UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

91 lines (90 loc) 3.56 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import type { ICredentialProviderConfig } from './credential-provider'; import { CredentialProviderType } from './credential-provider'; import { Grant } from '../../../../aws-iam'; import type { IGateway } from '../gateway-base'; /****************************************************************************** * OAuth *****************************************************************************/ /** * OAuth configuration */ export interface OAuthConfiguration { /** * The OAuth credential provider ARN. * This is returned when creating the OAuth credential provider via Console or API. * Format: arn:aws:bedrock-agentcore:region:account:token-vault/id/oauth2credentialprovider/name * Required: Yes */ readonly providerArn: string; /** * The ARN of the Secrets Manager secret containing OAuth credentials (client ID and secret). * This is returned when creating the OAuth credential provider via Console or API. * Format: arn:aws:secretsmanager:region:account:secret:name * Required: Yes */ readonly secretArn: string; /** * The OAuth scopes for the credential provider. * These scopes define the level of access requested from the OAuth provider. * * Array Members: Minimum number of 0 items. Maximum number of 100 items. * Length Constraints: Minimum length of 1. Maximum length of 64. * Required: Yes */ readonly scopes: string[]; /** * The custom parameters for the OAuth credential provider. * These parameters provide additional configuration for the OAuth authentication process. * * Map Entries: Maximum number of 10 items. * Key Length Constraints: Minimum length of 1. Maximum length of 256. * Value Length Constraints: Minimum length of 1. Maximum length of 2048. * Required: No */ /** * Custom parameters for the OAuth flow * @default - No custom parameters */ readonly customParameters?: Record<string, string>; } /** * OAuth credential provider configuration implementation * Can be used with OpenAPI targets * @internal */ export declare class OAuthCredentialProviderConfiguration implements ICredentialProviderConfig { readonly credentialProviderType = CredentialProviderType.OAUTH; /** * The ARN of the OAuth provider */ readonly providerArn: string; /** * The ARN of the Secrets Manager secret */ readonly secretArn: string; /** * The OAuth scopes to request */ readonly scopes: string[]; /** * Custom parameters for the OAuth flow */ readonly customParameters?: Record<string, string>; constructor(configuration: OAuthConfiguration); /** * Grant the needed permissions to the gateway role for OAuth authentication. * * Produces four scoped IAM statements matching the console-generated policy: * 1. `GetWorkloadAccessToken[ForJWT|ForUserId]` on the workload identity directory ARNs * 2. `CompleteResourceTokenAuth` on the token vault, credential provider, directory, and identity ARNs * 3. `GetResourceOauth2Token` on the token vault, credential provider, directory, and identity ARNs * 4. `secretsmanager:GetSecretValue` on the specific credential secret ARN * * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-outbound-auth.html */ grantNeededPermissionsToRole(gateway: IGateway): Grant | undefined; /** * @internal */ _render(): any; }