This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::BedrockAgentCore::OAuth2CredentialProvider MicrosoftOauth2ProviderConfigInput Input configuration for a Microsoft OAuth2 provider. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ClientId](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-clientid)" : {{String}}, "[ClientSecret](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-clientsecret)" : {{String}}, "[ClientSecretConfig](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-clientsecretconfig)" : {{SecretReference}}, "[ClientSecretSource](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-clientsecretsource)" : {{String}}, "[TenantId](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-tenantid)" : {{String}} } ``` ### YAML ``` [ClientId](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-clientid): {{String}} [ClientSecret](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-clientsecret): {{String}} [ClientSecretConfig](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-clientsecretconfig): {{ SecretReference}} [ClientSecretSource](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-clientsecretsource): {{String}} [TenantId](#cfn-bedrockagentcore-oauth2credentialprovider-microsoftoauth2providerconfiginput-tenantid): {{String}} ``` ## Properties `ClientId` The client ID for the Microsoft OAuth2 provider. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ClientSecret` The client secret for the Microsoft OAuth2 provider. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ClientSecretConfig` A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when `clientSecretSource` is set to `EXTERNAL`. *Required*: No *Type*: [SecretReference](aws-properties-bedrockagentcore-oauth2credentialprovider-secretreference.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ClientSecretSource` The source type of the client secret. Use `MANAGED` if the secret is managed by the service, or `EXTERNAL` if you manage the secret yourself in AWS Secrets Manager. *Required*: No *Type*: String *Allowed values*: `MANAGED | EXTERNAL` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TenantId` The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)