CreateWorkloadIdentity - Amazon Bedrock AgentCore Control Plane

CreateWorkloadIdentity

Creates a new workload identity.

Request Syntax

POST /identities/CreateWorkloadIdentity HTTP/1.1 Content-type: application/json { "allowedResourceOauth2ReturnUrls": [ "string" ], "name": "string", "tags": { "string" : "string" } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

allowedResourceOauth2ReturnUrls

The list of allowed OAuth2 return URLs for resources associated with this workload identity.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: \w+:(\/?\/?)[^\s]+

Required: No

name

The name of the workload identity. The name must be unique within your account.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 255.

Pattern: [A-Za-z0-9_.-]+

Required: Yes

tags

A map of tag keys and values to assign to the workload identity. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: [a-zA-Z0-9\s._:/=+@-]*

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Value Pattern: [a-zA-Z0-9\s._:/=+@-]*

Required: No

Response Syntax

HTTP/1.1 201 Content-type: application/json { "allowedResourceOauth2ReturnUrls": [ "string" ], "name": "string", "workloadIdentityArn": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

allowedResourceOauth2ReturnUrls

The list of allowed OAuth2 return URLs for resources associated with this workload identity.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: \w+:(\/?\/?)[^\s]+

name

The name of the workload identity.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 255.

Pattern: [A-Za-z0-9_.-]+

workloadIdentityArn

The Amazon Resource Name (ARN) of the workload identity.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

This exception is thrown when a request is denied per access permissions

HTTP Status Code: 403

InternalServerException

This exception is thrown if there was an unexpected error during processing of request

HTTP Status Code: 500

ResourceNotFoundException

This exception is thrown when a resource referenced by the operation does not exist

HTTP Status Code: 404

ThrottlingException

This exception is thrown when the number of requests exceeds the limit

HTTP Status Code: 429

UnauthorizedException

This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access

HTTP Status Code: 401

ValidationException

The input fails to satisfy the constraints specified by the service.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: