CfnPolicyProps
- class aws_cdk.aws_bedrockagentcore.CfnPolicyProps(*, definition, name, policy_engine_id, description=None, enforcement_mode=None, validation_mode=None)
Bases:
objectProperties for defining a
CfnPolicy.- Parameters:
definition (
Union[IResolvable,PolicyDefinitionProperty,Dict[str,Any]]) – The definition structure for policies. Encapsulates different policy formats.name (
str) – The customer-assigned immutable name for the policy. Must be unique within the policy engine.policy_engine_id (
str) – The identifier of the policy engine which contains this policy.description (
Optional[str]) – A human-readable description of the policy’s purpose and functionality.enforcement_mode (
Optional[str]) – Whether the policy contributes to the enforce decision returned to Gateway. LOG_ONLY policies are still evaluated but their decisions are observed only, allowing customers to validate a policy against real traffic before promoting it. Default: - “ACTIVE”validation_mode (
Optional[str]) – The validation mode for the policy. Determines how Cedar analyzer validation results are handled.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_bedrockagentcore as bedrockagentcore cfn_policy_props = bedrockagentcore.CfnPolicyProps( definition=bedrockagentcore.CfnPolicy.PolicyDefinitionProperty( cedar=bedrockagentcore.CfnPolicy.CedarPolicyProperty( statement="statement" ), policy=bedrockagentcore.CfnPolicy.PolicyStatementProperty( statement="statement" ) ), name="name", policy_engine_id="policyEngineId", # the properties below are optional description="description", enforcement_mode="enforcementMode", validation_mode="validationMode" )
Attributes
- definition
The definition structure for policies.
Encapsulates different policy formats.
- description
A human-readable description of the policy’s purpose and functionality.
- enforcement_mode
Whether the policy contributes to the enforce decision returned to Gateway.
LOG_ONLY policies are still evaluated but their decisions are observed only, allowing customers to validate a policy against real traffic before promoting it.
- name
The customer-assigned immutable name for the policy.
Must be unique within the policy engine.
- policy_engine_id
The identifier of the policy engine which contains this policy.
- validation_mode
The validation mode for the policy.
Determines how Cedar analyzer validation results are handled.