@aws-cdk/aws-bedrock-agentcore-alpha
Version:
The CDK Construct Library for Amazon Bedrock
101 lines • 10.3 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.RUNTIME_CLOUDWATCH_NAMESPACE = exports.RUNTIME_WORKLOAD_IDENTITY_ACTIONS = exports.RUNTIME_CLOUDWATCH_METRICS_ACTIONS = exports.RUNTIME_XRAY_ACTIONS = exports.RUNTIME_LOGS_STREAM_ACTIONS = exports.RUNTIME_LOGS_DESCRIBE_ACTIONS = exports.RUNTIME_LOGS_GROUP_ACTIONS = exports.RUNTIME_ECR_TOKEN_ACTIONS = exports.RUNTIME_ECR_IMAGE_ACTIONS = exports.RUNTIME_ADMIN_PERMS = exports.RUNTIME_INVOKE_USER_PERMS = exports.RUNTIME_INVOKE_PERMS = void 0;
/******************************************************************************
* Data Plane Permissions
*****************************************************************************/
/**
* Permissions to invoke the agent runtime
*/
exports.RUNTIME_INVOKE_PERMS = ['bedrock-agentcore:InvokeAgentRuntime'];
/**
* Permissions to invoke the agent runtime on behalf of a user
* Required when using the X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
*/
exports.RUNTIME_INVOKE_USER_PERMS = ['bedrock-agentcore:InvokeAgentRuntimeForUser'];
/******************************************************************************
* Control Plane Permissions
*****************************************************************************/
/**
* Grants control plane operations to manage the runtime (CRUD)
*/
exports.RUNTIME_ADMIN_PERMS = [
'bedrock-agentcore:CreateAgentRuntime',
'bedrock-agentcore:CreateAgentRuntimeEndpoint',
'bedrock-agentcore:DeleteAgentRuntime',
'bedrock-agentcore:DeleteAgentRuntimeEndpoint',
'bedrock-agentcore:GetAgentRuntime',
'bedrock-agentcore:GetAgentRuntimeEndpoint',
'bedrock-agentcore:ListAgentRuntimes',
'bedrock-agentcore:ListAgentRuntimeVersions',
'bedrock-agentcore:ListAgentRuntimeEndpoints',
'bedrock-agentcore:UpdateAgentRuntime',
'bedrock-agentcore:UpdateAgentRuntimeEndpoint',
];
/******************************************************************************
* Execution Role Permissions
*****************************************************************************/
/**
* ECR permissions for pulling container images
* Used to download container images from ECR repositories
*/
exports.RUNTIME_ECR_IMAGE_ACTIONS = [
'ecr:BatchGetImage',
'ecr:GetDownloadUrlForLayer',
];
/**
* ECR authorization token permissions
* Required to authenticate with ECR (must use * resource)
*/
exports.RUNTIME_ECR_TOKEN_ACTIONS = ['ecr:GetAuthorizationToken'];
/**
* CloudWatch Logs permissions for log group operations
* Used to create and describe log groups for runtime logs
*/
exports.RUNTIME_LOGS_GROUP_ACTIONS = [
'logs:DescribeLogStreams',
'logs:CreateLogGroup',
];
/**
* CloudWatch Logs describe permissions
* Used to list and describe all log groups
*/
exports.RUNTIME_LOGS_DESCRIBE_ACTIONS = ['logs:DescribeLogGroups'];
/**
* CloudWatch Logs permissions for log stream operations
* Used to create log streams and write log events
*/
exports.RUNTIME_LOGS_STREAM_ACTIONS = [
'logs:CreateLogStream',
'logs:PutLogEvents',
];
/**
* X-Ray tracing permissions
* Required for distributed tracing (must use * resource)
*/
exports.RUNTIME_XRAY_ACTIONS = [
'xray:PutTraceSegments',
'xray:PutTelemetryRecords',
'xray:GetSamplingRules',
'xray:GetSamplingTargets',
];
/**
* CloudWatch metrics permissions
* Used to publish custom metrics
*/
exports.RUNTIME_CLOUDWATCH_METRICS_ACTIONS = ['cloudwatch:PutMetricData'];
/**
* Bedrock AgentCore workload identity permissions
* Used to obtain access tokens for workload identity
*/
exports.RUNTIME_WORKLOAD_IDENTITY_ACTIONS = [
'bedrock-agentcore:GetWorkloadAccessToken',
'bedrock-agentcore:GetWorkloadAccessTokenForJWT',
'bedrock-agentcore:GetWorkloadAccessTokenForUserId',
];
/**
* CloudWatch namespace for metrics
* Used as a condition for CloudWatch metrics permissions
*/
exports.RUNTIME_CLOUDWATCH_NAMESPACE = 'bedrock-agentcore';
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVybXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJwZXJtcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQTs7K0VBRStFO0FBQy9FOztHQUVHO0FBQ1UsUUFBQSxvQkFBb0IsR0FBRyxDQUFDLHNDQUFzQyxDQUFDLENBQUM7QUFFN0U7OztHQUdHO0FBQ1UsUUFBQSx5QkFBeUIsR0FBRyxDQUFDLDZDQUE2QyxDQUFDLENBQUM7QUFFekY7OytFQUUrRTtBQUMvRTs7R0FFRztBQUNVLFFBQUEsbUJBQW1CLEdBQUc7SUFDakMsc0NBQXNDO0lBQ3RDLDhDQUE4QztJQUM5QyxzQ0FBc0M7SUFDdEMsOENBQThDO0lBQzlDLG1DQUFtQztJQUNuQywyQ0FBMkM7SUFDM0MscUNBQXFDO0lBQ3JDLDRDQUE0QztJQUM1Qyw2Q0FBNkM7SUFDN0Msc0NBQXNDO0lBQ3RDLDhDQUE4QztDQUMvQyxDQUFDO0FBRUY7OytFQUUrRTtBQUUvRTs7O0dBR0c7QUFDVSxRQUFBLHlCQUF5QixHQUFHO0lBQ3ZDLG1CQUFtQjtJQUNuQiw0QkFBNEI7Q0FDN0IsQ0FBQztBQUVGOzs7R0FHRztBQUNVLFFBQUEseUJBQXlCLEdBQUcsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0FBRXZFOzs7R0FHRztBQUNVLFFBQUEsMEJBQTBCLEdBQUc7SUFDeEMseUJBQXlCO0lBQ3pCLHFCQUFxQjtDQUN0QixDQUFDO0FBRUY7OztHQUdHO0FBQ1UsUUFBQSw2QkFBNkIsR0FBRyxDQUFDLHdCQUF3QixDQUFDLENBQUM7QUFFeEU7OztHQUdHO0FBQ1UsUUFBQSwyQkFBMkIsR0FBRztJQUN6QyxzQkFBc0I7SUFDdEIsbUJBQW1CO0NBQ3BCLENBQUM7QUFFRjs7O0dBR0c7QUFDVSxRQUFBLG9CQUFvQixHQUFHO0lBQ2xDLHVCQUF1QjtJQUN2QiwwQkFBMEI7SUFDMUIsdUJBQXVCO0lBQ3ZCLHlCQUF5QjtDQUMxQixDQUFDO0FBRUY7OztHQUdHO0FBQ1UsUUFBQSxrQ0FBa0MsR0FBRyxDQUFDLDBCQUEwQixDQUFDLENBQUM7QUFFL0U7OztHQUdHO0FBQ1UsUUFBQSxpQ0FBaUMsR0FBRztJQUMvQywwQ0FBMEM7SUFDMUMsZ0RBQWdEO0lBQ2hELG1EQUFtRDtDQUNwRCxDQUFDO0FBQ0Y7OztHQUdHO0FBQ1UsUUFBQSw0QkFBNEIsR0FBRyxtQkFBbUIsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipcbiAqICAgICAgICAgICAgICAgICAgICAgICAgIERhdGEgUGxhbmUgUGVybWlzc2lvbnNcbiAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKi9cbi8qKlxuICogUGVybWlzc2lvbnMgdG8gaW52b2tlIHRoZSBhZ2VudCBydW50aW1lXG4gKi9cbmV4cG9ydCBjb25zdCBSVU5USU1FX0lOVk9LRV9QRVJNUyA9IFsnYmVkcm9jay1hZ2VudGNvcmU6SW52b2tlQWdlbnRSdW50aW1lJ107XG5cbi8qKlxuICogUGVybWlzc2lvbnMgdG8gaW52b2tlIHRoZSBhZ2VudCBydW50aW1lIG9uIGJlaGFsZiBvZiBhIHVzZXJcbiAqIFJlcXVpcmVkIHdoZW4gdXNpbmcgdGhlIFgtQW16bi1CZWRyb2NrLUFnZW50Q29yZS1SdW50aW1lLVVzZXItSWQgaGVhZGVyXG4gKi9cbmV4cG9ydCBjb25zdCBSVU5USU1FX0lOVk9LRV9VU0VSX1BFUk1TID0gWydiZWRyb2NrLWFnZW50Y29yZTpJbnZva2VBZ2VudFJ1bnRpbWVGb3JVc2VyJ107XG5cbi8qKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipcbiAqICAgICAgICAgICAgICAgICAgICAgICAgIENvbnRyb2wgUGxhbmUgUGVybWlzc2lvbnNcbiAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKi9cbi8qKlxuICogR3JhbnRzIGNvbnRyb2wgcGxhbmUgb3BlcmF0aW9ucyB0byBtYW5hZ2UgdGhlIHJ1bnRpbWUgKENSVUQpXG4gKi9cbmV4cG9ydCBjb25zdCBSVU5USU1FX0FETUlOX1BFUk1TID0gW1xuICAnYmVkcm9jay1hZ2VudGNvcmU6Q3JlYXRlQWdlbnRSdW50aW1lJyxcbiAgJ2JlZHJvY2stYWdlbnRjb3JlOkNyZWF0ZUFnZW50UnVudGltZUVuZHBvaW50JyxcbiAgJ2JlZHJvY2stYWdlbnRjb3JlOkRlbGV0ZUFnZW50UnVudGltZScsXG4gICdiZWRyb2NrLWFnZW50Y29yZTpEZWxldGVBZ2VudFJ1bnRpbWVFbmRwb2ludCcsXG4gICdiZWRyb2NrLWFnZW50Y29yZTpHZXRBZ2VudFJ1bnRpbWUnLFxuICAnYmVkcm9jay1hZ2VudGNvcmU6R2V0QWdlbnRSdW50aW1lRW5kcG9pbnQnLFxuICAnYmVkcm9jay1hZ2VudGNvcmU6TGlzdEFnZW50UnVudGltZXMnLFxuICAnYmVkcm9jay1hZ2VudGNvcmU6TGlzdEFnZW50UnVudGltZVZlcnNpb25zJyxcbiAgJ2JlZHJvY2stYWdlbnRjb3JlOkxpc3RBZ2VudFJ1bnRpbWVFbmRwb2ludHMnLFxuICAnYmVkcm9jay1hZ2VudGNvcmU6VXBkYXRlQWdlbnRSdW50aW1lJyxcbiAgJ2JlZHJvY2stYWdlbnRjb3JlOlVwZGF0ZUFnZW50UnVudGltZUVuZHBvaW50Jyxcbl07XG5cbi8qKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipcbiAqICAgICAgICAgICAgICAgICAgICBFeGVjdXRpb24gUm9sZSBQZXJtaXNzaW9uc1xuICoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqL1xuXG4vKipcbiAqIEVDUiBwZXJtaXNzaW9ucyBmb3IgcHVsbGluZyBjb250YWluZXIgaW1hZ2VzXG4gKiBVc2VkIHRvIGRvd25sb2FkIGNvbnRhaW5lciBpbWFnZXMgZnJvbSBFQ1IgcmVwb3NpdG9yaWVzXG4gKi9cbmV4cG9ydCBjb25zdCBSVU5USU1FX0VDUl9JTUFHRV9BQ1RJT05TID0gW1xuICAnZWNyOkJhdGNoR2V0SW1hZ2UnLFxuICAnZWNyOkdldERvd25sb2FkVXJsRm9yTGF5ZXInLFxuXTtcblxuLyoqXG4gKiBFQ1IgYXV0aG9yaXphdGlvbiB0b2tlbiBwZXJtaXNzaW9uc1xuICogUmVxdWlyZWQgdG8gYXV0aGVudGljYXRlIHdpdGggRUNSIChtdXN0IHVzZSAqIHJlc291cmNlKVxuICovXG5leHBvcnQgY29uc3QgUlVOVElNRV9FQ1JfVE9LRU5fQUNUSU9OUyA9IFsnZWNyOkdldEF1dGhvcml6YXRpb25Ub2tlbiddO1xuXG4vKipcbiAqIENsb3VkV2F0Y2ggTG9ncyBwZXJtaXNzaW9ucyBmb3IgbG9nIGdyb3VwIG9wZXJhdGlvbnNcbiAqIFVzZWQgdG8gY3JlYXRlIGFuZCBkZXNjcmliZSBsb2cgZ3JvdXBzIGZvciBydW50aW1lIGxvZ3NcbiAqL1xuZXhwb3J0IGNvbnN0IFJVTlRJTUVfTE9HU19HUk9VUF9BQ1RJT05TID0gW1xuICAnbG9nczpEZXNjcmliZUxvZ1N0cmVhbXMnLFxuICAnbG9nczpDcmVhdGVMb2dHcm91cCcsXG5dO1xuXG4vKipcbiAqIENsb3VkV2F0Y2ggTG9ncyBkZXNjcmliZSBwZXJtaXNzaW9uc1xuICogVXNlZCB0byBsaXN0IGFuZCBkZXNjcmliZSBhbGwgbG9nIGdyb3Vwc1xuICovXG5leHBvcnQgY29uc3QgUlVOVElNRV9MT0dTX0RFU0NSSUJFX0FDVElPTlMgPSBbJ2xvZ3M6RGVzY3JpYmVMb2dHcm91cHMnXTtcblxuLyoqXG4gKiBDbG91ZFdhdGNoIExvZ3MgcGVybWlzc2lvbnMgZm9yIGxvZyBzdHJlYW0gb3BlcmF0aW9uc1xuICogVXNlZCB0byBjcmVhdGUgbG9nIHN0cmVhbXMgYW5kIHdyaXRlIGxvZyBldmVudHNcbiAqL1xuZXhwb3J0IGNvbnN0IFJVTlRJTUVfTE9HU19TVFJFQU1fQUNUSU9OUyA9IFtcbiAgJ2xvZ3M6Q3JlYXRlTG9nU3RyZWFtJyxcbiAgJ2xvZ3M6UHV0TG9nRXZlbnRzJyxcbl07XG5cbi8qKlxuICogWC1SYXkgdHJhY2luZyBwZXJtaXNzaW9uc1xuICogUmVxdWlyZWQgZm9yIGRpc3RyaWJ1dGVkIHRyYWNpbmcgKG11c3QgdXNlICogcmVzb3VyY2UpXG4gKi9cbmV4cG9ydCBjb25zdCBSVU5USU1FX1hSQVlfQUNUSU9OUyA9IFtcbiAgJ3hyYXk6UHV0VHJhY2VTZWdtZW50cycsXG4gICd4cmF5OlB1dFRlbGVtZXRyeVJlY29yZHMnLFxuICAneHJheTpHZXRTYW1wbGluZ1J1bGVzJyxcbiAgJ3hyYXk6R2V0U2FtcGxpbmdUYXJnZXRzJyxcbl07XG5cbi8qKlxuICogQ2xvdWRXYXRjaCBtZXRyaWNzIHBlcm1pc3Npb25zXG4gKiBVc2VkIHRvIHB1Ymxpc2ggY3VzdG9tIG1ldHJpY3NcbiAqL1xuZXhwb3J0IGNvbnN0IFJVTlRJTUVfQ0xPVURXQVRDSF9NRVRSSUNTX0FDVElPTlMgPSBbJ2Nsb3Vkd2F0Y2g6UHV0TWV0cmljRGF0YSddO1xuXG4vKipcbiAqIEJlZHJvY2sgQWdlbnRDb3JlIHdvcmtsb2FkIGlkZW50aXR5IHBlcm1pc3Npb25zXG4gKiBVc2VkIHRvIG9idGFpbiBhY2Nlc3MgdG9rZW5zIGZvciB3b3JrbG9hZCBpZGVudGl0eVxuICovXG5leHBvcnQgY29uc3QgUlVOVElNRV9XT1JLTE9BRF9JREVOVElUWV9BQ1RJT05TID0gW1xuICAnYmVkcm9jay1hZ2VudGNvcmU6R2V0V29ya2xvYWRBY2Nlc3NUb2tlbicsXG4gICdiZWRyb2NrLWFnZW50Y29yZTpHZXRXb3JrbG9hZEFjY2Vzc1Rva2VuRm9ySldUJyxcbiAgJ2JlZHJvY2stYWdlbnRjb3JlOkdldFdvcmtsb2FkQWNjZXNzVG9rZW5Gb3JVc2VySWQnLFxuXTtcbi8qKlxuICogQ2xvdWRXYXRjaCBuYW1lc3BhY2UgZm9yIG1ldHJpY3NcbiAqIFVzZWQgYXMgYSBjb25kaXRpb24gZm9yIENsb3VkV2F0Y2ggbWV0cmljcyBwZXJtaXNzaW9uc1xuICovXG5leHBvcnQgY29uc3QgUlVOVElNRV9DTE9VRFdBVENIX05BTUVTUEFDRSA9ICdiZWRyb2NrLWFnZW50Y29yZSc7XG4iXX0=