View a markdown version of this page

CustomJWTAuthorizerConfiguration - Amazon Bedrock AgentCore Control Plane

CustomJWTAuthorizerConfiguration

Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.

Contents

discoveryUrl

This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

Type: String

Pattern: .+/\.well-known/openid-configuration

Required: Yes

allowedAudience

Represents individual audience values that are validated in the incoming JWT token validation process.

Type: Array of strings

Array Members: Minimum number of 1 item.

Required: No

allowedClients

Represents individual client IDs that are validated in the incoming JWT token validation process.

Type: Array of strings

Array Members: Minimum number of 1 item.

Required: No

allowedScopes

An array of scopes that are allowed to access the token.

Type: Array of strings

Array Members: Minimum number of 1 item.

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: No

allowedWorkloadConfiguration

The configuration that restricts which workloads in the request's identity chain are allowed to invoke the target, identified by their hosting environments and workload identities. At launch, this is supported only for AgentCore Runtime targets, and the allowed workloads are AgentCore Gateways.

Type: AllowedWorkloadConfiguration object

Required: No

customClaims

An array of objects that define a custom claim validation name, value, and operation

Type: Array of CustomClaimValidationType objects

Array Members: Minimum number of 1 item.

Required: No

privateEndpoint

The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.

Type: PrivateEndpoint object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: No

privateEndpointOverrides

The private endpoint overrides for the custom JWT authorizer configuration.

Type: Array of PrivateEndpointOverride objects

Array Members: Minimum number of 0 items. Maximum number of 5 items.

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: