ConcurrentModificationException
Description
Exception thrown when a resource is modified concurrently by multiple requests.
Members
- message
-
- Required: Yes
- Type: string
ConflictException
Description
This exception is thrown when there is a conflict performing an operation
Members
- message
-
- Type: string
ConsolidationConfiguration
Description
Contains consolidation configuration information for a memory strategy.
Members
- customConsolidationConfiguration
-
- Type: CustomConsolidationConfiguration structure
The custom consolidation configuration.
ContainerConfiguration
Description
Representation of a container configuration.
Members
- containerUri
-
- Required: Yes
- Type: string
The ECR URI of the container.
Content
Description
Represents content input for policy generation operations. This structure encapsulates the natural language descriptions or other content formats that are used as input for AI-powered policy generation.
Members
- rawText
-
- Type: string
The raw text content containing natural language descriptions of desired policy behavior. This text is processed by AI to generate corresponding Cedar policy statements that match the described intent.
CredentialProvider
Description
A credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint.
Members
- apiKeyCredentialProvider
-
- Type: ApiKeyCredentialProvider structure
The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
- oauthCredentialProvider
-
- Type: OAuthCredentialProvider structure
The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
CredentialProviderConfiguration
Description
The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
Members
- credentialProvider
-
- Type: CredentialProvider structure
The credential provider. This field contains the specific configuration for the credential provider type.
- credentialProviderType
-
- Required: Yes
- Type: string
The type of credential provider. This field specifies which authentication method the gateway uses.
CustomClaimValidationType
Description
Defines the name of a custom claim field and rules for finding matches to authenticate its value.
Members
- authorizingClaimMatchValue
-
- Required: Yes
- Type: AuthorizingClaimMatchValueType structure
Defines the value or values to match for and the relationship of the match.
- inboundTokenClaimName
-
- Required: Yes
- Type: string
The name of the custom claim field to check.
- inboundTokenClaimValueType
-
- Required: Yes
- Type: string
The data type of the claim value to check for.
-
Use
STRINGif you want to find an exact match to a string you define. -
Use
STRING_ARRAYif you want to fnd a match to at least one value in an array you define.
CustomConfigurationInput
Description
Input for custom configuration of a memory strategy.
Members
- episodicOverride
-
- Type: EpisodicOverrideConfigurationInput structure
The episodic memory strategy override configuration for a custom memory strategy.
- selfManagedConfiguration
-
- Type: SelfManagedConfigurationInput structure
The self managed configuration for a custom memory strategy.
- semanticOverride
-
- Type: SemanticOverrideConfigurationInput structure
The semantic override configuration for a custom memory strategy.
- summaryOverride
-
- Type: SummaryOverrideConfigurationInput structure
The summary override configuration for a custom memory strategy.
- userPreferenceOverride
-
- Type: UserPreferenceOverrideConfigurationInput structure
The user preference override configuration for a custom memory strategy.
CustomConsolidationConfiguration
Description
Contains custom consolidation configuration information.
Members
- episodicConsolidationOverride
-
- Type: EpisodicConsolidationOverride structure
The configurations to override the default consolidation step for the episodic memory strategy.
- semanticConsolidationOverride
-
- Type: SemanticConsolidationOverride structure
The semantic consolidation override configuration.
- summaryConsolidationOverride
-
- Type: SummaryConsolidationOverride structure
The summary consolidation override configuration.
- userPreferenceConsolidationOverride
-
- Type: UserPreferenceConsolidationOverride structure
The user preference consolidation override configuration.
CustomConsolidationConfigurationInput
Description
Input for a custom consolidation configuration.
Members
- episodicConsolidationOverride
-
- Type: EpisodicOverrideConsolidationConfigurationInput structure
Configurations to override the consolidation step of the episodic strategy.
- semanticConsolidationOverride
-
- Type: SemanticOverrideConsolidationConfigurationInput structure
The semantic consolidation override configuration input.
- summaryConsolidationOverride
-
- Type: SummaryOverrideConsolidationConfigurationInput structure
The summary consolidation override configuration input.
- userPreferenceConsolidationOverride
-
- Type: UserPreferenceOverrideConsolidationConfigurationInput structure
The user preference consolidation override configuration input.
CustomExtractionConfiguration
Description
Contains custom extraction configuration information.
Members
- episodicExtractionOverride
-
- Type: EpisodicExtractionOverride structure
The configurations to override the default extraction step for the episodic memory strategy.
- semanticExtractionOverride
-
- Type: SemanticExtractionOverride structure
The semantic extraction override configuration.
- userPreferenceExtractionOverride
-
- Type: UserPreferenceExtractionOverride structure
The user preference extraction override configuration.
CustomExtractionConfigurationInput
Description
Input for a custom extraction configuration.
Members
- episodicExtractionOverride
-
- Type: EpisodicOverrideExtractionConfigurationInput structure
Configurations to override the extraction step of the episodic strategy.
- semanticExtractionOverride
-
- Type: SemanticOverrideExtractionConfigurationInput structure
The semantic extraction override configuration input.
- userPreferenceExtractionOverride
-
- Type: UserPreferenceOverrideExtractionConfigurationInput structure
The user preference extraction override configuration input.
CustomJWTAuthorizerConfiguration
Description
Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.
Members
- allowedAudience
-
- Type: Array of strings
Represents individual audience values that are validated in the incoming JWT token validation process.
- allowedClients
-
- Type: Array of strings
Represents individual client IDs that are validated in the incoming JWT token validation process.
- allowedScopes
-
- Type: Array of strings
An array of scopes that are allowed to access the token.
- customClaims
-
- Type: Array of CustomClaimValidationType structures
An array of objects that define a custom claim validation name, value, and operation
- discoveryUrl
-
- Required: Yes
- Type: string
This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
CustomMemoryStrategyInput
Description
Input for creating a custom memory strategy.
Members
- configuration
-
- Type: CustomConfigurationInput structure
The configuration for the custom memory strategy.
- description
-
- Type: string
The description of the custom memory strategy.
- name
-
- Required: Yes
- Type: string
The name of the custom memory strategy.
- namespaces
-
- Type: Array of strings
The namespaces associated with the custom memory strategy.
CustomOauth2ProviderConfigInput
Description
Input configuration for a custom OAuth2 provider.
Members
- clientId
-
- Required: Yes
- Type: string
The client ID for the custom OAuth2 provider.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the custom OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
The OAuth2 discovery information for the custom provider.
CustomOauth2ProviderConfigOutput
Description
Output configuration for a custom OAuth2 provider.
Members
- clientId
-
- Type: string
The client ID for the custom OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
The OAuth2 discovery information for the custom provider.
CustomReflectionConfiguration
Description
Contains configurations for a custom reflection strategy.
Members
- episodicReflectionOverride
-
- Type: EpisodicReflectionOverride structure
The configuration for a reflection strategy to override the default one.
CustomReflectionConfigurationInput
Description
Input for a custom reflection configuration.
Members
- episodicReflectionOverride
-
- Type: EpisodicOverrideReflectionConfigurationInput structure
The reflection override configuration input.
DataSourceConfig
Description
The configuration that specifies where to read agent traces for online evaluation.
Members
- cloudWatchLogs
-
- Type: CloudWatchLogsInputConfig structure
The CloudWatch logs configuration for reading agent traces from log groups.
DecryptionFailure
Description
Exception thrown when decryption of a secret fails.
Members
- message
-
- Required: Yes
- Type: string
DeleteMemoryStrategyInput
Description
Input for deleting a memory strategy.
Members
- memoryStrategyId
-
- Required: Yes
- Type: string
The unique identifier of the memory strategy to delete.
EncryptionFailure
Description
Exception thrown when encryption of a secret fails.
Members
- message
-
- Required: Yes
- Type: string
EpisodicConsolidationOverride
Description
Contains configurations to override the default consolidation step for the episodic memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text appended to the prompt for the consolidation step of the episodic memory strategy.
- modelId
-
- Required: Yes
- Type: string
The model ID used for the consolidation step of the episodic memory strategy.
EpisodicExtractionOverride
Description
Contains configurations to override the default extraction step for the episodic memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text appended to the prompt for the extraction step of the episodic memory strategy.
- modelId
-
- Required: Yes
- Type: string
The model ID used for the extraction step of the episodic memory strategy.
EpisodicMemoryStrategyInput
Description
Input for creating an episodic memory strategy.
Members
- description
-
- Type: string
The description of the episodic memory strategy.
- name
-
- Required: Yes
- Type: string
The name of the episodic memory strategy.
- namespaces
-
- Type: Array of strings
The namespaces for which to create episodes.
- reflectionConfiguration
-
- Type: EpisodicReflectionConfigurationInput structure
The configuration for the reflections created with the episodic memory strategy.
EpisodicOverrideConfigurationInput
Description
Input for the configuration to override the episodic memory strategy.
Members
- consolidation
-
- Type: EpisodicOverrideConsolidationConfigurationInput structure
Contains configurations for overriding the consolidation step of the episodic memory strategy.
- extraction
-
- Type: EpisodicOverrideExtractionConfigurationInput structure
Contains configurations for overriding the extraction step of the episodic memory strategy.
- reflection
-
- Type: EpisodicOverrideReflectionConfigurationInput structure
Contains configurations for overriding the reflection step of the episodic memory strategy.
EpisodicOverrideConsolidationConfigurationInput
Description
Configurations for overriding the consolidation step of the episodic memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for the consolidation step of the episodic memory strategy.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for the consolidation step of the episodic memory strategy.
EpisodicOverrideExtractionConfigurationInput
Description
Configurations for overriding the extraction step of the episodic memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for the extraction step of the episodic memory strategy.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for the extraction step of the episodic memory strategy.
EpisodicOverrideReflectionConfigurationInput
Description
Configurations for overriding the reflection step of the episodic memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for reflection step of the episodic memory strategy.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for the reflection step of the episodic memory strategy.
- namespaces
-
- Type: Array of strings
The namespaces to use for episodic reflection. Can be less nested than the episodic namespaces.
EpisodicReflectionConfiguration
Description
The configuration for the reflections created with the episodic memory strategy.
Members
- namespaces
-
- Required: Yes
- Type: Array of strings
The namespaces for which to create reflections. Can be less nested than the episodic namespaces.
EpisodicReflectionConfigurationInput
Description
An episodic reflection configuration input.
Members
- namespaces
-
- Required: Yes
- Type: Array of strings
The namespaces over which to create reflections. Can be less nested than episode namespaces.
EpisodicReflectionOverride
Description
Contains configurations to override the default reflection step for the episodic memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text appended to the prompt for the reflection step of the episodic memory strategy.
- modelId
-
- Required: Yes
- Type: string
The model ID used for the reflection step of the episodic memory strategy.
- namespaces
-
- Type: Array of strings
The namespaces over which reflections were created. Can be less nested than the episodic namespaces.
EvaluatorConfig
Description
The configuration that defines how an evaluator assesses agent performance, including the evaluation method and parameters.
Members
- llmAsAJudge
-
- Type: LlmAsAJudgeEvaluatorConfig structure
The LLM-as-a-Judge configuration that uses a language model to evaluate agent performance based on custom instructions and rating scales.
EvaluatorModelConfig
Description
The model configuration that specifies which foundation model to use for evaluation and how to configure it.
Members
- bedrockEvaluatorModelConfig
-
- Type: BedrockEvaluatorModelConfig structure
The Amazon Bedrock model configuration for evaluation.
EvaluatorReference
Description
The reference to an evaluator used in online evaluation configurations, containing the evaluator identifier.
Members
- evaluatorId
-
- Type: string
The unique identifier of the evaluator. Can reference builtin evaluators (e.g., Builtin.Helpfulness) or custom evaluators.
EvaluatorSummary
Description
The summary information about an evaluator, including basic metadata and status information.
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the evaluator was created.
- description
-
- Type: string
The description of the evaluator.
- evaluatorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the evaluator.
- evaluatorId
-
- Required: Yes
- Type: string
The unique identifier of the evaluator.
- evaluatorName
-
- Required: Yes
- Type: string
The name of the evaluator.
- evaluatorType
-
- Required: Yes
- Type: string
The type of evaluator, indicating whether it is a built-in evaluator provided by the service or a custom evaluator created by the user.
- level
-
- Type: string
The evaluation level (
TOOL_CALL,TRACE, orSESSION) that determines the scope of evaluation. - lockedForModification
-
- Type: boolean
Whether the evaluator is locked for modification due to being referenced by active online evaluation configurations.
- status
-
- Required: Yes
- Type: string
The current status of the evaluator.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the evaluator was last updated.
ExtractionConfiguration
Description
Contains extraction configuration information for a memory strategy.
Members
- customExtractionConfiguration
-
- Type: CustomExtractionConfiguration structure
The custom extraction configuration.
Filter
Description
The filter that applies conditions to agent traces during online evaluation to determine which traces should be evaluated.
Members
- key
-
- Required: Yes
- Type: string
The key or field name to filter on within the agent trace data.
- operator
-
- Required: Yes
- Type: string
The comparison operator to use for filtering.
- value
-
- Required: Yes
- Type: FilterValue structure
The value to compare against using the specified operator.
FilterValue
Description
The value used in filter comparisons, supporting different data types for flexible filtering criteria.
Members
- booleanValue
-
- Type: boolean
The boolean value for true/false filtering conditions.
- doubleValue
-
- Type: double
The numeric value for numerical filtering and comparisons.
- stringValue
-
- Type: string
The string value for text-based filtering.
Finding
Description
Represents a finding or issue discovered during policy generation or validation. Findings provide insights about potential problems, recommendations, or validation results from policy analysis operations. Finding types include: VALID (policy is ready to use), INVALID (policy has validation errors that must be fixed), NOT_TRANSLATABLE (input couldn't be converted to policy), ALLOW_ALL (policy would allow all actions, potential security risk), ALLOW_NONE (policy would allow no actions, unusable), DENY_ALL (policy would deny all actions, may be too restrictive), and DENY_NONE (policy would deny no actions, ineffective). Review all findings before creating policies from generated assets to ensure they match your security requirements.
Members
- description
-
- Type: string
A human-readable description of the finding. This provides detailed information about the issue, recommendation, or validation result to help users understand and address the finding.
- type
-
- Type: string
The type or category of the finding. This classifies the finding as an error, warning, recommendation, or informational message to help users understand the severity and nature of the issue.
GatewayInterceptorConfiguration
Description
The configuration for an interceptor on a gateway. This structure defines settings for an interceptor that will be invoked during the invocation of the gateway.
Members
- inputConfiguration
-
- Type: InterceptorInputConfiguration structure
The configuration for the input of the interceptor. This field specifies how the input to the interceptor is constructed
- interceptionPoints
-
- Required: Yes
- Type: Array of strings
The supported points of interception. This field specifies which points during the gateway invocation to invoke the interceptor
- interceptor
-
- Required: Yes
- Type: InterceptorConfiguration structure
The infrastructure settings of an interceptor configuration. This structure defines how the interceptor can be invoked.
GatewayPolicyEngineConfiguration
Description
The configuration for a policy engine associated with a gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the policy engine. The policy engine contains Cedar policies that define fine-grained authorization rules specifying who can perform what actions on which resources as agents interact through the gateway.
- mode
-
- Required: Yes
- Type: string
The enforcement mode for the policy engine. Valid values include:
-
LOG_ONLY- The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement. -
ENFORCE- The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies inLOG_ONLYmode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
GatewayProtocolConfiguration
Description
The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.
Members
- mcp
-
- Type: MCPGatewayConfiguration structure
The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.
GatewaySummary
Description
Contains summary information about a gateway.
Members
- authorizerType
-
- Required: Yes
- Type: string
The type of authorizer used by the gateway.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway was created.
- description
-
- Type: string
The description of the gateway.
- gatewayId
-
- Required: Yes
- Type: string
The unique identifier of the gateway.
- name
-
- Required: Yes
- Type: string
The name of the gateway.
- protocolType
-
- Required: Yes
- Type: string
The protocol type used by the gateway.
- status
-
- Required: Yes
- Type: string
The current status of the gateway.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the gateway was last updated.
GatewayTarget
Description
The gateway target.
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time at which the target was created.
- credentialProviderConfigurations
-
- Required: Yes
- Type: Array of CredentialProviderConfiguration structures
The provider configurations.
- description
-
- Type: string
The description for the gateway target.
- gatewayArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the gateway target.
- lastSynchronizedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last synchronization time.
- name
-
- Required: Yes
- Type: string
The name of the gateway target.
- status
-
- Required: Yes
- Type: string
The status of the gateway target.
- statusReasons
-
- Type: Array of strings
The status reasons for the target status.
- targetConfiguration
-
- Required: Yes
- Type: TargetConfiguration structure
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
- targetId
-
- Required: Yes
- Type: string
The target ID.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time at which the target was updated.
GithubOauth2ProviderConfigInput
Description
Input configuration for a GitHub OAuth2 provider.
Members
- clientId
-
- Required: Yes
- Type: string
The client ID for the GitHub OAuth2 provider.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the GitHub OAuth2 provider.
GithubOauth2ProviderConfigOutput
Description
Output configuration for a GitHub OAuth2 provider.
Members
- clientId
-
- Type: string
The client ID for the GitHub OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
The OAuth2 discovery information for the GitHub provider.
GoogleOauth2ProviderConfigInput
Description
Input configuration for a Google OAuth2 provider.
Members
- clientId
-
- Required: Yes
- Type: string
The client ID for the Google OAuth2 provider.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the Google OAuth2 provider.
GoogleOauth2ProviderConfigOutput
Description
Output configuration for a Google OAuth2 provider.
Members
- clientId
-
- Type: string
The client ID for the Google OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
The OAuth2 discovery information for the Google provider.
IncludedOauth2ProviderConfigInput
Description
Configuration settings for connecting to a supported OAuth2 provider. This includes client credentials and OAuth2 discovery information for providers that have built-in support.
Members
- authorizationEndpoint
-
- Type: string
OAuth2 authorization endpoint for your isolated OAuth2 application tenant. This is where users are redirected to authenticate and authorize access to their resources.
- clientId
-
- Required: Yes
- Type: string
The client ID for the supported OAuth2 provider. This identifier is assigned by the OAuth2 provider when you register your application.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.
- issuer
-
- Type: string
Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.
- tokenEndpoint
-
- Type: string
OAuth2 token endpoint for your isolated OAuth2 application tenant. This is where authorization codes are exchanged for access tokens.
IncludedOauth2ProviderConfigOutput
Description
The configuration details returned for a supported OAuth2 provider, including client credentials and OAuth2 discovery information.
Members
- clientId
-
- Type: string
The client ID for the supported OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
Contains the discovery information for an OAuth2 provider.
InferenceConfiguration
Description
The configuration parameters that control how the foundation model behaves during evaluation, including response generation settings.
Members
- maxTokens
-
- Type: int
The maximum number of tokens to generate in the model response during evaluation.
- stopSequences
-
- Type: Array of strings
The list of sequences that will cause the model to stop generating tokens when encountered.
- temperature
-
- Type: float
The temperature value that controls randomness in the model's responses. Lower values produce more deterministic outputs.
- topP
-
- Type: float
The top-p sampling parameter that controls the diversity of the model's responses by limiting the cumulative probability of token choices.
InterceptorConfiguration
Description
The interceptor configuration.
Members
- lambda
-
- Type: LambdaInterceptorConfiguration structure
The details of the lambda function used for the interceptor.
InterceptorInputConfiguration
Description
The input configuration of the interceptor.
Members
- passRequestHeaders
-
- Required: Yes
- Type: boolean
Indicates whether to pass request headers as input into the interceptor. When set to true, request headers will be passed.
InternalServerException
Description
This exception is thrown if there was an unexpected error during processing of request
Members
- message
-
- Type: string
InvocationConfiguration
Description
The configuration to invoke a self-managed memory processing pipeline with.
Members
- payloadDeliveryBucketName
-
- Required: Yes
- Type: string
The S3 bucket name for event payload delivery.
- topicArn
-
- Required: Yes
- Type: string
The ARN of the SNS topic for job notifications.
InvocationConfigurationInput
Description
The configuration to invoke a self-managed memory processing pipeline with.
Members
- payloadDeliveryBucketName
-
- Required: Yes
- Type: string
The S3 bucket name for event payload delivery.
- topicArn
-
- Required: Yes
- Type: string
The ARN of the SNS topic for job notifications.
KmsConfiguration
Description
Contains the KMS configuration for a resource.
Members
- keyType
-
- Required: Yes
- Type: string
The type of KMS key (CustomerManagedKey or ServiceManagedKey).
- kmsKeyArn
-
- Type: string
The Amazon Resource Name (ARN) of the KMS key.
LambdaInterceptorConfiguration
Description
The lambda configuration for the interceptor
Members
- arn
-
- Required: Yes
- Type: string
The arn of the lambda function to be invoked for the interceptor.
LifecycleConfiguration
Description
LifecycleConfiguration lets you manage the lifecycle of runtime sessions and resources in AgentCore Runtime. This configuration helps optimize resource utilization by automatically cleaning up idle sessions and preventing long-running instances from consuming resources indefinitely.
Members
- idleRuntimeSessionTimeout
-
- Type: int
Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will be automatically terminated. Default: 900 seconds (15 minutes).
- maxLifetime
-
- Type: int
Maximum lifetime for the instance in seconds. Once reached, instances will be automatically terminated and replaced. Default: 28800 seconds (8 hours).
LinkedinOauth2ProviderConfigInput
Description
Configuration settings for connecting to LinkedIn services using OAuth2 authentication. This includes the client credentials required to authenticate with LinkedIn's OAuth2 authorization server.
Members
- clientId
-
- Required: Yes
- Type: string
The client ID for the LinkedIn OAuth2 provider. This identifier is assigned by LinkedIn when you register your application.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the LinkedIn OAuth2 provider. This secret is assigned by LinkedIn and used along with the client ID to authenticate your application.
LinkedinOauth2ProviderConfigOutput
Description
The configuration details returned for a LinkedIn OAuth2 provider, including the client ID and OAuth2 discovery information.
Members
- clientId
-
- Type: string
The client ID for the LinkedIn OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
Contains the discovery information for an OAuth2 provider.
LlmAsAJudgeEvaluatorConfig
Description
The configuration for LLM-as-a-Judge evaluation that uses a language model to assess agent performance based on custom instructions and rating scales.
Members
- instructions
-
- Required: Yes
- Type: string
The evaluation instructions that guide the language model in assessing agent performance, including criteria and evaluation guidelines.
- modelConfig
-
- Required: Yes
- Type: EvaluatorModelConfig structure
The model configuration that specifies which foundation model to use and how to configure it for evaluation.
- ratingScale
-
- Required: Yes
- Type: RatingScale structure
The rating scale that defines how the evaluator should score agent performance, either numerical or categorical.
MCPGatewayConfiguration
Description
The configuration for a Model Context Protocol (MCP) gateway. This structure defines how the gateway implements the MCP protocol.
Members
- instructions
-
- Type: string
The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.
- searchType
-
- Type: string
The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.
- supportedVersions
-
- Type: Array of strings
The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.
McpLambdaTargetConfiguration
Description
The Lambda configuration for a Model Context Protocol target. This structure defines how the gateway uses a Lambda function to communicate with the target.
Members
- lambdaArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
- toolSchema
-
- Required: Yes
- Type: ToolSchema structure
The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
McpServerTargetConfiguration
Description
The target configuration for the MCP server.
Members
- endpoint
-
- Required: Yes
- Type: string
The endpoint for the MCP server target configuration.
McpTargetConfiguration
Description
The Model Context Protocol (MCP) configuration for a target. This structure defines how the gateway uses MCP to communicate with the target.
Members
- apiGateway
-
- Type: ApiGatewayTargetConfiguration structure
The configuration for an Amazon API Gateway target.
- lambda
-
- Type: McpLambdaTargetConfiguration structure
The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
- mcpServer
-
- Type: McpServerTargetConfiguration structure
The MCP server specified as the gateway target.
- openApiSchema
-
- Type: ApiSchemaConfiguration structure
The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
- smithyModel
-
- Type: ApiSchemaConfiguration structure
The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
Memory
Description
Contains information about a memory resource.
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the memory.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the memory was created.
- description
-
- Type: string
The description of the memory.
- encryptionKeyArn
-
- Type: string
The ARN of the KMS key used to encrypt the memory.
- eventExpiryDuration
-
- Required: Yes
- Type: int
The number of days after which memory events will expire.
- failureReason
-
- Type: string
The reason for failure if the memory is in a failed state.
- id
-
- Required: Yes
- Type: string
The unique identifier of the memory.
- memoryExecutionRoleArn
-
- Type: string
The ARN of the IAM role that provides permissions for the memory.
- name
-
- Required: Yes
- Type: string
The name of the memory.
- status
-
- Required: Yes
- Type: string
The current status of the memory.
- strategies
-
- Type: Array of MemoryStrategy structures
The list of memory strategies associated with this memory.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the memory was last updated.
MemoryStrategy
Description
Contains information about a memory strategy.
Members
- configuration
-
- Type: StrategyConfiguration structure
The configuration of the memory strategy.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the memory strategy was created.
- description
-
- Type: string
The description of the memory strategy.
- name
-
- Required: Yes
- Type: string
The name of the memory strategy.
- namespaces
-
- Required: Yes
- Type: Array of strings
The namespaces associated with the memory strategy.
- status
-
- Type: string
The current status of the memory strategy.
- strategyId
-
- Required: Yes
- Type: string
The unique identifier of the memory strategy.
- type
-
- Required: Yes
- Type: string
The type of the memory strategy.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the memory strategy was last updated.
MemoryStrategyInput
Description
Contains input information for creating a memory strategy.
Members
- customMemoryStrategy
-
- Type: CustomMemoryStrategyInput structure
Input for creating a custom memory strategy.
- episodicMemoryStrategy
-
- Type: EpisodicMemoryStrategyInput structure
Input for creating an episodic memory strategy
- semanticMemoryStrategy
-
- Type: SemanticMemoryStrategyInput structure
Input for creating a semantic memory strategy.
- summaryMemoryStrategy
-
- Type: SummaryMemoryStrategyInput structure
Input for creating a summary memory strategy.
- userPreferenceMemoryStrategy
-
- Type: UserPreferenceMemoryStrategyInput structure
Input for creating a user preference memory strategy.
MemorySummary
Description
Contains summary information about a memory resource.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the memory.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the memory was created.
- id
-
- Type: string
The unique identifier of the memory.
- status
-
- Type: string
The current status of the memory.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the memory was last updated.
MessageBasedTrigger
Description
The trigger configuration based on a message.
Members
- messageCount
-
- Type: int
The number of messages that trigger memory processing.
MessageBasedTriggerInput
Description
The trigger configuration based on a message.
Members
- messageCount
-
- Type: int
The number of messages that trigger memory processing.
MicrosoftOauth2ProviderConfigInput
Description
Input configuration for a Microsoft OAuth2 provider.
Members
- clientId
-
- Required: Yes
- Type: string
The client ID for the Microsoft OAuth2 provider.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the Microsoft OAuth2 provider.
- tenantId
-
- Type: string
The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.
MicrosoftOauth2ProviderConfigOutput
Description
Output configuration for a Microsoft OAuth2 provider.
Members
- clientId
-
- Type: string
The client ID for the Microsoft OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
The OAuth2 discovery information for the Microsoft provider.
ModifyConsolidationConfiguration
Description
Contains information for modifying a consolidation configuration.
Members
- customConsolidationConfiguration
-
- Type: CustomConsolidationConfigurationInput structure
The updated custom consolidation configuration.
ModifyExtractionConfiguration
Description
Contains information for modifying an extraction configuration.
Members
- customExtractionConfiguration
-
- Type: CustomExtractionConfigurationInput structure
The updated custom extraction configuration.
ModifyInvocationConfigurationInput
Description
The configuration for updating invocation settings.
Members
- payloadDeliveryBucketName
-
- Type: string
The updated S3 bucket name for event payload delivery.
- topicArn
-
- Type: string
The updated ARN of the SNS topic for job notifications.
ModifyMemoryStrategies
Description
Contains information for modifying memory strategies.
Members
- addMemoryStrategies
-
- Type: Array of MemoryStrategyInput structures
The list of memory strategies to add.
- deleteMemoryStrategies
-
- Type: Array of DeleteMemoryStrategyInput structures
The list of memory strategies to delete.
- modifyMemoryStrategies
-
- Type: Array of ModifyMemoryStrategyInput structures
The list of memory strategies to modify.
ModifyMemoryStrategyInput
Description
Input for modifying a memory strategy.
Members
- configuration
-
- Type: ModifyStrategyConfiguration structure
The updated configuration for the memory strategy.
- description
-
- Type: string
The updated description of the memory strategy.
- memoryStrategyId
-
- Required: Yes
- Type: string
The unique identifier of the memory strategy to modify.
- namespaces
-
- Type: Array of strings
The updated namespaces for the memory strategy.
ModifyReflectionConfiguration
Description
Contains information for modifying a reflection configuration.
Members
- customReflectionConfiguration
-
- Type: CustomReflectionConfigurationInput structure
The updated custom reflection configuration.
- episodicReflectionConfiguration
-
- Type: EpisodicReflectionConfigurationInput structure
The updated episodic reflection configuration.
ModifySelfManagedConfiguration
Description
The configuration for updating the self-managed memory strategy.
Members
- historicalContextWindowSize
-
- Type: int
The updated number of historical messages to include in processing context.
- invocationConfiguration
-
- Type: ModifyInvocationConfigurationInput structure
The updated configuration to invoke self-managed memory processing pipeline.
- triggerConditions
-
- Type: Array of TriggerConditionInput structures
The updated list of conditions that trigger memory processing.
ModifyStrategyConfiguration
Description
Contains information for modifying a strategy configuration.
Members
- consolidation
-
- Type: ModifyConsolidationConfiguration structure
The updated consolidation configuration.
- extraction
-
- Type: ModifyExtractionConfiguration structure
The updated extraction configuration.
- reflection
-
- Type: ModifyReflectionConfiguration structure
The updated reflection configuration.
- selfManagedConfiguration
-
- Type: ModifySelfManagedConfiguration structure
The updated self-managed configuration.
NetworkConfiguration
Description
SecurityConfig for the Agent.
Members
- networkMode
-
- Required: Yes
- Type: string
The network mode for the AgentCore Runtime.
- networkModeConfig
-
- Type: VpcConfig structure
The network mode configuration for the AgentCore Runtime.
NumericalScaleDefinition
Description
The definition of a numerical rating scale option that provides a numeric value with its description for evaluation scoring.
Members
- definition
-
- Required: Yes
- Type: string
The description that explains what this numerical rating represents and when it should be used.
- label
-
- Required: Yes
- Type: string
The label or name that describes this numerical rating option.
- value
-
- Required: Yes
- Type: double
The numerical value for this rating scale option.
OAuthCredentialProvider
Description
An OAuth credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using OAuth.
Members
- customParameters
-
- Type: Associative array of custom strings keys (OAuthCustomParametersKey) to strings
The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
- defaultReturnUrl
-
- Type: string
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
- grantType
-
- Type: string
Specifies the kind of credentials to use for authorization:
-
CLIENT_CREDENTIALS- Authorization with a client ID and secret. -
AUTHORIZATION_CODE- Authorization with a token that is specific to an individual end user.
- providerArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
- scopes
-
- Required: Yes
- Type: Array of strings
The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
Oauth2AuthorizationServerMetadata
Description
Contains the authorization server metadata for an OAuth2 provider.
Members
- authorizationEndpoint
-
- Required: Yes
- Type: string
The authorization endpoint URL for the OAuth2 authorization server.
- issuer
-
- Required: Yes
- Type: string
The issuer URL for the OAuth2 authorization server.
- responseTypes
-
- Type: Array of strings
The supported response types for the OAuth2 authorization server.
- tokenEndpoint
-
- Required: Yes
- Type: string
The token endpoint URL for the OAuth2 authorization server.
- tokenEndpointAuthMethods
-
- Type: Array of strings
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
Oauth2CredentialProviderItem
Description
Contains information about an OAuth2 credential provider.
Members
- createdTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the OAuth2 credential provider was created.
- credentialProviderArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the OAuth2 credential provider.
- credentialProviderVendor
-
- Required: Yes
- Type: string
The vendor of the OAuth2 credential provider.
- lastUpdatedTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the OAuth2 credential provider was last updated.
- name
-
- Required: Yes
- Type: string
The name of the OAuth2 credential provider.
Oauth2Discovery
Description
Contains the discovery information for an OAuth2 provider.
Members
- authorizationServerMetadata
-
- Type: Oauth2AuthorizationServerMetadata structure
The authorization server metadata for the OAuth2 provider.
- discoveryUrl
-
- Type: string
The discovery URL for the OAuth2 provider.
Oauth2ProviderConfigInput
Description
Contains the input configuration for an OAuth2 provider.
Members
- atlassianOauth2ProviderConfig
-
- Type: AtlassianOauth2ProviderConfigInput structure
Configuration settings for Atlassian OAuth2 provider integration.
- customOauth2ProviderConfig
-
- Type: CustomOauth2ProviderConfigInput structure
The configuration for a custom OAuth2 provider.
- githubOauth2ProviderConfig
-
- Type: GithubOauth2ProviderConfigInput structure
The configuration for a GitHub OAuth2 provider.
- googleOauth2ProviderConfig
-
- Type: GoogleOauth2ProviderConfigInput structure
The configuration for a Google OAuth2 provider.
- includedOauth2ProviderConfig
-
- Type: IncludedOauth2ProviderConfigInput structure
The configuration for a non-custom OAuth2 provider. This includes settings for supported OAuth2 providers that have built-in integration support.
- linkedinOauth2ProviderConfig
-
- Type: LinkedinOauth2ProviderConfigInput structure
Configuration settings for LinkedIn OAuth2 provider integration.
- microsoftOauth2ProviderConfig
-
- Type: MicrosoftOauth2ProviderConfigInput structure
The configuration for a Microsoft OAuth2 provider.
- salesforceOauth2ProviderConfig
-
- Type: SalesforceOauth2ProviderConfigInput structure
The configuration for a Salesforce OAuth2 provider.
- slackOauth2ProviderConfig
-
- Type: SlackOauth2ProviderConfigInput structure
The configuration for a Slack OAuth2 provider.
Oauth2ProviderConfigOutput
Description
Contains the output configuration for an OAuth2 provider.
Members
- atlassianOauth2ProviderConfig
-
- Type: AtlassianOauth2ProviderConfigOutput structure
The configuration details for the Atlassian OAuth2 provider.
- customOauth2ProviderConfig
-
- Type: CustomOauth2ProviderConfigOutput structure
The output configuration for a custom OAuth2 provider.
- githubOauth2ProviderConfig
-
- Type: GithubOauth2ProviderConfigOutput structure
The output configuration for a GitHub OAuth2 provider.
- googleOauth2ProviderConfig
-
- Type: GoogleOauth2ProviderConfigOutput structure
The output configuration for a Google OAuth2 provider.
- includedOauth2ProviderConfig
-
- Type: IncludedOauth2ProviderConfigOutput structure
The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.
- linkedinOauth2ProviderConfig
-
- Type: LinkedinOauth2ProviderConfigOutput structure
The configuration details for the LinkedIn OAuth2 provider.
- microsoftOauth2ProviderConfig
-
- Type: MicrosoftOauth2ProviderConfigOutput structure
The output configuration for a Microsoft OAuth2 provider.
- salesforceOauth2ProviderConfig
-
- Type: SalesforceOauth2ProviderConfigOutput structure
The output configuration for a Salesforce OAuth2 provider.
- slackOauth2ProviderConfig
-
- Type: SlackOauth2ProviderConfigOutput structure
The output configuration for a Slack OAuth2 provider.
OnlineEvaluationConfigSummary
Description
The summary information about an online evaluation configuration, including basic metadata and execution status.
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the online evaluation configuration was created.
- description
-
- Type: string
The description of the online evaluation configuration.
- executionStatus
-
- Required: Yes
- Type: string
The execution status indicating whether the online evaluation is currently running.
- failureReason
-
- Type: string
The reason for failure if the online evaluation configuration execution failed.
- onlineEvaluationConfigArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the online evaluation configuration.
- onlineEvaluationConfigId
-
- Required: Yes
- Type: string
The unique identifier of the online evaluation configuration.
- onlineEvaluationConfigName
-
- Required: Yes
- Type: string
The name of the online evaluation configuration.
- status
-
- Required: Yes
- Type: string
The status of the online evaluation configuration.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the online evaluation configuration was last updated.
OutputConfig
Description
The configuration that specifies where evaluation results should be written for monitoring and analysis.
Members
- cloudWatchConfig
-
- Required: Yes
- Type: CloudWatchOutputConfig structure
The CloudWatch configuration for writing evaluation results to CloudWatch logs with embedded metric format.
Policy
Description
Represents a complete policy resource within the AgentCore Policy system. Policies are ARN-able resources that contain Cedar policy statements and associated metadata for controlling agent behavior and access decisions. Each policy belongs to a policy engine and defines fine-grained authorization rules that are evaluated in real-time as agents interact with tools through Gateway. Policies use the Cedar policy language to specify who (principals based on OAuth claims like username, role, or scope) can perform what actions (tool calls) on which resources (Gateways), with optional conditions for attribute-based access control. Multiple policies can apply to a single request, with Cedar's forbid-wins semantics ensuring that security restrictions are never accidentally overridden.
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy was originally created. This is automatically set by the service and used for auditing and lifecycle management.
- definition
-
- Required: Yes
- Type: PolicyDefinition structure
The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.
- description
-
- Type: string
A human-readable description of the policy's purpose and functionality. Limited to 4,096 characters, this helps administrators understand and manage the policy.
- name
-
- Required: Yes
- Type: string
The customer-assigned immutable name for the policy. This human-readable identifier must be unique within the account and cannot exceed 48 characters.
- policyArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine that manages this policy. This establishes the policy engine context for policy evaluation and management.
- policyId
-
- Required: Yes
- Type: string
The unique identifier for the policy. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy operations.
- status
-
- Required: Yes
- Type: string
The current status of the policy.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the policy status. This provides details about any failures or the current state of the policy lifecycle.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration or metadata.
PolicyDefinition
Description
Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.
Members
- cedar
-
- Type: CedarPolicy structure
The Cedar policy definition within the policy definition structure. This contains the Cedar policy statement that defines the authorization logic using Cedar's human-readable, analyzable policy language. Cedar policies specify principals (who can access), actions (what operations are allowed), resources (what can be accessed), and optional conditions for fine-grained control. Cedar provides a formal policy language designed for authorization with deterministic evaluation, making policies testable, reviewable, and auditable. All Cedar policies follow a default-deny model where actions are denied unless explicitly permitted, and forbid policies always override permit policies.
PolicyEngine
Description
Represents a policy engine resource within the AgentCore Policy system. Policy engines serve as containers for grouping related policies and provide the execution context for policy evaluation and management. Each policy engine can be associated with one Gateway (one engine per Gateway), where it intercepts all agent tool calls and evaluates them against the contained policies before allowing tools to execute. The policy engine maintains the Cedar schema generated from the Gateway's tool manifest, ensuring that policies are validated against the actual tools and parameters available. Policy engines support two enforcement modes that can be configured when associating with a Gateway: log-only mode for testing (evaluates decisions without blocking) and enforce mode for production (actively allows or denies based on policy evaluation).
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy engine was originally created. This is automatically set by the service and used for auditing and lifecycle management.
- description
-
- Type: string
A human-readable description of the policy engine's purpose and scope. Limited to 4,096 characters, this helps administrators understand the policy engine's role in the overall governance strategy.
- name
-
- Required: Yes
- Type: string
The customer-assigned immutable name for the policy engine. This human-readable identifier must be unique within the account and cannot exceed 48 characters.
- policyEngineArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
- policyEngineId
-
- Required: Yes
- Type: string
The unique identifier for the policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy engine operations.
- status
-
- Required: Yes
- Type: string
The current status of the policy engine.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine lifecycle.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration or metadata.
PolicyGeneration
Description
Represents a policy generation request within the AgentCore Policy system. Tracks the AI-powered conversion of natural language descriptions into Cedar policy statements, enabling users to author policies by describing authorization requirements in plain English. The generation process analyzes the natural language input along with the Gateway's tool context and Cedar schema to produce one or more validated policy options. Each generation request tracks the status of the conversion process and maintains findings about the generated policies, including validation results and potential issues. Generated policy assets remain available for one week after successful generation, allowing time to review and create policies from the generated options.
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when this policy generation request was created.
- findings
-
- Type: string
Findings and insights from this policy generation process.
- name
-
- Required: Yes
- Type: string
The customer-assigned name for this policy generation request.
- policyEngineId
-
- Required: Yes
- Type: string
The identifier of the policy engine associated with this generation request.
- policyGenerationArn
-
- Required: Yes
- Type: string
The ARN of this policy generation request.
- policyGenerationId
-
- Required: Yes
- Type: string
The unique identifier for this policy generation request.
- resource
-
- Required: Yes
- Type: Resource structure
The resource information associated with this policy generation.
- status
-
- Required: Yes
- Type: string
The current status of this policy generation request.
- statusReasons
-
- Required: Yes
- Type: Array of strings
Additional information about the generation status.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when this policy generation was last updated.
PolicyGenerationAsset
Description
Represents a generated policy asset from the AI-powered policy generation process within the AgentCore Policy system. Each asset contains a Cedar policy statement generated from natural language input, along with associated metadata and analysis findings to help users evaluate and select the most appropriate policy option.
Members
- definition
-
- Type: PolicyDefinition structure
Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.
- findings
-
- Required: Yes
- Type: Array of Finding structures
Analysis findings and insights related to this specific generated policy asset. These findings may include validation results, potential issues, or recommendations for improvement to help users evaluate the quality and appropriateness of the generated policy.
- policyGenerationAssetId
-
- Required: Yes
- Type: string
The unique identifier for this generated policy asset within the policy generation request. This ID can be used to reference specific generated policy options when creating actual policies from the generation results.
- rawTextFragment
-
- Required: Yes
- Type: string
The portion of the original natural language input that this generated policy asset addresses. This helps users understand which part of their policy description was translated into this specific Cedar policy statement, enabling better policy selection and refinement. When a single natural language input describes multiple authorization requirements, the generation process creates separate policy assets for each requirement, with each asset's rawTextFragment showing which requirement it addresses. Use this mapping to verify that all parts of your natural language input were correctly translated into Cedar policies.
ProtocolConfiguration
Description
The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.
Members
- serverProtocol
-
- Required: Yes
- Type: string
The server protocol for the agent runtime. This field specifies which protocol the agent runtime uses to communicate with clients.
RatingScale
Description
The rating scale that defines how evaluators should score agent performance, supporting both numerical and categorical scales.
Members
- categorical
-
- Type: Array of CategoricalScaleDefinition structures
The categorical rating scale with named categories and definitions for qualitative evaluation.
- numerical
-
- Type: Array of NumericalScaleDefinition structures
The numerical rating scale with defined score values and descriptions for quantitative evaluation.
RecordingConfig
Description
The recording configuration for a browser. This structure defines how browser sessions are recorded.
Members
- enabled
-
- Type: boolean
Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.
- s3Location
-
- Type: S3Location structure
The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.
ReflectionConfiguration
Description
Contains reflection configuration information for a memory strategy.
Members
- customReflectionConfiguration
-
- Type: CustomReflectionConfiguration structure
The configuration for a custom reflection strategy.
- episodicReflectionConfiguration
-
- Type: EpisodicReflectionConfiguration structure
The configuration for the episodic reflection strategy.
RequestHeaderConfiguration
Description
Configuration for HTTP request headers that will be passed through to the runtime.
Members
- requestHeaderAllowlist
-
- Type: Array of strings
A list of HTTP request headers that are allowed to be passed through to the runtime.
Resource
Description
Represents a resource within the AgentCore Policy system. Resources are the targets of policy evaluation. Currently, only AgentCore Gateways are supported as resources for policy enforcement.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the resource. This globally unique identifier specifies the exact resource that policies will be evaluated against for access control decisions.
ResourceLimitExceededException
Description
Exception thrown when a resource limit is exceeded.
Members
- message
-
- Type: string
ResourceNotFoundException
Description
This exception is thrown when a resource referenced by the operation does not exist
Members
- message
-
- Type: string
Rule
Description
The evaluation rule that defines sampling configuration, filtering criteria, and session detection settings for online evaluation.
Members
- filters
-
- Type: Array of Filter structures
The list of filters that determine which agent traces should be included in the evaluation based on trace properties.
- samplingConfig
-
- Required: Yes
- Type: SamplingConfig structure
The sampling configuration that determines what percentage of agent traces to evaluate.
- sessionConfig
-
- Type: SessionConfig structure
The session configuration that defines timeout settings for detecting when agent sessions are complete and ready for evaluation.
S3Configuration
Description
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
Members
- bucketOwnerAccountId
-
- Type: string
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
- uri
-
- Type: string
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
S3Location
Description
The Amazon S3 location for storing data. This structure defines where in Amazon S3 data is stored.
Members
- bucket
-
- Required: Yes
- Type: string
The name of the Amazon S3 bucket. This bucket contains the stored data.
- prefix
-
- Required: Yes
- Type: string
The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
- versionId
-
- Type: string
The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
SalesforceOauth2ProviderConfigInput
Description
Input configuration for a Salesforce OAuth2 provider.
Members
- clientId
-
- Required: Yes
- Type: string
The client ID for the Salesforce OAuth2 provider.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the Salesforce OAuth2 provider.
SalesforceOauth2ProviderConfigOutput
Description
Output configuration for a Salesforce OAuth2 provider.
Members
- clientId
-
- Type: string
The client ID for the Salesforce OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
The OAuth2 discovery information for the Salesforce provider.
SamplingConfig
Description
The configuration that controls what percentage of agent traces are sampled for evaluation to manage evaluation volume and costs.
Members
- samplingPercentage
-
- Required: Yes
- Type: double
The percentage of agent traces to sample for evaluation, ranging from 0.01% to 100%.
SchemaDefinition
Description
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
Members
- description
-
- Type: string
The description of the schema definition. This description provides information about the purpose and usage of the schema.
- items
-
- Type: SchemaDefinition structure
The items in the schema definition. This field is used for array types to define the structure of the array elements.
- properties
-
- Type: Associative array of custom strings keys (String) to SchemaDefinition structures
The properties of the schema definition. These properties define the fields in the schema.
- required
-
- Type: Array of strings
The required fields in the schema definition. These fields must be provided when using the schema.
- type
-
- Required: Yes
- Type: string
The type of the schema definition. This field specifies the data type of the schema.
Secret
Description
Contains information about a secret in AWS Secrets Manager.
Members
- secretArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
SelfManagedConfiguration
Description
A configuration for a self-managed memory strategy.
Members
- historicalContextWindowSize
-
- Required: Yes
- Type: int
The number of historical messages to include in processing context.
- invocationConfiguration
-
- Required: Yes
- Type: InvocationConfiguration structure
The configuration to use when invoking memory processing.
- triggerConditions
-
- Required: Yes
- Type: Array of TriggerCondition structures
A list of conditions that trigger memory processing.
SelfManagedConfigurationInput
Description
Input configuration for a self-managed memory strategy.
Members
- historicalContextWindowSize
-
- Type: int
Number of historical messages to include in processing context.
- invocationConfiguration
-
- Required: Yes
- Type: InvocationConfigurationInput structure
Configuration to invoke a self-managed memory processing pipeline with.
- triggerConditions
-
- Type: Array of TriggerConditionInput structures
A list of conditions that trigger memory processing.
SemanticConsolidationOverride
Description
Contains semantic consolidation override configuration.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for semantic consolidation.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for semantic consolidation.
SemanticExtractionOverride
Description
Contains semantic extraction override configuration.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for semantic extraction.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for semantic extraction.
SemanticMemoryStrategyInput
Description
Input for creating a semantic memory strategy.
Members
- description
-
- Type: string
The description of the semantic memory strategy.
- name
-
- Required: Yes
- Type: string
The name of the semantic memory strategy.
- namespaces
-
- Type: Array of strings
The namespaces associated with the semantic memory strategy.
SemanticOverrideConfigurationInput
Description
Input for semantic override configuration in a memory strategy.
Members
- consolidation
-
- Type: SemanticOverrideConsolidationConfigurationInput structure
The consolidation configuration for a semantic override.
- extraction
-
- Type: SemanticOverrideExtractionConfigurationInput structure
The extraction configuration for a semantic override.
SemanticOverrideConsolidationConfigurationInput
Description
Input for semantic override consolidation configuration in a memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for semantic consolidation.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for semantic consolidation.
SemanticOverrideExtractionConfigurationInput
Description
Input for semantic override extraction configuration in a memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for semantic extraction.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for semantic extraction.
ServiceException
Description
An internal error occurred.
Members
- message
-
- Type: string
ServiceQuotaExceededException
Description
This exception is thrown when a request is made beyond the service quota
Members
- message
-
- Type: string
SessionConfig
Description
The configuration that defines how agent sessions are detected and when they are considered complete for evaluation.
Members
- sessionTimeoutMinutes
-
- Required: Yes
- Type: int
The number of minutes of inactivity after which an agent session is considered complete and ready for evaluation. Default is 15 minutes.
SlackOauth2ProviderConfigInput
Description
Input configuration for a Slack OAuth2 provider.
Members
- clientId
-
- Required: Yes
- Type: string
The client ID for the Slack OAuth2 provider.
- clientSecret
-
- Required: Yes
- Type: string
The client secret for the Slack OAuth2 provider.
SlackOauth2ProviderConfigOutput
Description
Output configuration for a Slack OAuth2 provider.
Members
- clientId
-
- Type: string
The client ID for the Slack OAuth2 provider.
- oauthDiscovery
-
- Required: Yes
- Type: Oauth2Discovery structure
The OAuth2 discovery information for the Slack provider.
StrategyConfiguration
Description
Contains configuration information for a memory strategy.
Members
- consolidation
-
- Type: ConsolidationConfiguration structure
The consolidation configuration for the memory strategy.
- extraction
-
- Type: ExtractionConfiguration structure
The extraction configuration for the memory strategy.
- reflection
-
- Type: ReflectionConfiguration structure
The reflection configuration for the memory strategy.
- selfManagedConfiguration
-
- Type: SelfManagedConfiguration structure
Self-managed configuration settings.
- type
-
- Type: string
The type of override for the strategy configuration.
SummaryConsolidationOverride
Description
Contains summary consolidation override configuration.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for summary consolidation.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for summary consolidation.
SummaryMemoryStrategyInput
Description
Input for creating a summary memory strategy.
Members
- description
-
- Type: string
The description of the summary memory strategy.
- name
-
- Required: Yes
- Type: string
The name of the summary memory strategy.
- namespaces
-
- Type: Array of strings
The namespaces associated with the summary memory strategy.
SummaryOverrideConfigurationInput
Description
Input for summary override configuration in a memory strategy.
Members
- consolidation
-
- Type: SummaryOverrideConsolidationConfigurationInput structure
The consolidation configuration for a summary override.
SummaryOverrideConsolidationConfigurationInput
Description
Input for summary override consolidation configuration in a memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for summary consolidation.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for summary consolidation.
TargetConfiguration
Description
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
Members
- mcp
-
- Type: McpTargetConfiguration structure
The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
TargetSummary
Description
Contains summary information about a gateway target. A target represents an endpoint that the gateway can connect to.
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the target was created.
- description
-
- Type: string
The description of the target.
- name
-
- Required: Yes
- Type: string
The name of the target.
- status
-
- Required: Yes
- Type: string
The current status of the target.
- targetId
-
- Required: Yes
- Type: string
The unique identifier of the target.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the target was last updated.
ThrottledException
Description
API rate limit has been exceeded.
Members
- message
-
- Type: string
ThrottlingException
Description
This exception is thrown when the number of requests exceeds the limit
Members
- message
-
- Type: string
TimeBasedTrigger
Description
Trigger configuration based on time.
Members
- idleSessionTimeout
-
- Type: int
Idle session timeout (seconds) that triggers memory processing.
TimeBasedTriggerInput
Description
Trigger configuration based on time.
Members
- idleSessionTimeout
-
- Type: int
Idle session timeout (seconds) that triggers memory processing.
TokenBasedTrigger
Description
Trigger configuration based on tokens.
Members
- tokenCount
-
- Type: int
Number of tokens that trigger memory processing.
TokenBasedTriggerInput
Description
Trigger configuration based on tokens.
Members
- tokenCount
-
- Type: int
Number of tokens that trigger memory processing.
ToolDefinition
Description
A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
Members
- description
-
- Required: Yes
- Type: string
The description of the tool. This description provides information about the purpose and usage of the tool.
- inputSchema
-
- Required: Yes
- Type: SchemaDefinition structure
The input schema for the tool. This schema defines the structure of the input that the tool accepts.
- name
-
- Required: Yes
- Type: string
The name of the tool. This name identifies the tool in the Model Context Protocol.
- outputSchema
-
- Type: SchemaDefinition structure
The output schema for the tool. This schema defines the structure of the output that the tool produces.
ToolSchema
Description
A tool schema for a gateway target. This structure defines the schema for a tool that the target exposes through the Model Context Protocol.
Members
- inlinePayload
-
- Type: Array of ToolDefinition structures
The inline payload of the tool schema. This payload contains the schema definition directly in the request.
- s3
-
- Type: S3Configuration structure
The Amazon S3 location of the tool schema. This location contains the schema definition file.
TriggerCondition
Description
Condition that triggers memory processing.
Members
- messageBasedTrigger
-
- Type: MessageBasedTrigger structure
Message based trigger configuration.
- timeBasedTrigger
-
- Type: TimeBasedTrigger structure
Time based trigger configuration.
- tokenBasedTrigger
-
- Type: TokenBasedTrigger structure
Token based trigger configuration.
TriggerConditionInput
Description
Condition that triggers memory processing.
Members
- messageBasedTrigger
-
- Type: MessageBasedTriggerInput structure
Message based trigger configuration.
- timeBasedTrigger
-
- Type: TimeBasedTriggerInput structure
Time based trigger configuration.
- tokenBasedTrigger
-
- Type: TokenBasedTriggerInput structure
Token based trigger configuration.
UnauthorizedException
Description
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
Members
- message
-
- Type: string
UserPreferenceConsolidationOverride
Description
Contains user preference consolidation override configuration.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for user preference consolidation.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for user preference consolidation.
UserPreferenceExtractionOverride
Description
Contains user preference extraction override configuration.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for user preference extraction.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for user preference extraction.
UserPreferenceMemoryStrategyInput
Description
Input for creating a user preference memory strategy.
Members
- description
-
- Type: string
The description of the user preference memory strategy.
- name
-
- Required: Yes
- Type: string
The name of the user preference memory strategy.
- namespaces
-
- Type: Array of strings
The namespaces associated with the user preference memory strategy.
UserPreferenceOverrideConfigurationInput
Description
Input for user preference override configuration in a memory strategy.
Members
- consolidation
-
- Type: UserPreferenceOverrideConsolidationConfigurationInput structure
The consolidation configuration for a user preference override.
- extraction
-
- Type: UserPreferenceOverrideExtractionConfigurationInput structure
The extraction configuration for a user preference override.
UserPreferenceOverrideConsolidationConfigurationInput
Description
Input for user preference override consolidation configuration in a memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for user preference consolidation.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for user preference consolidation.
UserPreferenceOverrideExtractionConfigurationInput
Description
Input for user preference override extraction configuration in a memory strategy.
Members
- appendToPrompt
-
- Required: Yes
- Type: string
The text to append to the prompt for user preference extraction.
- modelId
-
- Required: Yes
- Type: string
The model ID to use for user preference extraction.
ValidationException
Description
The input fails to satisfy the constraints specified by the service.
Members
- fieldList
-
- Type: Array of ValidationExceptionField structures
- message
-
- Required: Yes
- Type: string
- reason
-
- Required: Yes
- Type: string
ValidationExceptionField
Description
Stores information about a field passed inside a request that resulted in an exception.
Members
- message
-
- Required: Yes
- Type: string
A message describing why this field failed validation.
- name
-
- Required: Yes
- Type: string
The name of the field.
VpcConfig
Description
VpcConfig for the Agent.
Members
- securityGroups
-
- Required: Yes
- Type: Array of strings
The security groups associated with the VPC configuration.
- subnets
-
- Required: Yes
- Type: Array of strings
The subnets associated with the VPC configuration.
WorkloadIdentityDetails
Description
The information about the workload identity.
Members
- workloadIdentityArn
-
- Required: Yes
- Type: string
The ARN associated with the workload identity.
WorkloadIdentityType
Description
Contains information about a workload identity.
Members
- name
-
- Required: Yes
- Type: string
The name of the workload identity.
- workloadIdentityArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the workload identity.