Class: AWSCDK::BedrockAgentCore::CfnGateway::GatewayPolicyEngineConfigurationProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::BedrockAgentCore::CfnGateway::GatewayPolicyEngineConfigurationProperty
- Defined in:
- bedrock_agent_core/cfn_gateway.rb
Overview
The configuration for a policy engine associated with a gateway.
A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
Instance Attribute Summary collapse
-
#arn ⇒ String
readonly
The ARN of the policy engine.
-
#mode ⇒ String
readonly
The enforcement mode for the policy engine.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(arn:, mode:) ⇒ GatewayPolicyEngineConfigurationProperty
constructor
A new instance of GatewayPolicyEngineConfigurationProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(arn:, mode:) ⇒ GatewayPolicyEngineConfigurationProperty
Returns a new instance of GatewayPolicyEngineConfigurationProperty.
993 994 995 996 997 998 |
# File 'bedrock_agent_core/cfn_gateway.rb', line 993 def initialize(arn:, mode:) @arn = arn Jsii::Type.check_type(@arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arn") @mode = mode Jsii::Type.check_type(@mode, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "mode") end |
Instance Attribute Details
#arn ⇒ String (readonly)
The ARN of the policy engine.
The policy engine contains Cedar policies that define fine-grained authorization rules specifying who can perform what actions on which resources as agents interact through the gateway.
1006 1007 1008 |
# File 'bedrock_agent_core/cfn_gateway.rb', line 1006 def arn @arn end |
#mode ⇒ String (readonly)
The enforcement mode for the policy engine.
LOG_ONLY - The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement. ENFORCE - The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies in LOG_ONLY mode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
1013 1014 1015 |
# File 'bedrock_agent_core/cfn_gateway.rb', line 1013 def mode @mode end |
Class Method Details
.jsii_properties ⇒ Object
1015 1016 1017 1018 1019 1020 |
# File 'bedrock_agent_core/cfn_gateway.rb', line 1015 def self.jsii_properties { :arn => "arn", :mode => "mode", } end |
Instance Method Details
#to_jsii ⇒ Object
1022 1023 1024 1025 1026 1027 1028 1029 |
# File 'bedrock_agent_core/cfn_gateway.rb', line 1022 def to_jsii result = {} result.merge!({ "arn" => @arn, "mode" => @mode, }) result.compact end |