2.251.0

class PolicyValidationMode ๐Ÿ”น

LanguageType name
.NETAmazon.CDK.AWS.Bedrock.Agentcore.Alpha.PolicyValidationMode
Gogithub.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#PolicyValidationMode
Javasoftware.amazon.awscdk.services.bedrock.agentcore.alpha.PolicyValidationMode
Pythonaws_cdk.aws_bedrock_agentcore_alpha.PolicyValidationMode
TypeScript (source)@aws-cdk/aws-bedrock-agentcore-alpha ยป PolicyValidationMode

Validation mode for Cedar policy definitions.

Example

const gateway = new agentcore.Gateway(this, "MyGateway", {
  gatewayName: "my-gateway",
});

const policyEngine = new agentcore.PolicyEngine(this, "MyPolicyEngine", {
  policyEngineName: "my_policy_engine",
});

const allowAllPolicy = new agentcore.Policy(this, "AllowAllPolicy", {
  policyEngine: policyEngine,
  policyName: "allow_all",
  statement: agentcore.PolicyStatement.permit()
    .forAllPrincipals() // ** This will give overly permission to all principals
    .onAllActions()
    .onResource('AgentCore::Gateway', gateway.gatewayArn),
  description: "Allow all actions on specific gateway (development only)",
  validationMode: agentcore.PolicyValidationMode.IGNORE_ALL_FINDINGS,
});

// Generated Cedar:
// permit(
//   principal,
//   action,
//   resource == AgentCore::Gateway::"arn:aws:bedrock-agentcore:region:account:gateway/gateway-id"
// );

Initializer

new PolicyValidationMode(value: string)

Parameters

  • value string

Properties

NameTypeDescription
value๐Ÿ”นstringThe string value of the validation mode.
static FAIL_ON_ANY_FINDINGS๐Ÿ”นPolicyValidationModeFail policy creation if any validation findings are detected.
static IGNORE_ALL_FINDINGS๐Ÿ”นPolicyValidationModeIgnore all validation findings and create the policy anyway.

value๐Ÿ”น

Type: string

The string value of the validation mode.

static FAIL_ON_ANY_FINDINGS๐Ÿ”น

Type: PolicyValidationMode

Fail policy creation if any validation findings are detected.

This is the safer default - catches policy errors early.

static IGNORE_ALL_FINDINGS๐Ÿ”น

Type: PolicyValidationMode

Ignore all validation findings and create the policy anyway.

Use with caution - may result in runtime authorization errors.

โ† PreviousNext โ†’