Package software.amazon.awscdk.services.bedrockagentcore

Class WorkloadIdentity

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.bedrockagentcore.WorkloadIdentity
All Implemented Interfaces:
IWorkloadIdentityRef, IEnvironmentAware, IResource, IWorkloadIdentity, IGrantable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.130.0 (build 048a5ee)", date="2026-05-20T12:39:41.893Z") @Stability(Stable) public class WorkloadIdentity extends Resource implements IWorkloadIdentity
L2 construct for AWS::BedrockAgentCore::WorkloadIdentity.

A workload identity is the stable identity of an agent in an AWS account. It ties together IAM roles, OAuth2 flows, API keys, and workload access tokens for consistent authentication across environments.

Example: 

 WorkloadIdentity.Builder.create(this, "MyWorkloadIdentity")
         .workloadIdentityName("customer-support-agent-prod")
         .allowedResourceOauth2ReturnUrls(List.of("https://app.example.com/oauth/callback"))
         .tags(Map.of("team", "agents", "env", "prod"))
         .build();

See Also:

  • Field Details

    • PROPERTY_INJECTION_ID

      @Stability(Stable) public static final String PROPERTY_INJECTION_ID
      Uniquely identifies this class.

  • Constructor Details

    • WorkloadIdentity

      protected WorkloadIdentity(software.amazon.jsii.JsiiObjectRef objRef)

    • WorkloadIdentity

      protected WorkloadIdentity(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • WorkloadIdentity

      @Stability(Stable) public WorkloadIdentity(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable WorkloadIdentityProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props -

    • WorkloadIdentity

      @Stability(Stable) public WorkloadIdentity(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.

  • Method Details

    • fromWorkloadIdentityAttributes

      @Stability(Stable) @NotNull public static IWorkloadIdentity fromWorkloadIdentityAttributes(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull WorkloadIdentityAttributes attrs)
      Import an existing workload identity.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      attrs - This parameter is required.

    • grant

      @Stability(Stable) @NotNull public Grant grant(@NotNull IGrantable grantee, @NotNull String... actions)
      [disable-awslint:no-grants].

      Specified by:
      grant in interface IWorkloadIdentity
      Parameters:
      grantee - This parameter is required.
      actions - This parameter is required.

    • grantAdmin

      @Stability(Stable) @NotNull public Grant grantAdmin(@NotNull IGrantable grantee)
      [disable-awslint:no-grants].

      Specified by:
      grantAdmin in interface IWorkloadIdentity
      Parameters:
      grantee - This parameter is required.

    • grantFullAccess

      @Stability(Stable) @NotNull public Grant grantFullAccess(@NotNull IGrantable grantee)
      [disable-awslint:no-grants].

      Specified by:
      grantFullAccess in interface IWorkloadIdentity
      Parameters:
      grantee - This parameter is required.

    • grantRead

      @Stability(Stable) @NotNull public Grant grantRead(@NotNull IGrantable grantee)
      [disable-awslint:no-grants].

      Specified by:
      grantRead in interface IWorkloadIdentity
      Parameters:
      grantee - This parameter is required.

    • grantUse

      @Stability(Stable) @NotNull public Grant grantUse(@NotNull IGrantable grantee)
      [disable-awslint:no-grants].

      Specified by:
      grantUse in interface IWorkloadIdentity
      Parameters:
      grantee - This parameter is required.

    • getGrantPrincipal

      @Stability(Stable) @NotNull public IPrincipal getGrantPrincipal()
      The principal to grant permissions to.
      Specified by:
      getGrantPrincipal in interface IGrantable

    • getWorkloadIdentityArn

      @Stability(Stable) @NotNull public String getWorkloadIdentityArn()
      The ARN of this workload identity.
      Specified by:
      getWorkloadIdentityArn in interface IWorkloadIdentity

    • getWorkloadIdentityName

      @Stability(Stable) @NotNull public String getWorkloadIdentityName()
      The name of this workload identity.
      Specified by:
      getWorkloadIdentityName in interface IWorkloadIdentity

    • getWorkloadIdentityRef

      @Stability(Stable) @NotNull public WorkloadIdentityReference getWorkloadIdentityRef()
      A reference to a WorkloadIdentity resource.
      Specified by:
      getWorkloadIdentityRef in interface IWorkloadIdentityRef

    • getCreatedTime

      @Stability(Stable) @Nullable public String getCreatedTime()
      Timestamp when the workload identity was created.
      Specified by:
      getCreatedTime in interface IWorkloadIdentity

    • getLastUpdatedTime

      @Stability(Stable) @Nullable public String getLastUpdatedTime()
      Timestamp when the workload identity was last updated.
      Specified by:
      getLastUpdatedTime in interface IWorkloadIdentity