Package-level declarations
Types
This exception is thrown when a request is denied per access permissions
Contains information about an agent runtime. An agent runtime is the execution environment for a Amazon Bedrock Agent.
The artifact of the agent.
Contains information about an agent runtime endpoint. An endpoint provides a way to connect to and interact with an agent runtime.
The configuration for an Amazon API Gateway target.
The configuration for defining REST API tool filters and overrides for the gateway target.
Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
Settings to override configurations for a tool.
Contains information about an API key credential provider.
Configuration for API schema.
Configuration settings for connecting to Atlassian services using OAuth2 authentication. This includes the client credentials required to authenticate with Atlassian's OAuth2 authorization server.
The configuration details returned for an Atlassian OAuth2 provider, including the client ID and OAuth2 discovery information.
Represents inbound authorization configuration options used to authenticate incoming requests.
Defines the value or values to match for and the relationship of the match.
Base class for all service related exceptions thrown by the BedrockAgentCoreControl client
The configuration for using Amazon Bedrock models in evaluator assessments, including model selection and inference parameters.
The network configuration for a browser. This structure defines how the browser connects to the network.
Configuration for enabling browser signing capabilities that allow agents to cryptographically identify themselves to websites using HTTP message signatures.
The current browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
Contains summary information about a browser. A browser enables Amazon Bedrock Agent to interact with web content.
The definition of a categorical rating scale option that provides a named category with its description for evaluation scoring.
Represents a Cedar policy statement within the AgentCore Policy system. Cedar is a policy language designed for authorization that provides human-readable, analyzable, and high-performance policy evaluation for controlling agent behavior and access decisions.
The value or values to match for.
The configuration for reading agent traces from CloudWatch logs as input for online evaluation.
The configuration for writing evaluation results to CloudWatch logs with embedded metric format (EMF) for monitoring.
The configuration for the source code that defines how the agent runtime code should be executed, including the code location, runtime environment, and entry point.
The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.
Contains summary information about a code interpreter. A code interpreter enables Amazon Bedrock Agent to execute code.
Exception thrown when a resource is modified concurrently by multiple requests.
This exception is thrown when there is a conflict performing an operation
Contains consolidation configuration information for a memory strategy.
Representation of a container configuration.
A credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint.
The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
Defines the name of a custom claim field and rules for finding matches to authenticate its value.
Input for custom configuration of a memory strategy.
Contains custom consolidation configuration information.
Input for a custom consolidation configuration.
Contains custom extraction configuration information.
Input for a custom extraction configuration.
Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.
Input for creating a custom memory strategy.
Input configuration for a custom OAuth2 provider.
Output configuration for a custom OAuth2 provider.
Contains configurations for a custom reflection strategy.
Input for a custom reflection configuration.
The configuration that specifies where to read agent traces for online evaluation.
Exception thrown when decryption of a secret fails.
Input for deleting a memory strategy.
Exception thrown when encryption of a secret fails.
Contains configurations to override the default consolidation step for the episodic memory strategy.
Contains configurations to override the default extraction step for the episodic memory strategy.
Input for creating an episodic memory strategy.
Input for the configuration to override the episodic memory strategy.
Configurations for overriding the consolidation step of the episodic memory strategy.
Configurations for overriding the extraction step of the episodic memory strategy.
Configurations for overriding the reflection step of the episodic memory strategy.
The configuration for the reflections created with the episodic memory strategy.
An episodic reflection configuration input.
Contains configurations to override the default reflection step for the episodic memory strategy.
The configuration that defines how an evaluator assesses agent performance, including the evaluation method and parameters.
The model configuration that specifies which foundation model to use for evaluation and how to configure it.
The reference to an evaluator used in online evaluation configurations, containing the evaluator identifier.
The summary information about an evaluator, including basic metadata and status information.
Contains extraction configuration information for a memory strategy.
The value used in filter comparisons, supporting different data types for flexible filtering criteria.
Represents a finding or issue discovered during policy generation or validation. Findings provide insights about potential problems, recommendations, or validation results from policy analysis operations. Finding types include: VALID (policy is ready to use), INVALID (policy has validation errors that must be fixed), NOT_TRANSLATABLE (input couldn't be converted to policy), ALLOW_ALL (policy would allow all actions, potential security risk), ALLOW_NONE (policy would allow no actions, unusable), DENY_ALL (policy would deny all actions, may be too restrictive), and DENY_NONE (policy would deny no actions, ineffective). Review all findings before creating policies from generated assets to ensure they match your security requirements.
An API key credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using an API key.
The configuration for an interceptor on a gateway. This structure defines settings for an interceptor that will be invoked during the invocation of the gateway.
The configuration for a policy engine associated with a gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.
Contains summary information about a gateway.
The gateway target.
Input configuration for a GitHub OAuth2 provider.
Output configuration for a GitHub OAuth2 provider.
Input configuration for a Google OAuth2 provider.
Output configuration for a Google OAuth2 provider.
Configuration settings for connecting to a supported OAuth2 provider. This includes client credentials and OAuth2 discovery information for providers that have built-in support.
The configuration details returned for a supported OAuth2 provider, including client credentials and OAuth2 discovery information.
The configuration parameters that control how the foundation model behaves during evaluation, including response generation settings.
The interceptor configuration.
The input configuration of the interceptor.
This exception is thrown if there was an unexpected error during processing of request
The configuration to invoke a self-managed memory processing pipeline with.
The configuration to invoke a self-managed memory processing pipeline with.
Contains the KMS configuration for a resource.
The lambda configuration for the interceptor
LifecycleConfiguration lets you manage the lifecycle of runtime sessions and resources in AgentCore Runtime. This configuration helps optimize resource utilization by automatically cleaning up idle sessions and preventing long-running instances from consuming resources indefinitely.
Configuration settings for connecting to LinkedIn services using OAuth2 authentication. This includes the client credentials required to authenticate with LinkedIn's OAuth2 authorization server.
The configuration details returned for a LinkedIn OAuth2 provider, including the client ID and OAuth2 discovery information.
The configuration for LLM-as-a-Judge evaluation that uses a language model to assess agent performance based on custom instructions and rating scales.
The configuration for a Model Context Protocol (MCP) gateway. This structure defines how the gateway implements the MCP protocol.
The Lambda configuration for a Model Context Protocol target. This structure defines how the gateway uses a Lambda function to communicate with the target.
The target configuration for the MCP server.
The Model Context Protocol (MCP) configuration for a target. This structure defines how the gateway uses MCP to communicate with the target.
Contains information about a memory strategy.
Contains input information for creating a memory strategy.
Contains summary information about a memory resource.
The trigger configuration based on a message.
The trigger configuration based on a message.
Input configuration for a Microsoft OAuth2 provider.
Output configuration for a Microsoft OAuth2 provider.
Contains information for modifying a consolidation configuration.
Contains information for modifying an extraction configuration.
The configuration for updating invocation settings.
Contains information for modifying memory strategies.
Input for modifying a memory strategy.
Contains information for modifying a reflection configuration.
The configuration for updating the self-managed memory strategy.
Contains information for modifying a strategy configuration.
SecurityConfig for the Agent.
The definition of a numerical rating scale option that provides a numeric value with its description for evaluation scoring.
Contains the authorization server metadata for an OAuth2 provider.
Contains information about an OAuth2 credential provider.
Contains the discovery information for an OAuth2 provider.
Contains the input configuration for an OAuth2 provider.
Contains the output configuration for an OAuth2 provider.
An OAuth credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using OAuth.
The summary information about an online evaluation configuration, including basic metadata and execution status.
The configuration that specifies where evaluation results should be written for monitoring and analysis.
Represents a complete policy resource within the AgentCore Policy system. Policies are ARN-able resources that contain Cedar policy statements and associated metadata for controlling agent behavior and access decisions. Each policy belongs to a policy engine and defines fine-grained authorization rules that are evaluated in real-time as agents interact with tools through Gateway. Policies use the Cedar policy language to specify who (principals based on OAuth claims like username, role, or scope) can perform what actions (tool calls) on which resources (Gateways), with optional conditions for attribute-based access control. Multiple policies can apply to a single request, with Cedar's forbid-wins semantics ensuring that security restrictions are never accidentally overridden.
Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.
Represents a policy engine resource within the AgentCore Policy system. Policy engines serve as containers for grouping related policies and provide the execution context for policy evaluation and management. Each policy engine can be associated with one Gateway (one engine per Gateway), where it intercepts all agent tool calls and evaluates them against the contained policies before allowing tools to execute. The policy engine maintains the Cedar schema generated from the Gateway's tool manifest, ensuring that policies are validated against the actual tools and parameters available. Policy engines support two enforcement modes that can be configured when associating with a Gateway: log-only mode for testing (evaluates decisions without blocking) and enforce mode for production (actively allows or denies based on policy evaluation).
Represents a policy generation request within the AgentCore Policy system. Tracks the AI-powered conversion of natural language descriptions into Cedar policy statements, enabling users to author policies by describing authorization requirements in plain English. The generation process analyzes the natural language input along with the Gateway's tool context and Cedar schema to produce one or more validated policy options. Each generation request tracks the status of the conversion process and maintains findings about the generated policies, including validation results and potential issues. Generated policy assets remain available for one week after successful generation, allowing time to review and create policies from the generated options.
Represents a generated policy asset from the AI-powered policy generation process within the AgentCore Policy system. Each asset contains a Cedar policy statement generated from natural language input, along with associated metadata and analysis findings to help users evaluate and select the most appropriate policy option.
The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.
The rating scale that defines how evaluators should score agent performance, supporting both numerical and categorical scales.
The recording configuration for a browser. This structure defines how browser sessions are recorded.
Contains reflection configuration information for a memory strategy.
Configuration for HTTP request headers that will be passed through to the runtime.
Exception thrown when a resource limit is exceeded.
This exception is thrown when a resource referenced by the operation does not exist
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
The Amazon S3 location for storing data. This structure defines where in Amazon S3 data is stored.
Input configuration for a Salesforce OAuth2 provider.
Output configuration for a Salesforce OAuth2 provider.
The configuration that controls what percentage of agent traces are sampled for evaluation to manage evaluation volume and costs.
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
A configuration for a self-managed memory strategy.
Input configuration for a self-managed memory strategy.
Contains semantic consolidation override configuration.
Contains semantic extraction override configuration.
Input for creating a semantic memory strategy.
Input for semantic override configuration in a memory strategy.
Input for semantic override consolidation configuration in a memory strategy.
Input for semantic override extraction configuration in a memory strategy.
An internal error occurred.
This exception is thrown when a request is made beyond the service quota
The configuration that defines how agent sessions are detected and when they are considered complete for evaluation.
Input configuration for a Slack OAuth2 provider.
Output configuration for a Slack OAuth2 provider.
Contains configuration information for a memory strategy.
Contains summary consolidation override configuration.
Input for creating a summary memory strategy.
Input for summary override configuration in a memory strategy.
Input for summary override consolidation configuration in a memory strategy.
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
Contains summary information about a gateway target. A target represents an endpoint that the gateway can connect to.
API rate limit has been exceeded.
This exception is thrown when the number of requests exceeds the limit
Trigger configuration based on time.
Trigger configuration based on time.
Trigger configuration based on tokens.
Trigger configuration based on tokens.
A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
A tool schema for a gateway target. This structure defines the schema for a tool that the target exposes through the Model Context Protocol.
Condition that triggers memory processing.
Condition that triggers memory processing.
This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
Contains user preference consolidation override configuration.
Contains user preference extraction override configuration.
Input for creating a user preference memory strategy.
Input for user preference override configuration in a memory strategy.
Input for user preference override consolidation configuration in a memory strategy.
Input for user preference override extraction configuration in a memory strategy.
The input fails to satisfy the constraints specified by the service.
Stores information about a field passed inside a request that resulted in an exception.
The information about the workload identity.
Contains information about a workload identity.