Class: AWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration

Inherits:
Jsii::Object
  • Object
show all
Defined in:
bedrock_agent_core/runtime_authorizer_configuration.rb

Overview

Abstract base class for runtime authorizer configurations.

Provides static factory methods to create different authentication types.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeRuntimeAuthorizerConfiguration

Returns a new instance of RuntimeAuthorizerConfiguration.



10
11
12
# File 'bedrock_agent_core/runtime_authorizer_configuration.rb', line 10

def initialize
  Jsii::Object.instance_method(:initialize).bind(self).call
end

Class Method Details

.jsii_overridable_methodsObject



14
15
16
17
# File 'bedrock_agent_core/runtime_authorizer_configuration.rb', line 14

def self.jsii_overridable_methods
  {
  }
end

.using_cognito(user_pool, user_pool_clients, allowed_audience = nil, allowed_scopes = nil, custom_claims = nil) ⇒ AWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration

Use AWS Cognito User Pool authentication.

Validates Cognito-issued JWT tokens.

Parameters:

Returns:

  • (AWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration)

    RuntimeAuthorizerConfiguration for Cognito authentication



29
30
31
32
33
34
35
36
# File 'bedrock_agent_core/runtime_authorizer_configuration.rb', line 29

def self.using_cognito(user_pool, user_pool_clients, allowed_audience = nil, allowed_scopes = nil, custom_claims = nil)
  Jsii::Type.check_type(user_pool, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5JVXNlclBvb2wifQ==")), "userPool")
  Jsii::Type.check_type(user_pool_clients, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19jb2duaXRvLklVc2VyUG9vbENsaWVudCJ9LCJraW5kIjoiYXJyYXkifX0=")), "userPoolClients")
  Jsii::Type.check_type(allowed_audience, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedAudience") unless allowed_audience.nil?
  Jsii::Type.check_type(allowed_scopes, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedScopes") unless allowed_scopes.nil?
  Jsii::Type.check_type(custom_claims, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19iZWRyb2NrYWdlbnRjb3JlLlJ1bnRpbWVDdXN0b21DbGFpbSJ9LCJraW5kIjoiYXJyYXkifX0=")), "customClaims") unless custom_claims.nil?
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_bedrockagentcore.RuntimeAuthorizerConfiguration", "usingCognito", [user_pool, user_pool_clients, allowed_audience, allowed_scopes, custom_claims])
end

.using_iamAWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration

Use IAM authentication (default).

Requires AWS credentials to sign requests using SigV4.

Returns:

  • (AWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration)

    RuntimeAuthorizerConfiguration for IAM authentication



43
44
45
# File 'bedrock_agent_core/runtime_authorizer_configuration.rb', line 43

def self.using_iam()
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_bedrockagentcore.RuntimeAuthorizerConfiguration", "usingIAM", [])
end

.using_jwt(discovery_url, allowed_clients = nil, allowed_audience = nil, allowed_scopes = nil, custom_claims = nil) ⇒ AWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration

Use custom JWT authentication.

Validates JWT tokens against the specified OIDC provider.

Parameters:

  • discovery_url (String)

    The OIDC discovery URL (must end with /.well-known/openid-configuration).

  • allowed_clients (Array<String>, nil) (defaults to: nil)

    Optional array of allowed client IDs.

  • allowed_audience (Array<String>, nil) (defaults to: nil)

    Optional array of allowed audiences.

  • allowed_scopes (Array<String>, nil) (defaults to: nil)

    Optional array of allowed scopes.

  • custom_claims (Array<AWSCDK::BedrockAgentCore::RuntimeCustomClaim>, nil) (defaults to: nil)

    Optional array of custom claim validations.

Returns:

  • (AWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration)

    RuntimeAuthorizerConfiguration for JWT authentication



57
58
59
60
61
62
63
64
# File 'bedrock_agent_core/runtime_authorizer_configuration.rb', line 57

def self.using_jwt(discovery_url, allowed_clients = nil, allowed_audience = nil, allowed_scopes = nil, custom_claims = nil)
  Jsii::Type.check_type(discovery_url, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "discoveryUrl")
  Jsii::Type.check_type(allowed_clients, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedClients") unless allowed_clients.nil?
  Jsii::Type.check_type(allowed_audience, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedAudience") unless allowed_audience.nil?
  Jsii::Type.check_type(allowed_scopes, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedScopes") unless allowed_scopes.nil?
  Jsii::Type.check_type(custom_claims, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19iZWRyb2NrYWdlbnRjb3JlLlJ1bnRpbWVDdXN0b21DbGFpbSJ9LCJraW5kIjoiYXJyYXkifX0=")), "customClaims") unless custom_claims.nil?
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_bedrockagentcore.RuntimeAuthorizerConfiguration", "usingJWT", [discovery_url, allowed_clients, allowed_audience, allowed_scopes, custom_claims])
end

.using_o_auth(discovery_url, client_id, allowed_audience = nil, allowed_scopes = nil, custom_claims = nil) ⇒ AWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration

Use OAuth 2.0 authentication. Supports various OAuth providers.

Parameters:

  • discovery_url (String)

    The OIDC discovery URL (must end with /.well-known/openid-configuration).

  • client_id (String)

    OAuth client ID.

  • allowed_audience (Array<String>, nil) (defaults to: nil)

    Optional array of allowed audiences.

  • allowed_scopes (Array<String>, nil) (defaults to: nil)

    Optional array of allowed scopes.

  • custom_claims (Array<AWSCDK::BedrockAgentCore::RuntimeCustomClaim>, nil) (defaults to: nil)

    Optional array of custom claim validations.

Returns:

  • (AWSCDK::BedrockAgentCore::RuntimeAuthorizerConfiguration)

    RuntimeAuthorizerConfiguration for OAuth authentication



74
75
76
77
78
79
80
81
# File 'bedrock_agent_core/runtime_authorizer_configuration.rb', line 74

def self.using_o_auth(discovery_url, client_id, allowed_audience = nil, allowed_scopes = nil, custom_claims = nil)
  Jsii::Type.check_type(discovery_url, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "discoveryUrl")
  Jsii::Type.check_type(client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientId")
  Jsii::Type.check_type(allowed_audience, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedAudience") unless allowed_audience.nil?
  Jsii::Type.check_type(allowed_scopes, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedScopes") unless allowed_scopes.nil?
  Jsii::Type.check_type(custom_claims, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19iZWRyb2NrYWdlbnRjb3JlLlJ1bnRpbWVDdXN0b21DbGFpbSJ9LCJraW5kIjoiYXJyYXkifX0=")), "customClaims") unless custom_claims.nil?
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_bedrockagentcore.RuntimeAuthorizerConfiguration", "usingOAuth", [discovery_url, client_id, allowed_audience, allowed_scopes, custom_claims])
end