AddPolicyOptions

class aws_cdk.aws_bedrock_agentcore_alpha.AddPolicyOptions(*, definition=None, description=None, policy_name=None, statement=None, validation_mode=None)

Bases: object

(experimental) Options for adding a policy via PolicyEngine.addPolicy().

Parameters:

  • definition (Optional[str]) – (experimental) Cedar policy statement (35-153,600 characters). You must specify either definition or statement, but not both. Default: - Must provide either definition or statement

  • description (Optional[str]) – (experimental) Optional description for the policy (max 4,096 characters). Default: - No description

  • policy_name (Optional[str]) – (experimental) The name of the policy. Valid characters: a-z, A-Z, 0-9, _ (underscore) Must start with a letter, 1-48 characters Default: - Auto-generated unique name

  • statement (Optional[PolicyStatement]) – (experimental) Type-safe Cedar policy statement built using PolicyStatement builder. Use this for a type-safe, form-like API to build Cedar policies without writing raw Cedar syntax. The builder validates at synthesis time. You must specify either definition or statement, but not both. Default: - Must provide either definition or statement

  • validation_mode (Optional[PolicyValidationMode]) – (experimental) Validation mode for the policy. Default: PolicyValidationMode.FAIL_ON_ANY_FINDINGS

Stability:

experimental

ExampleMetadata:

fixture=default infused

Example:

# policy_engine: agentcore.PolicyEngine
# gateway: agentcore.Gateway


# Allow specific tool actions on specific gateway
# Action names follow pattern: "ToolName__operation"
policy_engine.add_policy("SpecificToolPolicy",
    statement=agentcore.PolicyStatement.permit().for_principal("AgentCore::OAuthUser::your-client-id").on_actions(["AgentCore::Action::WeatherTool__get_forecast", "AgentCore::Action::WeatherTool__get_current"
    ]).on_resource("AgentCore::Gateway", gateway.gateway_arn),
    description="Allow specific weather tool operations",
    validation_mode=agentcore.PolicyValidationMode.FAIL_ON_ANY_FINDINGS
)

Attributes

definition

(experimental) Cedar policy statement (35-153,600 characters).

You must specify either definition or statement, but not both.

Default:

  • Must provide either definition or statement

Stability:

experimental

description

(experimental) Optional description for the policy (max 4,096 characters).

Default:

  • No description

Stability:

experimental

policy_name

(experimental) The name of the policy.

Valid characters: a-z, A-Z, 0-9, _ (underscore) Must start with a letter, 1-48 characters

Default:

  • Auto-generated unique name

Stability:

experimental

statement

(experimental) Type-safe Cedar policy statement built using PolicyStatement builder.

Use this for a type-safe, form-like API to build Cedar policies without writing raw Cedar syntax. The builder validates at synthesis time.

You must specify either definition or statement, but not both.

Default:

  • Must provide either definition or statement

Stability:

experimental

validation_mode

(experimental) Validation mode for the policy.

Default:

PolicyValidationMode.FAIL_ON_ANY_FINDINGS

Stability:

experimental