The Cedar policy statement that defines the authorization logic. This statement follows Cedar syntax and specifies principals, actions, resources, and conditions that determine when access should be allowed or denied.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
| Aliases | Definition_Cedar_Statement |
Amazon.PowerShell.Cmdlets.BACC.AmazonBedrockAgentCoreControlClientCmdlet.ClientConfig
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
A unique, case-sensitive identifier to ensure the idempotency of the request. The AWS SDK automatically generates this token, so you don't need to provide it in most cases. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
-Definition_Policy_Statement <
String>
The body of the AgentCore policy statement. Contains the policy logic, which can be a Cedar policy or a guardrails definition.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
-Definition_PolicyGeneration_PolicyGenerationAssetId <
String>
The unique identifier for this generated policy asset within the policy generation request.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
-Definition_PolicyGeneration_PolicyGenerationId <
String>
The unique identifier for this policy generation request.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
A human-readable description of the policy's purpose and functionality (1-4,096 characters). This helps policy administrators understand the policy's intent, business rules, and operational scope. Use this field to document why the policy exists, what business requirement it addresses, and any special considerations for maintenance. Clear descriptions are essential for policy governance, auditing, and troubleshooting.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
The enforcement mode for the policy. Run this policy in LOG_ONLY mode to collect data on how it affects your application. Once you are satisfied with the data gathered, switch the policy to ACTIVE. Defaults to ACTIVE.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
The customer-assigned immutable name for the policy. Must be unique within the account. This name is used for policy identification and cannot be changed after creation.
| Required? | True |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
The identifier of the policy engine which contains this policy. Policy engines group related policies and provide the execution context for policy evaluation.
| Required? | True |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
Use the -Select parameter to control the cmdlet output. The default value is '*'. Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.BedrockAgentCoreControl.Model.CreatePolicyResponse). Specifying the name of a property of type Amazon.BedrockAgentCoreControl.Model.CreatePolicyResponse will result in that property being returned. Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |
The validation mode for the policy creation. Determines how Cedar analyzer validation results are handled during policy creation. FAIL_ON_ANY_FINDINGS (default) runs the Cedar analyzer to validate the policy against the Cedar schema and tool context, failing creation if the analyzer detects any validation issues to ensure strict conformance. IGNORE_ALL_FINDINGS runs the Cedar analyzer but allows policy creation even if validation issues are detected, useful for testing or when the policy schema is evolving. Use FAIL_ON_ANY_FINDINGS for production policies to ensure correctness, and IGNORE_ALL_FINDINGS only when you understand and accept the analyzer findings.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | True (ByPropertyName) |