UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

86 lines (85 loc) 3.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/****************************************************************************** * Data Plane Permissions *****************************************************************************/ /** * Permissions to invoke the gateway * Used by agents or other services that need to call the gateway */ export declare const GATEWAY_INVOKE_PERMS: string[]; /****************************************************************************** * Execution Role Permissions *****************************************************************************/ /** * KMS permissions for encryption * Required when using KMS keys for encryption */ export declare const GATEWAY_KMS_KEY_PERMS: string[]; /** * Assume role permission * Required for the gateway service to assume the execution role */ export declare const GATEWAY_ASSUME_ROLE: string[]; /** * Outbound auth - Workload identity permissions (API key targets) * Used to obtain access tokens for workload identity */ export declare const GATEWAY_WORKLOAD_IDENTITY_PERMS: string[]; /** * Outbound auth - Workload identity permissions (OAuth targets) * OAuth flows additionally require JWT-based and user-ID-based token exchange */ export declare const GATEWAY_WORKLOAD_IDENTITY_OAUTH_PERMS: string[]; /** * Outbound auth - OAuth permissions * Used to obtain OAuth tokens and complete token auth for target authentication */ export declare const GATEWAY_OAUTH_PERMS: string[]; /** * Outbound auth - OAuth complete token auth permissions * Used to complete the OAuth token authorization flow */ export declare const GATEWAY_OAUTH_COMPLETE_AUTH_PERMS: string[]; /** * Outbound auth - API Key permissions * Used to retrieve API keys for target authentication */ export declare const GATEWAY_API_KEY_PERMS: string[]; /** * Secrets Manager permissions * Required for reading credential secrets backing Token Vault providers. * * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-outbound-auth.html */ export declare const GATEWAY_SECRETS_PERMS: string[]; /****************************************************************************** * Control Plane Permissions *****************************************************************************/ /** * Get permissions for gateway resources */ export declare const GATEWAY_GET_PERMS: string[]; /** * List permissions for gateway resources */ export declare const GATEWAY_LIST_PERMS: string[]; /** * Create permissions for gateway resources */ export declare const GATEWAY_CREATE_PERMS: string[]; /** * Update permissions for gateway resources */ export declare const GATEWAY_UPDATE_PERMS: string[]; /** * Delete permissions for gateway resources */ export declare const GATEWAY_DELETE_PERMS: string[]; /** * Combined manage permissions (create, update, delete) */ export declare const GATEWAY_MANAGE_PERMS: string[]; /** * Synchronization permissions for MCP server targets * Used to refresh tool catalogs when MCP server tools change */ export declare const GATEWAY_SYNC_PERMS: string[];