UNPKG

@aws-cdk/aws-bedrock-agentcore-alpha

Version:

The CDK Construct Library for Amazon Bedrock

github.com/aws/aws-cdk

aws/aws-cdk

346 lines (345 loc) 11.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
import * as iam from 'aws-cdk-lib/aws-iam'; import { IFunction } from 'aws-cdk-lib/aws-lambda'; import { Construct } from 'constructs'; import { IGateway } from '../gateway-base'; import { ApiSchema } from './schema/api-schema'; import { ToolSchema } from './schema/tool-schema'; import { GatewayTargetBase, GatewayTargetProtocolType, IGatewayTarget, IMcpGatewayTarget, McpTargetType } from './target-base'; import { ITargetConfiguration } from './target-configuration'; import { ICredentialProviderConfig } from '../outbound-auth/credential-provider'; /****************************************************************************** * Props *****************************************************************************/ /** * Common properties for all Gateway Target types */ export interface GatewayTargetCommonProps { /** * The name of the gateway target * The name must be unique within the gateway * Pattern: ^([0-9a-zA-Z][-]?){1,100}$ */ readonly gatewayTargetName: string; /** * Optional description for the gateway target * The description can have up to 200 characters * @default - No description */ readonly description?: string; } /** * Properties for creating a Gateway Target resource */ export interface GatewayTargetProps extends GatewayTargetCommonProps { /** * The gateway this target belongs to */ readonly gateway: IGateway; /** * The target configuration (Lambda, OpenAPI, or Smithy) * Use one of the configuration helper classes: * - LambdaTargetConfiguration.create() * - OpenApiTargetConfiguration.create() * - SmithyTargetConfiguration.create() */ readonly targetConfiguration: ITargetConfiguration; /** * Credential providers for authentication * @default - [GatewayCredentialProvider.fromIamRole()] */ readonly credentialProviderConfigurations?: ICredentialProviderConfig[]; } /** * Properties for creating a Lambda-based Gateway Target * Convenience interface for the most common use case */ export interface GatewayTargetLambdaProps extends GatewayTargetCommonProps { /** * The gateway this target belongs to */ readonly gateway: IGateway; /** * The Lambda function to associate with this target */ readonly lambdaFunction: IFunction; /** * The tool schema defining the available tools */ readonly toolSchema: ToolSchema; /** * Credential providers for authentication * Lambda targets only support IAM role authentication * @default - [GatewayCredentialProvider.fromIamRole()] */ readonly credentialProviderConfigurations?: ICredentialProviderConfig[]; } /** * Properties for creating an OpenAPI-based Gateway Target */ export interface GatewayTargetOpenApiProps extends GatewayTargetCommonProps { /** * The gateway this target belongs to */ readonly gateway: IGateway; /** * The OpenAPI schema defining the API */ readonly apiSchema: ApiSchema; /** * Whether to validate the OpenAPI schema (only applies to inline schemas) * Note: Validation is only performed for inline schemas during CDK synthesis. * S3 and asset-based schemas cannot be validated at synthesis time. * @default true */ readonly validateOpenApiSchema?: boolean; /** * Credential providers for authentication * OpenAPI targets support API key and OAuth authentication (not IAM) * @default: If not provided, defaults to IAM role which will fail at runtime */ readonly credentialProviderConfigurations?: ICredentialProviderConfig[]; } /** * Properties for creating a Smithy-based Gateway Target */ export interface GatewayTargetSmithyProps extends GatewayTargetCommonProps { /** * The gateway this target belongs to */ readonly gateway: IGateway; /** * The Smithy model defining the API */ readonly smithyModel: ApiSchema; /** * Credential providers for authentication * Smithy targets only support IAM role authentication * @default - [GatewayCredentialProvider.fromIamRole()] */ readonly credentialProviderConfigurations?: ICredentialProviderConfig[]; } /** * Properties for creating an MCP Server-based Gateway Target */ export interface GatewayTargetMcpServerProps extends GatewayTargetCommonProps { /** * The gateway this target belongs to */ readonly gateway: IGateway; /** * The HTTPS endpoint URL of the MCP server * * The endpoint must: * - Use HTTPS protocol * - Be properly URL-encoded * - Point to an MCP server that implements tool capabilities */ readonly endpoint: string; /** * Credential providers for authentication */ readonly credentialProviderConfigurations: ICredentialProviderConfig[]; } /** * Attributes for importing an existing Gateway Target */ export interface GatewayTargetAttributes { /** * The ARN of the gateway target */ readonly targetArn: string; /** * The ID of the gateway target */ readonly targetId: string; /** * The name of the gateway target */ readonly gatewayTargetName: string; /** * The gateway this target belongs to */ readonly gateway: IGateway; /** * Optional status of the target * @default - No status */ readonly status?: string; /** * Optional creation timestamp * @default - No creation timestamp */ readonly createdAt?: string; /** * Optional last update timestamp * @default - No update timestamp */ readonly updatedAt?: string; } /****************************************************************************** * Class *****************************************************************************/ /** * * Defines tools that your gateway will host. Supports multiple target types: * - Lambda: Wraps a Lambda function as MCP tools * - OpenAPI: Exposes an OpenAPI/REST API as MCP tools * - Smithy: Exposes a Smithy-modeled API as MCP tools * * @resource AWS::BedrockAgentCore::GatewayTarget * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-building-adding-targets.html */ export declare class GatewayTarget extends GatewayTargetBase implements IMcpGatewayTarget { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Import an existing Gateway Target using its attributes * This allows you to reference a Gateway Target that was created outside of CDK * * @param scope The construct scope * @param id The construct id * @param attrs The attributes of the existing Gateway Target * @returns An IGatewayTarget instance representing the imported target */ static fromGatewayTargetAttributes(scope: Construct, id: string, attrs: GatewayTargetAttributes): IGatewayTarget; /** * Create a Lambda-based MCP target * Convenience method for creating a target that wraps a Lambda function * * @param scope The construct scope * @param id The construct id * @param props The properties for the Lambda target * @returns A new GatewayTarget instance */ static forLambda(scope: Construct, id: string, props: GatewayTargetLambdaProps): GatewayTarget; /** * Create an OpenAPI-based MCP target * Convenience method for creating a target that exposes an OpenAPI/REST API * * @param scope The construct scope * @param id The construct id * @param props The properties for the OpenAPI target * @returns A new GatewayTarget instance * */ static forOpenApi(scope: Construct, id: string, props: GatewayTargetOpenApiProps): GatewayTarget; /** * Create a Smithy-based MCP target * Convenience method for creating a target that exposes a Smithy-modeled API * * @param scope The construct scope * @param id The construct id * @param props The properties for the Smithy target * @returns A new GatewayTarget instance */ static forSmithy(scope: Construct, id: string, props: GatewayTargetSmithyProps): GatewayTarget; /** * Create an MCP Server-based target * Convenience method for creating a target that connects to an external MCP server * * @param scope The construct scope * @param id The construct id * @param props The properties for the MCP server target * @returns A new GatewayTarget instance * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-MCPservers.html */ static forMcpServer(scope: Construct, id: string, props: GatewayTargetMcpServerProps): GatewayTarget; /** * The ARN of the gateway target * @attribute */ readonly targetArn: string; /** * The unique identifier of the gateway target * @attribute */ readonly targetId: string; /** * The name of the gateway target */ readonly name: string; /** * Optional description for the gateway target */ readonly description: string | undefined; /** * The gateway this target belongs to */ readonly gateway: IGateway; /** * The credential providers for this target */ readonly credentialProviderConfigurations: ICredentialProviderConfig[] | undefined; /** * The protocol type (always MCP for now) */ readonly targetProtocolType = GatewayTargetProtocolType.MCP; /** * The specific MCP target type (Lambda, OpenAPI, Smithy, or MCP Server) */ readonly targetType: McpTargetType; /** * The status of the gateway target * @attribute */ readonly status?: string | undefined; /** * The status reasons for the gateway target * @attribute */ readonly statusReasons?: string[]; /** * Timestamp when the gateway target was created * @attribute */ readonly createdAt?: string | undefined; /** * Timestamp when the gateway target was last updated * @attribute */ readonly updatedAt?: string | undefined; private readonly targetResource; private readonly targetConfiguration; constructor(scope: Construct, id: string, props: GatewayTargetProps); /** * Grants permission to synchronize this gateway's targets * * This method grants the `SynchronizeGatewayTargets` permission, which is primarily * needed for MCP Server targets when you need to refresh the tool catalog after the * MCP server's tools have changed. */ grantSync(grantee: iam.IGrantable): iam.Grant; /** * Determines the credential provider configurations based on target type * * - Lambda & Smithy: Default to IAM role if not provided * - MCP Server: Return undefined if not provided (service handles NoAuth) * - OpenAPI: Return as-is (must be explicitly provided) * * @param providedCredentials The credentials from props * @returns The credential configurations to use, or undefined * @internal */ private _getTargetSpecificCredentials; /** * Renders credential provider configurations for CloudFormation * @internal */ private _renderCredentialProviderConfigurations; /** * Validates the gateway target name format * Pattern: ^([0-9a-zA-Z][-]?){1,100}$ * Max length: 100 characters * @param gatewayTargetName The gateway target name to validate * @throws Error if the name is invalid * @internal */ private validateGatewayTargetName; /** * Validates the description format * Must be between 1 and 200 characters * @throws Error if validation fails * @internal */ private validateDescription; }