Class: Aws::BedrockAgentCoreControl::Types::PolicyDefinition

Inherits:

Struct

• Object
• Struct
• Aws::BedrockAgentCoreControl::Types::PolicyDefinition

Defined in:

gems/aws-sdk-bedrockagentcorecontrol/lib/aws-sdk-bedrockagentcorecontrol/types.rb

Overview

Note:

PolicyDefinition is a union - when making an API calls you must set exactly one of the members.

Note:

PolicyDefinition is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PolicyDefinition corresponding to the set member.

Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.

See Also:

• AWS API Documentation

Direct Known Subclasses

Cedar, Unknown

Defined Under Namespace

Classes: Cedar, Unknown

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #cedar ⇒ Types::CedarPolicy

  The Cedar policy definition within the policy definition structure.

• #unknown ⇒ Object

  Returns the value of attribute unknown.

Instance Attribute Details

#cedar ⇒ Types::CedarPolicy

The Cedar policy definition within the policy definition structure. This contains the Cedar policy statement that defines the authorization logic using Cedar's human-readable, analyzable policy language. Cedar policies specify principals (who can access), actions (what operations are allowed), resources (what can be accessed), and optional conditions for fine-grained control. Cedar provides a formal policy language designed for authorization with deterministic evaluation, making policies testable, reviewable, and auditable. All Cedar policies follow a default-deny model where actions are denied unless explicitly permitted, and forbid policies always override permit policies.

Returns:

• (Types::CedarPolicy)

# File 'gems/aws-sdk-bedrockagentcorecontrol/lib/aws-sdk-bedrockagentcorecontrol/types.rb', line 7545

class PolicyDefinition < Struct.new(
  :cedar,
  :unknown)
  SENSITIVE = []
  include Aws::Structure
  include Aws::Structure::Union

  class Cedar < PolicyDefinition; end
  class Unknown < PolicyDefinition; end
end

#unknown ⇒ Object

Returns the value of attribute unknown

Returns:

• (Object) —

  the current value of unknown

# File 'gems/aws-sdk-bedrockagentcorecontrol/lib/aws-sdk-bedrockagentcorecontrol/types.rb', line 7545

def unknown
  @unknown
end