class RuntimeAuthorizerConfiguration
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.RuntimeAuthorizerConfiguration |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#RuntimeAuthorizerConfiguration |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.RuntimeAuthorizerConfiguration |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.RuntimeAuthorizerConfiguration |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป RuntimeAuthorizerConfiguration |
Abstract base class for runtime authorizer configurations.
Provides static factory methods to create different authentication types.
Example
const repository = new ecr.Repository(this, "TestRepository", {
repositoryName: "test-agent-runtime",
});
const agentRuntimeArtifact = agentcore.AgentRuntimeArtifact.fromEcrRepository(repository, "v1.0.0");
const runtime = new agentcore.Runtime(this, "MyAgentRuntime", {
runtimeName: "myAgent",
agentRuntimeArtifact: agentRuntimeArtifact,
authorizerConfiguration: agentcore.RuntimeAuthorizerConfiguration.usingCognito(
"us-west-2_ABC123", // User Pool ID (required)
"client123", // Client ID (required)
"us-west-2" // Region (optional, defaults to stack region)
),
});
Initializer
new RuntimeAuthorizerConfiguration()
Methods
| Name | Description |
|---|---|
| static using | Use AWS Cognito User Pool authentication. |
| static using | Use IAM authentication (default). |
| static using | Use custom JWT authentication. |
| static using | Use OAuth 2.0 authentication. Supports various OAuth providers. |
static usingCognito(userPoolId, clientId, region?, allowedAudience?)
public static usingCognito(userPoolId: string, clientId: string, region?: string, allowedAudience?: string[]): RuntimeAuthorizerConfiguration
Parameters
- userPoolId
stringโ The Cognito User Pool ID (e.g., 'us-west-2_ABC123'). - clientId
stringโ The Cognito App Client ID. - region
stringโ Optional AWS region where the User Pool is located (defaults to stack region). - allowedAudience
string[]โ Optional array of allowed audiences.
Returns
Use AWS Cognito User Pool authentication.
Validates Cognito-issued JWT tokens.
static usingIAM()
public static usingIAM(): RuntimeAuthorizerConfiguration
Returns
Use IAM authentication (default).
Requires AWS credentials to sign requests using SigV4.
static usingJWT(discoveryUrl, allowedClients?, allowedAudience?)
public static usingJWT(discoveryUrl: string, allowedClients?: string[], allowedAudience?: string[]): RuntimeAuthorizerConfiguration
Parameters
- discoveryUrl
stringโ The OIDC discovery URL (must end with /.well-known/openid-configuration). - allowedClients
string[]โ Optional array of allowed client IDs. - allowedAudience
string[]โ Optional array of allowed audiences.
Returns
Use custom JWT authentication.
Validates JWT tokens against the specified OIDC provider.
static usingOAuth(discoveryUrl, clientId, allowedAudience?)
public static usingOAuth(discoveryUrl: string, clientId: string, allowedAudience?: string[]): RuntimeAuthorizerConfiguration
Parameters
- discoveryUrl
stringโ The OIDC discovery URL (must end with /.well-known/openid-configuration). - clientId
stringโ OAuth client ID. - allowedAudience
string[]โ Optional array of allowed audiences.
Returns
Use OAuth 2.0 authentication. Supports various OAuth providers.