UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

129 lines (128 loc) 4.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
import type { ICredentialProviderConfig } from './credential-provider'; import { CredentialProviderType } from './credential-provider'; import { Grant } from '../../../../aws-iam'; import type { IGateway } from '../gateway-base'; /****************************************************************************** * API KEY *****************************************************************************/ /** * API Key additional configuration */ export interface ApiKeyAdditionalConfiguration { /** * The name of the credential parameter for the API key. * This parameter name is used when sending the API key to the target endpoint. * * Length Constraints: Minimum length of 1. Maximum length of 64. * @default - 'Authorization' for HEADER, 'api_key' for QUERY_PARAMETER */ readonly credentialParameterName?: string; /** * The prefix for the API key credential. * This prefix is added to the API key when sending it to the target endpoint. * * Length Constraints: Minimum length of 1. Maximum length of 64. * @default - 'Bearer ' for HEADER, no prefix for QUERY_PARAMETER */ readonly credentialPrefix?: string; } /** * API Key credential location type * @internal */ export declare enum ApiKeyCredentialLocationType { HEADER = "HEADER", QUERY_PARAMETER = "QUERY_PARAMETER" } /** * API Key location within the request */ export declare class ApiKeyCredentialLocation { /** * Create a header-based API key credential location * @param config - Optional configuration for the credential location * @returns ApiKeyCredentialLocation configured for header placement */ static header(config?: ApiKeyAdditionalConfiguration): ApiKeyCredentialLocation; /** * Create a query parameter-based API key credential location * @param config - Optional configuration for the credential location * @returns ApiKeyCredentialLocation configured for query parameter placement */ static queryParameter(config?: ApiKeyAdditionalConfiguration): ApiKeyCredentialLocation; /** * The name of the credential parameter */ readonly credentialParameterName: string; /** * The prefix for the credential value */ readonly credentialPrefix?: string; /** * The type of credential location (HEADER or QUERY_PARAMETER) */ readonly credentialLocationType: string; private constructor(); } /** * API key credential provider ARNs for gateway outbound auth (Token Vault identity). * * Pass this to {@link GatewayCredentialProvider.fromApiKeyIdentityArn} or to {@link ApiKeyCredentialProviderConfiguration}. */ export interface ApiKeyCredentialProviderOptions { /** * The API key credential provider ARN. * This is returned when creating the API key credential provider via Console or API. * Format: arn:aws:bedrock-agentcore:region:account:token-vault/id/apikeycredentialprovider/name */ readonly providerArn: string; /** * The ARN of the Secrets Manager secret containing the API key. * This is returned when creating the API key credential provider via Console or API. * Format: arn:aws:secretsmanager:region:account:secret:name */ readonly secretArn: string; /** * The location of the API key credential. * This field specifies where in the request the API key should be placed. * * @default - HEADER */ readonly credentialLocation?: ApiKeyCredentialLocation; } /** * API Key credential provider configuration implementation * Can be used with OpenAPI targets * @internal */ export declare class ApiKeyCredentialProviderConfiguration implements ICredentialProviderConfig { readonly credentialProviderType = CredentialProviderType.API_KEY; /** * The ARN of the API key provider */ readonly providerArn: string; /** * The ARN of the Secrets Manager secret */ readonly secretArn: string; /** * The location configuration for the API key credential */ readonly credentialLocation: ApiKeyCredentialLocation; constructor(configuration: ApiKeyCredentialProviderOptions); /** * Grant the needed permissions to the gateway role for API key authentication. * * Produces three scoped IAM statements matching the console-generated policy: * 1. `GetWorkloadAccessToken` on the workload identity directory ARNs * 2. `GetResourceApiKey` on the token vault, credential provider, directory, and identity ARNs * 3. `secretsmanager:GetSecretValue` on the specific credential secret ARN * * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-outbound-auth.html */ grantNeededPermissionsToRole(gateway: IGateway): Grant | undefined; /** * @internal */ _render(): any; }