GatewayProps
- class aws_cdk.aws_bedrock_agentcore_alpha.GatewayProps(*, authorizer_configuration=None, description=None, exception_level=None, gateway_name=None, interceptor_configurations=None, kms_key=None, policy_engine_configuration=None, protocol_configuration=None, role=None, tags=None)
Bases:
object(experimental) Properties for defining a Gateway.
- Parameters:
authorizer_configuration (
Optional[IGatewayAuthorizerConfig]) – (experimental) The authorizer configuration for the gateway. Default: - A default authorizer will be created using Cognitodescription (
Optional[str]) – (experimental) Optional description for the gateway Valid characters are a-z, A-Z, 0-9, _ (underscore), - (hyphen) and spaces The description can have up to 200 characters. Default: - No descriptionexception_level (
Optional[GatewayExceptionLevel]) – (experimental) The verbosity of exception messages Use DEBUG mode to see granular exception messages from a Gateway. Default: - Exception messages are sanitized for presentation to end usersgateway_name (
Optional[str]) – (experimental) The name of the gateway Valid characters are a-z, A-Z, 0-9, _ (underscore) and - (hyphen) The name must be unique within your account. Default: - auto generateinterceptor_configurations (
Optional[Sequence[IInterceptor]]) – (experimental) Interceptor configurations for the gateway. Interceptors allow you to run custom code during each gateway invocation: - REQUEST interceptors execute before the gateway calls the target - RESPONSE interceptors execute after the target responds A gateway can have at most one REQUEST interceptor and one RESPONSE interceptor. Default: - No interceptorskms_key (
Optional[IKey]) – (experimental) The AWS KMS key used to encrypt data associated with the gateway. Default: - No encryptionpolicy_engine_configuration (
Union[GatewayPolicyEngineConfig,Dict[str,Any],None]) – (experimental) The policy engine configuration for this gateway. When provided, the specified policy engine will be associated with this gateway. All agent requests through this gateway will be evaluated against the Cedar policies defined in the policy engine. Default: - No policy engine (requests are not subject to Cedar policy authorization)protocol_configuration (
Optional[IGatewayProtocolConfig]) – (experimental) The protocol configuration for the gateway. Default: - A default protocol configuration will be created using MCP with following params supportedVersions: [MCPProtocolVersion.MCP_2025_03_26], searchType: McpGatewaySearchType.SEMANTIC, instructions: “Default gateway to connect to external MCP tools”,role (
Optional[IRole]) – (experimental) The IAM role that provides permissions for the gateway to access AWS services. Default: - A new role will be createdtags (
Optional[Mapping[str,str]]) – (experimental) Tags for the gateway A list of key:value pairs of tags to apply to this Gateway resource. Default: - No tags
- Stability:
experimental
- ExampleMetadata:
fixture=default infused
Example:
gateway = agentcore.Gateway(self, "MyGateway", gateway_name="my-gateway" ) policy_engine = agentcore.PolicyEngine(self, "MyPolicyEngine", policy_engine_name="my_policy_engine" ) allow_all_policy = agentcore.Policy(self, "AllowAllPolicy", policy_engine=policy_engine, policy_name="allow_all", statement=agentcore.PolicyStatement.permit().for_all_principals().on_all_actions().on_resource("AgentCore::Gateway", gateway.gateway_arn), description="Allow all actions on specific gateway (development only)", validation_mode=agentcore.PolicyValidationMode.IGNORE_ALL_FINDINGS )
Attributes
- authorizer_configuration
(experimental) The authorizer configuration for the gateway.
- Default:
A default authorizer will be created using Cognito
- Stability:
experimental
- description
(experimental) Optional description for the gateway Valid characters are a-z, A-Z, 0-9, _ (underscore), - (hyphen) and spaces The description can have up to 200 characters.
- Default:
No description
- Stability:
experimental
- exception_level
(experimental) The verbosity of exception messages Use DEBUG mode to see granular exception messages from a Gateway.
- Default:
Exception messages are sanitized for presentation to end users
- Stability:
experimental
- gateway_name
(experimental) The name of the gateway Valid characters are a-z, A-Z, 0-9, _ (underscore) and - (hyphen) The name must be unique within your account.
- Default:
auto generate
- Stability:
experimental
- interceptor_configurations
(experimental) Interceptor configurations for the gateway.
Interceptors allow you to run custom code during each gateway invocation:
REQUEST interceptors execute before the gateway calls the target
RESPONSE interceptors execute after the target responds
A gateway can have at most one REQUEST interceptor and one RESPONSE interceptor.
- Default:
No interceptors
- See:
- Stability:
experimental
- kms_key
(experimental) The AWS KMS key used to encrypt data associated with the gateway.
- Default:
No encryption
- Stability:
experimental
- policy_engine_configuration
(experimental) The policy engine configuration for this gateway.
When provided, the specified policy engine will be associated with this gateway. All agent requests through this gateway will be evaluated against the Cedar policies defined in the policy engine.
- Default:
No policy engine (requests are not subject to Cedar policy authorization)
- Stability:
experimental
- protocol_configuration
(experimental) The protocol configuration for the gateway.
- Default:
A default protocol configuration will be created using MCP with following params
supportedVersions: [MCPProtocolVersion.MCP_2025_03_26], searchType: McpGatewaySearchType.SEMANTIC, instructions: “Default gateway to connect to external MCP tools”,
- Stability:
experimental
- role
(experimental) The IAM role that provides permissions for the gateway to access AWS services.
- Default:
A new role will be created
- Stability:
experimental
- tags
value pairs of tags to apply to this Gateway resource.
- Default:
No tags
- Stability:
experimental
- Type:
(experimental) Tags for the gateway A list of key