BedrockAgentCoreControl / Client / update_registry
update_registry¶
- BedrockAgentCoreControl.Client.update_registry(**kwargs)¶
Updates an existing registry. This operation uses PATCH semantics, so you only need to specify the fields you want to change.
See also: AWS API Documentation
Request Syntax
response = client.update_registry( registryId='string', name='string', description={ 'optionalValue': 'string' }, authorizerConfiguration={ 'optionalValue': { 'customJWTAuthorizer': { 'discoveryUrl': 'string', 'allowedAudience': [ 'string', ], 'allowedClients': [ 'string', ], 'allowedScopes': [ 'string', ], 'customClaims': [ { 'inboundTokenClaimName': 'string', 'inboundTokenClaimValueType': 'STRING'|'STRING_ARRAY', 'authorizingClaimMatchValue': { 'claimMatchValue': { 'matchValueString': 'string', 'matchValueStringList': [ 'string', ] }, 'claimMatchOperator': 'EQUALS'|'CONTAINS'|'CONTAINS_ANY' } }, ], 'privateEndpoint': { 'selfManagedLatticeResource': { 'resourceConfigurationIdentifier': 'string' }, 'managedVpcResource': { 'vpcIdentifier': 'string', 'subnetIds': [ 'string', ], 'endpointIpAddressType': 'IPV4'|'IPV6', 'securityGroupIds': [ 'string', ], 'tags': { 'string': 'string' }, 'routingDomain': 'string' } }, 'privateEndpointOverrides': [ { 'domain': 'string', 'privateEndpoint': { 'selfManagedLatticeResource': { 'resourceConfigurationIdentifier': 'string' }, 'managedVpcResource': { 'vpcIdentifier': 'string', 'subnetIds': [ 'string', ], 'endpointIpAddressType': 'IPV4'|'IPV6', 'securityGroupIds': [ 'string', ], 'tags': { 'string': 'string' }, 'routingDomain': 'string' } } }, ] } } }, approvalConfiguration={ 'optionalValue': { 'autoApproval': True|False } } )
- Parameters:
registryId (string) –
[REQUIRED]
The identifier of the registry to update. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
name (string) – The updated name of the registry.
description (dict) –
The updated description of the registry. To clear the description, include the
UpdatedDescriptionwrapper withoptionalValuenot specified.optionalValue (string) –
Represents an optional value that is used to update the human-readable description of the resource. If not specified, it will clear the current description of the resource.
authorizerConfiguration (dict) –
The updated authorizer configuration for the registry. Changing the authorizer configuration can break existing consumers of the registry who are using the authorization type prior to the update.
optionalValue (dict) –
The updated authorizer configuration value. If not specified, it will clear the current authorizer configuration of the resource.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
customJWTAuthorizer.customJWTAuthorizer (dict) –
The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
discoveryUrl (string) – [REQUIRED]
This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
allowedAudience (list) –
Represents individual audience values that are validated in the incoming JWT token validation process.
(string) –
allowedClients (list) –
Represents individual client IDs that are validated in the incoming JWT token validation process.
(string) –
allowedScopes (list) –
An array of scopes that are allowed to access the token.
(string) –
customClaims (list) –
An array of objects that define a custom claim validation name, value, and operation
(dict) –
Defines the name of a custom claim field and rules for finding matches to authenticate its value.
inboundTokenClaimName (string) – [REQUIRED]
The name of the custom claim field to check.
inboundTokenClaimValueType (string) – [REQUIRED]
The data type of the claim value to check for.
Use
STRINGif you want to find an exact match to a string you define.Use
STRING_ARRAYif you want to fnd a match to at least one value in an array you define.
authorizingClaimMatchValue (dict) – [REQUIRED]
Defines the value or values to match for and the relationship of the match.
claimMatchValue (dict) – [REQUIRED]
The value or values to match for.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
matchValueString,matchValueStringList.matchValueString (string) –
The string value to match for.
matchValueStringList (list) –
An array of strings to check for a match.
(string) –
claimMatchOperator (string) – [REQUIRED]
Defines the relationship between the claim field value and the value or values you’re matching for.
privateEndpoint (dict) –
The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
selfManagedLatticeResource,managedVpcResource.selfManagedLatticeResource (dict) –
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
resourceConfigurationIdentifier.resourceConfigurationIdentifier (string) –
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) –
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) – [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) – [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) –
endpointIpAddressType (string) – [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) –
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) –
tags (dict) –
Tags to apply to the managed VPC Lattice resource gateway.
(string) –
(string) –
routingDomain (string) –
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) –
The private endpoint overrides for the custom JWT authorizer configuration.
(dict) –
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) – [REQUIRED]
The domain to override with a private endpoint.
privateEndpoint (dict) – [REQUIRED]
The private endpoint configuration for the specified domain.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
selfManagedLatticeResource,managedVpcResource.selfManagedLatticeResource (dict) –
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
resourceConfigurationIdentifier.resourceConfigurationIdentifier (string) –
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) –
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) – [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) – [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) –
endpointIpAddressType (string) – [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) –
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) –
tags (dict) –
Tags to apply to the managed VPC Lattice resource gateway.
(string) –
(string) –
routingDomain (string) –
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
approvalConfiguration (dict) –
The updated approval configuration for registry records. The updated configuration only affects new records that move to
PENDING_APPROVALstatus after the change. Existing records already inPENDING_APPROVALstatus are not affected.optionalValue (dict) –
The updated approval configuration value. Set to
nullto unset the approval configuration.autoApproval (boolean) –
Whether registry records are auto-approved. When set to
true, records are automatically approved upon creation. When set tofalse(the default), records require explicit approval for security purposes.
- Return type:
dict
- Returns:
Response Syntax
{ 'name': 'string', 'description': 'string', 'registryId': 'string', 'registryArn': 'string', 'authorizerType': 'CUSTOM_JWT'|'AWS_IAM', 'authorizerConfiguration': { 'customJWTAuthorizer': { 'discoveryUrl': 'string', 'allowedAudience': [ 'string', ], 'allowedClients': [ 'string', ], 'allowedScopes': [ 'string', ], 'customClaims': [ { 'inboundTokenClaimName': 'string', 'inboundTokenClaimValueType': 'STRING'|'STRING_ARRAY', 'authorizingClaimMatchValue': { 'claimMatchValue': { 'matchValueString': 'string', 'matchValueStringList': [ 'string', ] }, 'claimMatchOperator': 'EQUALS'|'CONTAINS'|'CONTAINS_ANY' } }, ], 'privateEndpoint': { 'selfManagedLatticeResource': { 'resourceConfigurationIdentifier': 'string' }, 'managedVpcResource': { 'vpcIdentifier': 'string', 'subnetIds': [ 'string', ], 'endpointIpAddressType': 'IPV4'|'IPV6', 'securityGroupIds': [ 'string', ], 'tags': { 'string': 'string' }, 'routingDomain': 'string' } }, 'privateEndpointOverrides': [ { 'domain': 'string', 'privateEndpoint': { 'selfManagedLatticeResource': { 'resourceConfigurationIdentifier': 'string' }, 'managedVpcResource': { 'vpcIdentifier': 'string', 'subnetIds': [ 'string', ], 'endpointIpAddressType': 'IPV4'|'IPV6', 'securityGroupIds': [ 'string', ], 'tags': { 'string': 'string' }, 'routingDomain': 'string' } } }, ] } }, 'approvalConfiguration': { 'autoApproval': True|False }, 'status': 'CREATING'|'READY'|'UPDATING'|'CREATE_FAILED'|'UPDATE_FAILED'|'DELETING'|'DELETE_FAILED', 'statusReason': 'string', 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1) }
Response Structure
(dict) –
name (string) –
The name of the updated registry.
description (string) –
The description of the updated registry.
registryId (string) –
The unique identifier of the updated registry.
registryArn (string) –
The Amazon Resource Name (ARN) of the updated registry.
authorizerType (string) –
The type of authorizer used by the updated registry. This controls the authorization method for the Search and Invoke APIs used by consumers.
CUSTOM_JWT- Authorize with a bearer token.AWS_IAM- Authorize with your Amazon Web Services IAM credentials.
authorizerConfiguration (dict) –
The authorizer configuration for the updated registry. For details, see the
AuthorizerConfigurationdata type.Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
customJWTAuthorizer. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
customJWTAuthorizer (dict) –
The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
discoveryUrl (string) –
This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
allowedAudience (list) –
Represents individual audience values that are validated in the incoming JWT token validation process.
(string) –
allowedClients (list) –
Represents individual client IDs that are validated in the incoming JWT token validation process.
(string) –
allowedScopes (list) –
An array of scopes that are allowed to access the token.
(string) –
customClaims (list) –
An array of objects that define a custom claim validation name, value, and operation
(dict) –
Defines the name of a custom claim field and rules for finding matches to authenticate its value.
inboundTokenClaimName (string) –
The name of the custom claim field to check.
inboundTokenClaimValueType (string) –
The data type of the claim value to check for.
Use
STRINGif you want to find an exact match to a string you define.Use
STRING_ARRAYif you want to fnd a match to at least one value in an array you define.
authorizingClaimMatchValue (dict) –
Defines the value or values to match for and the relationship of the match.
claimMatchValue (dict) –
The value or values to match for.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
matchValueString,matchValueStringList. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
matchValueString (string) –
The string value to match for.
matchValueStringList (list) –
An array of strings to check for a match.
(string) –
claimMatchOperator (string) –
Defines the relationship between the claim field value and the value or values you’re matching for.
privateEndpoint (dict) –
The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
selfManagedLatticeResource,managedVpcResource. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
selfManagedLatticeResource (dict) –
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
resourceConfigurationIdentifier. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
resourceConfigurationIdentifier (string) –
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) –
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) –
The ID of the VPC that contains your private resource.
subnetIds (list) –
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) –
endpointIpAddressType (string) –
The IP address type for the resource configuration endpoint.
securityGroupIds (list) –
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) –
tags (dict) –
Tags to apply to the managed VPC Lattice resource gateway.
(string) –
(string) –
routingDomain (string) –
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) –
The private endpoint overrides for the custom JWT authorizer configuration.
(dict) –
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) –
The domain to override with a private endpoint.
privateEndpoint (dict) –
The private endpoint configuration for the specified domain.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
selfManagedLatticeResource,managedVpcResource. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
selfManagedLatticeResource (dict) –
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
resourceConfigurationIdentifier. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
resourceConfigurationIdentifier (string) –
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) –
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) –
The ID of the VPC that contains your private resource.
subnetIds (list) –
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) –
endpointIpAddressType (string) –
The IP address type for the resource configuration endpoint.
securityGroupIds (list) –
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) –
tags (dict) –
Tags to apply to the managed VPC Lattice resource gateway.
(string) –
(string) –
routingDomain (string) –
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
approvalConfiguration (dict) –
The approval configuration for the updated registry. For details, see the
ApprovalConfigurationdata type.autoApproval (boolean) –
Whether registry records are auto-approved. When set to
true, records are automatically approved upon creation. When set tofalse(the default), records require explicit approval for security purposes.
status (string) –
The current status of the updated registry. Possible values include
CREATING,READY,UPDATING,CREATE_FAILED,UPDATE_FAILED,DELETING, andDELETE_FAILED.statusReason (string) –
The reason for the current status of the updated registry.
createdAt (datetime) –
The timestamp when the registry was created.
updatedAt (datetime) –
The timestamp when the registry was last updated.
Exceptions
BedrockAgentCoreControl.Client.exceptions.ServiceQuotaExceededExceptionBedrockAgentCoreControl.Client.exceptions.AccessDeniedExceptionBedrockAgentCoreControl.Client.exceptions.ConflictExceptionBedrockAgentCoreControl.Client.exceptions.ValidationExceptionBedrockAgentCoreControl.Client.exceptions.ResourceNotFoundExceptionBedrockAgentCoreControl.Client.exceptions.ThrottlingExceptionBedrockAgentCoreControl.Client.exceptions.InternalServerException