Class: AWSCDK::BedrockAgentCore::CfnGateway::GatewayPolicyEngineConfigurationProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
bedrock_agent_core/cfn_gateway.rb

Overview

The configuration for a policy engine associated with a gateway.

A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(arn:, mode:) ⇒ GatewayPolicyEngineConfigurationProperty

Returns a new instance of GatewayPolicyEngineConfigurationProperty.

Parameters:

  • arn (String)

    The ARN of the policy engine.

  • mode (String)

    The enforcement mode for the policy engine.



993
994
995
996
997
998
# File 'bedrock_agent_core/cfn_gateway.rb', line 993

def initialize(arn:, mode:)
  @arn = arn
  Jsii::Type.check_type(@arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arn")
  @mode = mode
  Jsii::Type.check_type(@mode, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "mode")
end

Instance Attribute Details

#arnString (readonly)

The ARN of the policy engine.

The policy engine contains Cedar policies that define fine-grained authorization rules specifying who can perform what actions on which resources as agents interact through the gateway.



1006
1007
1008
# File 'bedrock_agent_core/cfn_gateway.rb', line 1006

def arn
  @arn
end

#modeString (readonly)

The enforcement mode for the policy engine.

LOG_ONLY - The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement. ENFORCE - The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies in LOG_ONLY mode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.



1013
1014
1015
# File 'bedrock_agent_core/cfn_gateway.rb', line 1013

def mode
  @mode
end

Class Method Details

.jsii_propertiesObject



1015
1016
1017
1018
1019
1020
# File 'bedrock_agent_core/cfn_gateway.rb', line 1015

def self.jsii_properties
  {
    :arn => "arn",
    :mode => "mode",
  }
end

Instance Method Details

#to_jsiiObject



1022
1023
1024
1025
1026
1027
1028
1029
# File 'bedrock_agent_core/cfn_gateway.rb', line 1022

def to_jsii
  result = {}
  result.merge!({
    "arn" => @arn,
    "mode" => @mode,
  })
  result.compact
end