aws-cdk-lib/aws-bedrockagentcore/lib/gateway/targets/target.d.ts

Version 2 of the AWS Cloud Development Kit library

import type { Construct } from 'constructs';
import type { IRestApi } from '../../../../aws-apigateway';
import * as bedrockagentcore from '../../../../aws-bedrockagentcore';
import * as iam from '../../../../aws-iam';
import type { IFunction } from '../../../../aws-lambda';
import type { IGateway } from '../gateway-base';
import type { ApiSchema } from './schema/api-schema';
import type { ToolSchema } from './schema/tool-schema';
import type { IGatewayTarget, IMcpGatewayTarget } from './target-base';
import { GatewayTargetBase, GatewayTargetProtocolType, McpTargetType } from './target-base';
import type { ApiGatewayToolConfiguration, ITargetConfiguration, MetadataConfiguration } from './target-configuration';
import type { ICredentialProviderConfig } from '../outbound-auth/credential-provider';
/******************************************************************************
 *                                Props
 *****************************************************************************/
/**
 * Common properties for all Gateway Target types
 */
export interface GatewayTargetCommonProps {
    /**
     * The name of the gateway target
     * The name must be unique within the gateway
     * Pattern: ^([0-9a-zA-Z][-]?){1,100}$
     * @default - auto generate
     */
    readonly gatewayTargetName?: string;
    /**
     * Optional description for the gateway target
     * The description can have up to 200 characters
     * @default - No description
     */
    readonly description?: string;
}
/**
 * Properties for creating a Gateway Target resource
 */
export interface GatewayTargetProps extends GatewayTargetCommonProps {
    /**
     * The gateway this target belongs to
     */
    readonly gateway: IGateway;
    /**
     * The target configuration (Lambda, OpenAPI, or Smithy)
     * Use one of the configuration helper classes:
     * - LambdaTargetConfiguration.create()
     * - OpenApiTargetConfiguration.create()
     * - SmithyTargetConfiguration.create()
     */
    readonly targetConfiguration: ITargetConfiguration;
    /**
     * Credential providers for authentication
     * @default - [GatewayCredentialProvider.fromIamRole()]
     */
    readonly credentialProviderConfigurations?: ICredentialProviderConfig[];
}
/**
 * Properties for creating a Lambda-based Gateway Target
 * Convenience interface for the most common use case
 */
export interface GatewayTargetLambdaProps extends GatewayTargetCommonProps {
    /**
     * The gateway this target belongs to
     */
    readonly gateway: IGateway;
    /**
     * The Lambda function to associate with this target
     */
    readonly lambdaFunction: IFunction;
    /**
     * The tool schema defining the available tools
     */
    readonly toolSchema: ToolSchema;
    /**
     * Credential providers for authentication
     * Lambda targets only support IAM role authentication
     * @default - [GatewayCredentialProvider.fromIamRole()]
     */
    readonly credentialProviderConfigurations?: ICredentialProviderConfig[];
}
/**
 * Properties for creating an OpenAPI-based Gateway Target
 */
export interface GatewayTargetOpenApiProps extends GatewayTargetCommonProps {
    /**
     * The gateway this target belongs to
     */
    readonly gateway: IGateway;
    /**
     * The OpenAPI schema defining the API
     */
    readonly apiSchema: ApiSchema;
    /**
     * Whether to validate the OpenAPI schema (only applies to inline schemas)
     * Note: Validation is only performed for inline schemas during CDK synthesis.
     * S3 and asset-based schemas cannot be validated at synthesis time.
     * @default true
     */
    readonly validateOpenApiSchema?: boolean;
    /**
     * Credential providers for authentication
     * OpenAPI targets support API key and OAuth authentication (not IAM)
     * @default - If not provided, defaults to IAM role which will fail at runtime
     */
    readonly credentialProviderConfigurations?: ICredentialProviderConfig[];
}
/**
 * Properties for creating a Smithy-based Gateway Target
 */
export interface GatewayTargetSmithyProps extends GatewayTargetCommonProps {
    /**
     * The gateway this target belongs to
     */
    readonly gateway: IGateway;
    /**
     * The Smithy model defining the API
     */
    readonly smithyModel: ApiSchema;
    /**
     * Credential providers for authentication
     * Smithy targets only support IAM role authentication
     * @default - [GatewayCredentialProvider.fromIamRole()]
     */
    readonly credentialProviderConfigurations?: ICredentialProviderConfig[];
}
/**
 * Properties for creating an MCP Server-based Gateway Target
 */
export interface GatewayTargetMcpServerProps extends GatewayTargetCommonProps {
    /**
     * The gateway this target belongs to
     */
    readonly gateway: IGateway;
    /**
     * The HTTPS endpoint URL of the MCP server
     *
     * The endpoint must:
     * - Use HTTPS protocol
     * - Be properly URL-encoded
     * - Point to an MCP server that implements tool capabilities
     */
    readonly endpoint: string;
    /**
     * Credential providers for authentication
     */
    readonly credentialProviderConfigurations: ICredentialProviderConfig[];
}
/**
 * Properties for creating an API Gateway-based Gateway Target
 */
export interface GatewayTargetApiGatewayProps extends GatewayTargetCommonProps {
    /**
     * The gateway this target belongs to
     * [disable-awslint:prefer-ref-interface]
     */
    readonly gateway: IGateway;
    /**
     * The REST API to integrate with
     * Must be in the same account and region as the gateway
     * [disable-awslint:prefer-ref-interface]
     */
    readonly restApi: IRestApi;
    /**
     * The stage name of the REST API
     * @default - Uses the deployment stage from the RestApi (restApi.deploymentStage.stageName)
     */
    readonly stage?: string;
    /**
     * Tool configuration defining which operations to expose
     */
    readonly apiGatewayToolConfiguration: ApiGatewayToolConfiguration;
    /**
     * Credential providers for authentication
     * API Gateway targets support IAM and API key authentication
     * @default - Empty array (service handles IAM automatically)
     */
    readonly credentialProviderConfigurations?: ICredentialProviderConfig[];
    /**
     * Metadata configuration for passing headers and query parameters
     * Allows you to pass additional context through headers and query parameters
     * @default - No metadata configuration
     */
    readonly metadataConfiguration?: MetadataConfiguration;
}
/**
 * Attributes for importing an existing Gateway Target
 */
export interface GatewayTargetAttributes {
    /**
     * The ARN of the gateway target
     */
    readonly targetArn: string;
    /**
     * The ID of the gateway target
     */
    readonly targetId: string;
    /**
     * The name of the gateway target
     */
    readonly gatewayTargetName: string;
    /**
     * The gateway this target belongs to
     */
    readonly gateway: IGateway;
    /**
     * Optional status of the target
     * @default - No status
     */
    readonly status?: string;
    /**
     * Optional creation timestamp
     * @default - No creation timestamp
     */
    readonly createdAt?: string;
    /**
     * Optional last update timestamp
     * @default - No update timestamp
     */
    readonly updatedAt?: string;
}
/******************************************************************************
 *                                Class
 *****************************************************************************/
/**
 *
 * Defines tools that your gateway will host. Supports multiple target types:
 * - Lambda: Wraps a Lambda function as MCP tools
 * - OpenAPI: Exposes an OpenAPI/REST API as MCP tools
 * - Smithy: Exposes a Smithy-modeled API as MCP tools
 *
 * @resource AWS::BedrockAgentCore::GatewayTarget
 * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-building-adding-targets.html
 */
export declare class GatewayTarget extends GatewayTargetBase implements IMcpGatewayTarget {
    /** Uniquely identifies this class. */
    static readonly PROPERTY_INJECTION_ID: string;
    /**
     * Import an existing Gateway Target using its attributes
     * This allows you to reference a Gateway Target that was created outside of CDK
     *
     * @param scope The construct scope
     * @param id The construct id
     * @param attrs The attributes of the existing Gateway Target
     * @returns An IGatewayTarget instance representing the imported target
     */
    static fromGatewayTargetAttributes(scope: Construct, id: string, attrs: GatewayTargetAttributes): IGatewayTarget;
    /**
     * Create a Lambda-based MCP target
     * Convenience method for creating a target that wraps a Lambda function
     *
     * @param scope The construct scope
     * @param id The construct id
     * @param props The properties for the Lambda target
     * @returns A new GatewayTarget instance
     */
    static forLambda(scope: Construct, id: string, props: GatewayTargetLambdaProps): GatewayTarget;
    /**
     * Create an OpenAPI-based MCP target
     * Convenience method for creating a target that exposes an OpenAPI/REST API
     *
     * @param scope The construct scope
     * @param id The construct id
     * @param props The properties for the OpenAPI target
     * @returns A new GatewayTarget instance
     *
     */
    static forOpenApi(scope: Construct, id: string, props: GatewayTargetOpenApiProps): GatewayTarget;
    /**
     * Create a Smithy-based MCP target
     * Convenience method for creating a target that exposes a Smithy-modeled API
     *
     * @param scope The construct scope
     * @param id The construct id
     * @param props The properties for the Smithy target
     * @returns A new GatewayTarget instance
     */
    static forSmithy(scope: Construct, id: string, props: GatewayTargetSmithyProps): GatewayTarget;
    /**
     * Create an MCP Server-based target
     * Convenience method for creating a target that connects to an external MCP server
     *
     * @param scope The construct scope
     * @param id The construct id
     * @param props The properties for the MCP server target
     * @returns A new GatewayTarget instance
     * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-MCPservers.html
     */
    static forMcpServer(scope: Construct, id: string, props: GatewayTargetMcpServerProps): GatewayTarget;
    /**
     * Create an API Gateway-based target
     * Convenience method for creating a target that connects to an API Gateway REST API
     *
     * @param scope The construct scope
     * @param id The construct id
     * @param props The properties for the API Gateway target
     * @returns A new GatewayTarget instance
     * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-api-gateway.html
     */
    static forApiGateway(scope: Construct, id: string, props: GatewayTargetApiGatewayProps): GatewayTarget;
    /**
     * The ARN of the gateway target
     * @attribute
     */
    readonly targetArn: string;
    /**
     * The unique identifier of the gateway target
     * @attribute
     */
    readonly targetId: string;
    /**
     * The name of the gateway target
     */
    readonly gatewayTargetName: string;
    /**
     * Optional description for the gateway target
     */
    readonly description: string | undefined;
    /**
     * The gateway this target belongs to
     */
    readonly gateway: bedrockagentcore.IGateway;
    /**
     * The credential providers for this target
     */
    readonly credentialProviderConfigurations: ICredentialProviderConfig[] | undefined;
    /**
     * The protocol type (always MCP for now)
     */
    readonly targetProtocolType = GatewayTargetProtocolType.MCP;
    /**
     * The specific MCP target type (Lambda, OpenAPI, Smithy, or MCP Server)
     */
    readonly targetType: McpTargetType;
    /**
     * The status of the gateway target
     * @attribute
     */
    readonly status?: string | undefined;
    /**
     * The status reasons for the gateway target
     * @attribute
     */
    readonly statusReasons?: string[];
    /**
     * Timestamp when the gateway target was created
     * @attribute
     */
    readonly createdAt?: string | undefined;
    /**
     * Timestamp when the gateway target was last updated
     * @attribute
     */
    readonly updatedAt?: string | undefined;
    private readonly targetResource;
    private readonly targetConfiguration;
    constructor(scope: Construct, id: string, props: GatewayTargetProps);
    /**
     * Grants permission to synchronize this gateway's targets
     *
     * This method grants the `SynchronizeGatewayTargets` permission, which is primarily
     * needed for MCP Server targets when you need to refresh the tool catalog after the
     * MCP server's tools have changed.
     *
     * [disable-awslint:no-grants]
     */
    grantSync(grantee: iam.IGrantable): iam.Grant;
    /**
     * Determines the credential provider configurations based on target type
     *
     * - Lambda & Smithy: Default to IAM role if not provided
     * - MCP Server: Return undefined if not provided (service handles NoAuth)
     * - OpenAPI & API Gateway: Return as-is (must be explicitly provided, service handles automatically)
     *
     * @param providedCredentials The credentials from props
     * @returns The credential configurations to use, or undefined
     * @internal
     */
    private _getTargetSpecificCredentials;
    /**
     * Renders credential provider configurations for CloudFormation
     * @internal
     */
    private _renderCredentialProviderConfigurations;
    /**
     * Validates the gateway target name format
     * Pattern: ^([0-9a-zA-Z][-]?){1,100}$
     * Max length: 100 characters
     * @param gatewayTargetName The gateway target name to validate
     * @throws Error if the name is invalid
     * @internal
     */
    private validateGatewayTargetName;
    /**
     * Validates the description format
     * Must be between 1 and 200 characters
     * @throws Error if validation fails
     * @internal
     */
    private validateDescription;
}