UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

115 lines (114 loc) 4.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
import type { ApiKeyCredentialLocation, ApiKeyCredentialProviderOptions } from './api-key'; import type { OAuthConfiguration } from './oauth'; import type { CfnGatewayTarget } from '../../../../aws-bedrockagentcore'; import type { Grant } from '../../../../aws-iam'; import type { IResolvable } from '../../../../core'; import type { IApiKeyCredentialProvider } from '../../identity/api-key-credential-provider'; import type { IOAuth2CredentialProvider } from '../../identity/oauth2-credential-provider'; import type { IGateway } from '../gateway-base'; /****************************************************************************** * Enums *****************************************************************************/ /** * Credential provider types supported by gateway target */ export declare enum CredentialProviderType { /** * API Key authentication */ API_KEY = "API_KEY", /** * OAuth authentication */ OAUTH = "OAUTH", /** * IAM role authentication */ GATEWAY_IAM_ROLE = "GATEWAY_IAM_ROLE" } /****************************************************************************** * Credential Provider *****************************************************************************/ /** * Abstract interface for gateway credential provider configuration */ export interface ICredentialProviderConfig { /** * The credential provider type */ readonly credentialProviderType: CredentialProviderType; /** * Renders as CFN Property * @internal */ _render(): CfnGatewayTarget.CredentialProviderConfigurationProperty | IResolvable; /** * Grant the gateway's execution role the permissions needed for outbound authentication. * @param gateway The gateway whose role needs outbound auth permissions [disable-awslint:prefer-ref-interface] */ grantNeededPermissionsToRole(gateway: IGateway): Grant | undefined; } /** * Optional gateway settings when binding an {@link IApiKeyCredentialProvider} to a target. */ export interface FromApiKeyIdentityOptions { /** * Where to place the API key on outbound requests. * * @default header `Authorization` with `Bearer ` prefix */ readonly credentialLocation?: ApiKeyCredentialLocation; } /** * OAuth scopes (and optional custom parameters) when binding an {@link IOAuth2CredentialProvider} to a gateway target. */ export interface FromOauthIdentityOptions { /** * OAuth scopes the gateway should request for this target. */ readonly scopes: string[]; /** * Additional OAuth parameters for the provider. * * @default - none */ readonly customParameters?: { [key: string]: string; }; } /** * Factory class for creating different Gateway Credential Providers */ export declare abstract class GatewayCredentialProvider { /** * Create an API key outbound auth configuration from a Token Vault {@link IApiKeyCredentialProvider} construct. * * Prefer this over {@link GatewayCredentialProvider.fromApiKeyIdentityArn} when the provider is defined in CDK. */ static fromApiKeyIdentity(provider: IApiKeyCredentialProvider, options?: FromApiKeyIdentityOptions): ICredentialProviderConfig; /** * Create an API key credential provider from Identity ARN * Use this method when you have the Identity ARN as a string * @param props - The configuration properties for the API key credential provider * @returns ICredentialProviderConfig configured for API key authentication */ static fromApiKeyIdentityArn(props: ApiKeyCredentialProviderOptions): ICredentialProviderConfig; /** * Create an OAuth outbound auth configuration from a Token Vault {@link IOAuth2CredentialProvider} construct. * * Prefer this over {@link GatewayCredentialProvider.fromOauthIdentityArn} when the provider is defined in CDK. */ static fromOauthIdentity(provider: IOAuth2CredentialProvider, options: FromOauthIdentityOptions): ICredentialProviderConfig; /** * Create an OAuth credential provider from Identity ARN * Use this method when you have the Identity ARN as a string * @param props - The configuration properties for the OAuth credential provider * @returns ICredentialProviderConfig configured for OAuth authentication */ static fromOauthIdentityArn(props: OAuthConfiguration): ICredentialProviderConfig; /** * Create an IAM role credential provider * @returns IIamRoleCredentialProvider configured for IAM role authentication */ static fromIamRole(): ICredentialProviderConfig; }