RuntimeCustomClaim

class aws_cdk.aws_bedrock_agentcore_alpha.RuntimeCustomClaim(*args: Any, **kwargs)

Bases: object

(experimental) Represents a custom claim validation configuration for Runtime JWT authorizers.

Custom claims allow you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.

Stability:

experimental

ExampleMetadata:

fixture=default infused

Example:

# user_pool: cognito.UserPool
# user_pool_client: cognito.UserPoolClient
# another_user_pool_client: cognito.UserPoolClient


repository = ecr.Repository(self, "TestRepository",
    repository_name="test-agent-runtime"
)
agent_runtime_artifact = agentcore.AgentRuntimeArtifact.from_ecr_repository(repository, "v1.0.0")

# Optional: Create custom claims for additional validation
custom_claims = [
    agentcore.RuntimeCustomClaim.with_string_value("department", "engineering"),
    agentcore.RuntimeCustomClaim.with_string_array_value("roles", ["admin"], agentcore.CustomClaimOperator.CONTAINS),
    agentcore.RuntimeCustomClaim.with_string_array_value("permissions", ["read", "write"], agentcore.CustomClaimOperator.CONTAINS_ANY)
]

runtime = agentcore.Runtime(self, "MyAgentRuntime",
    runtime_name="myAgent",
    agent_runtime_artifact=agent_runtime_artifact,
    authorizer_configuration=agentcore.RuntimeAuthorizerConfiguration.using_cognito(user_pool, [user_pool_client, another_user_pool_client], ["audience1"], ["read", "write"], custom_claims)
)

Static Methods

classmethod with_string_array_value(name, values, operator=None)

(experimental) Create a custom claim with a string array value.

String array claims can use CONTAINS (default) or CONTAINS_ANY operator.

Parameters:

  • name (str) – The name of the claim in the JWT token.

  • values (Sequence[str]) – The array of string values to match. For CONTAINS operator, must contain exactly one value.

  • operator (Optional[CustomClaimOperator]) – The match operator (defaults to CONTAINS).

Return type:

RuntimeCustomClaim

Returns:

A RuntimeCustomClaim configured for string array validation

Stability:

experimental

classmethod with_string_value(name, value)

(experimental) Create a custom claim with a string value.

String claims must use the EQUALS operator.

Parameters:

  • name (str) – The name of the claim in the JWT token.

  • value (str) – The string value to match (must exactly equal).

Return type:

RuntimeCustomClaim

Returns:

A RuntimeCustomClaim configured for string validation

Stability:

experimental