bedrockagentcorecontrol/aws.sdk.kotlin.services.bedrockagentcorecontrol.model/Policy

Policy

class Policy

Represents a complete policy resource within the AgentCore Policy system. Policies are ARN-able resources that contain Cedar policy statements and associated metadata for controlling agent behavior and access decisions. Each policy belongs to a policy engine and defines fine-grained authorization rules that are evaluated in real-time as agents interact with tools through Gateway. Policies use the Cedar policy language to specify who (principals based on OAuth claims like username, role, or scope) can perform what actions (tool calls) on which resources (Gateways), with optional conditions for attribute-based access control. Multiple policies can apply to a single request, with Cedar's forbid-wins semantics ensuring that security restrictions are never accidentally overridden.

Types

Link copied to clipboard
class Builder
Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val createdAt: Instant

The timestamp when the policy was originally created. This is automatically set by the service and used for auditing and lifecycle management.

Link copied to clipboard
val definition: PolicyDefinition?

The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.

Link copied to clipboard
val description: String?

A human-readable description of the policy's purpose and functionality. Limited to 4,096 characters, this helps administrators understand and manage the policy.

Link copied to clipboard
val name: String

The customer-assigned immutable name for the policy. This human-readable identifier must be unique within the account and cannot exceed 48 characters.

Link copied to clipboard
val policyArn: String

The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.

Link copied to clipboard
val policyEngineId: String

The identifier of the policy engine that manages this policy. This establishes the policy engine context for policy evaluation and management.

Link copied to clipboard
val policyId: String

The unique identifier for the policy. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy operations.

Link copied to clipboard
val status: PolicyStatus

The current status of the policy.

Link copied to clipboard
val statusReasons: List<String>

Additional information about the policy status. This provides details about any failures or the current state of the policy lifecycle.

Link copied to clipboard
val updatedAt: Instant

The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration or metadata.

Functions

Link copied to clipboard
inline fun copy(block: Policy.Builder.() -> Unit = {}): Policy
Link copied to clipboard
open operator override fun equals(other: Any?): Boolean
Link copied to clipboard
open override fun hashCode(): Int
Link copied to clipboard
open override fun toString(): String
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka