iam-floyd
Version:
AWS IAM policy statement generator with fluent interface
1,571 lines • 207 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.BedrockAgentcore = void 0;
const shared_1 = require("../../shared");
/**
* Statement provider for service [bedrock-agentcore](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrockagentcore.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
class BedrockAgentcore extends shared_1.PolicyStatement {
/**
* Statement provider for service [bedrock-agentcore](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrockagentcore.html).
*
* @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement
*/
constructor(sid) {
super(sid);
this.servicePrefix = 'bedrock-agentcore';
this.accessLevelList = {
'Permissions management': [
'AllowVendedLogDeliveryForResource',
'AuthorizeAction',
'InvokeGateway',
'ManageAdminPolicy',
'ManageResourceScopedPolicy',
'PartiallyAuthorizeActions',
'SynchronizeGatewayTargets'
],
Write: [
'BatchCreateMemoryRecords',
'BatchDeleteMemoryRecords',
'BatchUpdateMemoryRecords',
'CreateAgentRuntime',
'CreateAgentRuntimeEndpoint',
'CreateApiKeyCredentialProvider',
'CreateBrowser',
'CreateCodeInterpreter',
'CreateEvaluator',
'CreateEvent',
'CreateGateway',
'CreateGatewayTarget',
'CreateMemory',
'CreateOauth2CredentialProvider',
'CreateOnlineEvaluationConfig',
'CreatePolicy',
'CreatePolicyEngine',
'CreateWorkloadIdentity',
'DeleteAgentRuntime',
'DeleteAgentRuntimeEndpoint',
'DeleteApiKeyCredentialProvider',
'DeleteBrowser',
'DeleteCodeInterpreter',
'DeleteEvaluator',
'DeleteEvent',
'DeleteGateway',
'DeleteGatewayTarget',
'DeleteMemory',
'DeleteMemoryRecord',
'DeleteOauth2CredentialProvider',
'DeleteOnlineEvaluationConfig',
'DeletePolicy',
'DeletePolicyEngine',
'DeleteResourcePolicy',
'DeleteWorkloadIdentity',
'Evaluate',
'GetWorkloadAccessToken',
'GetWorkloadAccessTokenForJWT',
'GetWorkloadAccessTokenForUserId',
'InvokeAgentRuntime',
'InvokeAgentRuntimeForUser',
'InvokeAgentRuntimeWithWebSocketStream',
'InvokeAgentRuntimeWithWebSocketStreamForUser',
'InvokeCodeInterpreter',
'PutResourcePolicy',
'StartBrowserSession',
'StartCodeInterpreterSession',
'StartMemoryExtractionJob',
'StartPolicyGeneration',
'StopBrowserSession',
'StopCodeInterpreterSession',
'StopRuntimeSession',
'UpdateAgentRuntime',
'UpdateAgentRuntimeEndpoint',
'UpdateApiKeyCredentialProvider',
'UpdateBrowserStream',
'UpdateEvaluator',
'UpdateGateway',
'UpdateGatewayTarget',
'UpdateMemory',
'UpdateOauth2CredentialProvider',
'UpdateOnlineEvaluationConfig',
'UpdatePolicy',
'UpdatePolicyEngine',
'UpdateWorkloadIdentity'
],
Read: [
'CompleteResourceTokenAuth',
'ConnectBrowserAutomationStream',
'ConnectBrowserLiveViewStream',
'GetAgentCard',
'GetAgentRuntime',
'GetAgentRuntimeEndpoint',
'GetApiKeyCredentialProvider',
'GetBrowser',
'GetBrowserSession',
'GetCodeInterpreter',
'GetCodeInterpreterSession',
'GetEvaluator',
'GetEvent',
'GetGateway',
'GetGatewayTarget',
'GetMemory',
'GetMemoryRecord',
'GetOauth2CredentialProvider',
'GetOnlineEvaluationConfig',
'GetPolicy',
'GetPolicyEngine',
'GetPolicyGeneration',
'GetResourceApiKey',
'GetResourceOauth2Token',
'GetResourcePolicy',
'GetTokenVault',
'GetWorkloadIdentity',
'ListApiKeyCredentialProviders',
'ListOauth2CredentialProviders',
'ListWorkloadIdentities',
'SetTokenVaultCMK'
],
List: [
'ListActors',
'ListAgentRuntimeEndpoints',
'ListAgentRuntimeVersions',
'ListAgentRuntimes',
'ListBrowserSessions',
'ListBrowsers',
'ListCodeInterpreterSessions',
'ListCodeInterpreters',
'ListEvaluators',
'ListEvents',
'ListGatewayTargets',
'ListGateways',
'ListMemories',
'ListMemoryExtractionJobs',
'ListMemoryRecords',
'ListOnlineEvaluationConfigs',
'ListPolicies',
'ListPolicyEngines',
'ListPolicyGenerationAssets',
'ListPolicyGenerations',
'ListSessions',
'ListTagsForResource',
'RetrieveMemoryRecords'
],
Tagging: [
'TagResource',
'UntagResource'
]
};
}
/**
* Grants permission to configure vended telemetry for a resource
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/
*/
toAllowVendedLogDeliveryForResource() {
return this.to('AllowVendedLogDeliveryForResource');
}
/**
* Grants permission to evaluate Cedar policies for authorization requests
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toAuthorizeAction() {
return this.to('AuthorizeAction');
}
/**
* Grants permission to create one or more memory records
*
* Access Level: Write
*
* Possible conditions:
* - .ifNamespace()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchCreateMemoryRecords.html
*/
toBatchCreateMemoryRecords() {
return this.to('BatchCreateMemoryRecords');
}
/**
* Grants permission to delete one or more memory records
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchDeleteMemoryRecords.html
*/
toBatchDeleteMemoryRecords() {
return this.to('BatchDeleteMemoryRecords');
}
/**
* Grants permission to update one or more memory records
*
* Access Level: Write
*
* Possible conditions:
* - .ifNamespace()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchUpdateMemoryRecords.html
*/
toBatchUpdateMemoryRecords() {
return this.to('BatchUpdateMemoryRecords');
}
/**
* Grants permission to retrieve access token with OAuth2 for 3LO flow to access external resource
*
* Access Level: Read
*
* Possible conditions:
* - .ifInboundJwtClaimIss()
* - .ifInboundJwtClaimSub()
* - .ifInboundJwtClaimAud()
* - .ifInboundJwtClaimScope()
* - .ifInboundJwtClaimClientId()
* - .ifUserid()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CompleteResourceTokenAuth.html
*/
toCompleteResourceTokenAuth() {
return this.to('CompleteResourceTokenAuth');
}
/**
* Grants permission to connect to a browser automation stream
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserAutomationStream.html
*/
toConnectBrowserAutomationStream() {
return this.to('ConnectBrowserAutomationStream');
}
/**
* Grants permission to connect to a browser live view stream
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserLiveViewStream.html
*/
toConnectBrowserLiveViewStream() {
return this.to('ConnectBrowserLiveViewStream');
}
/**
* Grants permission to create a new agent runtime
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntime.html
*/
toCreateAgentRuntime() {
return this.to('CreateAgentRuntime');
}
/**
* Grants permission to create a new agent runtime endpoint
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntimeEndpoint.html
*/
toCreateAgentRuntimeEndpoint() {
return this.to('CreateAgentRuntimeEndpoint');
}
/**
* Grants permission to create a new API Key Credential Provider
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateApiKeyCredentialProvider.html
*/
toCreateApiKeyCredentialProvider() {
return this.to('CreateApiKeyCredentialProvider');
}
/**
* Grants permission to create a new custom browser
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowser.html
*/
toCreateBrowser() {
return this.to('CreateBrowser');
}
/**
* Grants permission to create a new custom code interpreter
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateCodeInterpreter.html
*/
toCreateCodeInterpreter() {
return this.to('CreateCodeInterpreter');
}
/**
* Grants permission to create a new evaluator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateEvaluator.html
*/
toCreateEvaluator() {
return this.to('CreateEvaluator');
}
/**
* Grants permission to create an Event
*
* Access Level: Write
*
* Possible conditions:
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateEvent.html
*/
toCreateEvent() {
return this.to('CreateEvent');
}
/**
* Grants permission to create a new gateway
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGateway.html
*/
toCreateGateway() {
return this.to('CreateGateway');
}
/**
* Grants permission to create a new target in an existing gateway
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayTarget.html
*/
toCreateGatewayTarget() {
return this.to('CreateGatewayTarget');
}
/**
* Grants permission to create a Memory resource
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateMemory.html
*/
toCreateMemory() {
return this.to('CreateMemory');
}
/**
* Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOauth2CredentialProvider.html
*/
toCreateOauth2CredentialProvider() {
return this.to('CreateOauth2CredentialProvider');
}
/**
* Grants permission to create a new online evaluation configuration
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOnlineEvaluationConfig.html
*/
toCreateOnlineEvaluationConfig() {
return this.to('CreateOnlineEvaluationConfig');
}
/**
* Grants permission to create a new policy within a policy engine
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicy.html
*/
toCreatePolicy() {
return this.to('CreatePolicy');
}
/**
* Grants permission to create a new policy engine
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicyEngine.html
*/
toCreatePolicyEngine() {
return this.to('CreatePolicyEngine');
}
/**
* Grants permission to create a new Workload Identity
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateWorkloadIdentity.html
*/
toCreateWorkloadIdentity() {
return this.to('CreateWorkloadIdentity');
}
/**
* Grants permission to delete an agent runtime
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntime.html
*/
toDeleteAgentRuntime() {
return this.to('DeleteAgentRuntime');
}
/**
* Grants permission to delete an agent runtime endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntimeEndpoint.html
*/
toDeleteAgentRuntimeEndpoint() {
return this.to('DeleteAgentRuntimeEndpoint');
}
/**
* Grants permission to delete a registered API Key Credential Provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteApiKeyCredentialProvider.html
*/
toDeleteApiKeyCredentialProvider() {
return this.to('DeleteApiKeyCredentialProvider');
}
/**
* Grants permission to delete a custom browser
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowser.html
*/
toDeleteBrowser() {
return this.to('DeleteBrowser');
}
/**
* Grants permission to delete a custom code interpreter
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteCodeInterpreter.html
*/
toDeleteCodeInterpreter() {
return this.to('DeleteCodeInterpreter');
}
/**
* Grants permission to delete an evaluator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteEvaluator.html
*/
toDeleteEvaluator() {
return this.to('DeleteEvaluator');
}
/**
* Grants permission to delete an Event
*
* Access Level: Write
*
* Possible conditions:
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteEvent.html
*/
toDeleteEvent() {
return this.to('DeleteEvent');
}
/**
* Grants permission to delete an existing gateway
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGateway.html
*/
toDeleteGateway() {
return this.to('DeleteGateway');
}
/**
* Grants permission to delete an existing gateway target
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayTarget.html
*/
toDeleteGatewayTarget() {
return this.to('DeleteGatewayTarget');
}
/**
* Grants permission to delete a Memory resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteMemory.html
*/
toDeleteMemory() {
return this.to('DeleteMemory');
}
/**
* Grants permission to delete a Memory Record
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteMemoryRecord.html
*/
toDeleteMemoryRecord() {
return this.to('DeleteMemoryRecord');
}
/**
* Grants permission to delete a registered OAuth2 Credential Provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOauth2CredentialProvider.html
*/
toDeleteOauth2CredentialProvider() {
return this.to('DeleteOauth2CredentialProvider');
}
/**
* Grants permission to delete an online evaluation configuration
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOnlineEvaluationConfig.html
*/
toDeleteOnlineEvaluationConfig() {
return this.to('DeleteOnlineEvaluationConfig');
}
/**
* Grants permission to delete a policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicy.html
*/
toDeletePolicy() {
return this.to('DeletePolicy');
}
/**
* Grants permission to delete a policy engine
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicyEngine.html
*/
toDeletePolicyEngine() {
return this.to('DeletePolicyEngine');
}
/**
* Grants permission to delete the resource-based policy for a Bedrock resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteResourcePolicy.html
*/
toDeleteResourcePolicy() {
return this.to('DeleteResourcePolicy');
}
/**
* Grants permission to delete a registered Workload Identity
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteWorkloadIdentity.html
*/
toDeleteWorkloadIdentity() {
return this.to('DeleteWorkloadIdentity');
}
/**
* Grants permission to run an evaluation using an evaluator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_Evaluate.html
*/
toEvaluate() {
return this.to('Evaluate');
}
/**
* Grants permission to retrieve an agent card for A2A
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetAgentCard.html
*/
toGetAgentCard() {
return this.to('GetAgentCard');
}
/**
* Grants permission to get details of an agent runtime
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntime.html
*/
toGetAgentRuntime() {
return this.to('GetAgentRuntime');
}
/**
* Grants permission to get details of an agent runtime endpoint
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntimeEndpoint.html
*/
toGetAgentRuntimeEndpoint() {
return this.to('GetAgentRuntimeEndpoint');
}
/**
* Grants permission to fetch a registered API Key Credential Provider by its name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetApiKeyCredentialProvider.html
*/
toGetApiKeyCredentialProvider() {
return this.to('GetApiKeyCredentialProvider');
}
/**
* Grants permission to get details of a browser
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowser.html
*/
toGetBrowser() {
return this.to('GetBrowser');
}
/**
* Grants permission to get details of a browser session
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBrowserSession.html
*/
toGetBrowserSession() {
return this.to('GetBrowserSession');
}
/**
* Grants permission to get details of a code interpreter
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetCodeInterpreter.html
*/
toGetCodeInterpreter() {
return this.to('GetCodeInterpreter');
}
/**
* Grants permission to get details of a code interpreter session
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetCodeInterpreterSession.html
*/
toGetCodeInterpreterSession() {
return this.to('GetCodeInterpreterSession');
}
/**
* Grants permission to get details of an evaluator
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetEvaluator.html
*/
toGetEvaluator() {
return this.to('GetEvaluator');
}
/**
* Grants permission to fetch an Event
*
* Access Level: Read
*
* Possible conditions:
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetEvent.html
*/
toGetEvent() {
return this.to('GetEvent');
}
/**
* Grants permission to retrieve an existing gateway
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGateway.html
*/
toGetGateway() {
return this.to('GetGateway');
}
/**
* Grants permission to retrieve an existing gateway target
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayTarget.html
*/
toGetGatewayTarget() {
return this.to('GetGatewayTarget');
}
/**
* Grants permission to fetch details for a Memory resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetMemory.html
*/
toGetMemory() {
return this.to('GetMemory');
}
/**
* Grants permission to fetch a Memory Record
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetMemoryRecord.html
*/
toGetMemoryRecord() {
return this.to('GetMemoryRecord');
}
/**
* Grants permission to fetch a registered OAuth2 Credential Provider by its name
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOauth2CredentialProvider.html
*/
toGetOauth2CredentialProvider() {
return this.to('GetOauth2CredentialProvider');
}
/**
* Grants permission to get details of an online evaluation configuration
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOnlineEvaluationConfig.html
*/
toGetOnlineEvaluationConfig() {
return this.to('GetOnlineEvaluationConfig');
}
/**
* Grants permission to retrieve a policy
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicy.html
*/
toGetPolicy() {
return this.to('GetPolicy');
}
/**
* Grants permission to retrieve a policy engine
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngine.html
*/
toGetPolicyEngine() {
return this.to('GetPolicyEngine');
}
/**
* Grants permission to retrieve status and results of a policy generation request
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGeneration.html
*/
toGetPolicyGeneration() {
return this.to('GetPolicyGeneration');
}
/**
* Grants permission to retrieve an API Key associated with an Api Key Credential Provider
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceApiKey.html
*/
toGetResourceApiKey() {
return this.to('GetResourceApiKey');
}
/**
* Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceOauth2Token.html
*/
toGetResourceOauth2Token() {
return this.to('GetResourceOauth2Token');
}
/**
* Grants permission to retrieve the resource-based policy for a Bedrock resource
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePolicy.html
*/
toGetResourcePolicy() {
return this.to('GetResourcePolicy');
}
/**
* Grants permission to fetch the current configuration of the TokenVault, including encryption settings
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetTokenVault.html
*/
toGetTokenVault() {
return this.to('GetTokenVault');
}
/**
* Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessToken.html
*/
toGetWorkloadAccessToken() {
return this.to('GetWorkloadAccessToken');
}
/**
* Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token
*
* Access Level: Write
*
* Possible conditions:
* - .ifInboundJwtClaimIss()
* - .ifInboundJwtClaimSub()
* - .ifInboundJwtClaimAud()
* - .ifInboundJwtClaimScope()
* - .ifInboundJwtClaimClientId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForJWT.html
*/
toGetWorkloadAccessTokenForJWT() {
return this.to('GetWorkloadAccessTokenForJWT');
}
/**
* Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id
*
* Access Level: Write
*
* Possible conditions:
* - .ifUserid()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForUserId.html
*/
toGetWorkloadAccessTokenForUserId() {
return this.to('GetWorkloadAccessTokenForUserId');
}
/**
* Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetWorkloadIdentity.html
*/
toGetWorkloadIdentity() {
return this.to('GetWorkloadIdentity');
}
/**
* Grants permission to invoke an agent runtime endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html
*/
toInvokeAgentRuntime() {
return this.to('InvokeAgentRuntime');
}
/**
* Grants permission to invoke an agent runtime endpoint with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html
*/
toInvokeAgentRuntimeForUser() {
return this.to('InvokeAgentRuntimeForUser');
}
/**
* Grants permission to invoke an agent runtime endpoint with WebSocket stream
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html
*/
toInvokeAgentRuntimeWithWebSocketStream() {
return this.to('InvokeAgentRuntimeWithWebSocketStream');
}
/**
* Grants permission to invoke an agent runtime endpoint with WebSocket stream and with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html
*/
toInvokeAgentRuntimeWithWebSocketStreamForUser() {
return this.to('InvokeAgentRuntimeWithWebSocketStreamForUser');
}
/**
* Grants permission to invoke a code interpreter session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeCodeInterpreter.html
*/
toInvokeCodeInterpreter() {
return this.to('InvokeCodeInterpreter');
}
/**
* Grants permission to invoke a gateway
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toInvokeGateway() {
return this.to('InvokeGateway');
}
/**
* Grants permission to list Actors
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListActors.html
*/
toListActors() {
return this.to('ListActors');
}
/**
* Grants permission to list agent runtime endpoints
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeEndpoints.html
*/
toListAgentRuntimeEndpoints() {
return this.to('ListAgentRuntimeEndpoints');
}
/**
* Grants permission to list agent runtime versions
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeVersions.html
*/
toListAgentRuntimeVersions() {
return this.to('ListAgentRuntimeVersions');
}
/**
* Grants permission to list agent runtimes
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimes.html
*/
toListAgentRuntimes() {
return this.to('ListAgentRuntimes');
}
/**
* Grants permission to list all API Key Credential Providers in the Token Vault
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListApiKeyCredentialProviders.html
*/
toListApiKeyCredentialProviders() {
return this.to('ListApiKeyCredentialProviders');
}
/**
* Grants permission to list browser sessions
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBrowserSessions.html
*/
toListBrowserSessions() {
return this.to('ListBrowserSessions');
}
/**
* Grants permission to list browsers
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowsers.html
*/
toListBrowsers() {
return this.to('ListBrowsers');
}
/**
* Grants permission to list code interpreter sessions
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListCodeInterpreterSessions.html
*/
toListCodeInterpreterSessions() {
return this.to('ListCodeInterpreterSessions');
}
/**
* Grants permission to list code interpreters
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListCodeInterpreters.html
*/
toListCodeInterpreters() {
return this.to('ListCodeInterpreters');
}
/**
* Grants permission to list evaluators
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListEvaluators.html
*/
toListEvaluators() {
return this.to('ListEvaluators');
}
/**
* Grants permission to list events
*
* Access Level: List
*
* Possible conditions:
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListEvents.html
*/
toListEvents() {
return this.to('ListEvents');
}
/**
* Grants permission to list existing gateway targets
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayTargets.html
*/
toListGatewayTargets() {
return this.to('ListGatewayTargets');
}
/**
* Grants permission to list existing gateways
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGateways.html
*/
toListGateways() {
return this.to('ListGateways');
}
/**
* Grants permission to list memory resources
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListMemories.html
*/
toListMemories() {
return this.to('ListMemories');
}
/**
* Grants permission to list extraction jobs for this memory
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryExtractionJobs.html
*/
toListMemoryExtractionJobs() {
return this.to('ListMemoryExtractionJobs');
}
/**
* Grants permission to list memory records
*
* Access Level: List
*
* Possible conditions:
* - .ifNamespace()
* - .ifStrategyId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryRecords.html
*/
toListMemoryRecords() {
return this.to('ListMemoryRecords');
}
/**
* Grants permission to list all OAuth2 Credential Providers in the Token Vault
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOauth2CredentialProviders.html
*/
toListOauth2CredentialProviders() {
return this.to('ListOauth2CredentialProviders');
}
/**
* Grants permission to list online evaluation configurations
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOnlineEvaluationConfigs.html
*/
toListOnlineEvaluationConfigs() {
return this.to('ListOnlineEvaluationConfigs');
}
/**
* Grants permission to list policies within a policy engine
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicies.html
*/
toListPolicies() {
return this.to('ListPolicies');
}
/**
* Grants permission to list policy engines
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html
*/
toListPolicyEngines() {
return this.to('ListPolicyEngines');
}
/**
* Grants permission to list generated policy assets from a generation request
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationAssets.html
*/
toListPolicyGenerationAssets() {
return this.to('ListPolicyGenerationAssets');
}
/**
* Grants permission to list policy generation requests
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerations.html
*/
toListPolicyGenerations() {
return this.to('ListPolicyGenerations');
}
/**
* Grants permission to list sessions
*
* Access Level: List
*
* Possible conditions:
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListSessions.html
*/
toListSessions() {
return this.to('ListSessions');
}
/**
* Grants permission to list tags for a Bedrock-AgentCore resource
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListTagsForResource.html
*/
toListTagsForResource() {
return this.to('ListTagsForResource');
}
/**
* Grants permission to list all Workload Identities in the caller's AWS account
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListWorkloadIdentities.html
*/
toListWorkloadIdentities() {
return this.to('ListWorkloadIdentities');
}
/**
* Grants permission to create or modify wildcard policies that apply to gateway resources
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toManageAdminPolicy() {
return this.to('ManageAdminPolicy');
}
/**
* Grants permission to create or modify policies that apply to specific gateway resources
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toManageResourceScopedPolicy() {
return this.to('ManageResourceScopedPolicy');
}
/**
* Grants permission to perform partial evaluation of Cedar policies to authorize a caller to list tools they are allowed to call
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toPartiallyAuthorizeActions() {
return this.to('PartiallyAuthorizeActions');
}
/**
* Grants permission to create or update the resource-based policy for a Bedrock resource
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_PutResourcePolicy.html
*/
toPutResourcePolicy() {
return this.to('PutResourcePolicy');
}
/**
* Grants permission to retrieve memory records through sematic query
*
* Access Level: List
*
* Possible conditions:
* - .ifNamespace()
* - .ifStrategyId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_RetrieveMemoryRecords.html
*/
toRetrieveMemoryRecords() {
return this.to('RetrieveMemoryRecords');
}
/**
* Grants permission to associate a Customer Managed Key (CMK) or a Service Managed Key with a specific TokenVault
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SetTokenVaultCMK.html
*/
toSetTokenVaultCMK() {
return this.to('SetTokenVaultCMK');
}
/**
* Grants permission to starts a new browser session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartBrowserSession.html
*/
toStartBrowserSession() {
return this.to('StartBrowserSession');
}
/**
* Grants permission to start a new code interpreter session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartCodeInterpreterSession.html
*/
toStartCodeInterpreterSession() {
return this.to('StartCodeInterpreterSession');
}
/**
* Grants permission to start memory extraction job
*
* Access Level: Write
*
* Possible conditions:
* - .ifStrategyId()
* - .ifSessionId()
* - .ifActorId()
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartMemoryExtractionJob.html
*/
toStartMemoryExtractionJob() {
return this.to('StartMemoryExtractionJob');
}
/**
* Grants permission to start an AI-powered policy generation request
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_StartPolicyGeneration.html
*/
toStartPolicyGeneration() {
return this.to('StartPolicyGeneration');
}
/**
* Grants permission to stop a browser session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopBrowserSession.html
*/
toStopBrowserSession() {
return this.to('StopBrowserSession');
}
/**
* Grants permission to stop a code interpreter session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopCodeInterpreterSession.html
*/
toStopCodeInterpreterSession() {
return this.to('StopCodeInterpreterSession');
}
/**
* Grants permission to stop a runtime session
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopRuntimeSession.html
*/
toStopRuntimeSession() {
return this.to('StopRuntimeSession');
}
/**
* Grants permission to enable search on gateways
*
* Access Level: Permissions management
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
*/
toSynchronizeGatewayTargets() {
return this.to('SynchronizeGatewayTargets');
}
/**
* Grants permission to Tag a Bedrock-AgentCore resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_TagResource.html
*/
toTagResource() {
return this.to('TagResource');
}
/**
* Grants permission to Untag a Bedrock-AgentCore resource
*
* Access Level: Tagging
*
* Possible conditions:
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UntagResource.html
*/
toUntagResource() {
return this.to('UntagResource');
}
/**
* Grants permission to update an agent runtime
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateAgentRuntime.html
*/
toUpdateAgentRuntime() {
return this.to('UpdateAgentRuntime');
}
/**
* Grants permission to update an agent runtime endpoint
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateAgentRuntimeEndpoint.html
*/
toUpdateAgentRuntimeEndpoint() {
return this.to('UpdateAgentRuntimeEndpoint');
}
/**
* Grants permission to update an existing API Key Credential Provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateApiKeyCredentialProvider.html
*/
toUpdateApiKeyCredentialProvider() {
return this.to('UpdateApiKeyCredentialProvider');
}
/**
* Grants permission to update the status of browser session stream
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_UpdateBrowserStream.html
*/
toUpdateBrowserStream() {
return this.to('UpdateBrowserStream');
}
/**
* Grants permission to update an evaluator
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateEvaluator.html
*/
toUpdateEvaluator() {
return this.to('UpdateEvaluator');
}
/**
* Grants permission to update an existing gateway
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGateway.html
*/
toUpdateGateway() {
return this.to('UpdateGateway');
}
/**
* Grants permission to update an existing gateway target
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGatewayTarget.html
*/
toUpdateGatewayTarget() {
return this.to('UpdateGatewayTarget');
}
/**
* Grants permission to update a Memory resource
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateMemory.html
*/
toUpdateMemory() {
return this.to('UpdateMemory');
}
/**
* Grants permission to update an existing OAuth2 Credential Provider
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateOauth2CredentialProvider.html
*/
toUpdateOauth2CredentialProvider() {
return this.to('UpdateOauth2CredentialProvider');
}
/**
* Grants permission to update an online evaluation configuration
*
* Access Level: Write
*
* Dependent actions:
* - iam:PassRole
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateOnlineEvaluationConfig.html
*/
toUpdateOnlineEvaluationConfig() {
return this.to('UpdateOnlineEvaluationConfig');
}
/**
* Grants permission to update an existing policy
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePolicy.html
*/
toUpdatePolicy() {
return this.to('UpdatePolicy');
}
/**
* Grants permission to update a policy engine
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePolicyEngine.html
*/
toUpdatePolicyEngine() {
return this.to('UpdatePolicyEngine');
}
/**
* Grants permission to update the metadata of an existing Workload Identity
*
* Access Level: Write
*
* https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateWorkloadIdentity.html
*/
toUpdateWorkloadIdentity() {
return this.to('UpdateWorkloadIdentity');
}
/**
* Adds a resource of type evaluator to the statement
*
* https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/evaluator.html
*
* @param evaluatorId - Identifier for the evaluatorId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's part