UNPKG

@aws-cdk/aws-bedrock-agentcore-alpha

Version:

The CDK Construct Library for Amazon Bedrock

github.com/aws/aws-cdk

aws/aws-cdk

68 lines (67 loc) 2.56 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
/****************************************************************************** * Data Plane Permissions *****************************************************************************/ /** * Permissions to invoke the agent runtime */ export declare const RUNTIME_INVOKE_PERMS: string[]; /** * Permissions to invoke the agent runtime on behalf of a user * Required when using the X-Amzn-Bedrock-AgentCore-Runtime-User-Id header */ export declare const RUNTIME_INVOKE_USER_PERMS: string[]; /****************************************************************************** * Control Plane Permissions *****************************************************************************/ /** * Grants control plane operations to manage the runtime (CRUD) */ export declare const RUNTIME_ADMIN_PERMS: string[]; /****************************************************************************** * Execution Role Permissions *****************************************************************************/ /** * ECR permissions for pulling container images * Used to download container images from ECR repositories */ export declare const RUNTIME_ECR_IMAGE_ACTIONS: string[]; /** * ECR authorization token permissions * Required to authenticate with ECR (must use * resource) */ export declare const RUNTIME_ECR_TOKEN_ACTIONS: string[]; /** * CloudWatch Logs permissions for log group operations * Used to create and describe log groups for runtime logs */ export declare const RUNTIME_LOGS_GROUP_ACTIONS: string[]; /** * CloudWatch Logs describe permissions * Used to list and describe all log groups */ export declare const RUNTIME_LOGS_DESCRIBE_ACTIONS: string[]; /** * CloudWatch Logs permissions for log stream operations * Used to create log streams and write log events */ export declare const RUNTIME_LOGS_STREAM_ACTIONS: string[]; /** * X-Ray tracing permissions * Required for distributed tracing (must use * resource) */ export declare const RUNTIME_XRAY_ACTIONS: string[]; /** * CloudWatch metrics permissions * Used to publish custom metrics */ export declare const RUNTIME_CLOUDWATCH_METRICS_ACTIONS: string[]; /** * Bedrock AgentCore workload identity permissions * Used to obtain access tokens for workload identity */ export declare const RUNTIME_WORKLOAD_IDENTITY_ACTIONS: string[]; /** * CloudWatch namespace for metrics * Used as a condition for CloudWatch metrics permissions */ export declare const RUNTIME_CLOUDWATCH_NAMESPACE = "bedrock-agentcore";