interface AddPolicyOptions
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.AddPolicyOptions |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#AddPolicyOptions |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.AddPolicyOptions |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.AddPolicyOptions |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป AddPolicyOptions |
Options for adding a policy via PolicyEngine.addPolicy().
Example
declare const policyEngine: agentcore.PolicyEngine;
declare const gateway: agentcore.Gateway;
// Allow specific tool actions on specific gateway
// Action names follow pattern: "ToolName__operation"
policyEngine.addPolicy("SpecificToolPolicy", {
statement: agentcore.PolicyStatement.permit()
.forPrincipal('AgentCore::OAuthUser::your-client-id')
.onActions([
'AgentCore::Action::WeatherTool__get_forecast',
'AgentCore::Action::WeatherTool__get_current',
])
.onResource('AgentCore::Gateway', gateway.gatewayArn),
description: "Allow specific weather tool operations",
validationMode: agentcore.PolicyValidationMode.FAIL_ON_ANY_FINDINGS,
});
// Generated Cedar:
// permit(
// principal is AgentCore::OAuthUser,
// action in [
// AgentCore::Action::"WeatherTool__get_forecast",
// AgentCore::Action::"WeatherTool__get_current"
// ],
// resource == AgentCore::Gateway::"arn:aws:bedrock-agentcore:us-east-1:123:gateway/gw-123"
// );
Properties
| Name | Type | Description |
|---|---|---|
| definition? | string | Cedar policy statement (35-153,600 characters). |
| description? | string | Optional description for the policy (max 4,096 characters). |
| policy | string | The name of the policy. |
| statement? | Policy | Type-safe Cedar policy statement built using PolicyStatement builder. |
| validation | Policy | Validation mode for the policy. |
definition?
Type:
string
(optional, default: Must provide either definition or statement)
Cedar policy statement (35-153,600 characters).
You must specify either definition or statement, but not both.
description?
Type:
string
(optional, default: No description)
Optional description for the policy (max 4,096 characters).
policyName?
Type:
string
(optional, default: Auto-generated unique name)
The name of the policy.
Valid characters: a-z, A-Z, 0-9, _ (underscore) Must start with a letter, 1-48 characters
statement?
Type:
Policy
(optional, default: Must provide either definition or statement)
Type-safe Cedar policy statement built using PolicyStatement builder.
Use this for a type-safe, form-like API to build Cedar policies without writing raw Cedar syntax. The builder validates at synthesis time.
You must specify either definition or statement, but not both.
validationMode?
Type:
Policy
(optional, default: PolicyValidationMode.FAIL_ON_ANY_FINDINGS)
Validation mode for the policy.