Represents a complete policy resource within the AgentCore Policy system. Policies are ARN-able resources that contain Cedar policy statements and associated metadata for controlling agent behavior and access decisions. Each policy belongs to a policy engine and defines fine-grained authorization rules that are evaluated in real-time as agents interact with tools through Gateway. Policies use the Cedar policy language to specify who (principals based on OAuth claims like username, role, or scope) can perform what actions (tool calls) on which resources (Gateways), with optional conditions for attribute-based access control. Multiple policies can apply to a single request, with Cedar's forbid-wins semantics ensuring that security restrictions are never accidentally overridden.
Inheritance Hierarchy
Namespace: Amazon.BedrockAgentCoreControl.Model
Assembly: AWSSDK.BedrockAgentCoreControl.dll
Version: 3.x.y.z
Syntax
public class Policy
The Policy type exposes the following members
Constructors
| Name | Description | |
|---|---|---|
|
Policy() |
Properties
| Name | Type | Description | |
|---|---|---|---|
|
|
CreatedAt | System.DateTime |
Gets and sets the property CreatedAt. The timestamp when the policy was originally created. This is automatically set by the service and used for auditing and lifecycle management. |
|
|
Definition | Amazon.BedrockAgentCoreControl.Model.PolicyDefinition |
Gets and sets the property Definition. The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions. |
|
|
Description | System.String |
Gets and sets the property Description. A human-readable description of the policy's purpose and functionality. Limited to 4,096 characters, this helps administrators understand and manage the policy. |
|
|
Name | System.String |
Gets and sets the property Name. The customer-assigned immutable name for the policy. This human-readable identifier must be unique within the account and cannot exceed 48 characters. |
|
|
PolicyArn | System.String |
Gets and sets the property PolicyArn. The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements. |
|
|
PolicyEngineId | System.String |
Gets and sets the property PolicyEngineId. The identifier of the policy engine that manages this policy. This establishes the policy engine context for policy evaluation and management. |
|
|
PolicyId | System.String |
Gets and sets the property PolicyId. The unique identifier for the policy. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy operations. |
|
|
Status | Amazon.BedrockAgentCoreControl.PolicyStatus |
Gets and sets the property Status. The current status of the policy. |
|
|
StatusReasons | System.Collections.Generic.List<System.String> |
Gets and sets the property StatusReasons. Additional information about the policy status. This provides details about any failures or the current state of the policy lifecycle. |
|
|
UpdatedAt | System.DateTime |
Gets and sets the property UpdatedAt. The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration or metadata. |
Version Information
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5 and newer, 3.5