cdk-iam-floyd
Version:
AWS IAM policy statement generator with fluent interface for AWS CDK
1,550 lines (1,549 loc) • 98.8 kB
TypeScript
import { AccessLevelList } from '../../shared/access-level';
import { PolicyStatement, Operator } from '../../shared';
import { aws_iam as iam } from "aws-cdk-lib";
/**
* Statement provider for service [bedrock-agentcore](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrockagentcore.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
export declare class BedrockAgentcore extends PolicyStatement {
servicePrefix: string;
/**
* Grants permission to configure vended telemetry for a resource
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/
*/
toAllowVendedLogDeliveryForResource(): this;
/**
* Grants permission to evaluate Cedar policies for authorization requests
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toAuthorizeAction(): this;
/**
* Grants permission to create one or more memory records
*
* Access Level: Write
*
* Possible conditions:
* - .ifNamespace()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchCreateMemoryRecords.html
*/
toBatchCreateMemoryRecords(): this;
/**
* Grants permission to delete one or more memory records
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchDeleteMemoryRecords.html
*/
toBatchDeleteMemoryRecords(): this;
/**
* Grants permission to update one or more memory records
*
* Access Level: Write
*
* Possible conditions:
* - .ifNamespace()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchUpdateMemoryRecords.html
*/
toBatchUpdateMemoryRecords(): this;
/**
* Grants permission to retrieve access token with OAuth2 for 3LO flow to access external resource
*
* Access Level: Read
*
* Possible conditions:
* - .ifInboundJwtClaimIss()
* - .ifInboundJwtClaimSub()
* - .ifInboundJwtClaimAud()
* - .ifInboundJwtClaimScope()
* - .ifInboundJwtClaimClientId()
* - .ifUserid()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CompleteResourceTokenAuth.html
*/
toCompleteResourceTokenAuth(): this;
/**
* Grants permission to connect to a browser automation stream
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserAutomationStream.html
*/
toConnectBrowserAutomationStream(): this;
/**
* Grants permission to connect to a browser live view stream
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserLiveViewStream.html
*/
toConnectBrowserLiveViewStream(): this;
/**
* Grants permission to create an A/B test
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateABTest.html
*/
toCreateABTest(): this;
/**
* Grants permission to create a new agent runtime
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifSubnets()
* - .ifSecurityGroups()
* - .ifRuntimeAuthorizerType()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntime.html
*/
toCreateAgentRuntime(): this;
/**
* Grants permission to create a new agent runtime endpoint
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntimeEndpoint.html
*/
toCreateAgentRuntimeEndpoint(): this;
/**
* Grants permission to create a new API Key Credential Provider
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateApiKeyCredentialProvider.html
*/
toCreateApiKeyCredentialProvider(): this;
/**
* Grants permission to create a new custom browser
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifSubnets()
* - .ifSecurityGroups()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowser.html
*/
toCreateBrowser(): this;
/**
* Grants permission to create a new browser profile
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowserProfile.html
*/
toCreateBrowserProfile(): this;
/**
* Grants permission to create a new custom code interpreter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifSubnets()
* - .ifSecurityGroups()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateCodeInterpreter.html
*/
toCreateCodeInterpreter(): this;
/**
* Grants permission to create a new configuration bundle
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateConfigurationBundle.html
*/
toCreateConfigurationBundle(): this;
/**
* Grants permission to create a new evaluator
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateEvaluator.html
*/
toCreateEvaluator(): this;
/**
* Grants permission to create an Event
*
* Access Level: Write
*
* Possible conditions:
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateEvent.html
*/
toCreateEvent(): this;
/**
* Grants permission to create a new gateway
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGateway.html
*/
toCreateGateway(): this;
/**
* Grants permission to create a new rule in an existing gateway
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayRule.html
*/
toCreateGatewayRule(): this;
/**
* Grants permission to create a new target in an existing gateway
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayTarget.html
*/
toCreateGatewayTarget(): this;
/**
* Grants permission to create a new harness
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - bedrock-agentcore:CreateAgentRuntime
* - bedrock-agentcore:GetAgentRuntime
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateHarness.html
*/
toCreateHarness(): this;
/**
* Grants permission to create a Memory resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
* - .ifKmsKeyArn()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateMemory.html
*/
toCreateMemory(): this;
/**
* Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOauth2CredentialProvider.html
*/
toCreateOauth2CredentialProvider(): this;
/**
* Grants permission to create a new online evaluation configuration
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsResourceTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOnlineEvaluationConfig.html
*/
toCreateOnlineEvaluationConfig(): this;
/**
* Grants permission to create a new payment connector under a payment manager
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentConnector.html
*/
toCreatePaymentConnector(): this;
/**
* Grants permission to create a new Payment Credential Provider
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentCredentialProvider.html
*/
toCreatePaymentCredentialProvider(): this;
/**
* Grants permission to create a new payment instrument
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentInstrument.html
*/
toCreatePaymentInstrument(): this;
/**
* Grants permission to create a new payment manager
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentManager.html
*/
toCreatePaymentManager(): this;
/**
* Grants permission to create a new payment session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentSession.html
*/
toCreatePaymentSession(): this;
/**
* Grants permission to create a new policy within a policy engine
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicy.html
*/
toCreatePolicy(): this;
/**
* Grants permission to create a new policy engine
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicyEngine.html
*/
toCreatePolicyEngine(): this;
/**
* Grants permission to create a new registry
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateRegistry.html
*/
toCreateRegistry(): this;
/**
* Grants permission to create a new registry record
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateRegistryRecord.html
*/
toCreateRegistryRecord(): this;
/**
* Grants permission to create a new Workload Identity
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateWorkloadIdentity.html
*/
toCreateWorkloadIdentity(): this;
/**
* Grants permission to delete an A/B test
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteABTest.html
*/
toDeleteABTest(): this;
/**
* Grants permission to delete an agent runtime
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntime.html
*/
toDeleteAgentRuntime(): this;
/**
* Grants permission to delete an agent runtime endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntimeEndpoint.html
*/
toDeleteAgentRuntimeEndpoint(): this;
/**
* Grants permission to delete a registered API Key Credential Provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteApiKeyCredentialProvider.html
*/
toDeleteApiKeyCredentialProvider(): this;
/**
* Grants permission to delete a batch evaluation
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteBatchEvaluation.html
*/
toDeleteBatchEvaluation(): this;
/**
* Grants permission to delete a custom browser
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowser.html
*/
toDeleteBrowser(): this;
/**
* Grants permission to delete a browser profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowserProfile.html
*/
toDeleteBrowserProfile(): this;
/**
* Grants permission to delete a custom code interpreter
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteCodeInterpreter.html
*/
toDeleteCodeInterpreter(): this;
/**
* Grants permission to delete a configuration bundle
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteConfigurationBundle.html
*/
toDeleteConfigurationBundle(): this;
/**
* Grants permission to delete an evaluator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteEvaluator.html
*/
toDeleteEvaluator(): this;
/**
* Grants permission to delete an Event
*
* Access Level: Write
*
* Possible conditions:
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteEvent.html
*/
toDeleteEvent(): this;
/**
* Grants permission to delete an existing gateway
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGateway.html
*/
toDeleteGateway(): this;
/**
* Grants permission to delete an existing gateway rule
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayRule.html
*/
toDeleteGatewayRule(): this;
/**
* Grants permission to delete an existing gateway target
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayTarget.html
*/
toDeleteGatewayTarget(): this;
/**
* Grants permission to delete a harness
*
* Access Level: Write
*
* Dependent actions:
* - bedrock-agentcore:DeleteAgentRuntime
* - bedrock-agentcore:GetAgentRuntime
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteHarness.html
*/
toDeleteHarness(): this;
/**
* Grants permission to delete a Memory resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteMemory.html
*/
toDeleteMemory(): this;
/**
* Grants permission to delete a Memory Record
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteMemoryRecord.html
*/
toDeleteMemoryRecord(): this;
/**
* Grants permission to delete a registered OAuth2 Credential Provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOauth2CredentialProvider.html
*/
toDeleteOauth2CredentialProvider(): this;
/**
* Grants permission to delete an online evaluation configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOnlineEvaluationConfig.html
*/
toDeleteOnlineEvaluationConfig(): this;
/**
* Grants permission to delete a payment connector
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentConnector.html
*/
toDeletePaymentConnector(): this;
/**
* Grants permission to delete a registered Payment Credential Provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentCredentialProvider.html
*/
toDeletePaymentCredentialProvider(): this;
/**
* Grants permission to delete a payment instrument
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentInstrument.html
*/
toDeletePaymentInstrument(): this;
/**
* Grants permission to delete a payment manager
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentManager.html
*/
toDeletePaymentManager(): this;
/**
* Grants permission to delete a payment session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentSession.html
*/
toDeletePaymentSession(): this;
/**
* Grants permission to delete a policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicy.html
*/
toDeletePolicy(): this;
/**
* Grants permission to delete a policy engine
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicyEngine.html
*/
toDeletePolicyEngine(): this;
/**
* Grants permission to delete a recommendation
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteRecommendation.html
*/
toDeleteRecommendation(): this;
/**
* Grants permission to delete an existing registry
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteRegistry.html
*/
toDeleteRegistry(): this;
/**
* Grants permission to delete an existing registry record
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteRegistryRecord.html
*/
toDeleteRegistryRecord(): this;
/**
* Grants permission to delete the resource-based policy for a Bedrock resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy(): this;
/**
* Grants permission to delete a registered Workload Identity
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteWorkloadIdentity.html
*/
toDeleteWorkloadIdentity(): this;
/**
* Grants permission to run an evaluation using an evaluator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_Evaluate.html
*/
toEvaluate(): this;
/**
* Grants permission to get details of an A/B test
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetABTest.html
*/
toGetABTest(): this;
/**
* Grants permission to retrieve an agent card for A2A
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetAgentCard.html
*/
toGetAgentCard(): this;
/**
* Grants permission to get details of an agent runtime
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntime.html
*/
toGetAgentRuntime(): this;
/**
* Grants permission to get details of an agent runtime endpoint
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntimeEndpoint.html
*/
toGetAgentRuntimeEndpoint(): this;
/**
* Grants permission to fetch a registered API Key Credential Provider by its name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetApiKeyCredentialProvider.html
*/
toGetApiKeyCredentialProvider(): this;
/**
* Grants permission to get details of a batch evaluation
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBatchEvaluation.html
*/
toGetBatchEvaluation(): this;
/**
* Grants permission to get details of a browser
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowser.html
*/
toGetBrowser(): this;
/**
* Grants permission to get details of a browser profile
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowserProfile.html
*/
toGetBrowserProfile(): this;
/**
* Grants permission to get details of a browser session
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBrowserSession.html
*/
toGetBrowserSession(): this;
/**
* Grants permission to get details of a code interpreter
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetCodeInterpreter.html
*/
toGetCodeInterpreter(): this;
/**
* Grants permission to get details of a code interpreter session
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetCodeInterpreterSession.html
*/
toGetCodeInterpreterSession(): this;
/**
* Grants permission to get details of a configuration bundle
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetConfigurationBundle.html
*/
toGetConfigurationBundle(): this;
/**
* Grants permission to get a specific version of a configuration bundle
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetConfigurationBundleVersion.html
*/
toGetConfigurationBundleVersion(): this;
/**
* Grants permission to get details of an evaluator
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetEvaluator.html
*/
toGetEvaluator(): this;
/**
* Grants permission to fetch an Event
*
* Access Level: Read
*
* Possible conditions:
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetEvent.html
*/
toGetEvent(): this;
/**
* Grants permission to retrieve an existing gateway
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGateway.html
*/
toGetGateway(): this;
/**
* Grants permission to retrieve an existing gateway rule
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayRule.html
*/
toGetGatewayRule(): this;
/**
* Grants permission to retrieve an existing gateway target
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayTarget.html
*/
toGetGatewayTarget(): this;
/**
* Grants permission to get details of a harness
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetHarness.html
*/
toGetHarness(): this;
/**
* Grants permission to fetch details for a Memory resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetMemory.html
*/
toGetMemory(): this;
/**
* Grants permission to fetch a Memory Record
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetMemoryRecord.html
*/
toGetMemoryRecord(): this;
/**
* Grants permission to fetch a registered OAuth2 Credential Provider by its name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOauth2CredentialProvider.html
*/
toGetOauth2CredentialProvider(): this;
/**
* Grants permission to get details of an online evaluation configuration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOnlineEvaluationConfig.html
*/
toGetOnlineEvaluationConfig(): this;
/**
* Grants permission to retrieve details of a payment connector
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentConnector.html
*/
toGetPaymentConnector(): this;
/**
* Grants permission to fetch a registered Payment Credential Provider by its name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentCredentialProvider.html
*/
toGetPaymentCredentialProvider(): this;
/**
* Grants permission to retrieve details of a payment instrument
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentInstrument.html
*/
toGetPaymentInstrument(): this;
/**
* Grants permission to retrieve the balance of a payment instrument
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentInstrumentBalance.html
*/
toGetPaymentInstrumentBalance(): this;
/**
* Grants permission to retrieve details of a payment manager
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentManager.html
*/
toGetPaymentManager(): this;
/**
* Grants permission to retrieve details of a payment session
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentSession.html
*/
toGetPaymentSession(): this;
/**
* Grants permission to retrieve a policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicy.html
*/
toGetPolicy(): this;
/**
* Grants permission to retrieve a policy engine
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngine.html
*/
toGetPolicyEngine(): this;
/**
* Grants permission to retrieve a summary of a policy engine
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngineSummary.html
*/
toGetPolicyEngineSummary(): this;
/**
* Grants permission to retrieve status and results of a policy generation request
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGeneration.html
*/
toGetPolicyGeneration(): this;
/**
* Grants permission to retrieve a summary of a policy generation request
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGenerationSummary.html
*/
toGetPolicyGenerationSummary(): this;
/**
* Grants permission to retrieve a summary of a policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicySummary.html
*/
toGetPolicySummary(): this;
/**
* Grants permission to get details of a recommendation
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetRecommendation.html
*/
toGetRecommendation(): this;
/**
* Grants permission to retrieve an existing registry
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetRegistry.html
*/
toGetRegistry(): this;
/**
* Grants permission to retrieve an existing registry record
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetRegistryRecord.html
*/
toGetRegistryRecord(): this;
/**
* Grants permission to retrieve an API Key associated with an Api Key Credential Provider
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceApiKey.html
*/
toGetResourceApiKey(): this;
/**
* Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceOauth2Token.html
*/
toGetResourceOauth2Token(): this;
/**
* Grants permission to retrieve a payment authentication token associated with a Payment Credential Provider
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePaymentToken.html
*/
toGetResourcePaymentToken(): this;
/**
* Grants permission to retrieve the resource-based policy for a Bedrock resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePolicy.html
*/
toGetResourcePolicy(): this;
/**
* Grants permission to fetch the current configuration of the TokenVault, including encryption settings
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetTokenVault.html
*/
toGetTokenVault(): this;
/**
* Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessToken.html
*/
toGetWorkloadAccessToken(): this;
/**
* Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token
*
* Access Level: Write
*
* Possible conditions:
* - .ifInboundJwtClaimIss()
* - .ifInboundJwtClaimSub()
* - .ifInboundJwtClaimAud()
* - .ifInboundJwtClaimScope()
* - .ifInboundJwtClaimClientId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForJWT.html
*/
toGetWorkloadAccessTokenForJWT(): this;
/**
* Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id
*
* Access Level: Write
*
* Possible conditions:
* - .ifUserid()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForUserId.html
*/
toGetWorkloadAccessTokenForUserId(): this;
/**
* Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetWorkloadIdentity.html
*/
toGetWorkloadIdentity(): this;
/**
* Grants permission to invoke an agent runtime endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html
*/
toInvokeAgentRuntime(): this;
/**
* Grants permission to invoke commands on an agent runtime endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeCommand.html
*/
toInvokeAgentRuntimeCommand(): this;
/**
* Grants permission to invoke an agent runtime endpoint with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html
*/
toInvokeAgentRuntimeForUser(): this;
/**
* Grants permission to invoke an agent runtime endpoint with WebSocket stream
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html
*/
toInvokeAgentRuntimeWithWebSocketStream(): this;
/**
* Grants permission to invoke an agent runtime endpoint with WebSocket stream and with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html
*/
toInvokeAgentRuntimeWithWebSocketStreamForUser(): this;
/**
* Grants permission to invoke a code interpreter session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeCodeInterpreter.html
*/
toInvokeCodeInterpreter(): this;
/**
* Grants permission to invoke a gateway
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toInvokeGateway(): this;
/**
* Grants permission to invoke a harness
*
* Access Level: Write
*
* Dependent actions:
* - bedrock-agentcore:InvokeAgentRuntime
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeHarness.html
*/
toInvokeHarness(): this;
/**
* Grants permission to invoke an MCP operation against an existing registry
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toInvokeRegistryMcp(): this;
/**
* Grants permission to list A/B tests
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListABTests.html
*/
toListABTests(): this;
/**
* Grants permission to list Actors
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListActors.html
*/
toListActors(): this;
/**
* Grants permission to list agent runtime endpoints
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeEndpoints.html
*/
toListAgentRuntimeEndpoints(): this;
/**
* Grants permission to list agent runtime versions
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeVersions.html
*/
toListAgentRuntimeVersions(): this;
/**
* Grants permission to list agent runtimes
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimes.html
*/
toListAgentRuntimes(): this;
/**
* Grants permission to list all API Key Credential Providers in the Token Vault
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListApiKeyCredentialProviders.html
*/
toListApiKeyCredentialProviders(): this;
/**
* Grants permission to list batch evaluations
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBatchEvaluations.html
*/
toListBatchEvaluations(): this;
/**
* Grants permission to list browser profiles
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowserProfiles.html
*/
toListBrowserProfiles(): this;
/**
* Grants permission to list browser sessions
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBrowserSessions.html
*/
toListBrowserSessions(): this;
/**
* Grants permission to list browsers
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowsers.html
*/
toListBrowsers(): this;
/**
* Grants permission to list code interpreter sessions
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListCodeInterpreterSessions.html
*/
toListCodeInterpreterSessions(): this;
/**
* Grants permission to list code interpreters
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListCodeInterpreters.html
*/
toListCodeInterpreters(): this;
/**
* Grants permission to list versions of a configuration bundle
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListConfigurationBundleVersions.html
*/
toListConfigurationBundleVersions(): this;
/**
* Grants permission to list configuration bundles
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListConfigurationBundles.html
*/
toListConfigurationBundles(): this;
/**
* Grants permission to list evaluators
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListEvaluators.html
*/
toListEvaluators(): this;
/**
* Grants permission to list events
*
* Access Level: List
*
* Possible conditions:
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListEvents.html
*/
toListEvents(): this;
/**
* Grants permission to list existing gateway rules
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayRules.html
*/
toListGatewayRules(): this;
/**
* Grants permission to list existing gateway targets
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayTargets.html
*/
toListGatewayTargets(): this;
/**
* Grants permission to list existing gateways
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGateways.html
*/
toListGateways(): this;
/**
* Grants permission to list harnesses
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListHarnesses.html
*/
toListHarnesses(): this;
/**
* Grants permission to list memory resources
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListMemories.html
*/
toListMemories(): this;
/**
* Grants permission to list extraction jobs for this memory
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryExtractionJobs.html
*/
toListMemoryExtractionJobs(): this;
/**
* Grants permission to list memory records
*
* Access Level: List
*
* Possible conditions:
* - .ifNamespace()
* - .ifStrategyId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryRecords.html
*/
toListMemoryRecords(): this;
/**
* Grants permission to list all OAuth2 Credential Providers in the Token Vault
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOauth2CredentialProviders.html
*/
toListOauth2CredentialProviders(): this;
/**
* Grants permission to list online evaluation configurations
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOnlineEvaluationConfigs.html
*/
toListOnlineEvaluationConfigs(): this;
/**
* Grants permission to list payment connectors under a payment manager
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentConnectors.html
*/
toListPaymentConnectors(): this;
/**
* Grants permission to list all Payment Credential Providers in the Token Vault
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentCredentialProviders.html
*/
toListPaymentCredentialProviders(): this;
/**
* Grants permission to list payment instruments
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentInstruments.html
*/
toListPaymentInstruments(): this;
/**
* Grants permission to list payment managers
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentManagers.html
*/
toListPaymentManagers(): this;
/**
* Grants permission to list payment sessions
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentSessions.html
*/
toListPaymentSessions(): this;
/**
* Grants permission to list policies within a policy engine
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicies.html
*/
toListPolicies(): this;
/**
* Grants permission to list policy engine summaries
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html
*/
toListPolicyEngineSummaries(): this;
/**
* Grants permission to list policy engines
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html
*/
toListPolicyEngines(): this;
/**
* Grants permission to list generated policy assets from a generation request
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationAssets.html
*/
toListPolicyGenerationAssets(): this;
/**
* Grants permission to list policy generation summaries
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html
*/
toListPolicyGenerationSummaries(): this;
/**
* Grants permission to list policy generation requests
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerations.html
*/
toListPolicyGenerations(): this;
/**
* Grants permission to list policy summaries within a policy engine
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html
*/
toListPolicySummaries(): this;
/**
* Grants permission to list recommendations
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListRecommendations.html
*/
toListRecommendations(): this;
/**
* Grants permission to list existing registries
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListRegistries.html
*/
toListRegistries(): this;
/**
* Grants permission to list existing registry records in a registry
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListRegistryRecords.html
*/
toListRegistryRecords(): this;
/**
* Grants permission to list sessions
*
* Access Level: List
*
* Possible conditions:
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListSessions.html
*/
toListSessions(): this;
/**
* Grants permission to list tags for a Bedrock-AgentCore resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource(): this;
/**
* Grants permission to list all Workload Identities in the caller's AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListWorkloadIdentities.html
*/
toListWorkloadIdentities(): this;
/**
* Grants permission to create or modify wildcard policies that apply to gateway resources
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toManageAdminPolicy(): this;
/**
* Grants permission to create or modify policies that apply to specific gateway resources
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toManageResourceScopedPolicy(): this;
/**
* Grants permission to perform partial evaluation of Cedar policies to authorize a caller to list tools they are allowed to call
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toPartiallyAuthorizeActions(): this;
/**
* Grants permission to process a payment transaction
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ProcessPayment.html
*/
toProcessPayment(): this;
/**
* Grants permission to create or update the resource-based policy for a Bedrock resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_PutResourcePolicy.html
*/
toPutResourcePolicy(): this;
/**
* Grants permission to retrieve memory records through sematic query
*
* Access Level: List
*
* Possible conditions:
* - .ifNamespace()
* - .ifStrategyId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_RetrieveMemoryRecords.html
*/
toRetrieveMemoryRecords(): this;
/**
* Grants permission to save a browser session profile
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_SaveBrowserSessionProfile.html
*/