Creates an Amazon Bedrock AgentCore Runtime.
", "idempotent":true }, "CreateAgentRuntimeEndpoint":{ "name":"CreateAgentRuntimeEndpoint", "http":{ "method":"PUT", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/", "responseCode":202 }, "input":{"shape":"CreateAgentRuntimeEndpointRequest"}, "output":{"shape":"CreateAgentRuntimeEndpointResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates an AgentCore Runtime endpoint.
", "idempotent":true }, "CreateApiKeyCredentialProvider":{ "name":"CreateApiKeyCredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/CreateApiKeyCredentialProvider", "responseCode":201 }, "input":{"shape":"CreateApiKeyCredentialProviderRequest"}, "output":{"shape":"CreateApiKeyCredentialProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"UnauthorizedException"}, {"shape":"ResourceLimitExceededException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"EncryptionFailure"} ], "documentation":"Creates a new API key credential provider.
", "idempotent":true }, "CreateBrowser":{ "name":"CreateBrowser", "http":{ "method":"PUT", "requestUri":"/browsers", "responseCode":202 }, "input":{"shape":"CreateBrowserRequest"}, "output":{"shape":"CreateBrowserResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a custom browser.
", "idempotent":true }, "CreateCodeInterpreter":{ "name":"CreateCodeInterpreter", "http":{ "method":"PUT", "requestUri":"/code-interpreters", "responseCode":202 }, "input":{"shape":"CreateCodeInterpreterRequest"}, "output":{"shape":"CreateCodeInterpreterResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a custom code interpreter.
", "idempotent":true }, "CreateEvaluator":{ "name":"CreateEvaluator", "http":{ "method":"POST", "requestUri":"/evaluators/create", "responseCode":202 }, "input":{"shape":"CreateEvaluatorRequest"}, "output":{"shape":"CreateEvaluatorResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a custom evaluator for agent quality assessment. Custom evaluators use LLM-as-a-Judge configurations with user-defined prompts, rating scales, and model settings to evaluate agent performance at tool call, trace, or session levels.
" }, "CreateGateway":{ "name":"CreateGateway", "http":{ "method":"POST", "requestUri":"/gateways/", "responseCode":202 }, "input":{"shape":"CreateGatewayRequest"}, "output":{"shape":"CreateGatewayResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a gateway for Amazon Bedrock Agent. A gateway serves as an integration point between your agent and external services.
If you specify CUSTOM_JWT as the authorizerType, you must provide an authorizerConfiguration.
Creates a target for a gateway. A target defines an endpoint that the gateway can connect to.
", "idempotent":true }, "CreateMemory":{ "name":"CreateMemory", "http":{ "method":"POST", "requestUri":"/memories/create", "responseCode":202 }, "input":{"shape":"CreateMemoryInput"}, "output":{"shape":"CreateMemoryOutput"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ServiceException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Creates a new Amazon Bedrock AgentCore Memory resource.
", "idempotent":true }, "CreateOauth2CredentialProvider":{ "name":"CreateOauth2CredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/CreateOauth2CredentialProvider", "responseCode":201 }, "input":{"shape":"CreateOauth2CredentialProviderRequest"}, "output":{"shape":"CreateOauth2CredentialProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"UnauthorizedException"}, {"shape":"ResourceLimitExceededException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"EncryptionFailure"} ], "documentation":"Creates a new OAuth2 credential provider.
", "idempotent":true }, "CreateOnlineEvaluationConfig":{ "name":"CreateOnlineEvaluationConfig", "http":{ "method":"POST", "requestUri":"/online-evaluation-configs/create", "responseCode":202 }, "input":{"shape":"CreateOnlineEvaluationConfigRequest"}, "output":{"shape":"CreateOnlineEvaluationConfigResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates an online evaluation configuration for continuous monitoring of agent performance. Online evaluation automatically samples live traffic from CloudWatch logs at specified rates and applies evaluators to assess agent quality in production.
" }, "CreatePolicy":{ "name":"CreatePolicy", "http":{ "method":"POST", "requestUri":"/policy-engines/{policyEngineId}/policies", "responseCode":202 }, "input":{"shape":"CreatePolicyRequest"}, "output":{"shape":"CreatePolicyResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a policy within the AgentCore Policy system. Policies provide real-time, deterministic control over agentic interactions with AgentCore Gateway. Using the Cedar policy language, you can define fine-grained policies that specify which interactions with Gateway tools are permitted based on input parameters and OAuth claims, ensuring agents operate within defined boundaries and business rules. The policy is validated during creation against the Cedar schema generated from the Gateway's tools' input schemas, which defines the available tools, their parameters, and expected data types. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Creates a new policy engine within the AgentCore Policy system. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with Gateways (each Gateway can be associated with at most one policy engine, but multiple Gateways can be associated with the same engine), the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Creates a new workload identity.
", "idempotent":true }, "DeleteAgentRuntime":{ "name":"DeleteAgentRuntime", "http":{ "method":"DELETE", "requestUri":"/runtimes/{agentRuntimeId}/", "responseCode":202 }, "input":{"shape":"DeleteAgentRuntimeRequest"}, "output":{"shape":"DeleteAgentRuntimeResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an Amazon Bedrock AgentCore Runtime.
", "idempotent":true }, "DeleteAgentRuntimeEndpoint":{ "name":"DeleteAgentRuntimeEndpoint", "http":{ "method":"DELETE", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", "responseCode":202 }, "input":{"shape":"DeleteAgentRuntimeEndpointRequest"}, "output":{"shape":"DeleteAgentRuntimeEndpointResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an AAgentCore Runtime endpoint.
", "idempotent":true }, "DeleteApiKeyCredentialProvider":{ "name":"DeleteApiKeyCredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/DeleteApiKeyCredentialProvider", "responseCode":204 }, "input":{"shape":"DeleteApiKeyCredentialProviderRequest"}, "output":{"shape":"DeleteApiKeyCredentialProviderResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an API key credential provider.
", "idempotent":true }, "DeleteBrowser":{ "name":"DeleteBrowser", "http":{ "method":"DELETE", "requestUri":"/browsers/{browserId}", "responseCode":202 }, "input":{"shape":"DeleteBrowserRequest"}, "output":{"shape":"DeleteBrowserResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a custom browser.
", "idempotent":true }, "DeleteCodeInterpreter":{ "name":"DeleteCodeInterpreter", "http":{ "method":"DELETE", "requestUri":"/code-interpreters/{codeInterpreterId}", "responseCode":202 }, "input":{"shape":"DeleteCodeInterpreterRequest"}, "output":{"shape":"DeleteCodeInterpreterResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a custom code interpreter.
", "idempotent":true }, "DeleteEvaluator":{ "name":"DeleteEvaluator", "http":{ "method":"DELETE", "requestUri":"/evaluators/{evaluatorId}", "responseCode":202 }, "input":{"shape":"DeleteEvaluatorRequest"}, "output":{"shape":"DeleteEvaluatorResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a custom evaluator. Builtin evaluators cannot be deleted. The evaluator must not be referenced by any active online evaluation configurations.
", "idempotent":true }, "DeleteGateway":{ "name":"DeleteGateway", "http":{ "method":"DELETE", "requestUri":"/gateways/{gatewayIdentifier}/", "responseCode":202 }, "input":{"shape":"DeleteGatewayRequest"}, "output":{"shape":"DeleteGatewayResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a gateway.
", "idempotent":true }, "DeleteGatewayTarget":{ "name":"DeleteGatewayTarget", "http":{ "method":"DELETE", "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", "responseCode":202 }, "input":{"shape":"DeleteGatewayTargetRequest"}, "output":{"shape":"DeleteGatewayTargetResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a gateway target.
", "idempotent":true }, "DeleteMemory":{ "name":"DeleteMemory", "http":{ "method":"DELETE", "requestUri":"/memories/{memoryId}/delete", "responseCode":202 }, "input":{"shape":"DeleteMemoryInput"}, "output":{"shape":"DeleteMemoryOutput"}, "errors":[ {"shape":"ServiceException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Deletes an Amazon Bedrock AgentCore Memory resource.
", "idempotent":true }, "DeleteOauth2CredentialProvider":{ "name":"DeleteOauth2CredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/DeleteOauth2CredentialProvider", "responseCode":204 }, "input":{"shape":"DeleteOauth2CredentialProviderRequest"}, "output":{"shape":"DeleteOauth2CredentialProviderResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an OAuth2 credential provider.
", "idempotent":true }, "DeleteOnlineEvaluationConfig":{ "name":"DeleteOnlineEvaluationConfig", "http":{ "method":"DELETE", "requestUri":"/online-evaluation-configs/{onlineEvaluationConfigId}", "responseCode":202 }, "input":{"shape":"DeleteOnlineEvaluationConfigRequest"}, "output":{"shape":"DeleteOnlineEvaluationConfigResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an online evaluation configuration and stops any ongoing evaluation processes associated with it.
", "idempotent":true }, "DeletePolicy":{ "name":"DeletePolicy", "http":{ "method":"DELETE", "requestUri":"/policy-engines/{policyEngineId}/policies/{policyId}", "responseCode":202 }, "input":{"shape":"DeletePolicyRequest"}, "output":{"shape":"DeletePolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an existing policy from the AgentCore Policy system. Once deleted, the policy can no longer be used for agent behavior control and all references to it become invalid. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Deletes an existing policy engine from the AgentCore Policy system. The policy engine must not have any associated policies before deletion. Once deleted, the policy engine and all its configurations become unavailable for policy management and evaluation. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Deletes the resource-based policy for a specified resource.
This feature is currently available only for AgentCore Runtime and Gateway.
Deletes a workload identity.
", "idempotent":true }, "GetAgentRuntime":{ "name":"GetAgentRuntime", "http":{ "method":"GET", "requestUri":"/runtimes/{agentRuntimeId}/", "responseCode":200 }, "input":{"shape":"GetAgentRuntimeRequest"}, "output":{"shape":"GetAgentRuntimeResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets an Amazon Bedrock AgentCore Runtime.
", "readonly":true }, "GetAgentRuntimeEndpoint":{ "name":"GetAgentRuntimeEndpoint", "http":{ "method":"GET", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", "responseCode":200 }, "input":{"shape":"GetAgentRuntimeEndpointRequest"}, "output":{"shape":"GetAgentRuntimeEndpointResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets information about an Amazon Secure AgentEndpoint.
", "readonly":true }, "GetApiKeyCredentialProvider":{ "name":"GetApiKeyCredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/GetApiKeyCredentialProvider", "responseCode":200 }, "input":{"shape":"GetApiKeyCredentialProviderRequest"}, "output":{"shape":"GetApiKeyCredentialProviderResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about an API key credential provider.
", "readonly":true }, "GetBrowser":{ "name":"GetBrowser", "http":{ "method":"GET", "requestUri":"/browsers/{browserId}", "responseCode":200 }, "input":{"shape":"GetBrowserRequest"}, "output":{"shape":"GetBrowserResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets information about a custom browser.
", "readonly":true }, "GetCodeInterpreter":{ "name":"GetCodeInterpreter", "http":{ "method":"GET", "requestUri":"/code-interpreters/{codeInterpreterId}", "responseCode":200 }, "input":{"shape":"GetCodeInterpreterRequest"}, "output":{"shape":"GetCodeInterpreterResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets information about a custom code interpreter.
", "readonly":true }, "GetEvaluator":{ "name":"GetEvaluator", "http":{ "method":"GET", "requestUri":"/evaluators/{evaluatorId}", "responseCode":200 }, "input":{"shape":"GetEvaluatorRequest"}, "output":{"shape":"GetEvaluatorResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about an evaluator, including its configuration, status, and metadata. Works with both built-in and custom evaluators.
", "readonly":true }, "GetGateway":{ "name":"GetGateway", "http":{ "method":"GET", "requestUri":"/gateways/{gatewayIdentifier}/", "responseCode":200 }, "input":{"shape":"GetGatewayRequest"}, "output":{"shape":"GetGatewayResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a specific Gateway.
", "readonly":true }, "GetGatewayTarget":{ "name":"GetGatewayTarget", "http":{ "method":"GET", "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", "responseCode":200 }, "input":{"shape":"GetGatewayTargetRequest"}, "output":{"shape":"GetGatewayTargetResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a specific gateway target.
", "readonly":true }, "GetMemory":{ "name":"GetMemory", "http":{ "method":"GET", "requestUri":"/memories/{memoryId}/details", "responseCode":200 }, "input":{"shape":"GetMemoryInput"}, "output":{"shape":"GetMemoryOutput"}, "errors":[ {"shape":"ServiceException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Retrieve an existing Amazon Bedrock AgentCore Memory resource.
", "readonly":true }, "GetOauth2CredentialProvider":{ "name":"GetOauth2CredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/GetOauth2CredentialProvider", "responseCode":200 }, "input":{"shape":"GetOauth2CredentialProviderRequest"}, "output":{"shape":"GetOauth2CredentialProviderResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about an OAuth2 credential provider.
", "readonly":true }, "GetOnlineEvaluationConfig":{ "name":"GetOnlineEvaluationConfig", "http":{ "method":"GET", "requestUri":"/online-evaluation-configs/{onlineEvaluationConfigId}", "responseCode":200 }, "input":{"shape":"GetOnlineEvaluationConfigRequest"}, "output":{"shape":"GetOnlineEvaluationConfigResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about an online evaluation configuration, including its rules, data sources, evaluators, and execution status.
", "readonly":true }, "GetPolicy":{ "name":"GetPolicy", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policies/{policyId}", "responseCode":200 }, "input":{"shape":"GetPolicyRequest"}, "output":{"shape":"GetPolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about a specific policy within the AgentCore Policy system. This operation returns the complete policy definition, metadata, and current status, allowing administrators to review and manage policy configurations.
", "readonly":true }, "GetPolicyEngine":{ "name":"GetPolicyEngine", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}", "responseCode":200 }, "input":{"shape":"GetPolicyEngineRequest"}, "output":{"shape":"GetPolicyEngineResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about a specific policy engine within the AgentCore Policy system. This operation returns the complete policy engine configuration, metadata, and current status, allowing administrators to review and manage policy engine settings.
", "readonly":true }, "GetPolicyGeneration":{ "name":"GetPolicyGeneration", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policy-generations/{policyGenerationId}", "responseCode":200 }, "input":{"shape":"GetPolicyGenerationRequest"}, "output":{"shape":"GetPolicyGenerationResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a policy generation request within the AgentCore Policy system. Policy generation converts natural language descriptions into Cedar policy statements using AI-powered translation, enabling non-technical users to create policies.
", "readonly":true }, "GetResourcePolicy":{ "name":"GetResourcePolicy", "http":{ "method":"GET", "requestUri":"/resourcepolicy/{resourceArn}", "responseCode":200 }, "input":{"shape":"GetResourcePolicyRequest"}, "output":{"shape":"GetResourcePolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves the resource-based policy for a specified resource.
This feature is currently available only for AgentCore Runtime and Gateway.
Retrieves information about a token vault.
", "readonly":true }, "GetWorkloadIdentity":{ "name":"GetWorkloadIdentity", "http":{ "method":"POST", "requestUri":"/identities/GetWorkloadIdentity", "responseCode":200 }, "input":{"shape":"GetWorkloadIdentityRequest"}, "output":{"shape":"GetWorkloadIdentityResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a workload identity.
", "readonly":true }, "ListAgentRuntimeEndpoints":{ "name":"ListAgentRuntimeEndpoints", "http":{ "method":"POST", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/", "responseCode":200 }, "input":{"shape":"ListAgentRuntimeEndpointsRequest"}, "output":{"shape":"ListAgentRuntimeEndpointsResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all endpoints for a specific Amazon Secure Agent.
", "readonly":true }, "ListAgentRuntimeVersions":{ "name":"ListAgentRuntimeVersions", "http":{ "method":"POST", "requestUri":"/runtimes/{agentRuntimeId}/versions/", "responseCode":200 }, "input":{"shape":"ListAgentRuntimeVersionsRequest"}, "output":{"shape":"ListAgentRuntimeVersionsResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all versions of a specific Amazon Secure Agent.
", "readonly":true }, "ListAgentRuntimes":{ "name":"ListAgentRuntimes", "http":{ "method":"POST", "requestUri":"/runtimes/", "responseCode":200 }, "input":{"shape":"ListAgentRuntimesRequest"}, "output":{"shape":"ListAgentRuntimesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all Amazon Secure Agents in your account.
", "readonly":true }, "ListApiKeyCredentialProviders":{ "name":"ListApiKeyCredentialProviders", "http":{ "method":"POST", "requestUri":"/identities/ListApiKeyCredentialProviders", "responseCode":200 }, "input":{"shape":"ListApiKeyCredentialProvidersRequest"}, "output":{"shape":"ListApiKeyCredentialProvidersResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all API key credential providers in your account.
", "readonly":true }, "ListBrowsers":{ "name":"ListBrowsers", "http":{ "method":"POST", "requestUri":"/browsers", "responseCode":200 }, "input":{"shape":"ListBrowsersRequest"}, "output":{"shape":"ListBrowsersResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all custom browsers in your account.
", "readonly":true }, "ListCodeInterpreters":{ "name":"ListCodeInterpreters", "http":{ "method":"POST", "requestUri":"/code-interpreters", "responseCode":200 }, "input":{"shape":"ListCodeInterpretersRequest"}, "output":{"shape":"ListCodeInterpretersResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all custom code interpreters in your account.
", "readonly":true }, "ListEvaluators":{ "name":"ListEvaluators", "http":{ "method":"POST", "requestUri":"/evaluators", "responseCode":200 }, "input":{"shape":"ListEvaluatorsRequest"}, "output":{"shape":"ListEvaluatorsResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all available evaluators, including both builtin evaluators provided by the service and custom evaluators created by the user.
", "readonly":true }, "ListGatewayTargets":{ "name":"ListGatewayTargets", "http":{ "method":"GET", "requestUri":"/gateways/{gatewayIdentifier}/targets/", "responseCode":200 }, "input":{"shape":"ListGatewayTargetsRequest"}, "output":{"shape":"ListGatewayTargetsResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all targets for a specific gateway.
", "readonly":true }, "ListGateways":{ "name":"ListGateways", "http":{ "method":"GET", "requestUri":"/gateways/", "responseCode":200 }, "input":{"shape":"ListGatewaysRequest"}, "output":{"shape":"ListGatewaysResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all gateways in the account.
", "readonly":true }, "ListMemories":{ "name":"ListMemories", "http":{ "method":"POST", "requestUri":"/memories/", "responseCode":200 }, "input":{"shape":"ListMemoriesInput"}, "output":{"shape":"ListMemoriesOutput"}, "errors":[ {"shape":"ServiceException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Lists the available Amazon Bedrock AgentCore Memory resources in the current Amazon Web Services Region.
", "readonly":true }, "ListOauth2CredentialProviders":{ "name":"ListOauth2CredentialProviders", "http":{ "method":"POST", "requestUri":"/identities/ListOauth2CredentialProviders", "responseCode":200 }, "input":{"shape":"ListOauth2CredentialProvidersRequest"}, "output":{"shape":"ListOauth2CredentialProvidersResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all OAuth2 credential providers in your account.
", "readonly":true }, "ListOnlineEvaluationConfigs":{ "name":"ListOnlineEvaluationConfigs", "http":{ "method":"POST", "requestUri":"/online-evaluation-configs", "responseCode":200 }, "input":{"shape":"ListOnlineEvaluationConfigsRequest"}, "output":{"shape":"ListOnlineEvaluationConfigsResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all online evaluation configurations in the account, providing summary information about each configuration's status and settings.
", "readonly":true }, "ListPolicies":{ "name":"ListPolicies", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policies", "responseCode":200 }, "input":{"shape":"ListPoliciesRequest"}, "output":{"shape":"ListPoliciesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves a list of policies within the AgentCore Policy engine. This operation supports pagination and filtering to help administrators manage and discover policies across policy engines. Results can be filtered by policy engine or resource associations.
", "readonly":true }, "ListPolicyEngines":{ "name":"ListPolicyEngines", "http":{ "method":"GET", "requestUri":"/policy-engines", "responseCode":200 }, "input":{"shape":"ListPolicyEnginesRequest"}, "output":{"shape":"ListPolicyEnginesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves a list of policy engines within the AgentCore Policy system. This operation supports pagination to help administrators discover and manage policy engines across their account. Each policy engine serves as a container for related policies.
", "readonly":true }, "ListPolicyGenerationAssets":{ "name":"ListPolicyGenerationAssets", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policy-generations/{policyGenerationId}/assets", "responseCode":200 }, "input":{"shape":"ListPolicyGenerationAssetsRequest"}, "output":{"shape":"ListPolicyGenerationAssetsResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves a list of generated policy assets from a policy generation request within the AgentCore Policy system. This operation returns the actual Cedar policies and related artifacts produced by the AI-powered policy generation process, allowing users to review and select from multiple generated policy options.
", "readonly":true }, "ListPolicyGenerations":{ "name":"ListPolicyGenerations", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policy-generations", "responseCode":200 }, "input":{"shape":"ListPolicyGenerationsRequest"}, "output":{"shape":"ListPolicyGenerationsResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves a list of policy generation requests within the AgentCore Policy system. This operation supports pagination and filtering to help track and manage AI-powered policy generation operations.
", "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ "method":"GET", "requestUri":"/tags/{resourceArn}", "responseCode":200 }, "input":{"shape":"ListTagsForResourceRequest"}, "output":{"shape":"ListTagsForResourceResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists the tags associated with the specified resource.
This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.
Lists all workload identities in your account.
", "readonly":true }, "PutResourcePolicy":{ "name":"PutResourcePolicy", "http":{ "method":"PUT", "requestUri":"/resourcepolicy/{resourceArn}", "responseCode":201 }, "input":{"shape":"PutResourcePolicyRequest"}, "output":{"shape":"PutResourcePolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Creates or updates a resource-based policy for a resource with the specified resourceArn.
This feature is currently available only for AgentCore Runtime and Gateway.
Sets the customer master key (CMK) for a token vault.
" }, "StartPolicyGeneration":{ "name":"StartPolicyGeneration", "http":{ "method":"POST", "requestUri":"/policy-engines/{policyEngineId}/policy-generations", "responseCode":202 }, "input":{"shape":"StartPolicyGenerationRequest"}, "output":{"shape":"StartPolicyGenerationResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Initiates the AI-powered generation of Cedar policies from natural language descriptions within the AgentCore Policy system. This feature enables both technical and non-technical users to create policies by describing their authorization requirements in plain English, which is then automatically translated into formal Cedar policy statements. The generation process analyzes the natural language input along with the Gateway's tool context to produce validated policy options. Generated policy assets are automatically deleted after 7 days, so you should review and create policies from the generated assets within this timeframe. Once created, policies are permanent and not subject to this expiration. Generated policies should be reviewed and tested in log-only mode before deploying to production. Use this when you want to describe policy intent naturally rather than learning Cedar syntax, though generated policies may require refinement for complex scenarios.
" }, "SynchronizeGatewayTargets":{ "name":"SynchronizeGatewayTargets", "http":{ "method":"PUT", "requestUri":"/gateways/{gatewayIdentifier}/synchronizeTargets", "responseCode":202 }, "input":{"shape":"SynchronizeGatewayTargetsRequest"}, "output":{"shape":"SynchronizeGatewayTargetsResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"The gateway targets.
", "idempotent":true }, "TagResource":{ "name":"TagResource", "http":{ "method":"POST", "requestUri":"/tags/{resourceArn}", "responseCode":204 }, "input":{"shape":"TagResourceRequest"}, "output":{"shape":"TagResourceResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are also deleted.
This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.
Removes the specified tags from the specified resource.
This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.
Updates an existing Amazon Secure Agent.
", "idempotent":true }, "UpdateAgentRuntimeEndpoint":{ "name":"UpdateAgentRuntimeEndpoint", "http":{ "method":"PUT", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", "responseCode":202 }, "input":{"shape":"UpdateAgentRuntimeEndpointRequest"}, "output":{"shape":"UpdateAgentRuntimeEndpointResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing Amazon Bedrock AgentCore Runtime endpoint.
", "idempotent":true }, "UpdateApiKeyCredentialProvider":{ "name":"UpdateApiKeyCredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/UpdateApiKeyCredentialProvider", "responseCode":200 }, "input":{"shape":"UpdateApiKeyCredentialProviderRequest"}, "output":{"shape":"UpdateApiKeyCredentialProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"EncryptionFailure"} ], "documentation":"Updates an existing API key credential provider.
", "idempotent":true }, "UpdateEvaluator":{ "name":"UpdateEvaluator", "http":{ "method":"PUT", "requestUri":"/evaluators/{evaluatorId}", "responseCode":202 }, "input":{"shape":"UpdateEvaluatorRequest"}, "output":{"shape":"UpdateEvaluatorResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates a custom evaluator's configuration, description, or evaluation level. Built-in evaluators cannot be updated. The evaluator must not be locked for modification.
", "idempotent":true }, "UpdateGateway":{ "name":"UpdateGateway", "http":{ "method":"PUT", "requestUri":"/gateways/{gatewayIdentifier}/", "responseCode":202 }, "input":{"shape":"UpdateGatewayRequest"}, "output":{"shape":"UpdateGatewayResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing gateway.
", "idempotent":true }, "UpdateGatewayTarget":{ "name":"UpdateGatewayTarget", "http":{ "method":"PUT", "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", "responseCode":202 }, "input":{"shape":"UpdateGatewayTargetRequest"}, "output":{"shape":"UpdateGatewayTargetResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing gateway target.
", "idempotent":true }, "UpdateMemory":{ "name":"UpdateMemory", "http":{ "method":"PUT", "requestUri":"/memories/{memoryId}/update", "responseCode":202 }, "input":{"shape":"UpdateMemoryInput"}, "output":{"shape":"UpdateMemoryOutput"}, "errors":[ {"shape":"ServiceException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Update an Amazon Bedrock AgentCore Memory resource memory.
", "idempotent":true }, "UpdateOauth2CredentialProvider":{ "name":"UpdateOauth2CredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/UpdateOauth2CredentialProvider", "responseCode":200 }, "input":{"shape":"UpdateOauth2CredentialProviderRequest"}, "output":{"shape":"UpdateOauth2CredentialProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"EncryptionFailure"} ], "documentation":"Updates an existing OAuth2 credential provider.
" }, "UpdateOnlineEvaluationConfig":{ "name":"UpdateOnlineEvaluationConfig", "http":{ "method":"PUT", "requestUri":"/online-evaluation-configs/{onlineEvaluationConfigId}", "responseCode":202 }, "input":{"shape":"UpdateOnlineEvaluationConfigRequest"}, "output":{"shape":"UpdateOnlineEvaluationConfigResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an online evaluation configuration's settings, including rules, data sources, evaluators, and execution status. Changes take effect immediately for ongoing evaluations.
", "idempotent":true }, "UpdatePolicy":{ "name":"UpdatePolicy", "http":{ "method":"PUT", "requestUri":"/policy-engines/{policyEngineId}/policies/{policyId}", "responseCode":202 }, "input":{"shape":"UpdatePolicyRequest"}, "output":{"shape":"UpdatePolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing policy within the AgentCore Policy system. This operation allows modification of the policy description and definition while maintaining the policy's identity. The updated policy is validated against the Cedar schema before being applied. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Updates an existing policy engine within the AgentCore Policy system. This operation allows modification of the policy engine description while maintaining its identity. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Updates an existing workload identity.
", "idempotent":true } }, "shapes":{ "AccessDeniedException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when a request is denied per access permissions
", "error":{ "httpStatusCode":403, "senderFault":true }, "exception":true }, "AdditionalModelRequestFields":{ "type":"structure", "members":{}, "document":true }, "AgentEndpointDescription":{ "type":"string", "max":256, "min":1 }, "AgentManagedRuntimeType":{ "type":"string", "enum":[ "PYTHON_3_10", "PYTHON_3_11", "PYTHON_3_12", "PYTHON_3_13" ] }, "AgentRuntime":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeId", "agentRuntimeVersion", "agentRuntimeName", "description", "lastUpdatedAt", "status" ], "members":{ "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the agent runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the agent runtime.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the agent runtime.
" }, "agentRuntimeName":{ "shape":"AgentRuntimeName", "documentation":"The name of the agent runtime.
" }, "description":{ "shape":"Description", "documentation":"The description of the agent runtime.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the agent runtime was last updated.
" }, "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the agent runtime.
" } }, "documentation":"Contains information about an agent runtime. An agent runtime is the execution environment for a Amazon Bedrock Agent.
" }, "AgentRuntimeArn":{ "type":"string", "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:agent/[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}:([0-9]{0,4}[1-9][0-9]{0,4})" }, "AgentRuntimeArtifact":{ "type":"structure", "members":{ "containerConfiguration":{ "shape":"ContainerConfiguration", "documentation":"The container configuration for the agent artifact.
" }, "codeConfiguration":{ "shape":"CodeConfiguration", "documentation":"The code configuration for the agent runtime artifact, including the source code location and execution settings.
" } }, "documentation":"The artifact of the agent.
", "union":true }, "AgentRuntimeEndpoint":{ "type":"structure", "required":[ "name", "agentRuntimeEndpointArn", "agentRuntimeArn", "status", "id", "createdAt", "lastUpdatedAt" ], "members":{ "name":{ "shape":"EndpointName", "documentation":"The name of the agent runtime endpoint.
" }, "liveVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The live version of the agent runtime endpoint. This is the version that is currently serving requests.
" }, "targetVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The target version of the agent runtime endpoint. This is the version that the endpoint is being updated to.
" }, "agentRuntimeEndpointArn":{ "shape":"AgentRuntimeEndpointArn", "documentation":"The Amazon Resource Name (ARN) of the agent runtime endpoint.
" }, "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the agent runtime associated with the endpoint.
" }, "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the agent runtime endpoint.
" }, "id":{ "shape":"AgentRuntimeEndpointId", "documentation":"The unique identifier of the agent runtime endpoint.
" }, "description":{ "shape":"AgentEndpointDescription", "documentation":"The description of the agent runtime endpoint.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the agent runtime endpoint was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the agent runtime endpoint was last updated.
" } }, "documentation":"Contains information about an agent runtime endpoint. An endpoint provides a way to connect to and interact with an agent runtime.
" }, "AgentRuntimeEndpointArn":{ "type":"string", "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:agentEndpoint/[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}" }, "AgentRuntimeEndpointId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,99}-[a-zA-Z0-9]{10}" }, "AgentRuntimeEndpointStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "READY", "DELETING" ] }, "AgentRuntimeEndpoints":{ "type":"list", "member":{"shape":"AgentRuntimeEndpoint"} }, "AgentRuntimeId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,99}-[a-zA-Z0-9]{10}" }, "AgentRuntimeName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "AgentRuntimeStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "READY", "DELETING" ] }, "AgentRuntimeVersion":{ "type":"string", "max":5, "min":1, "pattern":"([1-9][0-9]{0,4})" }, "AgentRuntimes":{ "type":"list", "member":{"shape":"AgentRuntime"} }, "AllowedAudience":{"type":"string"}, "AllowedAudienceList":{ "type":"list", "member":{"shape":"AllowedAudience"}, "min":1 }, "AllowedClient":{"type":"string"}, "AllowedClientsList":{ "type":"list", "member":{"shape":"AllowedClient"}, "min":1 }, "AllowedQueryParameters":{ "type":"list", "member":{"shape":"HttpQueryParameterName"}, "max":10, "min":1 }, "AllowedRequestHeaders":{ "type":"list", "member":{"shape":"HttpHeaderName"}, "max":10, "min":1 }, "AllowedResponseHeaders":{ "type":"list", "member":{"shape":"HttpHeaderName"}, "max":10, "min":1 }, "AllowedScopeType":{ "type":"string", "max":255, "min":1, "pattern":"[\\x21\\x23-\\x5B\\x5D-\\x7E]+" }, "AllowedScopesType":{ "type":"list", "member":{"shape":"AllowedScopeType"}, "min":1 }, "ApiGatewayTargetConfiguration":{ "type":"structure", "required":[ "restApiId", "stage", "apiGatewayToolConfiguration" ], "members":{ "restApiId":{ "shape":"String", "documentation":"The ID of the API Gateway REST API.
" }, "stage":{ "shape":"String", "documentation":"The ID of the stage of the REST API to add as a target.
" }, "apiGatewayToolConfiguration":{ "shape":"ApiGatewayToolConfiguration", "documentation":"The configuration for defining REST API tool filters and overrides for the gateway target.
" } }, "documentation":"The configuration for an Amazon API Gateway target.
" }, "ApiGatewayToolConfiguration":{ "type":"structure", "required":["toolFilters"], "members":{ "toolOverrides":{ "shape":"ApiGatewayToolOverrides", "documentation":"A list of explicit tool definitions with optional custom names and descriptions.
" }, "toolFilters":{ "shape":"ApiGatewayToolFilters", "documentation":"A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
" } }, "documentation":"The configuration for defining REST API tool filters and overrides for the gateway target.
" }, "ApiGatewayToolFilter":{ "type":"structure", "required":[ "filterPath", "methods" ], "members":{ "filterPath":{ "shape":"String", "documentation":"Resource path to match in the REST API. Supports exact paths (for example, /pets) or wildcard paths (for example, /pets/* to match all paths under /pets). Must match existing paths in the REST API.
The methods to filter for.
" } }, "documentation":"Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
" }, "ApiGatewayToolFilters":{ "type":"list", "member":{"shape":"ApiGatewayToolFilter"} }, "ApiGatewayToolOverride":{ "type":"structure", "required":[ "name", "path", "method" ], "members":{ "name":{ "shape":"String", "documentation":"The name of tool. Identifies the tool in the Model Context Protocol.
" }, "description":{ "shape":"String", "documentation":"The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
" }, "path":{ "shape":"String", "documentation":"Resource path in the REST API (e.g., /pets). Must explicitly match an existing path in the REST API.
The HTTP method to expose for the specified path.
" } }, "documentation":"Settings to override configurations for a tool.
" }, "ApiGatewayToolOverrides":{ "type":"list", "member":{"shape":"ApiGatewayToolOverride"} }, "ApiKeyCredentialLocation":{ "type":"string", "enum":[ "HEADER", "QUERY_PARAMETER" ] }, "ApiKeyCredentialParameterName":{ "type":"string", "max":64, "min":1 }, "ApiKeyCredentialPrefix":{ "type":"string", "max":64, "min":1 }, "ApiKeyCredentialProvider":{ "type":"structure", "required":["providerArn"], "members":{ "providerArn":{ "shape":"ApiKeyCredentialProviderArn", "documentation":"The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
" }, "credentialParameterName":{ "shape":"ApiKeyCredentialParameterName", "documentation":"The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
" }, "credentialPrefix":{ "shape":"ApiKeyCredentialPrefix", "documentation":"The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
" }, "credentialLocation":{ "shape":"ApiKeyCredentialLocation", "documentation":"The location of the API key credential. This field specifies where in the request the API key should be placed.
" } }, "documentation":"An API key credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using an API key.
" }, "ApiKeyCredentialProviderArn":{ "type":"string", "pattern":"arn:([^:]*):([^:]*):([^:]*):([0-9]{12})?:(.+)" }, "ApiKeyCredentialProviderArnType":{ "type":"string", "pattern":"arn:(aws|aws-us-gov):acps:[A-Za-z0-9-]{1,64}:[0-9]{12}:token-vault/[a-zA-Z0-9-.]+/apikeycredentialprovider/[a-zA-Z0-9-.]+" }, "ApiKeyCredentialProviderItem":{ "type":"structure", "required":[ "name", "credentialProviderArn", "createdTime", "lastUpdatedTime" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider.
" }, "credentialProviderArn":{ "shape":"ApiKeyCredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the API key credential provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was last updated.
" } }, "documentation":"Contains information about an API key credential provider.
" }, "ApiKeyCredentialProviders":{ "type":"list", "member":{"shape":"ApiKeyCredentialProviderItem"} }, "ApiKeyType":{ "type":"string", "max":65536, "min":1, "sensitive":true }, "ApiSchemaConfiguration":{ "type":"structure", "members":{ "s3":{"shape":"S3Configuration"}, "inlinePayload":{ "shape":"InlinePayload", "documentation":"The inline payload containing the API schema definition.
" } }, "documentation":"Configuration for API schema.
", "union":true }, "Arn":{ "type":"string", "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}" }, "AtlassianOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Atlassian OAuth2 provider. This identifier is assigned by Atlassian when you register your application.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Atlassian OAuth2 provider. This secret is assigned by Atlassian and used along with the client ID to authenticate your application.
" } }, "documentation":"Configuration settings for connecting to Atlassian services using OAuth2 authentication. This includes the client credentials required to authenticate with Atlassian's OAuth2 authorization server.
" }, "AtlassianOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{"shape":"Oauth2Discovery"}, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Atlassian OAuth2 provider.
" } }, "documentation":"The configuration details returned for an Atlassian OAuth2 provider, including the client ID and OAuth2 discovery information.
" }, "AuthorizationEndpointType":{"type":"string"}, "AuthorizerConfiguration":{ "type":"structure", "members":{ "customJWTAuthorizer":{ "shape":"CustomJWTAuthorizerConfiguration", "documentation":"The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
" } }, "documentation":"Represents inbound authorization configuration options used to authenticate incoming requests.
", "union":true }, "AuthorizerType":{ "type":"string", "enum":[ "CUSTOM_JWT", "AWS_IAM", "NONE" ] }, "AuthorizingClaimMatchValueType":{ "type":"structure", "required":[ "claimMatchValue", "claimMatchOperator" ], "members":{ "claimMatchValue":{ "shape":"ClaimMatchValueType", "documentation":"The value or values to match for.
" }, "claimMatchOperator":{ "shape":"ClaimMatchOperatorType", "documentation":"Defines the relationship between the claim field value and the value or values you're matching for.
" } }, "documentation":"Defines the value or values to match for and the relationship of the match.
" }, "AwsAccountId":{ "type":"string", "pattern":"[0-9]{12}" }, "BedrockAgentcoreResourceArn":{ "type":"string", "max":1011, "min":20 }, "BedrockEvaluatorModelConfig":{ "type":"structure", "required":["modelId"], "members":{ "modelId":{ "shape":"ModelId", "documentation":"The identifier of the Amazon Bedrock model to use for evaluation. Must be a supported foundation model available in your region.
" }, "inferenceConfig":{ "shape":"InferenceConfiguration", "documentation":"The inference configuration parameters that control model behavior during evaluation, including temperature, token limits, and sampling settings.
" }, "additionalModelRequestFields":{ "shape":"AdditionalModelRequestFields", "documentation":"Additional model-specific request fields to customize model behavior beyond the standard inference configuration.
" } }, "documentation":"The configuration for using Amazon Bedrock models in evaluator assessments, including model selection and inference parameters.
" }, "Boolean":{ "type":"boolean", "box":true }, "BrowserArn":{ "type":"string", "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:(aws|[0-9]{12}):browser(-custom)?/(aws\\.browser\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" }, "BrowserId":{ "type":"string", "pattern":"(aws\\.browser\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" }, "BrowserNetworkConfiguration":{ "type":"structure", "required":["networkMode"], "members":{ "networkMode":{ "shape":"BrowserNetworkMode", "documentation":"The network mode for the browser. This field specifies how the browser connects to the network.
" }, "vpcConfig":{"shape":"VpcConfig"} }, "documentation":"The network configuration for a browser. This structure defines how the browser connects to the network.
" }, "BrowserNetworkMode":{ "type":"string", "enum":[ "PUBLIC", "VPC" ] }, "BrowserSigningConfigInput":{ "type":"structure", "required":["enabled"], "members":{ "enabled":{ "shape":"Boolean", "documentation":"Specifies whether browser signing is enabled. When enabled, the browser will cryptographically sign HTTP requests to identify itself as an AI agent to bot control vendors.
" } }, "documentation":"Configuration for enabling browser signing capabilities that allow agents to cryptographically identify themselves to websites using HTTP message signatures.
" }, "BrowserSigningConfigOutput":{ "type":"structure", "required":["enabled"], "members":{ "enabled":{ "shape":"Boolean", "documentation":"Indicates whether browser signing is currently enabled for cryptographic agent identification using HTTP message signatures.
" } }, "documentation":"The current browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
" }, "BrowserStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "READY", "DELETING", "DELETE_FAILED", "DELETED" ] }, "BrowserSummaries":{ "type":"list", "member":{"shape":"BrowserSummary"} }, "BrowserSummary":{ "type":"structure", "required":[ "browserId", "browserArn", "status", "createdAt" ], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the browser.
" }, "browserArn":{ "shape":"BrowserArn", "documentation":"The Amazon Resource Name (ARN) of the browser.
" }, "name":{ "shape":"SandboxName", "documentation":"The name of the browser.
" }, "description":{ "shape":"Description", "documentation":"The description of the browser.
" }, "status":{ "shape":"BrowserStatus", "documentation":"The current status of the browser.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was last updated.
" } }, "documentation":"Contains summary information about a browser. A browser enables Amazon Bedrock Agent to interact with web content.
" }, "CategoricalScaleDefinition":{ "type":"structure", "required":[ "definition", "label" ], "members":{ "definition":{ "shape":"String", "documentation":"The description that explains what this categorical rating represents and when it should be used.
" }, "label":{ "shape":"CategoricalScaleDefinitionLabelString", "documentation":"The label or name of this categorical rating option.
" } }, "documentation":"The definition of a categorical rating scale option that provides a named category with its description for evaluation scoring.
" }, "CategoricalScaleDefinitionLabelString":{ "type":"string", "max":100, "min":1 }, "CategoricalScaleDefinitions":{ "type":"list", "member":{"shape":"CategoricalScaleDefinition"} }, "CedarPolicy":{ "type":"structure", "required":["statement"], "members":{ "statement":{ "shape":"Statement", "documentation":"The Cedar policy statement that defines the authorization logic. This statement follows Cedar syntax and specifies principals, actions, resources, and conditions that determine when access should be allowed or denied.
" } }, "documentation":"Represents a Cedar policy statement within the AgentCore Policy system. Cedar is a policy language designed for authorization that provides human-readable, analyzable, and high-performance policy evaluation for controlling agent behavior and access decisions.
" }, "ClaimMatchOperatorType":{ "type":"string", "enum":[ "EQUALS", "CONTAINS", "CONTAINS_ANY" ] }, "ClaimMatchValueType":{ "type":"structure", "members":{ "matchValueString":{ "shape":"MatchValueString", "documentation":"The string value to match for.
" }, "matchValueStringList":{ "shape":"MatchValueStringList", "documentation":"An array of strings to check for a match.
" } }, "documentation":"The value or values to match for.
Include a matchValueString with the EQUALS operator to specify a string that matches the claim field value.
Include a matchValueArray to specify an array of string values. You can use the following operators:
Use CONTAINS to yield a match if the claim field value is in the array.
Use CONTAINS_ANY to yield a match if the claim field value contains any of the strings in the array.
The list of CloudWatch log group names to monitor for agent traces.
" }, "serviceNames":{ "shape":"CloudWatchLogsInputConfigServiceNamesList", "documentation":"The list of service names to filter traces within the specified log groups. Used to identify relevant agent sessions.
" } }, "documentation":"The configuration for reading agent traces from CloudWatch logs as input for online evaluation.
" }, "CloudWatchLogsInputConfigLogGroupNamesList":{ "type":"list", "member":{"shape":"LogGroupName"}, "max":5, "min":1 }, "CloudWatchLogsInputConfigServiceNamesList":{ "type":"list", "member":{"shape":"ServiceName"}, "max":1, "min":1 }, "CloudWatchOutputConfig":{ "type":"structure", "required":["logGroupName"], "members":{ "logGroupName":{ "shape":"LogGroupName", "documentation":"The name of the CloudWatch log group where evaluation results will be written. The log group will be created if it doesn't exist.
" } }, "documentation":"The configuration for writing evaluation results to CloudWatch logs with embedded metric format (EMF) for monitoring.
" }, "Code":{ "type":"structure", "members":{ "s3":{ "shape":"S3Location", "documentation":"The Amazon Amazon S3 object that contains the source code for the agent runtime.
" } }, "documentation":"The source code configuration that specifies the location and details of the code to be executed.
", "union":true }, "CodeConfiguration":{ "type":"structure", "required":[ "code", "runtime", "entryPoint" ], "members":{ "code":{ "shape":"Code", "documentation":"The source code location and configuration details.
" }, "runtime":{ "shape":"AgentManagedRuntimeType", "documentation":"The runtime environment for executing the code (for example, Python 3.9 or Node.js 18).
" }, "entryPoint":{ "shape":"CodeConfigurationEntryPointList", "documentation":"The entry point for the code execution, specifying the function or method that should be invoked when the code runs.
" } }, "documentation":"The configuration for the source code that defines how the agent runtime code should be executed, including the code location, runtime environment, and entry point.
" }, "CodeConfigurationEntryPointList":{ "type":"list", "member":{"shape":"entryPoint"}, "max":2, "min":1 }, "CodeInterpreterArn":{ "type":"string", "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:(aws|[0-9]{12}):code-interpreter(-custom)?/(aws\\.codeinterpreter\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" }, "CodeInterpreterId":{ "type":"string", "pattern":"(aws\\.codeinterpreter\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" }, "CodeInterpreterNetworkConfiguration":{ "type":"structure", "required":["networkMode"], "members":{ "networkMode":{ "shape":"CodeInterpreterNetworkMode", "documentation":"The network mode for the code interpreter. This field specifies how the code interpreter connects to the network.
" }, "vpcConfig":{"shape":"VpcConfig"} }, "documentation":"The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.
" }, "CodeInterpreterNetworkMode":{ "type":"string", "enum":[ "PUBLIC", "SANDBOX", "VPC" ] }, "CodeInterpreterStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "READY", "DELETING", "DELETE_FAILED", "DELETED" ] }, "CodeInterpreterSummaries":{ "type":"list", "member":{"shape":"CodeInterpreterSummary"} }, "CodeInterpreterSummary":{ "type":"structure", "required":[ "codeInterpreterId", "codeInterpreterArn", "status", "createdAt" ], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the code interpreter.
" }, "codeInterpreterArn":{ "shape":"CodeInterpreterArn", "documentation":"The Amazon Resource Name (ARN) of the code interpreter.
" }, "name":{ "shape":"SandboxName", "documentation":"The name of the code interpreter.
" }, "description":{ "shape":"Description", "documentation":"The description of the code interpreter.
" }, "status":{ "shape":"CodeInterpreterStatus", "documentation":"The current status of the code interpreter.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was last updated.
" } }, "documentation":"Contains summary information about a code interpreter. A code interpreter enables Amazon Bedrock Agent to execute code.
" }, "ConcurrentModificationException":{ "type":"structure", "required":["message"], "members":{ "message":{"shape":"String"} }, "documentation":"Exception thrown when a resource is modified concurrently by multiple requests.
", "error":{ "httpStatusCode":409, "senderFault":true }, "exception":true }, "ConflictException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when there is a conflict performing an operation
", "error":{ "httpStatusCode":409, "senderFault":true }, "exception":true }, "ConsolidationConfiguration":{ "type":"structure", "members":{ "customConsolidationConfiguration":{ "shape":"CustomConsolidationConfiguration", "documentation":"The custom consolidation configuration.
" } }, "documentation":"Contains consolidation configuration information for a memory strategy.
", "union":true }, "ContainerConfiguration":{ "type":"structure", "required":["containerUri"], "members":{ "containerUri":{ "shape":"RuntimeContainerUri", "documentation":"The ECR URI of the container.
" } }, "documentation":"Representation of a container configuration.
" }, "Content":{ "type":"structure", "members":{ "rawText":{ "shape":"NaturalLanguage", "documentation":"The raw text content containing natural language descriptions of desired policy behavior. This text is processed by AI to generate corresponding Cedar policy statements that match the described intent.
" } }, "documentation":"Represents content input for policy generation operations. This structure encapsulates the natural language descriptions or other content formats that are used as input for AI-powered policy generation.
", "union":true }, "CreateAgentRuntimeEndpointRequest":{ "type":"structure", "required":[ "agentRuntimeId", "name" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to create an endpoint for.
", "location":"uri", "locationName":"agentRuntimeId" }, "name":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the AgentCore Runtime to use for the endpoint.
" }, "description":{ "shape":"AgentEndpointDescription", "documentation":"The description of the AgentCore Runtime endpoint.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the agent runtime endpoint. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateAgentRuntimeEndpointResponse":{ "type":"structure", "required":[ "targetVersion", "agentRuntimeEndpointArn", "agentRuntimeArn", "status", "createdAt" ], "members":{ "targetVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The target version of the AgentCore Runtime for the endpoint.
" }, "agentRuntimeEndpointArn":{ "shape":"AgentRuntimeEndpointArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
" }, "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint.
" }, "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the AgentCore Runtime endpoint.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was created.
" } } }, "CreateAgentRuntimeRequest":{ "type":"structure", "required":[ "agentRuntimeName", "agentRuntimeArtifact", "roleArn", "networkConfiguration" ], "members":{ "agentRuntimeName":{ "shape":"AgentRuntimeName", "documentation":"The name of the AgentCore Runtime.
" }, "agentRuntimeArtifact":{ "shape":"AgentRuntimeArtifact", "documentation":"The artifact of the AgentCore Runtime.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the AgentCore Runtime.
" }, "networkConfiguration":{ "shape":"NetworkConfiguration", "documentation":"The network configuration for the AgentCore Runtime.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true }, "description":{ "shape":"Description", "documentation":"The description of the AgentCore Runtime.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The authorizer configuration for the AgentCore Runtime.
" }, "requestHeaderConfiguration":{ "shape":"RequestHeaderConfiguration", "documentation":"Configuration for HTTP request headers that will be passed through to the runtime.
" }, "protocolConfiguration":{"shape":"ProtocolConfiguration"}, "lifecycleConfiguration":{ "shape":"LifecycleConfiguration", "documentation":"The life cycle configuration for the AgentCore Runtime.
" }, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Environment variables to set in the AgentCore Runtime environment.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the agent runtime. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateAgentRuntimeResponse":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeId", "agentRuntimeVersion", "createdAt", "status" ], "members":{ "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the AgentCore Runtime.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was created.
" }, "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the AgentCore Runtime.
" } } }, "CreateApiKeyCredentialProviderRequest":{ "type":"structure", "required":[ "name", "apiKey" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider. The name must be unique within your account.
" }, "apiKey":{ "shape":"ApiKeyType", "documentation":"The API key to use for authentication. This value is encrypted and stored securely.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the API key credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateApiKeyCredentialProviderResponse":{ "type":"structure", "required":[ "apiKeySecretArn", "name", "credentialProviderArn" ], "members":{ "apiKeySecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the secret containing the API key.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the created API key credential provider.
" }, "credentialProviderArn":{ "shape":"ApiKeyCredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the created API key credential provider.
" } } }, "CreateBrowserRequest":{ "type":"structure", "required":[ "name", "networkConfiguration" ], "members":{ "name":{ "shape":"SandboxName", "documentation":"The name of the browser. The name must be unique within your account.
" }, "description":{ "shape":"Description", "documentation":"The description of the browser.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the browser to access Amazon Web Services services.
" }, "networkConfiguration":{ "shape":"BrowserNetworkConfiguration", "documentation":"The network configuration for the browser. This configuration specifies the network mode for the browser.
" }, "recording":{ "shape":"RecordingConfig", "documentation":"The recording configuration for the browser. When enabled, browser sessions are recorded and stored in the specified Amazon S3 location.
" }, "browserSigning":{ "shape":"BrowserSigningConfigInput", "documentation":"The browser signing configuration that enables cryptographic agent identification using HTTP message signatures for web bot authentication.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.
", "idempotencyToken":true }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the browser. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateBrowserResponse":{ "type":"structure", "required":[ "browserId", "browserArn", "createdAt", "status" ], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the created browser.
" }, "browserArn":{ "shape":"BrowserArn", "documentation":"The Amazon Resource Name (ARN) of the created browser.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was created.
" }, "status":{ "shape":"BrowserStatus", "documentation":"The current status of the browser.
" } } }, "CreateCodeInterpreterRequest":{ "type":"structure", "required":[ "name", "networkConfiguration" ], "members":{ "name":{ "shape":"SandboxName", "documentation":"The name of the code interpreter. The name must be unique within your account.
" }, "description":{ "shape":"Description", "documentation":"The description of the code interpreter.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the code interpreter to access Amazon Web Services services.
" }, "networkConfiguration":{ "shape":"CodeInterpreterNetworkConfiguration", "documentation":"The network configuration for the code interpreter. This configuration specifies the network mode for the code interpreter.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.
", "idempotencyToken":true }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the code interpreter. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateCodeInterpreterResponse":{ "type":"structure", "required":[ "codeInterpreterId", "codeInterpreterArn", "createdAt", "status" ], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the created code interpreter.
" }, "codeInterpreterArn":{ "shape":"CodeInterpreterArn", "documentation":"The Amazon Resource Name (ARN) of the created code interpreter.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was created.
" }, "status":{ "shape":"CodeInterpreterStatus", "documentation":"The current status of the code interpreter.
" } } }, "CreateEvaluatorRequest":{ "type":"structure", "required":[ "evaluatorName", "evaluatorConfig", "level" ], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "evaluatorName":{ "shape":"CustomEvaluatorName", "documentation":"The name of the evaluator. Must be unique within your account.
" }, "description":{ "shape":"EvaluatorDescription", "documentation":"The description of the evaluator that explains its purpose and evaluation criteria.
" }, "evaluatorConfig":{ "shape":"EvaluatorConfig", "documentation":"The configuration for the evaluator, including LLM-as-a-Judge settings with instructions, rating scale, and model configuration.
" }, "level":{ "shape":"EvaluatorLevel", "documentation":" The evaluation level that determines the scope of evaluation. Valid values are TOOL_CALL for individual tool invocations, TRACE for single request-response interactions, or SESSION for entire conversation sessions.
The Amazon Resource Name (ARN) of the created evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the created evaluator.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was created.
" }, "status":{ "shape":"EvaluatorStatus", "documentation":"The status of the evaluator creation operation.
" } } }, "CreateGatewayRequest":{ "type":"structure", "required":[ "name", "roleArn", "protocolType", "authorizerType" ], "members":{ "name":{ "shape":"GatewayName", "documentation":"The name of the gateway. The name must be unique within your account.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The description of the gateway.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "roleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the gateway to access Amazon Web Services services.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The protocol type for the gateway.
" }, "protocolConfiguration":{ "shape":"GatewayProtocolConfiguration", "documentation":"The configuration settings for the protocol specified in the protocolType parameter.
The type of authorizer to use for the gateway.
CUSTOM_JWT - Authorize with a bearer token.
AWS_IAM - Authorize with your Amazon Web Services IAM credentials.
NONE - No authorization
The authorizer configuration for the gateway. Required if authorizerType is CUSTOM_JWT.
The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"A list of configuration settings for a gateway interceptor. Gateway interceptors allow custom code to be invoked during gateway invocations.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The policy engine configuration for the gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
A map of key-value pairs to associate with the gateway as metadata tags.
" } } }, "CreateGatewayResponse":{ "type":"structure", "required":[ "gatewayArn", "gatewayId", "createdAt", "updatedAt", "status", "name", "protocolType", "authorizerType" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the created gateway.
" }, "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the created gateway.
" }, "gatewayUrl":{ "shape":"GatewayUrl", "documentation":"The URL endpoint for the created gateway.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was last updated.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the gateway.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway.
" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The description of the gateway.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role associated with the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The protocol type of the gateway.
" }, "protocolConfiguration":{ "shape":"GatewayProtocolConfiguration", "documentation":"The configuration settings for the protocol used by the gateway.
" }, "authorizerType":{ "shape":"AuthorizerType", "documentation":"The type of authorizer used by the gateway.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The authorizer configuration for the created gateway.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"The list of interceptor configurations for the created gateway.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The policy engine configuration for the created gateway.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the created gateway.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The identifier of the gateway to create a target for.
", "location":"uri", "locationName":"gatewayIdentifier" }, "name":{ "shape":"TargetName", "documentation":"The name of the gateway target. The name must be unique within the gateway.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description of the gateway target.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "targetConfiguration":{ "shape":"TargetConfiguration", "documentation":"The configuration settings for the target, including endpoint information and schema definitions.
" }, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The credential provider configurations for the target. These configurations specify how the gateway authenticates with the target endpoint.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"Optional configuration for HTTP header and query parameter propagation to and from the gateway target.
" } } }, "CreateGatewayTargetResponse":{ "type":"structure", "required":[ "gatewayArn", "targetId", "createdAt", "updatedAt", "status", "name", "targetConfiguration", "credentialProviderConfigurations" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the created target.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the target was last updated.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the target.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the target.
" }, "name":{ "shape":"TargetName", "documentation":"The name of the target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description of the target.
" }, "targetConfiguration":{ "shape":"TargetConfiguration", "documentation":"The configuration settings for the target.
" }, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The credential provider configurations for the target.
" }, "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"The last synchronization of the target.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"The metadata configuration that was applied to the created gateway target.
" } } }, "CreateMemoryInput":{ "type":"structure", "required":[ "name", "eventExpiryDuration" ], "members":{ "clientToken":{ "shape":"CreateMemoryInputClientTokenString", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.
", "idempotencyToken":true }, "name":{ "shape":"Name", "documentation":"The name of the memory. The name must be unique within your account.
" }, "description":{ "shape":"Description", "documentation":"The description of the memory.
" }, "encryptionKeyArn":{ "shape":"Arn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the memory data.
" }, "memoryExecutionRoleArn":{ "shape":"Arn", "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the memory to access Amazon Web Services services.
" }, "eventExpiryDuration":{ "shape":"CreateMemoryInputEventExpiryDurationInteger", "documentation":"The duration after which memory events expire. Specified as an ISO 8601 duration.
" }, "memoryStrategies":{ "shape":"MemoryStrategyInputList", "documentation":"The memory strategies to use for this memory. Strategies define how information is extracted, processed, and consolidated.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to an AgentCore Memory. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateMemoryInputClientTokenString":{ "type":"string", "max":500, "min":0 }, "CreateMemoryInputEventExpiryDurationInteger":{ "type":"integer", "box":true, "max":365, "min":3 }, "CreateMemoryOutput":{ "type":"structure", "members":{ "memory":{ "shape":"Memory", "documentation":"The details of the created memory, including its ID, ARN, name, description, and configuration settings.
" } } }, "CreateOauth2CredentialProviderRequest":{ "type":"structure", "required":[ "name", "credentialProviderVendor", "oauth2ProviderConfigInput" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider. The name must be unique within your account.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider. This specifies which OAuth2 implementation to use.
" }, "oauth2ProviderConfigInput":{ "shape":"Oauth2ProviderConfigInput", "documentation":"The configuration settings for the OAuth2 provider, including client ID, client secret, and other vendor-specific settings.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the OAuth2 credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateOauth2CredentialProviderResponse":{ "type":"structure", "required":[ "clientSecretArn", "name", "credentialProviderArn" ], "members":{ "clientSecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider.
" }, "credentialProviderArn":{ "shape":"CredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the OAuth2 credential provider.
" }, "callbackUrl":{ "shape":"String", "documentation":"Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
" }, "oauth2ProviderConfigOutput":{"shape":"Oauth2ProviderConfigOutput"} } }, "CreateOnlineEvaluationConfigRequest":{ "type":"structure", "required":[ "onlineEvaluationConfigName", "rule", "dataSourceConfig", "evaluators", "evaluationExecutionRoleArn", "enableOnCreate" ], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "onlineEvaluationConfigName":{ "shape":"EvaluationConfigName", "documentation":"The name of the online evaluation configuration. Must be unique within your account.
" }, "description":{ "shape":"EvaluationConfigDescription", "documentation":"The description of the online evaluation configuration that explains its monitoring purpose and scope.
" }, "rule":{ "shape":"Rule", "documentation":"The evaluation rule that defines sampling configuration, filters, and session detection settings for the online evaluation.
" }, "dataSourceConfig":{ "shape":"DataSourceConfig", "documentation":"The data source configuration that specifies CloudWatch log groups and service names to monitor for agent traces.
" }, "evaluators":{ "shape":"EvaluatorList", "documentation":" The list of evaluators to apply during online evaluation. Can include both built-in evaluators and custom evaluators created with CreateEvaluator.
The Amazon Resource Name (ARN) of the IAM role that grants permissions to read from CloudWatch logs, write evaluation results, and invoke Amazon Bedrock models for evaluation.
" }, "enableOnCreate":{ "shape":"Boolean", "documentation":"Whether to enable the online evaluation configuration immediately upon creation. If true, evaluation begins automatically.
" } } }, "CreateOnlineEvaluationConfigResponse":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "createdAt", "status", "executionStatus" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the created online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the created online evaluation configuration.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was created.
" }, "outputConfig":{"shape":"OutputConfig"}, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The execution status indicating whether the online evaluation is currently running.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the online evaluation configuration creation or execution failed.
" } } }, "CreatePolicyEngineRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned immutable name for the policy engine. This name identifies the policy engine and cannot be changed after creation.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy engine's purpose and scope (1-4,096 characters). This helps administrators understand the policy engine's role in the overall governance strategy. Document which Gateway this engine will be associated with, what types of tools or workflows it governs, and the team or service responsible for maintaining it. Clear descriptions are essential when managing multiple policy engines across different services or environments.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy engine.
", "idempotencyToken":true } } }, "CreatePolicyEngineResponse":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier for the created policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and is used for all subsequent policy engine operations.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned name of the created policy engine. This matches the name provided in the request and serves as the human-readable identifier.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy engine's purpose.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was created. This is automatically set by the service and used for auditing and lifecycle management.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was last updated. For newly created policy engines, this matches the createdAt timestamp.
The Amazon Resource Name (ARN) of the created policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The current status of the policy engine. A status of ACTIVE indicates the policy engine is ready for use.
Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine creation process.
" } } }, "CreatePolicyRequest":{ "type":"structure", "required":[ "name", "definition", "policyEngineId" ], "members":{ "name":{ "shape":"PolicyName", "documentation":"The customer-assigned immutable name for the policy. Must be unique within the account. This name is used for policy identification and cannot be changed after creation.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The Cedar policy statement that defines the access control rules. This contains the actual policy logic written in Cedar policy language, specifying effect (permit or forbid), principals, actions, resources, and conditions for agent behavior control.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy's purpose and functionality (1-4,096 characters). This helps policy administrators understand the policy's intent, business rules, and operational scope. Use this field to document why the policy exists, what business requirement it addresses, and any special considerations for maintenance. Clear descriptions are essential for policy governance, auditing, and troubleshooting.
" }, "validationMode":{ "shape":"PolicyValidationMode", "documentation":"The validation mode for the policy creation. Determines how Cedar analyzer validation results are handled during policy creation. FAIL_ON_ANY_FINDINGS (default) runs the Cedar analyzer to validate the policy against the Cedar schema and tool context, failing creation if the analyzer detects any validation issues to ensure strict conformance. IGNORE_ALL_FINDINGS runs the Cedar analyzer but allows policy creation even if validation issues are detected, useful for testing or when the policy schema is evolving. Use FAIL_ON_ANY_FINDINGS for production policies to ensure correctness, and IGNORE_ALL_FINDINGS only when you understand and accept the analyzer findings.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine which contains this policy. Policy engines group related policies and provide the execution context for policy evaluation.
", "location":"uri", "locationName":"policyEngineId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure the idempotency of the request. The AWS SDK automatically generates this token, so you don't need to provide it in most cases. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy.
", "idempotencyToken":true } } }, "CreatePolicyResponse":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier for the created policy. This is a system-generated identifier consisting of the user name plus a 10-character generated suffix, used for all subsequent policy operations.
" }, "name":{ "shape":"PolicyName", "documentation":"The customer-assigned name of the created policy. This matches the name provided in the request and serves as the human-readable identifier for the policy.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages this policy. This confirms the policy engine assignment and is used for policy evaluation routing.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The Cedar policy statement that was created. This is the validated policy definition that will be used for agent behavior control and access decisions.
" }, "description":{ "shape":"Description", "documentation":"The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was created. This is automatically set by the service and used for auditing and lifecycle management.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was last updated. For newly created policies, this matches the createdAt timestamp.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The Amazon Resource Name (ARN) of the created policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The current status of the policy. A status of ACTIVE indicates the policy is ready for use.
Additional information about the policy status. This provides details about any failures or the current state of the policy creation process.
" } } }, "CreateWorkloadIdentityRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity. The name must be unique within your account.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The list of allowed OAuth2 return URLs for resources associated with this workload identity.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the workload identity. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateWorkloadIdentityResponse":{ "type":"structure", "required":[ "name", "workloadIdentityArn" ], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity.
" }, "workloadIdentityArn":{ "shape":"WorkloadIdentityArnType", "documentation":"The Amazon Resource Name (ARN) of the workload identity.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The list of allowed OAuth2 return URLs for resources associated with this workload identity.
" } } }, "CredentialProvider":{ "type":"structure", "members":{ "oauthCredentialProvider":{ "shape":"OAuthCredentialProvider", "documentation":"The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
" }, "apiKeyCredentialProvider":{ "shape":"ApiKeyCredentialProvider", "documentation":"The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
" } }, "documentation":"A credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint.
", "union":true }, "CredentialProviderArnType":{ "type":"string", "pattern":"arn:(aws|aws-us-gov):acps:[A-Za-z0-9-]{1,64}:[0-9]{12}:token-vault/[a-zA-Z0-9-.]+/oauth2credentialprovider/[a-zA-Z0-9-.]+" }, "CredentialProviderConfiguration":{ "type":"structure", "required":["credentialProviderType"], "members":{ "credentialProviderType":{ "shape":"CredentialProviderType", "documentation":"The type of credential provider. This field specifies which authentication method the gateway uses.
" }, "credentialProvider":{ "shape":"CredentialProvider", "documentation":"The credential provider. This field contains the specific configuration for the credential provider type.
" } }, "documentation":"The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
" }, "CredentialProviderConfigurations":{ "type":"list", "member":{"shape":"CredentialProviderConfiguration"}, "max":1, "min":1 }, "CredentialProviderName":{ "type":"string", "max":128, "min":1, "pattern":"[a-zA-Z0-9\\-_]+" }, "CredentialProviderType":{ "type":"string", "enum":[ "GATEWAY_IAM_ROLE", "OAUTH", "API_KEY" ] }, "CredentialProviderVendorType":{ "type":"string", "enum":[ "GoogleOauth2", "GithubOauth2", "SlackOauth2", "SalesforceOauth2", "MicrosoftOauth2", "CustomOauth2", "AtlassianOauth2", "LinkedinOauth2", "XOauth2", "OktaOauth2", "OneLoginOauth2", "PingOneOauth2", "FacebookOauth2", "YandexOauth2", "RedditOauth2", "ZoomOauth2", "TwitchOauth2", "SpotifyOauth2", "DropboxOauth2", "NotionOauth2", "HubspotOauth2", "CyberArkOauth2", "FusionAuthOauth2", "Auth0Oauth2", "CognitoOauth2" ] }, "CustomClaimValidationType":{ "type":"structure", "required":[ "inboundTokenClaimName", "inboundTokenClaimValueType", "authorizingClaimMatchValue" ], "members":{ "inboundTokenClaimName":{ "shape":"InboundTokenClaimNameType", "documentation":"The name of the custom claim field to check.
" }, "inboundTokenClaimValueType":{ "shape":"InboundTokenClaimValueType", "documentation":"The data type of the claim value to check for.
Use STRING if you want to find an exact match to a string you define.
Use STRING_ARRAY if you want to fnd a match to at least one value in an array you define.
Defines the value or values to match for and the relationship of the match.
" } }, "documentation":"Defines the name of a custom claim field and rules for finding matches to authenticate its value.
" }, "CustomClaimValidationsType":{ "type":"list", "member":{"shape":"CustomClaimValidationType"}, "min":1 }, "CustomConfigurationInput":{ "type":"structure", "members":{ "semanticOverride":{ "shape":"SemanticOverrideConfigurationInput", "documentation":"The semantic override configuration for a custom memory strategy.
" }, "summaryOverride":{ "shape":"SummaryOverrideConfigurationInput", "documentation":"The summary override configuration for a custom memory strategy.
" }, "userPreferenceOverride":{ "shape":"UserPreferenceOverrideConfigurationInput", "documentation":"The user preference override configuration for a custom memory strategy.
" }, "episodicOverride":{ "shape":"EpisodicOverrideConfigurationInput", "documentation":"The episodic memory strategy override configuration for a custom memory strategy.
" }, "selfManagedConfiguration":{ "shape":"SelfManagedConfigurationInput", "documentation":"The self managed configuration for a custom memory strategy.
" } }, "documentation":"Input for custom configuration of a memory strategy.
", "union":true }, "CustomConsolidationConfiguration":{ "type":"structure", "members":{ "semanticConsolidationOverride":{ "shape":"SemanticConsolidationOverride", "documentation":"The semantic consolidation override configuration.
" }, "summaryConsolidationOverride":{ "shape":"SummaryConsolidationOverride", "documentation":"The summary consolidation override configuration.
" }, "userPreferenceConsolidationOverride":{ "shape":"UserPreferenceConsolidationOverride", "documentation":"The user preference consolidation override configuration.
" }, "episodicConsolidationOverride":{ "shape":"EpisodicConsolidationOverride", "documentation":"The configurations to override the default consolidation step for the episodic memory strategy.
" } }, "documentation":"Contains custom consolidation configuration information.
", "union":true }, "CustomConsolidationConfigurationInput":{ "type":"structure", "members":{ "semanticConsolidationOverride":{ "shape":"SemanticOverrideConsolidationConfigurationInput", "documentation":"The semantic consolidation override configuration input.
" }, "summaryConsolidationOverride":{ "shape":"SummaryOverrideConsolidationConfigurationInput", "documentation":"The summary consolidation override configuration input.
" }, "userPreferenceConsolidationOverride":{ "shape":"UserPreferenceOverrideConsolidationConfigurationInput", "documentation":"The user preference consolidation override configuration input.
" }, "episodicConsolidationOverride":{ "shape":"EpisodicOverrideConsolidationConfigurationInput", "documentation":"Configurations to override the consolidation step of the episodic strategy.
" } }, "documentation":"Input for a custom consolidation configuration.
", "union":true }, "CustomEvaluatorArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:evaluator\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "CustomEvaluatorName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "CustomExtractionConfiguration":{ "type":"structure", "members":{ "semanticExtractionOverride":{ "shape":"SemanticExtractionOverride", "documentation":"The semantic extraction override configuration.
" }, "userPreferenceExtractionOverride":{ "shape":"UserPreferenceExtractionOverride", "documentation":"The user preference extraction override configuration.
" }, "episodicExtractionOverride":{ "shape":"EpisodicExtractionOverride", "documentation":"The configurations to override the default extraction step for the episodic memory strategy.
" } }, "documentation":"Contains custom extraction configuration information.
", "union":true }, "CustomExtractionConfigurationInput":{ "type":"structure", "members":{ "semanticExtractionOverride":{ "shape":"SemanticOverrideExtractionConfigurationInput", "documentation":"The semantic extraction override configuration input.
" }, "userPreferenceExtractionOverride":{ "shape":"UserPreferenceOverrideExtractionConfigurationInput", "documentation":"The user preference extraction override configuration input.
" }, "episodicExtractionOverride":{ "shape":"EpisodicOverrideExtractionConfigurationInput", "documentation":"Configurations to override the extraction step of the episodic strategy.
" } }, "documentation":"Input for a custom extraction configuration.
", "union":true }, "CustomJWTAuthorizerConfiguration":{ "type":"structure", "required":["discoveryUrl"], "members":{ "discoveryUrl":{ "shape":"DiscoveryUrl", "documentation":"This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
" }, "allowedAudience":{ "shape":"AllowedAudienceList", "documentation":"Represents individual audience values that are validated in the incoming JWT token validation process.
" }, "allowedClients":{ "shape":"AllowedClientsList", "documentation":"Represents individual client IDs that are validated in the incoming JWT token validation process.
" }, "allowedScopes":{ "shape":"AllowedScopesType", "documentation":"An array of scopes that are allowed to access the token.
" }, "customClaims":{ "shape":"CustomClaimValidationsType", "documentation":"An array of objects that define a custom claim validation name, value, and operation
" } }, "documentation":"Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.
" }, "CustomMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the custom memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the custom memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the custom memory strategy.
" }, "configuration":{ "shape":"CustomConfigurationInput", "documentation":"The configuration for the custom memory strategy.
" } }, "documentation":"Input for creating a custom memory strategy.
" }, "CustomOauth2ProviderConfigInput":{ "type":"structure", "required":[ "oauthDiscovery", "clientId", "clientSecret" ], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the custom provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the custom OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the custom OAuth2 provider.
" } }, "documentation":"Input configuration for a custom OAuth2 provider.
" }, "CustomOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the custom provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the custom OAuth2 provider.
" } }, "documentation":"Output configuration for a custom OAuth2 provider.
" }, "CustomReflectionConfiguration":{ "type":"structure", "members":{ "episodicReflectionOverride":{ "shape":"EpisodicReflectionOverride", "documentation":"The configuration for a reflection strategy to override the default one.
" } }, "documentation":"Contains configurations for a custom reflection strategy.
", "union":true }, "CustomReflectionConfigurationInput":{ "type":"structure", "members":{ "episodicReflectionOverride":{ "shape":"EpisodicOverrideReflectionConfigurationInput", "documentation":"The reflection override configuration input.
" } }, "documentation":"Input for a custom reflection configuration.
", "union":true }, "DataSourceConfig":{ "type":"structure", "members":{ "cloudWatchLogs":{ "shape":"CloudWatchLogsInputConfig", "documentation":"The CloudWatch logs configuration for reading agent traces from log groups.
" } }, "documentation":"The configuration that specifies where to read agent traces for online evaluation.
", "union":true }, "DateTimestamp":{ "type":"timestamp", "timestampFormat":"iso8601" }, "DecryptionFailure":{ "type":"structure", "required":["message"], "members":{ "message":{"shape":"String"} }, "documentation":"Exception thrown when decryption of a secret fails.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "DeleteAgentRuntimeEndpointRequest":{ "type":"structure", "required":[ "agentRuntimeId", "endpointName" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime associated with the endpoint.
", "location":"uri", "locationName":"agentRuntimeId" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint to delete.
", "location":"uri", "locationName":"endpointName" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteAgentRuntimeEndpointResponse":{ "type":"structure", "required":["status"], "members":{ "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the AgentCore Runtime endpoint deletion.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint.
" } } }, "DeleteAgentRuntimeRequest":{ "type":"structure", "required":["agentRuntimeId"], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to delete.
", "location":"uri", "locationName":"agentRuntimeId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service ignores the request but does not return an error.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteAgentRuntimeResponse":{ "type":"structure", "required":["status"], "members":{ "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the AgentCore Runtime deletion.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" } } }, "DeleteApiKeyCredentialProviderRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider to delete.
" } } }, "DeleteApiKeyCredentialProviderResponse":{ "type":"structure", "members":{} }, "DeleteBrowserRequest":{ "type":"structure", "required":["browserId"], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the browser to delete.
", "location":"uri", "locationName":"browserId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteBrowserResponse":{ "type":"structure", "required":[ "browserId", "status", "lastUpdatedAt" ], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the deleted browser.
" }, "status":{ "shape":"BrowserStatus", "documentation":"The current status of the browser deletion.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was last updated.
" } } }, "DeleteCodeInterpreterRequest":{ "type":"structure", "required":["codeInterpreterId"], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the code interpreter to delete.
", "location":"uri", "locationName":"codeInterpreterId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteCodeInterpreterResponse":{ "type":"structure", "required":[ "codeInterpreterId", "status", "lastUpdatedAt" ], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the deleted code interpreter.
" }, "status":{ "shape":"CodeInterpreterStatus", "documentation":"The current status of the code interpreter deletion.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was last updated.
" } } }, "DeleteEvaluatorRequest":{ "type":"structure", "required":["evaluatorId"], "members":{ "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator to delete.
", "location":"uri", "locationName":"evaluatorId" } } }, "DeleteEvaluatorResponse":{ "type":"structure", "required":[ "evaluatorArn", "evaluatorId", "status" ], "members":{ "evaluatorArn":{ "shape":"EvaluatorArn", "documentation":"The Amazon Resource Name (ARN) of the deleted evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the deleted evaluator.
" }, "status":{ "shape":"EvaluatorStatus", "documentation":"The status of the evaluator deletion operation.
" } } }, "DeleteGatewayRequest":{ "type":"structure", "required":["gatewayIdentifier"], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to delete.
", "location":"uri", "locationName":"gatewayIdentifier" } } }, "DeleteGatewayResponse":{ "type":"structure", "required":[ "gatewayId", "status" ], "members":{ "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the deleted gateway.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the gateway deletion.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway deletion.
" } } }, "DeleteGatewayTargetRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "targetId" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The unique identifier of the gateway associated with the target.
", "location":"uri", "locationName":"gatewayIdentifier" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the gateway target to delete.
", "location":"uri", "locationName":"targetId" } } }, "DeleteGatewayTargetResponse":{ "type":"structure", "required":[ "gatewayArn", "targetId", "status" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the deleted gateway target.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the gateway target deletion.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway target deletion.
" } } }, "DeleteMemoryInput":{ "type":"structure", "required":["memoryId"], "members":{ "clientToken":{ "shape":"DeleteMemoryInputClientTokenString", "documentation":"A client token is used for keeping track of idempotent requests. It can contain a session id which can be around 250 chars, combined with a unique AWS identifier.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" }, "memoryId":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory to delete.
", "location":"uri", "locationName":"memoryId" } } }, "DeleteMemoryInputClientTokenString":{ "type":"string", "max":500, "min":0 }, "DeleteMemoryOutput":{ "type":"structure", "required":["memoryId"], "members":{ "memoryId":{ "shape":"MemoryId", "documentation":"The unique identifier of the deleted AgentCore Memory resource.
" }, "status":{ "shape":"MemoryStatus", "documentation":"The current status of the AgentCore Memory resource deletion.
" } } }, "DeleteMemoryStrategiesList":{ "type":"list", "member":{"shape":"DeleteMemoryStrategyInput"} }, "DeleteMemoryStrategyInput":{ "type":"structure", "required":["memoryStrategyId"], "members":{ "memoryStrategyId":{ "shape":"String", "documentation":"The unique identifier of the memory strategy to delete.
" } }, "documentation":"Input for deleting a memory strategy.
" }, "DeleteOauth2CredentialProviderRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider to delete.
" } } }, "DeleteOauth2CredentialProviderResponse":{ "type":"structure", "members":{} }, "DeleteOnlineEvaluationConfigRequest":{ "type":"structure", "required":["onlineEvaluationConfigId"], "members":{ "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration to delete.
", "location":"uri", "locationName":"onlineEvaluationConfigId" } } }, "DeleteOnlineEvaluationConfigResponse":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "status" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the deleted online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the deleted online evaluation configuration.
" }, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration deletion operation.
" } } }, "DeletePolicyEngineRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine to be deleted. This must be a valid policy engine ID that exists within the account.
", "location":"uri", "locationName":"policyEngineId" } } }, "DeletePolicyEngineResponse":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine being deleted. This confirms which policy engine the deletion operation targets.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned name of the deleted policy engine.
" }, "description":{ "shape":"Description", "documentation":"The human-readable description of the deleted policy engine.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the deleted policy engine was originally created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the deleted policy engine was last modified before deletion. This tracks the final state of the policy engine before it was removed from the system.
" }, "policyEngineArn":{ "shape":"PolicyEngineArn", "documentation":"The Amazon Resource Name (ARN) of the deleted policy engine. This globally unique identifier confirms which policy engine resource was successfully removed.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The status of the policy engine deletion operation. This provides status about any issues that occurred during the deletion process.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.
" } } }, "DeletePolicyRequest":{ "type":"structure", "required":[ "policyEngineId", "policyId" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages the policy to be deleted. This ensures the policy is deleted from the correct policy engine context.
", "location":"uri", "locationName":"policyEngineId" }, "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy to be deleted. This must be a valid policy ID that exists within the specified policy engine.
", "location":"uri", "locationName":"policyId" } } }, "DeletePolicyResponse":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy being deleted. This confirms which policy the deletion operation targets.
" }, "name":{ "shape":"PolicyName", "documentation":"The customer-assigned name of the deleted policy. This confirms which policy was successfully removed from the system and matches the name that was originally assigned during policy creation.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine from which the policy was deleted. This confirms the policy engine context for the deletion operation.
" }, "definition":{"shape":"PolicyDefinition"}, "description":{ "shape":"Description", "documentation":"The human-readable description of the deleted policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the deleted policy was originally created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the deleted policy was last modified before deletion. This tracks the final state of the policy before it was removed from the system.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The Amazon Resource Name (ARN) of the deleted policy. This globally unique identifier confirms which policy resource was successfully removed.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The status of the policy deletion operation. This provides information about any issues that occurred during the deletion process.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.
" } } }, "DeleteResourcePolicyRequest":{ "type":"structure", "required":["resourceArn"], "members":{ "resourceArn":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"The Amazon Resource Name (ARN) of the resource for which to delete the resource policy.
", "location":"uri", "locationName":"resourceArn" } } }, "DeleteResourcePolicyResponse":{ "type":"structure", "members":{} }, "DeleteWorkloadIdentityRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity to delete.
" } } }, "DeleteWorkloadIdentityResponse":{ "type":"structure", "members":{} }, "Description":{ "type":"string", "max":4096, "min":1, "sensitive":true }, "DiscoveryUrl":{ "type":"string", "pattern":".+/\\.well-known/openid-configuration" }, "DiscoveryUrlType":{ "type":"string", "pattern":".+/\\.well-known/openid-configuration" }, "Double":{ "type":"double", "box":true }, "EncryptionFailure":{ "type":"structure", "required":["message"], "members":{ "message":{"shape":"String"} }, "documentation":"Exception thrown when encryption of a secret fails.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "EndpointName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}", "sensitive":true }, "EnvironmentVariableKey":{ "type":"string", "max":100, "min":1 }, "EnvironmentVariableValue":{ "type":"string", "max":5000, "min":0 }, "EnvironmentVariablesMap":{ "type":"map", "key":{"shape":"EnvironmentVariableKey"}, "value":{"shape":"EnvironmentVariableValue"}, "max":50, "min":0, "sensitive":true }, "EpisodicConsolidationOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text appended to the prompt for the consolidation step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID used for the consolidation step of the episodic memory strategy.
" } }, "documentation":"Contains configurations to override the default consolidation step for the episodic memory strategy.
" }, "EpisodicExtractionOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text appended to the prompt for the extraction step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID used for the extraction step of the episodic memory strategy.
" } }, "documentation":"Contains configurations to override the default extraction step for the episodic memory strategy.
" }, "EpisodicMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the episodic memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the episodic memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces for which to create episodes.
" }, "reflectionConfiguration":{ "shape":"EpisodicReflectionConfigurationInput", "documentation":"The configuration for the reflections created with the episodic memory strategy.
" } }, "documentation":"Input for creating an episodic memory strategy.
" }, "EpisodicOverrideConfigurationInput":{ "type":"structure", "members":{ "extraction":{ "shape":"EpisodicOverrideExtractionConfigurationInput", "documentation":"Contains configurations for overriding the extraction step of the episodic memory strategy.
" }, "consolidation":{ "shape":"EpisodicOverrideConsolidationConfigurationInput", "documentation":"Contains configurations for overriding the consolidation step of the episodic memory strategy.
" }, "reflection":{ "shape":"EpisodicOverrideReflectionConfigurationInput", "documentation":"Contains configurations for overriding the reflection step of the episodic memory strategy.
" } }, "documentation":"Input for the configuration to override the episodic memory strategy.
" }, "EpisodicOverrideConsolidationConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for the consolidation step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for the consolidation step of the episodic memory strategy.
" } }, "documentation":"Configurations for overriding the consolidation step of the episodic memory strategy.
" }, "EpisodicOverrideExtractionConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for the extraction step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for the extraction step of the episodic memory strategy.
" } }, "documentation":"Configurations for overriding the extraction step of the episodic memory strategy.
" }, "EpisodicOverrideReflectionConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for reflection step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for the reflection step of the episodic memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces to use for episodic reflection. Can be less nested than the episodic namespaces.
" } }, "documentation":"Configurations for overriding the reflection step of the episodic memory strategy.
" }, "EpisodicReflectionConfiguration":{ "type":"structure", "required":["namespaces"], "members":{ "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces for which to create reflections. Can be less nested than the episodic namespaces.
" } }, "documentation":"The configuration for the reflections created with the episodic memory strategy.
" }, "EpisodicReflectionConfigurationInput":{ "type":"structure", "required":["namespaces"], "members":{ "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces over which to create reflections. Can be less nested than episode namespaces.
" } }, "documentation":"An episodic reflection configuration input.
" }, "EpisodicReflectionOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text appended to the prompt for the reflection step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID used for the reflection step of the episodic memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces over which reflections were created. Can be less nested than the episodic namespaces.
" } }, "documentation":"Contains configurations to override the default reflection step for the episodic memory strategy.
" }, "EvaluationConfigDescription":{ "type":"string", "max":200, "min":1, "pattern":".+", "sensitive":true }, "EvaluationConfigName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "EvaluatorArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:evaluator\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}$|^arn:aws:bedrock-agentcore:::evaluator/Builtin.[a-zA-Z0-9_-]+" }, "EvaluatorConfig":{ "type":"structure", "members":{ "llmAsAJudge":{ "shape":"LlmAsAJudgeEvaluatorConfig", "documentation":"The LLM-as-a-Judge configuration that uses a language model to evaluate agent performance based on custom instructions and rating scales.
" } }, "documentation":"The configuration that defines how an evaluator assesses agent performance, including the evaluation method and parameters.
", "union":true }, "EvaluatorDescription":{ "type":"string", "max":200, "min":1, "sensitive":true }, "EvaluatorId":{ "type":"string", "pattern":"(Builtin.[a-zA-Z0-9_-]+|[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10})" }, "EvaluatorInstructions":{ "type":"string", "sensitive":true }, "EvaluatorLevel":{ "type":"string", "enum":[ "TOOL_CALL", "TRACE", "SESSION" ] }, "EvaluatorList":{ "type":"list", "member":{"shape":"EvaluatorReference"}, "max":10, "min":1 }, "EvaluatorModelConfig":{ "type":"structure", "members":{ "bedrockEvaluatorModelConfig":{ "shape":"BedrockEvaluatorModelConfig", "documentation":"The Amazon Bedrock model configuration for evaluation.
" } }, "documentation":"The model configuration that specifies which foundation model to use for evaluation and how to configure it.
", "union":true }, "EvaluatorName":{ "type":"string", "pattern":"(Builtin.[a-zA-Z0-9_-]+|[a-zA-Z][a-zA-Z0-9_]{0,47})" }, "EvaluatorReference":{ "type":"structure", "members":{ "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator. Can reference builtin evaluators (e.g., Builtin.Helpfulness) or custom evaluators.
" } }, "documentation":"The reference to an evaluator used in online evaluation configurations, containing the evaluator identifier.
", "union":true }, "EvaluatorStatus":{ "type":"string", "enum":[ "ACTIVE", "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "DELETING" ] }, "EvaluatorSummary":{ "type":"structure", "required":[ "evaluatorArn", "evaluatorId", "evaluatorName", "evaluatorType", "status", "createdAt", "updatedAt" ], "members":{ "evaluatorArn":{ "shape":"EvaluatorArn", "documentation":"The Amazon Resource Name (ARN) of the evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator.
" }, "evaluatorName":{ "shape":"EvaluatorName", "documentation":"The name of the evaluator.
" }, "description":{ "shape":"EvaluatorDescription", "documentation":"The description of the evaluator.
" }, "evaluatorType":{ "shape":"EvaluatorType", "documentation":"The type of evaluator, indicating whether it is a built-in evaluator provided by the service or a custom evaluator created by the user.
" }, "level":{ "shape":"EvaluatorLevel", "documentation":" The evaluation level (TOOL_CALL, TRACE, or SESSION) that determines the scope of evaluation.
The current status of the evaluator.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was last updated.
" }, "lockedForModification":{ "shape":"Boolean", "documentation":"Whether the evaluator is locked for modification due to being referenced by active online evaluation configurations.
" } }, "documentation":"The summary information about an evaluator, including basic metadata and status information.
" }, "EvaluatorSummaryList":{ "type":"list", "member":{"shape":"EvaluatorSummary"} }, "EvaluatorType":{ "type":"string", "enum":[ "Builtin", "Custom" ] }, "ExceptionLevel":{ "type":"string", "enum":["DEBUG"] }, "ExtractionConfiguration":{ "type":"structure", "members":{ "customExtractionConfiguration":{ "shape":"CustomExtractionConfiguration", "documentation":"The custom extraction configuration.
" } }, "documentation":"Contains extraction configuration information for a memory strategy.
", "union":true }, "Filter":{ "type":"structure", "required":[ "key", "operator", "value" ], "members":{ "key":{ "shape":"FilterKeyString", "documentation":"The key or field name to filter on within the agent trace data.
" }, "operator":{ "shape":"FilterOperator", "documentation":"The comparison operator to use for filtering.
" }, "value":{ "shape":"FilterValue", "documentation":"The value to compare against using the specified operator.
" } }, "documentation":"The filter that applies conditions to agent traces during online evaluation to determine which traces should be evaluated.
" }, "FilterKeyString":{ "type":"string", "max":256, "min":1, "pattern":"[a-zA-Z0-9._-]+" }, "FilterList":{ "type":"list", "member":{"shape":"Filter"}, "max":5, "min":0 }, "FilterOperator":{ "type":"string", "enum":[ "Equals", "NotEquals", "GreaterThan", "LessThan", "GreaterThanOrEqual", "LessThanOrEqual", "Contains", "NotContains" ] }, "FilterValue":{ "type":"structure", "members":{ "stringValue":{ "shape":"FilterValueStringValueString", "documentation":"The string value for text-based filtering.
" }, "doubleValue":{ "shape":"Double", "documentation":"The numeric value for numerical filtering and comparisons.
" }, "booleanValue":{ "shape":"Boolean", "documentation":"The boolean value for true/false filtering conditions.
" } }, "documentation":"The value used in filter comparisons, supporting different data types for flexible filtering criteria.
", "union":true }, "FilterValueStringValueString":{ "type":"string", "max":1024, "min":1 }, "Finding":{ "type":"structure", "members":{ "type":{ "shape":"FindingType", "documentation":"The type or category of the finding. This classifies the finding as an error, warning, recommendation, or informational message to help users understand the severity and nature of the issue.
" }, "description":{ "shape":"String", "documentation":"A human-readable description of the finding. This provides detailed information about the issue, recommendation, or validation result to help users understand and address the finding.
" } }, "documentation":"Represents a finding or issue discovered during policy generation or validation. Findings provide insights about potential problems, recommendations, or validation results from policy analysis operations. Finding types include: VALID (policy is ready to use), INVALID (policy has validation errors that must be fixed), NOT_TRANSLATABLE (input couldn't be converted to policy), ALLOW_ALL (policy would allow all actions, potential security risk), ALLOW_NONE (policy would allow no actions, unusable), DENY_ALL (policy would deny all actions, may be too restrictive), and DENY_NONE (policy would deny no actions, ineffective). Review all findings before creating policies from generated assets to ensure they match your security requirements.
" }, "FindingType":{ "type":"string", "enum":[ "VALID", "INVALID", "NOT_TRANSLATABLE", "ALLOW_ALL", "ALLOW_NONE", "DENY_ALL", "DENY_NONE" ] }, "Findings":{ "type":"list", "member":{"shape":"Finding"} }, "GatewayArn":{ "type":"string", "pattern":"arn:aws(|-cn|-us-gov):bedrock-agentcore:[a-z0-9-]{1,20}:[0-9]{12}:gateway/[0-9a-zA-Z]{10}" }, "GatewayDescription":{ "type":"string", "max":200, "min":1, "sensitive":true }, "GatewayId":{ "type":"string", "pattern":"([0-9a-z][-]?){1,100}-[0-9a-z]{10}" }, "GatewayIdentifier":{ "type":"string", "pattern":"([0-9a-z][-]?){1,100}-[0-9a-z]{10}" }, "GatewayInterceptionPoint":{ "type":"string", "enum":[ "REQUEST", "RESPONSE" ] }, "GatewayInterceptionPoints":{ "type":"list", "member":{"shape":"GatewayInterceptionPoint"}, "max":2, "min":1 }, "GatewayInterceptorConfiguration":{ "type":"structure", "required":[ "interceptor", "interceptionPoints" ], "members":{ "interceptor":{ "shape":"InterceptorConfiguration", "documentation":"The infrastructure settings of an interceptor configuration. This structure defines how the interceptor can be invoked.
" }, "interceptionPoints":{ "shape":"GatewayInterceptionPoints", "documentation":"The supported points of interception. This field specifies which points during the gateway invocation to invoke the interceptor
" }, "inputConfiguration":{ "shape":"InterceptorInputConfiguration", "documentation":"The configuration for the input of the interceptor. This field specifies how the input to the interceptor is constructed
" } }, "documentation":"The configuration for an interceptor on a gateway. This structure defines settings for an interceptor that will be invoked during the invocation of the gateway.
" }, "GatewayInterceptorConfigurations":{ "type":"list", "member":{"shape":"GatewayInterceptorConfiguration"}, "max":2, "min":1 }, "GatewayMaxResults":{ "type":"integer", "box":true, "max":1000, "min":1 }, "GatewayName":{ "type":"string", "pattern":"([0-9a-zA-Z][-]?){1,100}", "sensitive":true }, "GatewayNextToken":{ "type":"string", "max":2048, "min":1, "pattern":"\\S*" }, "GatewayPolicyEngineArn":{ "type":"string", "max":170, "min":1, "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:policy-engine\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9_]{10}" }, "GatewayPolicyEngineConfiguration":{ "type":"structure", "required":[ "arn", "mode" ], "members":{ "arn":{ "shape":"GatewayPolicyEngineArn", "documentation":"The ARN of the policy engine. The policy engine contains Cedar policies that define fine-grained authorization rules specifying who can perform what actions on which resources as agents interact through the gateway.
" }, "mode":{ "shape":"GatewayPolicyEngineMode", "documentation":"The enforcement mode for the policy engine. Valid values include:
LOG_ONLY - The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement.
ENFORCE - The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies in LOG_ONLY mode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
The configuration for a policy engine associated with a gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
" }, "GatewayPolicyEngineMode":{ "type":"string", "enum":[ "LOG_ONLY", "ENFORCE" ] }, "GatewayProtocolConfiguration":{ "type":"structure", "members":{ "mcp":{ "shape":"MCPGatewayConfiguration", "documentation":"The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.
" } }, "documentation":"The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.
", "union":true }, "GatewayProtocolType":{ "type":"string", "enum":["MCP"] }, "GatewayStatus":{ "type":"string", "enum":[ "CREATING", "UPDATING", "UPDATE_UNSUCCESSFUL", "DELETING", "READY", "FAILED" ] }, "GatewaySummaries":{ "type":"list", "member":{"shape":"GatewaySummary"} }, "GatewaySummary":{ "type":"structure", "required":[ "gatewayId", "name", "status", "createdAt", "updatedAt", "authorizerType", "protocolType" ], "members":{ "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the gateway.
" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the gateway.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The description of the gateway.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was last updated.
" }, "authorizerType":{ "shape":"AuthorizerType", "documentation":"The type of authorizer used by the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The protocol type used by the gateway.
" } }, "documentation":"Contains summary information about a gateway.
" }, "GatewayTarget":{ "type":"structure", "required":[ "gatewayArn", "targetId", "createdAt", "updatedAt", "status", "name", "targetConfiguration", "credentialProviderConfigurations" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway target.
" }, "targetId":{ "shape":"TargetId", "documentation":"The target ID.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The date and time at which the target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The date and time at which the target was updated.
" }, "status":{ "shape":"TargetStatus", "documentation":"The status of the gateway target.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The status reasons for the target status.
" }, "name":{ "shape":"TargetName", "documentation":"The name of the gateway target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description for the gateway target.
" }, "targetConfiguration":{"shape":"TargetConfiguration"}, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The provider configurations.
" }, "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"The last synchronization time.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"The metadata configuration for HTTP header and query parameter propagation to and from this gateway target.
" } }, "documentation":"The gateway target.
" }, "GatewayTargetList":{ "type":"list", "member":{"shape":"GatewayTarget"} }, "GatewayUrl":{ "type":"string", "max":1024, "min":1 }, "GetAgentRuntimeEndpointRequest":{ "type":"structure", "required":[ "agentRuntimeId", "endpointName" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime associated with the endpoint.
", "location":"uri", "locationName":"agentRuntimeId" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint to retrieve.
", "location":"uri", "locationName":"endpointName" } } }, "GetAgentRuntimeEndpointResponse":{ "type":"structure", "required":[ "agentRuntimeEndpointArn", "agentRuntimeArn", "status", "createdAt", "lastUpdatedAt", "name", "id" ], "members":{ "liveVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The currently deployed version of the AgentCore Runtime on the endpoint.
" }, "targetVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The target version of the AgentCore Runtime for the endpoint.
" }, "agentRuntimeEndpointArn":{ "shape":"AgentRuntimeEndpointArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
" }, "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "description":{ "shape":"AgentEndpointDescription", "documentation":"The description of the AgentCore Runtime endpoint.
" }, "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the AgentCore Runtime endpoint.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was last updated.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the AgentCore Runtime endpoint is in a failed state.
" }, "name":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint.
" }, "id":{ "shape":"AgentRuntimeEndpointId", "documentation":"The unique identifier of the AgentCore Runtime endpoint.
" } } }, "GetAgentRuntimeRequest":{ "type":"structure", "required":["agentRuntimeId"], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to retrieve.
", "location":"uri", "locationName":"agentRuntimeId" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the AgentCore Runtime to retrieve.
", "location":"querystring", "locationName":"version" } } }, "GetAgentRuntimeResponse":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeName", "agentRuntimeId", "agentRuntimeVersion", "createdAt", "lastUpdatedAt", "roleArn", "networkConfiguration", "status", "lifecycleConfiguration" ], "members":{ "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "agentRuntimeName":{ "shape":"AgentRuntimeName", "documentation":"The name of the AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the AgentCore Runtime.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was last updated.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the AgentCore Runtime.
" }, "networkConfiguration":{ "shape":"NetworkConfiguration", "documentation":"The network configuration for the AgentCore Runtime.
" }, "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the AgentCore Runtime.
" }, "lifecycleConfiguration":{ "shape":"LifecycleConfiguration", "documentation":"The life cycle configuration for the AgentCore Runtime.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the AgentCore Runtime is in a failed state.
" }, "description":{ "shape":"Description", "documentation":"The description of the AgentCore Runtime.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the AgentCore Runtime.
" }, "agentRuntimeArtifact":{ "shape":"AgentRuntimeArtifact", "documentation":"The artifact of the AgentCore Runtime.
" }, "protocolConfiguration":{"shape":"ProtocolConfiguration"}, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Environment variables set in the AgentCore Runtime environment.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The authorizer configuration for the AgentCore Runtime.
" }, "requestHeaderConfiguration":{ "shape":"RequestHeaderConfiguration", "documentation":"Configuration for HTTP request headers that will be passed through to the runtime.
" } } }, "GetApiKeyCredentialProviderRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider to retrieve.
" } } }, "GetApiKeyCredentialProviderResponse":{ "type":"structure", "required":[ "apiKeySecretArn", "name", "credentialProviderArn", "createdTime", "lastUpdatedTime" ], "members":{ "apiKeySecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider.
" }, "credentialProviderArn":{ "shape":"ApiKeyCredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the API key credential provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was last updated.
" } } }, "GetBrowserRequest":{ "type":"structure", "required":["browserId"], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the browser to retrieve.
", "location":"uri", "locationName":"browserId" } } }, "GetBrowserResponse":{ "type":"structure", "required":[ "browserId", "browserArn", "name", "networkConfiguration", "status", "createdAt", "lastUpdatedAt" ], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the browser.
" }, "browserArn":{ "shape":"BrowserArn", "documentation":"The Amazon Resource Name (ARN) of the browser.
" }, "name":{ "shape":"SandboxName", "documentation":"The name of the browser.
" }, "description":{ "shape":"Description", "documentation":"The description of the browser.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the browser.
" }, "networkConfiguration":{"shape":"BrowserNetworkConfiguration"}, "recording":{"shape":"RecordingConfig"}, "browserSigning":{ "shape":"BrowserSigningConfigOutput", "documentation":"The browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
" }, "status":{ "shape":"BrowserStatus", "documentation":"The current status of the browser.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the browser is in a failed state.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was last updated.
" } } }, "GetCodeInterpreterRequest":{ "type":"structure", "required":["codeInterpreterId"], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the code interpreter to retrieve.
", "location":"uri", "locationName":"codeInterpreterId" } } }, "GetCodeInterpreterResponse":{ "type":"structure", "required":[ "codeInterpreterId", "codeInterpreterArn", "name", "networkConfiguration", "status", "createdAt", "lastUpdatedAt" ], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the code interpreter.
" }, "codeInterpreterArn":{ "shape":"CodeInterpreterArn", "documentation":"The Amazon Resource Name (ARN) of the code interpreter.
" }, "name":{ "shape":"SandboxName", "documentation":"The name of the code interpreter.
" }, "description":{ "shape":"Description", "documentation":"The description of the code interpreter.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the code interpreter.
" }, "networkConfiguration":{"shape":"CodeInterpreterNetworkConfiguration"}, "status":{ "shape":"CodeInterpreterStatus", "documentation":"The current status of the code interpreter.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the code interpreter is in a failed state.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was last updated.
" } } }, "GetEvaluatorRequest":{ "type":"structure", "required":["evaluatorId"], "members":{ "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator to retrieve. Can be a built-in evaluator ID (e.g., Builtin.Helpfulness) or a custom evaluator ID.
", "location":"uri", "locationName":"evaluatorId" } } }, "GetEvaluatorResponse":{ "type":"structure", "required":[ "evaluatorArn", "evaluatorId", "evaluatorName", "evaluatorConfig", "level", "status", "createdAt", "updatedAt" ], "members":{ "evaluatorArn":{ "shape":"EvaluatorArn", "documentation":"The Amazon Resource Name (ARN) of the evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator.
" }, "evaluatorName":{ "shape":"EvaluatorName", "documentation":"The name of the evaluator.
" }, "description":{ "shape":"EvaluatorDescription", "documentation":"The description of the evaluator.
" }, "evaluatorConfig":{ "shape":"EvaluatorConfig", "documentation":"The configuration of the evaluator, including LLM-as-a-Judge settings for custom evaluators.
" }, "level":{ "shape":"EvaluatorLevel", "documentation":" The evaluation level (TOOL_CALL, TRACE, or SESSION) that determines the scope of evaluation.
The current status of the evaluator.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was last updated.
" }, "lockedForModification":{ "shape":"Boolean", "documentation":"Whether the evaluator is locked for modification due to being referenced by active online evaluation configurations.
" } } }, "GetGatewayRequest":{ "type":"structure", "required":["gatewayIdentifier"], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to retrieve.
", "location":"uri", "locationName":"gatewayIdentifier" } } }, "GetGatewayResponse":{ "type":"structure", "required":[ "gatewayArn", "gatewayId", "createdAt", "updatedAt", "status", "name", "protocolType", "authorizerType" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the gateway.
" }, "gatewayUrl":{ "shape":"GatewayUrl", "documentation":"An endpoint for invoking gateway.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was last updated.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the gateway.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway.
" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The description of the gateway.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"Protocol applied to a gateway.
" }, "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, "authorizerType":{ "shape":"AuthorizerType", "documentation":"Authorizer type for the gateway.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The authorizer configuration for the gateway.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"The interceptors configured on the gateway.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The policy engine configuration for the gateway.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the gateway.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The identifier of the gateway that contains the target.
", "location":"uri", "locationName":"gatewayIdentifier" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the target to retrieve.
", "location":"uri", "locationName":"targetId" } } }, "GetGatewayTargetResponse":{ "type":"structure", "required":[ "gatewayArn", "targetId", "createdAt", "updatedAt", "status", "name", "targetConfiguration", "credentialProviderConfigurations" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the gateway target.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway target was last updated.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the gateway target.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway target.
" }, "name":{ "shape":"TargetName", "documentation":"The name of the gateway target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description of the gateway target.
" }, "targetConfiguration":{"shape":"TargetConfiguration"}, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The credential provider configurations for the gateway target.
" }, "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"The last synchronization of the target.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"The metadata configuration for HTTP header and query parameter propagation for the retrieved gateway target.
" } } }, "GetMemoryInput":{ "type":"structure", "required":["memoryId"], "members":{ "memoryId":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory to retrieve.
", "location":"uri", "locationName":"memoryId" }, "view":{ "shape":"MemoryView", "documentation":"The level of detail to return for the memory.
", "location":"querystring", "locationName":"view" } } }, "GetMemoryOutput":{ "type":"structure", "required":["memory"], "members":{ "memory":{ "shape":"Memory", "documentation":"The retrieved AgentCore Memory resource details.
" } } }, "GetOauth2CredentialProviderRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider to retrieve.
" } } }, "GetOauth2CredentialProviderResponse":{ "type":"structure", "required":[ "clientSecretArn", "name", "credentialProviderArn", "credentialProviderVendor", "oauth2ProviderConfigOutput", "createdTime", "lastUpdatedTime" ], "members":{ "clientSecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider.
" }, "credentialProviderArn":{ "shape":"CredentialProviderArnType", "documentation":"ARN of the credential provider requested.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider.
" }, "callbackUrl":{ "shape":"String", "documentation":"Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
" }, "oauth2ProviderConfigOutput":{ "shape":"Oauth2ProviderConfigOutput", "documentation":"The configuration output for the OAuth2 provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was last updated.
" } } }, "GetOnlineEvaluationConfigRequest":{ "type":"structure", "required":["onlineEvaluationConfigId"], "members":{ "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration to retrieve.
", "location":"uri", "locationName":"onlineEvaluationConfigId" } } }, "GetOnlineEvaluationConfigResponse":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "onlineEvaluationConfigName", "rule", "dataSourceConfig", "evaluators", "status", "executionStatus", "createdAt", "updatedAt" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration.
" }, "onlineEvaluationConfigName":{ "shape":"EvaluationConfigName", "documentation":"The name of the online evaluation configuration.
" }, "description":{ "shape":"EvaluationConfigDescription", "documentation":"The description of the online evaluation configuration.
" }, "rule":{ "shape":"Rule", "documentation":"The evaluation rule containing sampling configuration, filters, and session settings.
" }, "dataSourceConfig":{ "shape":"DataSourceConfig", "documentation":"The data source configuration specifying CloudWatch log groups and service names to monitor.
" }, "evaluators":{ "shape":"EvaluatorList", "documentation":"The list of evaluators applied during online evaluation.
" }, "outputConfig":{ "shape":"OutputConfig", "documentation":"The output configuration specifying where evaluation results are written.
" }, "evaluationExecutionRoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role used for evaluation execution.
" }, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The execution status indicating whether the online evaluation is currently running.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was last updated.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the online evaluation configuration execution failed.
" } } }, "GetPolicyEngineRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine to be retrieved. This must be a valid policy engine ID that exists within the account.
", "location":"uri", "locationName":"policyEngineId" } } }, "GetPolicyEngineResponse":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the retrieved policy engine. This matches the policy engine ID provided in the request and serves as the system identifier.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned name of the policy engine. This is the human-readable identifier that was specified when the policy engine was created.
" }, "description":{ "shape":"Description", "documentation":"The human-readable description of the policy engine's purpose and scope. This helps administrators understand the policy engine's role in governance.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was originally created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration.
" }, "policyEngineArn":{ "shape":"PolicyEngineArn", "documentation":"The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The current status of the policy engine.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine.
" } } }, "GetPolicyGenerationRequest":{ "type":"structure", "required":[ "policyGenerationId", "policyEngineId" ], "members":{ "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy generation request to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call.
", "location":"uri", "locationName":"policyGenerationId" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine associated with the policy generation request. This provides the context for the generation operation and schema validation.
", "location":"uri", "locationName":"policyEngineId" } } }, "GetPolicyGenerationResponse":{ "type":"structure", "required":[ "policyEngineId", "policyGenerationId", "name", "policyGenerationArn", "resource", "createdAt", "updatedAt", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine associated with this policy generation. This confirms the policy engine context for the generation operation.
" }, "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy generation request. This matches the generation ID provided in the request and serves as the tracking identifier.
" }, "name":{ "shape":"PolicyGenerationName", "documentation":"The customer-assigned name for the policy generation request. This helps identify and track generation operations across multiple requests.
" }, "policyGenerationArn":{ "shape":"PolicyGenerationArn", "documentation":"The Amazon Resource Name (ARN) of the policy generation. This globally unique identifier can be used for tracking, auditing, and cross-service references.
" }, "resource":{ "shape":"Resource", "documentation":"The resource information associated with the policy generation. This provides context about the target resources for which the policies are being generated.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy generation request was created. This is used for tracking and auditing generation operations and their lifecycle.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy generation was last updated. This tracks the progress of the generation process and any status changes.
" }, "status":{ "shape":"PolicyGenerationStatus", "documentation":"The current status of the policy generation. This indicates whether the generation is in progress, completed successfully, or failed during processing.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the generation status. This provides details about any failures, warnings, or the current state of the generation process.
" }, "findings":{ "shape":"String", "documentation":"The findings and results from the policy generation process. This includes any issues, recommendations, validation results, or insights from the generated policies.
" } } }, "GetPolicyRequest":{ "type":"structure", "required":[ "policyEngineId", "policyId" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages the policy to be retrieved.
", "location":"uri", "locationName":"policyEngineId" }, "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy to be retrieved. This must be a valid policy ID that exists within the specified policy engine.
", "location":"uri", "locationName":"policyId" } } }, "GetPolicyResponse":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the retrieved policy. This matches the policy ID provided in the request and serves as the system identifier for the policy.
" }, "name":{ "shape":"PolicyName", "documentation":"The customer-assigned name of the policy. This is the human-readable identifier that was specified when the policy was created.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages this policy. This confirms the policy engine context for the retrieved policy.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.
" }, "description":{ "shape":"Description", "documentation":"The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was originally created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The current status of the policy.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the policy status. This provides details about any failures or the current state of the policy.
" } } }, "GetResourcePolicyRequest":{ "type":"structure", "required":["resourceArn"], "members":{ "resourceArn":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"The Amazon Resource Name (ARN) of the resource for which to retrieve the resource policy.
", "location":"uri", "locationName":"resourceArn" } } }, "GetResourcePolicyResponse":{ "type":"structure", "members":{ "policy":{ "shape":"ResourcePolicyBody", "documentation":"The resource policy associated with the specified resource.
" } } }, "GetTokenVaultRequest":{ "type":"structure", "members":{ "tokenVaultId":{ "shape":"TokenVaultIdType", "documentation":"The unique identifier of the token vault to retrieve.
" } } }, "GetTokenVaultResponse":{ "type":"structure", "required":[ "tokenVaultId", "kmsConfiguration", "lastModifiedDate" ], "members":{ "tokenVaultId":{ "shape":"TokenVaultIdType", "documentation":"The ID of the token vault.
" }, "kmsConfiguration":{ "shape":"KmsConfiguration", "documentation":"The KMS configuration for the token vault.
" }, "lastModifiedDate":{ "shape":"Timestamp", "documentation":"The timestamp when the token vault was last modified.
" } } }, "GetWorkloadIdentityRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity to retrieve.
" } } }, "GetWorkloadIdentityResponse":{ "type":"structure", "required":[ "name", "workloadIdentityArn", "createdTime", "lastUpdatedTime" ], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity.
" }, "workloadIdentityArn":{ "shape":"WorkloadIdentityArnType", "documentation":"The Amazon Resource Name (ARN) of the workload identity.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The list of allowed OAuth2 return URLs for resources associated with this workload identity.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the workload identity was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the workload identity was last updated.
" } } }, "GithubOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the GitHub OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the GitHub OAuth2 provider.
" } }, "documentation":"Input configuration for a GitHub OAuth2 provider.
" }, "GithubOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the GitHub provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the GitHub OAuth2 provider.
" } }, "documentation":"Output configuration for a GitHub OAuth2 provider.
" }, "GoogleOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Google OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Google OAuth2 provider.
" } }, "documentation":"Input configuration for a Google OAuth2 provider.
" }, "GoogleOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the Google provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Google OAuth2 provider.
" } }, "documentation":"Output configuration for a Google OAuth2 provider.
" }, "HeaderName":{ "type":"string", "max":256, "min":1, "pattern":"(Authorization|X-Amzn-Bedrock-AgentCore-Runtime-Custom-[a-zA-Z0-9-]+)" }, "HttpHeaderName":{ "type":"string", "max":100, "min":1 }, "HttpQueryParameterName":{ "type":"string", "max":40, "min":1 }, "InboundTokenClaimNameType":{ "type":"string", "max":255, "min":1, "pattern":"[A-Za-z0-9_.-:]+" }, "InboundTokenClaimValueType":{ "type":"string", "enum":[ "STRING", "STRING_ARRAY" ] }, "IncludedOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the supported OAuth2 provider. This identifier is assigned by the OAuth2 provider when you register your application.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.
" }, "issuer":{ "shape":"IssuerUrlType", "documentation":"Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.
" }, "authorizationEndpoint":{ "shape":"AuthorizationEndpointType", "documentation":"OAuth2 authorization endpoint for your isolated OAuth2 application tenant. This is where users are redirected to authenticate and authorize access to their resources.
" }, "tokenEndpoint":{ "shape":"TokenEndpointType", "documentation":"OAuth2 token endpoint for your isolated OAuth2 application tenant. This is where authorization codes are exchanged for access tokens.
" } }, "documentation":"Configuration settings for connecting to a supported OAuth2 provider. This includes client credentials and OAuth2 discovery information for providers that have built-in support.
" }, "IncludedOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{"shape":"Oauth2Discovery"}, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the supported OAuth2 provider.
" } }, "documentation":"The configuration details returned for a supported OAuth2 provider, including client credentials and OAuth2 discovery information.
" }, "InferenceConfiguration":{ "type":"structure", "members":{ "maxTokens":{ "shape":"InferenceConfigurationMaxTokensInteger", "documentation":"The maximum number of tokens to generate in the model response during evaluation.
" }, "temperature":{ "shape":"InferenceConfigurationTemperatureFloat", "documentation":"The temperature value that controls randomness in the model's responses. Lower values produce more deterministic outputs.
" }, "topP":{ "shape":"InferenceConfigurationTopPFloat", "documentation":"The top-p sampling parameter that controls the diversity of the model's responses by limiting the cumulative probability of token choices.
" }, "stopSequences":{ "shape":"InferenceConfigurationStopSequencesList", "documentation":"The list of sequences that will cause the model to stop generating tokens when encountered.
" } }, "documentation":"The configuration parameters that control how the foundation model behaves during evaluation, including response generation settings.
" }, "InferenceConfigurationMaxTokensInteger":{ "type":"integer", "box":true, "min":1 }, "InferenceConfigurationStopSequencesList":{ "type":"list", "member":{"shape":"NonEmptyString"}, "max":2500, "min":0 }, "InferenceConfigurationTemperatureFloat":{ "type":"float", "box":true, "max":1, "min":0 }, "InferenceConfigurationTopPFloat":{ "type":"float", "box":true, "max":1, "min":0 }, "InlinePayload":{ "type":"string", "sensitive":true }, "Integer":{ "type":"integer", "box":true }, "InterceptorConfiguration":{ "type":"structure", "members":{ "lambda":{ "shape":"LambdaInterceptorConfiguration", "documentation":"The details of the lambda function used for the interceptor.
" } }, "documentation":"The interceptor configuration.
", "union":true }, "InterceptorInputConfiguration":{ "type":"structure", "required":["passRequestHeaders"], "members":{ "passRequestHeaders":{ "shape":"Boolean", "documentation":"Indicates whether to pass request headers as input into the interceptor. When set to true, request headers will be passed.
" } }, "documentation":"The input configuration of the interceptor.
" }, "InternalServerException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown if there was an unexpected error during processing of request
", "error":{"httpStatusCode":500}, "exception":true, "fault":true }, "InvocationConfiguration":{ "type":"structure", "required":[ "topicArn", "payloadDeliveryBucketName" ], "members":{ "topicArn":{ "shape":"Arn", "documentation":"The ARN of the SNS topic for job notifications.
" }, "payloadDeliveryBucketName":{ "shape":"String", "documentation":"The S3 bucket name for event payload delivery.
" } }, "documentation":"The configuration to invoke a self-managed memory processing pipeline with.
" }, "InvocationConfigurationInput":{ "type":"structure", "required":[ "topicArn", "payloadDeliveryBucketName" ], "members":{ "topicArn":{ "shape":"Arn", "documentation":"The ARN of the SNS topic for job notifications.
" }, "payloadDeliveryBucketName":{ "shape":"InvocationConfigurationInputPayloadDeliveryBucketNameString", "documentation":"The S3 bucket name for event payload delivery.
" } }, "documentation":"The configuration to invoke a self-managed memory processing pipeline with.
" }, "InvocationConfigurationInputPayloadDeliveryBucketNameString":{ "type":"string", "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" }, "IssuerUrlType":{"type":"string"}, "KeyType":{ "type":"string", "enum":[ "CustomerManagedKey", "ServiceManagedKey" ] }, "KmsConfiguration":{ "type":"structure", "required":["keyType"], "members":{ "keyType":{ "shape":"KeyType", "documentation":"The type of KMS key (CustomerManagedKey or ServiceManagedKey).
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key.
" } }, "documentation":"Contains the KMS configuration for a resource.
" }, "KmsKeyArn":{ "type":"string", "max":2048, "min":1, "pattern":"arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}" }, "LambdaFunctionArn":{ "type":"string", "max":170, "min":1, "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:([a-z]{2}(-gov)?-[a-z]+-\\d{1}):(\\d{12}):function:([a-zA-Z0-9-_.]+)(:(\\$LATEST|[a-zA-Z0-9-]+))?" }, "LambdaInterceptorConfiguration":{ "type":"structure", "required":["arn"], "members":{ "arn":{ "shape":"LambdaFunctionArn", "documentation":"The arn of the lambda function to be invoked for the interceptor.
" } }, "documentation":"The lambda configuration for the interceptor
" }, "LifecycleConfiguration":{ "type":"structure", "members":{ "idleRuntimeSessionTimeout":{ "shape":"LifecycleConfigurationIdleRuntimeSessionTimeoutInteger", "documentation":"Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will be automatically terminated. Default: 900 seconds (15 minutes).
" }, "maxLifetime":{ "shape":"LifecycleConfigurationMaxLifetimeInteger", "documentation":"Maximum lifetime for the instance in seconds. Once reached, instances will be automatically terminated and replaced. Default: 28800 seconds (8 hours).
" } }, "documentation":"LifecycleConfiguration lets you manage the lifecycle of runtime sessions and resources in AgentCore Runtime. This configuration helps optimize resource utilization by automatically cleaning up idle sessions and preventing long-running instances from consuming resources indefinitely.
" }, "LifecycleConfigurationIdleRuntimeSessionTimeoutInteger":{ "type":"integer", "box":true, "max":28800, "min":60 }, "LifecycleConfigurationMaxLifetimeInteger":{ "type":"integer", "box":true, "max":28800, "min":60 }, "LinkedinOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the LinkedIn OAuth2 provider. This identifier is assigned by LinkedIn when you register your application.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the LinkedIn OAuth2 provider. This secret is assigned by LinkedIn and used along with the client ID to authenticate your application.
" } }, "documentation":"Configuration settings for connecting to LinkedIn services using OAuth2 authentication. This includes the client credentials required to authenticate with LinkedIn's OAuth2 authorization server.
" }, "LinkedinOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{"shape":"Oauth2Discovery"}, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the LinkedIn OAuth2 provider.
" } }, "documentation":"The configuration details returned for a LinkedIn OAuth2 provider, including the client ID and OAuth2 discovery information.
" }, "ListAgentRuntimeEndpointsRequest":{ "type":"structure", "required":["agentRuntimeId"], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to list endpoints for.
", "location":"uri", "locationName":"agentRuntimeId" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" } } }, "ListAgentRuntimeEndpointsResponse":{ "type":"structure", "required":["runtimeEndpoints"], "members":{ "runtimeEndpoints":{ "shape":"AgentRuntimeEndpoints", "documentation":"The list of AgentCore Runtime endpoints.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListAgentRuntimeVersionsRequest":{ "type":"structure", "required":["agentRuntimeId"], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to list versions for.
", "location":"uri", "locationName":"agentRuntimeId" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" } } }, "ListAgentRuntimeVersionsResponse":{ "type":"structure", "required":["agentRuntimes"], "members":{ "agentRuntimes":{ "shape":"AgentRuntimes", "documentation":"The list of AgentCore Runtime versions.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListAgentRuntimesRequest":{ "type":"structure", "members":{ "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" } } }, "ListAgentRuntimesResponse":{ "type":"structure", "required":["agentRuntimes"], "members":{ "agentRuntimes":{ "shape":"AgentRuntimes", "documentation":"The list of AgentCore Runtime resources.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListApiKeyCredentialProvidersRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"Pagination token.
" }, "maxResults":{ "shape":"MaxResults", "documentation":"Maximum number of results to return.
" } } }, "ListApiKeyCredentialProvidersResponse":{ "type":"structure", "required":["credentialProviders"], "members":{ "credentialProviders":{ "shape":"ApiKeyCredentialProviders", "documentation":"The list of API key credential providers.
" }, "nextToken":{ "shape":"String", "documentation":"Pagination token for the next page of results.
" } } }, "ListBrowsersRequest":{ "type":"structure", "members":{ "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in a single call. The default value is 10. The maximum value is 50.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", "location":"querystring", "locationName":"nextToken" }, "type":{ "shape":"ResourceType", "documentation":"The type of browsers to list. If not specified, all browser types are returned.
", "location":"querystring", "locationName":"type" } } }, "ListBrowsersResponse":{ "type":"structure", "required":["browserSummaries"], "members":{ "browserSummaries":{ "shape":"BrowserSummaries", "documentation":"The list of browser summaries.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListCodeInterpretersRequest":{ "type":"structure", "members":{ "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" }, "type":{ "shape":"ResourceType", "documentation":"The type of code interpreters to list.
", "location":"querystring", "locationName":"type" } } }, "ListCodeInterpretersResponse":{ "type":"structure", "required":["codeInterpreterSummaries"], "members":{ "codeInterpreterSummaries":{ "shape":"CodeInterpreterSummaries", "documentation":"The list of code interpreter summaries.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListEvaluatorsRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"The pagination token from a previous request to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"ListEvaluatorsRequestMaxResultsInteger", "documentation":"The maximum number of evaluators to return in a single response.
", "location":"querystring", "locationName":"maxResults" } } }, "ListEvaluatorsRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":100, "min":1 }, "ListEvaluatorsResponse":{ "type":"structure", "required":["evaluators"], "members":{ "evaluators":{ "shape":"EvaluatorSummaryList", "documentation":"The list of evaluator summaries containing basic information about each evaluator.
" }, "nextToken":{ "shape":"String", "documentation":"The pagination token to use in a subsequent request to retrieve the next page of results.
" } } }, "ListGatewayTargetsRequest":{ "type":"structure", "required":["gatewayIdentifier"], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to list targets for.
", "location":"uri", "locationName":"gatewayIdentifier" }, "maxResults":{ "shape":"TargetMaxResults", "documentation":"The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
The list of gateway target summaries.
" }, "nextToken":{ "shape":"TargetNextToken", "documentation":"If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
The list of gateway summaries.
" }, "nextToken":{ "shape":"GatewayNextToken", "documentation":"If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
The maximum number of results to return in a single call. The default value is 10. The maximum value is 50.
" }, "nextToken":{ "shape":"String", "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
" } } }, "ListMemoriesInputMaxResultsInteger":{ "type":"integer", "box":true, "max":100, "min":1 }, "ListMemoriesOutput":{ "type":"structure", "required":["memories"], "members":{ "memories":{ "shape":"MemorySummaryList", "documentation":"The list of AgentCore Memory resource summaries.
" }, "nextToken":{ "shape":"String", "documentation":"A token to retrieve the next page of results.
" } } }, "ListOauth2CredentialProvidersRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"Pagination token.
" }, "maxResults":{ "shape":"ListOauth2CredentialProvidersRequestMaxResultsInteger", "documentation":"Maximum number of results to return.
" } } }, "ListOauth2CredentialProvidersRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":20, "min":1 }, "ListOauth2CredentialProvidersResponse":{ "type":"structure", "required":["credentialProviders"], "members":{ "credentialProviders":{ "shape":"Oauth2CredentialProviders", "documentation":"The list of OAuth2 credential providers.
" }, "nextToken":{ "shape":"String", "documentation":"Pagination token for the next page of results.
" } } }, "ListOnlineEvaluationConfigsRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"The pagination token from a previous request to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"ListOnlineEvaluationConfigsRequestMaxResultsInteger", "documentation":"The maximum number of online evaluation configurations to return in a single response.
", "location":"querystring", "locationName":"maxResults" } } }, "ListOnlineEvaluationConfigsRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":100, "min":1 }, "ListOnlineEvaluationConfigsResponse":{ "type":"structure", "required":["onlineEvaluationConfigs"], "members":{ "onlineEvaluationConfigs":{ "shape":"OnlineEvaluationConfigSummaryList", "documentation":"The list of online evaluation configuration summaries containing basic information about each configuration.
" }, "nextToken":{ "shape":"String", "documentation":"The pagination token to use in a subsequent request to retrieve the next page of results.
" } } }, "ListPoliciesRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "nextToken":{ "shape":"NextToken", "documentation":"A pagination token returned from a previous ListPolicies call. Use this token to retrieve the next page of results when the response is paginated.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of policies to return in a single response. If not specified, the default is 10 policies per page, with a maximum of 100 per page.
", "location":"querystring", "locationName":"maxResults" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine whose policies to retrieve.
", "location":"uri", "locationName":"policyEngineId" }, "targetResourceScope":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"Optional filter to list policies that apply to a specific resource scope or resource type. This helps narrow down policy results to those relevant for particular Amazon Web Services resources, agent tools, or operational contexts within the policy engine ecosystem.
", "location":"querystring", "locationName":"targetResourceScope" } } }, "ListPoliciesResponse":{ "type":"structure", "required":["policies"], "members":{ "policies":{ "shape":"Policies", "documentation":"An array of policy objects that match the specified criteria. Each policy object contains the policy metadata, status, and key identifiers for further operations.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token that can be used in subsequent ListPolicies calls to retrieve additional results. This token is only present when there are more results available.
" } } }, "ListPolicyEnginesRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"NextToken", "documentation":"A pagination token returned from a previous ListPolicyEngines call. Use this token to retrieve the next page of results when the response is paginated.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of policy engines to return in a single response. If not specified, the default is 10 policy engines per page, with a maximum of 100 per page.
", "location":"querystring", "locationName":"maxResults" } } }, "ListPolicyEnginesResponse":{ "type":"structure", "required":["policyEngines"], "members":{ "policyEngines":{ "shape":"PolicyEngines", "documentation":"An array of policy engine objects that exist in the account. Each policy engine object contains the engine metadata, status, and key identifiers for further operations.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token that can be used in subsequent ListPolicyEngines calls to retrieve additional results. This token is only present when there are more results available.
" } } }, "ListPolicyGenerationAssetsRequest":{ "type":"structure", "required":[ "policyGenerationId", "policyEngineId" ], "members":{ "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy generation request whose assets are to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call that has completed processing.
", "location":"uri", "locationName":"policyGenerationId" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine associated with the policy generation request. This provides the context for the generation operation and ensures assets are retrieved from the correct policy engine.
", "location":"uri", "locationName":"policyEngineId" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token returned from a previous ListPolicyGenerationAssets call. Use this token to retrieve the next page of assets when the response is paginated due to large numbers of generated policy options.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of policy generation assets to return in a single response. If not specified, the default is 10 assets per page, with a maximum of 100 per page. This helps control response size when dealing with policy generations that produce many alternative policy options.
", "location":"querystring", "locationName":"maxResults" } } }, "ListPolicyGenerationAssetsResponse":{ "type":"structure", "members":{ "policyGenerationAssets":{ "shape":"PolicyGenerationAssets", "documentation":"An array of generated policy assets including Cedar policies and related artifacts from the AI-powered policy generation process. Each asset represents a different policy option or variation generated from the original natural language input.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token that can be used in subsequent ListPolicyGenerationAssets calls to retrieve additional assets. This token is only present when there are more generated policy assets available beyond the current response.
" } } }, "ListPolicyGenerationsRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "nextToken":{ "shape":"NextToken", "documentation":"A pagination token for retrieving additional policy generations when results are paginated.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of policy generations to return in a single response.
", "location":"querystring", "locationName":"maxResults" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine whose policy generations to retrieve.
", "location":"uri", "locationName":"policyEngineId" } } }, "ListPolicyGenerationsResponse":{ "type":"structure", "required":["policyGenerations"], "members":{ "policyGenerations":{ "shape":"PolicyGenerations", "documentation":"An array of policy generation objects that match the specified criteria.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token for retrieving additional policy generations if more results are available.
" } } }, "ListTagsForResourceRequest":{ "type":"structure", "required":["resourceArn"], "members":{ "resourceArn":{ "shape":"TaggableResourcesArn", "documentation":"The Amazon Resource Name (ARN) of the resource for which you want to list tags.
", "location":"uri", "locationName":"resourceArn" } } }, "ListTagsForResourceResponse":{ "type":"structure", "members":{ "tags":{ "shape":"TagsMap", "documentation":"The tags associated with the resource.
" } } }, "ListWorkloadIdentitiesRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"Pagination token.
" }, "maxResults":{ "shape":"ListWorkloadIdentitiesRequestMaxResultsInteger", "documentation":"Maximum number of results to return.
" } } }, "ListWorkloadIdentitiesRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":20, "min":1 }, "ListWorkloadIdentitiesResponse":{ "type":"structure", "required":["workloadIdentities"], "members":{ "workloadIdentities":{ "shape":"WorkloadIdentityList", "documentation":"The list of workload identities.
" }, "nextToken":{ "shape":"String", "documentation":"Pagination token for the next page of results.
" } } }, "LlmAsAJudgeEvaluatorConfig":{ "type":"structure", "required":[ "instructions", "ratingScale", "modelConfig" ], "members":{ "instructions":{ "shape":"EvaluatorInstructions", "documentation":"The evaluation instructions that guide the language model in assessing agent performance, including criteria and evaluation guidelines.
" }, "ratingScale":{ "shape":"RatingScale", "documentation":"The rating scale that defines how the evaluator should score agent performance, either numerical or categorical.
" }, "modelConfig":{ "shape":"EvaluatorModelConfig", "documentation":"The model configuration that specifies which foundation model to use and how to configure it for evaluation.
" } }, "documentation":"The configuration for LLM-as-a-Judge evaluation that uses a language model to assess agent performance based on custom instructions and rating scales.
" }, "LogGroupName":{ "type":"string", "max":512, "min":1, "pattern":"[.\\-_/#A-Za-z0-9]+" }, "MCPGatewayConfiguration":{ "type":"structure", "members":{ "supportedVersions":{ "shape":"McpSupportedVersions", "documentation":"The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.
" }, "instructions":{ "shape":"McpInstructions", "documentation":"The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.
" }, "searchType":{ "shape":"SearchType", "documentation":"The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.
" } }, "documentation":"The configuration for a Model Context Protocol (MCP) gateway. This structure defines how the gateway implements the MCP protocol.
" }, "MatchValueString":{ "type":"string", "max":255, "min":1, "pattern":"[A-Za-z0-9_.-]+" }, "MatchValueStringList":{ "type":"list", "member":{"shape":"MatchValueString"}, "min":1 }, "MaxResults":{ "type":"integer", "box":true, "max":100, "min":1 }, "McpInstructions":{ "type":"string", "max":2048, "min":1 }, "McpLambdaTargetConfiguration":{ "type":"structure", "required":[ "lambdaArn", "toolSchema" ], "members":{ "lambdaArn":{ "shape":"LambdaFunctionArn", "documentation":"The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
" }, "toolSchema":{ "shape":"ToolSchema", "documentation":"The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
" } }, "documentation":"The Lambda configuration for a Model Context Protocol target. This structure defines how the gateway uses a Lambda function to communicate with the target.
" }, "McpServerTargetConfiguration":{ "type":"structure", "required":["endpoint"], "members":{ "endpoint":{ "shape":"McpServerTargetConfigurationEndpointString", "documentation":"The endpoint for the MCP server target configuration.
" } }, "documentation":"The target configuration for the MCP server.
" }, "McpServerTargetConfigurationEndpointString":{ "type":"string", "pattern":"https://.*" }, "McpSupportedVersions":{ "type":"list", "member":{"shape":"McpVersion"} }, "McpTargetConfiguration":{ "type":"structure", "members":{ "openApiSchema":{ "shape":"ApiSchemaConfiguration", "documentation":"The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
" }, "smithyModel":{ "shape":"ApiSchemaConfiguration", "documentation":"The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
" }, "lambda":{ "shape":"McpLambdaTargetConfiguration", "documentation":"The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
" }, "mcpServer":{ "shape":"McpServerTargetConfiguration", "documentation":"The MCP server specified as the gateway target.
" }, "apiGateway":{ "shape":"ApiGatewayTargetConfiguration", "documentation":"The configuration for an Amazon API Gateway target.
" } }, "documentation":"The Model Context Protocol (MCP) configuration for a target. This structure defines how the gateway uses MCP to communicate with the target.
", "union":true }, "McpVersion":{"type":"string"}, "Memory":{ "type":"structure", "required":[ "arn", "id", "name", "eventExpiryDuration", "status", "createdAt", "updatedAt" ], "members":{ "arn":{ "shape":"MemoryArn", "documentation":"The Amazon Resource Name (ARN) of the memory.
" }, "id":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory.
" }, "name":{ "shape":"Name", "documentation":"The name of the memory.
" }, "description":{ "shape":"Description", "documentation":"The description of the memory.
" }, "encryptionKeyArn":{ "shape":"Arn", "documentation":"The ARN of the KMS key used to encrypt the memory.
" }, "memoryExecutionRoleArn":{ "shape":"Arn", "documentation":"The ARN of the IAM role that provides permissions for the memory.
" }, "eventExpiryDuration":{ "shape":"MemoryEventExpiryDurationInteger", "documentation":"The number of days after which memory events will expire.
" }, "status":{ "shape":"MemoryStatus", "documentation":"The current status of the memory.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the memory is in a failed state.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory was last updated.
" }, "strategies":{ "shape":"MemoryStrategyList", "documentation":"The list of memory strategies associated with this memory.
" } }, "documentation":"Contains information about a memory resource.
" }, "MemoryArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:memory\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "MemoryEventExpiryDurationInteger":{ "type":"integer", "box":true, "max":365, "min":1 }, "MemoryId":{ "type":"string", "min":12, "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "MemoryStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "FAILED", "DELETING" ] }, "MemoryStrategy":{ "type":"structure", "required":[ "strategyId", "name", "type", "namespaces" ], "members":{ "strategyId":{ "shape":"MemoryStrategyId", "documentation":"The unique identifier of the memory strategy.
" }, "name":{ "shape":"Name", "documentation":"The name of the memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the memory strategy.
" }, "configuration":{ "shape":"StrategyConfiguration", "documentation":"The configuration of the memory strategy.
" }, "type":{ "shape":"MemoryStrategyType", "documentation":"The type of the memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the memory strategy.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory strategy was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory strategy was last updated.
" }, "status":{ "shape":"MemoryStrategyStatus", "documentation":"The current status of the memory strategy.
" } }, "documentation":"Contains information about a memory strategy.
" }, "MemoryStrategyId":{ "type":"string", "min":12, "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "MemoryStrategyInput":{ "type":"structure", "members":{ "semanticMemoryStrategy":{ "shape":"SemanticMemoryStrategyInput", "documentation":"Input for creating a semantic memory strategy.
" }, "summaryMemoryStrategy":{ "shape":"SummaryMemoryStrategyInput", "documentation":"Input for creating a summary memory strategy.
" }, "userPreferenceMemoryStrategy":{ "shape":"UserPreferenceMemoryStrategyInput", "documentation":"Input for creating a user preference memory strategy.
" }, "customMemoryStrategy":{ "shape":"CustomMemoryStrategyInput", "documentation":"Input for creating a custom memory strategy.
" }, "episodicMemoryStrategy":{ "shape":"EpisodicMemoryStrategyInput", "documentation":"Input for creating an episodic memory strategy
" } }, "documentation":"Contains input information for creating a memory strategy.
", "union":true }, "MemoryStrategyInputList":{ "type":"list", "member":{"shape":"MemoryStrategyInput"} }, "MemoryStrategyList":{ "type":"list", "member":{"shape":"MemoryStrategy"} }, "MemoryStrategyStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "DELETING", "FAILED" ] }, "MemoryStrategyType":{ "type":"string", "enum":[ "SEMANTIC", "SUMMARIZATION", "USER_PREFERENCE", "CUSTOM", "EPISODIC" ] }, "MemorySummary":{ "type":"structure", "required":[ "createdAt", "updatedAt" ], "members":{ "arn":{ "shape":"MemoryArn", "documentation":"The Amazon Resource Name (ARN) of the memory.
" }, "id":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory.
" }, "status":{ "shape":"MemoryStatus", "documentation":"The current status of the memory.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory was last updated.
" } }, "documentation":"Contains summary information about a memory resource.
" }, "MemorySummaryList":{ "type":"list", "member":{"shape":"MemorySummary"} }, "MemoryView":{ "type":"string", "enum":[ "full", "without_decryption" ] }, "MessageBasedTrigger":{ "type":"structure", "members":{ "messageCount":{ "shape":"Integer", "documentation":"The number of messages that trigger memory processing.
" } }, "documentation":"The trigger configuration based on a message.
" }, "MessageBasedTriggerInput":{ "type":"structure", "members":{ "messageCount":{ "shape":"MessageBasedTriggerInputMessageCountInteger", "documentation":"The number of messages that trigger memory processing.
" } }, "documentation":"The trigger configuration based on a message.
" }, "MessageBasedTriggerInputMessageCountInteger":{ "type":"integer", "box":true, "max":50, "min":1 }, "MetadataConfiguration":{ "type":"structure", "members":{ "allowedRequestHeaders":{ "shape":"AllowedRequestHeaders", "documentation":"A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.
" }, "allowedQueryParameters":{ "shape":"AllowedQueryParameters", "documentation":"A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.
" }, "allowedResponseHeaders":{ "shape":"AllowedResponseHeaders", "documentation":"A list of HTTP headers that are allowed to be propagated from the target response back to the client.
" } }, "documentation":"Configuration for HTTP header and query parameter propagation between the gateway and target servers.
" }, "MicrosoftOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Microsoft OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Microsoft OAuth2 provider.
" }, "tenantId":{ "shape":"TenantIdType", "documentation":"The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.
" } }, "documentation":"Input configuration for a Microsoft OAuth2 provider.
" }, "MicrosoftOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the Microsoft provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Microsoft OAuth2 provider.
" } }, "documentation":"Output configuration for a Microsoft OAuth2 provider.
" }, "ModelId":{"type":"string"}, "ModifyConsolidationConfiguration":{ "type":"structure", "members":{ "customConsolidationConfiguration":{ "shape":"CustomConsolidationConfigurationInput", "documentation":"The updated custom consolidation configuration.
" } }, "documentation":"Contains information for modifying a consolidation configuration.
", "union":true }, "ModifyExtractionConfiguration":{ "type":"structure", "members":{ "customExtractionConfiguration":{ "shape":"CustomExtractionConfigurationInput", "documentation":"The updated custom extraction configuration.
" } }, "documentation":"Contains information for modifying an extraction configuration.
", "union":true }, "ModifyInvocationConfigurationInput":{ "type":"structure", "members":{ "topicArn":{ "shape":"Arn", "documentation":"The updated ARN of the SNS topic for job notifications.
" }, "payloadDeliveryBucketName":{ "shape":"ModifyInvocationConfigurationInputPayloadDeliveryBucketNameString", "documentation":"The updated S3 bucket name for event payload delivery.
" } }, "documentation":"The configuration for updating invocation settings.
" }, "ModifyInvocationConfigurationInputPayloadDeliveryBucketNameString":{ "type":"string", "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" }, "ModifyMemoryStrategies":{ "type":"structure", "members":{ "addMemoryStrategies":{ "shape":"MemoryStrategyInputList", "documentation":"The list of memory strategies to add.
" }, "modifyMemoryStrategies":{ "shape":"ModifyMemoryStrategiesList", "documentation":"The list of memory strategies to modify.
" }, "deleteMemoryStrategies":{ "shape":"DeleteMemoryStrategiesList", "documentation":"The list of memory strategies to delete.
" } }, "documentation":"Contains information for modifying memory strategies.
" }, "ModifyMemoryStrategiesList":{ "type":"list", "member":{"shape":"ModifyMemoryStrategyInput"} }, "ModifyMemoryStrategyInput":{ "type":"structure", "required":["memoryStrategyId"], "members":{ "memoryStrategyId":{ "shape":"String", "documentation":"The unique identifier of the memory strategy to modify.
" }, "description":{ "shape":"Description", "documentation":"The updated description of the memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The updated namespaces for the memory strategy.
" }, "configuration":{ "shape":"ModifyStrategyConfiguration", "documentation":"The updated configuration for the memory strategy.
" } }, "documentation":"Input for modifying a memory strategy.
" }, "ModifyReflectionConfiguration":{ "type":"structure", "members":{ "episodicReflectionConfiguration":{ "shape":"EpisodicReflectionConfigurationInput", "documentation":"The updated episodic reflection configuration.
" }, "customReflectionConfiguration":{ "shape":"CustomReflectionConfigurationInput", "documentation":"The updated custom reflection configuration.
" } }, "documentation":"Contains information for modifying a reflection configuration.
", "union":true }, "ModifySelfManagedConfiguration":{ "type":"structure", "members":{ "triggerConditions":{ "shape":"TriggerConditionInputList", "documentation":"The updated list of conditions that trigger memory processing.
" }, "invocationConfiguration":{ "shape":"ModifyInvocationConfigurationInput", "documentation":"The updated configuration to invoke self-managed memory processing pipeline.
" }, "historicalContextWindowSize":{ "shape":"ModifySelfManagedConfigurationHistoricalContextWindowSizeInteger", "documentation":"The updated number of historical messages to include in processing context.
" } }, "documentation":"The configuration for updating the self-managed memory strategy.
" }, "ModifySelfManagedConfigurationHistoricalContextWindowSizeInteger":{ "type":"integer", "box":true, "max":50, "min":0 }, "ModifyStrategyConfiguration":{ "type":"structure", "members":{ "extraction":{ "shape":"ModifyExtractionConfiguration", "documentation":"The updated extraction configuration.
" }, "consolidation":{ "shape":"ModifyConsolidationConfiguration", "documentation":"The updated consolidation configuration.
" }, "reflection":{ "shape":"ModifyReflectionConfiguration", "documentation":"The updated reflection configuration.
" }, "selfManagedConfiguration":{ "shape":"ModifySelfManagedConfiguration", "documentation":"The updated self-managed configuration.
" } }, "documentation":"Contains information for modifying a strategy configuration.
" }, "Name":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "Namespace":{ "type":"string", "max":1024, "min":1, "pattern":"[a-zA-Z0-9\\-_\\/]*(\\{(actorId|sessionId|memoryStrategyId)\\}[a-zA-Z0-9\\-_\\/]*)*" }, "NamespacesList":{ "type":"list", "member":{"shape":"Namespace"}, "min":1 }, "NaturalLanguage":{ "type":"string", "max":2000, "min":1 }, "NetworkConfiguration":{ "type":"structure", "required":["networkMode"], "members":{ "networkMode":{ "shape":"NetworkMode", "documentation":"The network mode for the AgentCore Runtime.
" }, "networkModeConfig":{ "shape":"VpcConfig", "documentation":"The network mode configuration for the AgentCore Runtime.
" } }, "documentation":"SecurityConfig for the Agent.
" }, "NetworkMode":{ "type":"string", "enum":[ "PUBLIC", "VPC" ] }, "NextToken":{ "type":"string", "max":2048, "min":1, "pattern":"\\S*" }, "NonBlankString":{ "type":"string", "pattern":"[\\s\\S]+" }, "NonEmptyString":{ "type":"string", "min":1 }, "NumericalScaleDefinition":{ "type":"structure", "required":[ "definition", "value", "label" ], "members":{ "definition":{ "shape":"String", "documentation":"The description that explains what this numerical rating represents and when it should be used.
" }, "value":{ "shape":"NumericalScaleDefinitionValueDouble", "documentation":"The numerical value for this rating scale option.
" }, "label":{ "shape":"NumericalScaleDefinitionLabelString", "documentation":"The label or name that describes this numerical rating option.
" } }, "documentation":"The definition of a numerical rating scale option that provides a numeric value with its description for evaluation scoring.
" }, "NumericalScaleDefinitionLabelString":{ "type":"string", "max":100, "min":1 }, "NumericalScaleDefinitionValueDouble":{ "type":"double", "box":true, "min":0 }, "NumericalScaleDefinitions":{ "type":"list", "member":{"shape":"NumericalScaleDefinition"} }, "OAuthCredentialProvider":{ "type":"structure", "required":[ "providerArn", "scopes" ], "members":{ "providerArn":{ "shape":"OAuthCredentialProviderArn", "documentation":"The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
" }, "scopes":{ "shape":"OAuthScopes", "documentation":"The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
" }, "customParameters":{ "shape":"OAuthCustomParameters", "documentation":"The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
" }, "grantType":{ "shape":"OAuthGrantType", "documentation":"Specifies the kind of credentials to use for authorization:
CLIENT_CREDENTIALS - Authorization with a client ID and secret.
AUTHORIZATION_CODE - Authorization with a token that is specific to an individual end user.
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
" } }, "documentation":"An OAuth credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using OAuth.
" }, "OAuthCredentialProviderArn":{ "type":"string", "pattern":"arn:([^:]*):([^:]*):([^:]*):([0-9]{12})?:(.+)" }, "OAuthCustomParameters":{ "type":"map", "key":{"shape":"OAuthCustomParametersKey"}, "value":{"shape":"OAuthCustomParametersValue"}, "max":10, "min":1 }, "OAuthCustomParametersKey":{ "type":"string", "max":256, "min":1 }, "OAuthCustomParametersValue":{ "type":"string", "max":2048, "min":1, "sensitive":true }, "OAuthDefaultReturnUrl":{ "type":"string", "max":2048, "min":1, "pattern":"\\w+:(\\/?\\/?)[^\\s]+" }, "OAuthGrantType":{ "type":"string", "enum":[ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE" ] }, "OAuthScope":{ "type":"string", "max":64, "min":1 }, "OAuthScopes":{ "type":"list", "member":{"shape":"OAuthScope"}, "max":100, "min":0 }, "Oauth2AuthorizationServerMetadata":{ "type":"structure", "required":[ "issuer", "authorizationEndpoint", "tokenEndpoint" ], "members":{ "issuer":{ "shape":"IssuerUrlType", "documentation":"The issuer URL for the OAuth2 authorization server.
" }, "authorizationEndpoint":{ "shape":"AuthorizationEndpointType", "documentation":"The authorization endpoint URL for the OAuth2 authorization server.
" }, "tokenEndpoint":{ "shape":"TokenEndpointType", "documentation":"The token endpoint URL for the OAuth2 authorization server.
" }, "responseTypes":{ "shape":"ResponseListType", "documentation":"The supported response types for the OAuth2 authorization server.
" }, "tokenEndpointAuthMethods":{ "shape":"TokenEndpointAuthMethodsType", "documentation":"The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
" } }, "documentation":"Contains the authorization server metadata for an OAuth2 provider.
" }, "Oauth2CredentialProviderItem":{ "type":"structure", "required":[ "name", "credentialProviderVendor", "credentialProviderArn", "createdTime", "lastUpdatedTime" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider.
" }, "credentialProviderArn":{ "shape":"CredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the OAuth2 credential provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was last updated.
" } }, "documentation":"Contains information about an OAuth2 credential provider.
" }, "Oauth2CredentialProviders":{ "type":"list", "member":{"shape":"Oauth2CredentialProviderItem"} }, "Oauth2Discovery":{ "type":"structure", "members":{ "discoveryUrl":{ "shape":"DiscoveryUrlType", "documentation":"The discovery URL for the OAuth2 provider.
" }, "authorizationServerMetadata":{ "shape":"Oauth2AuthorizationServerMetadata", "documentation":"The authorization server metadata for the OAuth2 provider.
" } }, "documentation":"Contains the discovery information for an OAuth2 provider.
", "union":true }, "Oauth2ProviderConfigInput":{ "type":"structure", "members":{ "customOauth2ProviderConfig":{ "shape":"CustomOauth2ProviderConfigInput", "documentation":"The configuration for a custom OAuth2 provider.
" }, "googleOauth2ProviderConfig":{ "shape":"GoogleOauth2ProviderConfigInput", "documentation":"The configuration for a Google OAuth2 provider.
" }, "githubOauth2ProviderConfig":{ "shape":"GithubOauth2ProviderConfigInput", "documentation":"The configuration for a GitHub OAuth2 provider.
" }, "slackOauth2ProviderConfig":{ "shape":"SlackOauth2ProviderConfigInput", "documentation":"The configuration for a Slack OAuth2 provider.
" }, "salesforceOauth2ProviderConfig":{ "shape":"SalesforceOauth2ProviderConfigInput", "documentation":"The configuration for a Salesforce OAuth2 provider.
" }, "microsoftOauth2ProviderConfig":{ "shape":"MicrosoftOauth2ProviderConfigInput", "documentation":"The configuration for a Microsoft OAuth2 provider.
" }, "atlassianOauth2ProviderConfig":{ "shape":"AtlassianOauth2ProviderConfigInput", "documentation":"Configuration settings for Atlassian OAuth2 provider integration.
" }, "linkedinOauth2ProviderConfig":{ "shape":"LinkedinOauth2ProviderConfigInput", "documentation":"Configuration settings for LinkedIn OAuth2 provider integration.
" }, "includedOauth2ProviderConfig":{ "shape":"IncludedOauth2ProviderConfigInput", "documentation":"The configuration for a non-custom OAuth2 provider. This includes settings for supported OAuth2 providers that have built-in integration support.
" } }, "documentation":"Contains the input configuration for an OAuth2 provider.
", "union":true }, "Oauth2ProviderConfigOutput":{ "type":"structure", "members":{ "customOauth2ProviderConfig":{ "shape":"CustomOauth2ProviderConfigOutput", "documentation":"The output configuration for a custom OAuth2 provider.
" }, "googleOauth2ProviderConfig":{ "shape":"GoogleOauth2ProviderConfigOutput", "documentation":"The output configuration for a Google OAuth2 provider.
" }, "githubOauth2ProviderConfig":{ "shape":"GithubOauth2ProviderConfigOutput", "documentation":"The output configuration for a GitHub OAuth2 provider.
" }, "slackOauth2ProviderConfig":{ "shape":"SlackOauth2ProviderConfigOutput", "documentation":"The output configuration for a Slack OAuth2 provider.
" }, "salesforceOauth2ProviderConfig":{ "shape":"SalesforceOauth2ProviderConfigOutput", "documentation":"The output configuration for a Salesforce OAuth2 provider.
" }, "microsoftOauth2ProviderConfig":{ "shape":"MicrosoftOauth2ProviderConfigOutput", "documentation":"The output configuration for a Microsoft OAuth2 provider.
" }, "atlassianOauth2ProviderConfig":{ "shape":"AtlassianOauth2ProviderConfigOutput", "documentation":"The configuration details for the Atlassian OAuth2 provider.
" }, "linkedinOauth2ProviderConfig":{ "shape":"LinkedinOauth2ProviderConfigOutput", "documentation":"The configuration details for the LinkedIn OAuth2 provider.
" }, "includedOauth2ProviderConfig":{ "shape":"IncludedOauth2ProviderConfigOutput", "documentation":"The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.
" } }, "documentation":"Contains the output configuration for an OAuth2 provider.
", "union":true }, "OnlineEvaluationConfigArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:online-evaluation-config\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "OnlineEvaluationConfigId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "OnlineEvaluationConfigStatus":{ "type":"string", "enum":[ "ACTIVE", "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "DELETING" ] }, "OnlineEvaluationConfigSummary":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "onlineEvaluationConfigName", "status", "executionStatus", "createdAt", "updatedAt" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration.
" }, "onlineEvaluationConfigName":{ "shape":"EvaluationConfigName", "documentation":"The name of the online evaluation configuration.
" }, "description":{ "shape":"EvaluationConfigDescription", "documentation":"The description of the online evaluation configuration.
" }, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The execution status indicating whether the online evaluation is currently running.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was last updated.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the online evaluation configuration execution failed.
" } }, "documentation":"The summary information about an online evaluation configuration, including basic metadata and execution status.
" }, "OnlineEvaluationConfigSummaryList":{ "type":"list", "member":{"shape":"OnlineEvaluationConfigSummary"} }, "OnlineEvaluationExecutionStatus":{ "type":"string", "enum":[ "ENABLED", "DISABLED" ] }, "OutputConfig":{ "type":"structure", "required":["cloudWatchConfig"], "members":{ "cloudWatchConfig":{ "shape":"CloudWatchOutputConfig", "documentation":"The CloudWatch configuration for writing evaluation results to CloudWatch logs with embedded metric format.
" } }, "documentation":"The configuration that specifies where evaluation results should be written for monitoring and analysis.
" }, "OverrideType":{ "type":"string", "enum":[ "SEMANTIC_OVERRIDE", "SUMMARY_OVERRIDE", "USER_PREFERENCE_OVERRIDE", "SELF_MANAGED", "EPISODIC_OVERRIDE" ] }, "Policies":{ "type":"list", "member":{"shape":"Policy"}, "max":100, "min":0 }, "Policy":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier for the policy. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy operations.
" }, "name":{ "shape":"PolicyName", "documentation":"The customer-assigned immutable name for the policy. This human-readable identifier must be unique within the account and cannot exceed 48 characters.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages this policy. This establishes the policy engine context for policy evaluation and management.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy's purpose and functionality. Limited to 4,096 characters, this helps administrators understand and manage the policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was originally created. This is automatically set by the service and used for auditing and lifecycle management.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration or metadata.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The current status of the policy.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the policy status. This provides details about any failures or the current state of the policy lifecycle.
" } }, "documentation":"Represents a complete policy resource within the AgentCore Policy system. Policies are ARN-able resources that contain Cedar policy statements and associated metadata for controlling agent behavior and access decisions. Each policy belongs to a policy engine and defines fine-grained authorization rules that are evaluated in real-time as agents interact with tools through Gateway. Policies use the Cedar policy language to specify who (principals based on OAuth claims like username, role, or scope) can perform what actions (tool calls) on which resources (Gateways), with optional conditions for attribute-based access control. Multiple policies can apply to a single request, with Cedar's forbid-wins semantics ensuring that security restrictions are never accidentally overridden.
" }, "PolicyArn":{ "type":"string", "max":203, "min":96, "pattern":"arn:aws[-a-z]{0,7}:bedrock-agentcore:[a-z0-9-]{9,15}:[0-9]{12}:policy-engine/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}/policy/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}" }, "PolicyDefinition":{ "type":"structure", "members":{ "cedar":{ "shape":"CedarPolicy", "documentation":"The Cedar policy definition within the policy definition structure. This contains the Cedar policy statement that defines the authorization logic using Cedar's human-readable, analyzable policy language. Cedar policies specify principals (who can access), actions (what operations are allowed), resources (what can be accessed), and optional conditions for fine-grained control. Cedar provides a formal policy language designed for authorization with deterministic evaluation, making policies testable, reviewable, and auditable. All Cedar policies follow a default-deny model where actions are denied unless explicitly permitted, and forbid policies always override permit policies.
" } }, "documentation":"Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.
", "union":true }, "PolicyEngine":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier for the policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy engine operations.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned immutable name for the policy engine. This human-readable identifier must be unique within the account and cannot exceed 48 characters.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy engine's purpose and scope. Limited to 4,096 characters, this helps administrators understand the policy engine's role in the overall governance strategy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was originally created. This is automatically set by the service and used for auditing and lifecycle management.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration or metadata.
" }, "policyEngineArn":{ "shape":"PolicyEngineArn", "documentation":"The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The current status of the policy engine.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine lifecycle.
" } }, "documentation":"Represents a policy engine resource within the AgentCore Policy system. Policy engines serve as containers for grouping related policies and provide the execution context for policy evaluation and management. Each policy engine can be associated with one Gateway (one engine per Gateway), where it intercepts all agent tool calls and evaluates them against the contained policies before allowing tools to execute. The policy engine maintains the Cedar schema generated from the Gateway's tool manifest, ensuring that policies are validated against the actual tools and parameters available. Policy engines support two enforcement modes that can be configured when associating with a Gateway: log-only mode for testing (evaluates decisions without blocking) and enforce mode for production (actively allows or denies based on policy evaluation).
" }, "PolicyEngineArn":{ "type":"string", "max":136, "min":76, "pattern":"arn:aws[-a-z]{0,7}:bedrock-agentcore:[a-z0-9-]{9,15}:[0-9]{12}:policy-engine/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}" }, "PolicyEngineName":{ "type":"string", "max":48, "min":1, "pattern":"[A-Za-z][A-Za-z0-9_]*" }, "PolicyEngineStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED" ] }, "PolicyEngines":{ "type":"list", "member":{"shape":"PolicyEngine"}, "max":100, "min":0 }, "PolicyGeneration":{ "type":"structure", "required":[ "policyEngineId", "policyGenerationId", "name", "policyGenerationArn", "resource", "createdAt", "updatedAt", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine associated with this generation request.
" }, "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier for this policy generation request.
" }, "name":{ "shape":"PolicyGenerationName", "documentation":"The customer-assigned name for this policy generation request.
" }, "policyGenerationArn":{ "shape":"PolicyGenerationArn", "documentation":"The ARN of this policy generation request.
" }, "resource":{ "shape":"Resource", "documentation":"The resource information associated with this policy generation.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when this policy generation request was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when this policy generation was last updated.
" }, "status":{ "shape":"PolicyGenerationStatus", "documentation":"The current status of this policy generation request.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the generation status.
" }, "findings":{ "shape":"String", "documentation":"Findings and insights from this policy generation process.
" } }, "documentation":"Represents a policy generation request within the AgentCore Policy system. Tracks the AI-powered conversion of natural language descriptions into Cedar policy statements, enabling users to author policies by describing authorization requirements in plain English. The generation process analyzes the natural language input along with the Gateway's tool context and Cedar schema to produce one or more validated policy options. Each generation request tracks the status of the conversion process and maintains findings about the generated policies, including validation results and potential issues. Generated policy assets remain available for one week after successful generation, allowing time to review and create policies from the generated options.
" }, "PolicyGenerationArn":{ "type":"string", "max":210, "min":103, "pattern":"arn:aws[-a-z]{0,7}:bedrock-agentcore:[a-z0-9-]{9,15}:[0-9]{12}:policy-engine/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}/policy-generation/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}" }, "PolicyGenerationAsset":{ "type":"structure", "required":[ "policyGenerationAssetId", "rawTextFragment", "findings" ], "members":{ "policyGenerationAssetId":{ "shape":"ResourceId", "documentation":"The unique identifier for this generated policy asset within the policy generation request. This ID can be used to reference specific generated policy options when creating actual policies from the generation results.
" }, "definition":{"shape":"PolicyDefinition"}, "rawTextFragment":{ "shape":"NaturalLanguage", "documentation":"The portion of the original natural language input that this generated policy asset addresses. This helps users understand which part of their policy description was translated into this specific Cedar policy statement, enabling better policy selection and refinement. When a single natural language input describes multiple authorization requirements, the generation process creates separate policy assets for each requirement, with each asset's rawTextFragment showing which requirement it addresses. Use this mapping to verify that all parts of your natural language input were correctly translated into Cedar policies.
" }, "findings":{ "shape":"Findings", "documentation":"Analysis findings and insights related to this specific generated policy asset. These findings may include validation results, potential issues, or recommendations for improvement to help users evaluate the quality and appropriateness of the generated policy.
" } }, "documentation":"Represents a generated policy asset from the AI-powered policy generation process within the AgentCore Policy system. Each asset contains a Cedar policy statement generated from natural language input, along with associated metadata and analysis findings to help users evaluate and select the most appropriate policy option.
" }, "PolicyGenerationAssets":{ "type":"list", "member":{"shape":"PolicyGenerationAsset"} }, "PolicyGenerationName":{ "type":"string", "max":48, "min":1, "pattern":"[A-Za-z][A-Za-z0-9_]*" }, "PolicyGenerationStatus":{ "type":"string", "enum":[ "GENERATING", "GENERATED", "GENERATE_FAILED", "DELETE_FAILED" ] }, "PolicyGenerations":{ "type":"list", "member":{"shape":"PolicyGeneration"}, "max":100, "min":0 }, "PolicyName":{ "type":"string", "max":48, "min":1, "pattern":"[A-Za-z][A-Za-z0-9_]*" }, "PolicyStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED" ] }, "PolicyStatusReasons":{ "type":"list", "member":{"shape":"String"} }, "PolicyValidationMode":{ "type":"string", "enum":[ "FAIL_ON_ANY_FINDINGS", "IGNORE_ALL_FINDINGS" ] }, "Prompt":{ "type":"string", "max":30000, "min":1, "sensitive":true }, "ProtocolConfiguration":{ "type":"structure", "required":["serverProtocol"], "members":{ "serverProtocol":{ "shape":"ServerProtocol", "documentation":"The server protocol for the agent runtime. This field specifies which protocol the agent runtime uses to communicate with clients.
" } }, "documentation":"The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.
" }, "PutResourcePolicyRequest":{ "type":"structure", "required":[ "resourceArn", "policy" ], "members":{ "resourceArn":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"The Amazon Resource Name (ARN) of the resource for which to create or update the resource policy.
", "location":"uri", "locationName":"resourceArn" }, "policy":{ "shape":"ResourcePolicyBody", "documentation":"The resource policy to create or update.
" } } }, "PutResourcePolicyResponse":{ "type":"structure", "required":["policy"], "members":{ "policy":{ "shape":"ResourcePolicyBody", "documentation":"The resource policy that was created or updated.
" } } }, "RatingScale":{ "type":"structure", "members":{ "numerical":{ "shape":"NumericalScaleDefinitions", "documentation":"The numerical rating scale with defined score values and descriptions for quantitative evaluation.
" }, "categorical":{ "shape":"CategoricalScaleDefinitions", "documentation":"The categorical rating scale with named categories and definitions for qualitative evaluation.
" } }, "documentation":"The rating scale that defines how evaluators should score agent performance, supporting both numerical and categorical scales.
", "union":true }, "RecordingConfig":{ "type":"structure", "members":{ "enabled":{ "shape":"Boolean", "documentation":"Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.
" }, "s3Location":{ "shape":"S3Location", "documentation":"The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.
" } }, "documentation":"The recording configuration for a browser. This structure defines how browser sessions are recorded.
" }, "ReflectionConfiguration":{ "type":"structure", "members":{ "customReflectionConfiguration":{ "shape":"CustomReflectionConfiguration", "documentation":"The configuration for a custom reflection strategy.
" }, "episodicReflectionConfiguration":{ "shape":"EpisodicReflectionConfiguration", "documentation":"The configuration for the episodic reflection strategy.
" } }, "documentation":"Contains reflection configuration information for a memory strategy.
", "union":true }, "RequestHeaderAllowlist":{ "type":"list", "member":{"shape":"HeaderName"}, "max":20, "min":1 }, "RequestHeaderConfiguration":{ "type":"structure", "members":{ "requestHeaderAllowlist":{ "shape":"RequestHeaderAllowlist", "documentation":"A list of HTTP request headers that are allowed to be passed through to the runtime.
" } }, "documentation":"Configuration for HTTP request headers that will be passed through to the runtime.
", "union":true }, "RequiredProperties":{ "type":"list", "member":{"shape":"String"} }, "Resource":{ "type":"structure", "members":{ "arn":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"The Amazon Resource Name (ARN) of the resource. This globally unique identifier specifies the exact resource that policies will be evaluated against for access control decisions.
" } }, "documentation":"Represents a resource within the AgentCore Policy system. Resources are the targets of policy evaluation. Currently, only AgentCore Gateways are supported as resources for policy enforcement.
", "union":true }, "ResourceId":{ "type":"string", "max":59, "min":12, "pattern":"[A-Za-z][A-Za-z0-9_]*-[a-z0-9_]{10}" }, "ResourceLimitExceededException":{ "type":"structure", "members":{ "message":{"shape":"String"} }, "documentation":"Exception thrown when a resource limit is exceeded.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "ResourceNotFoundException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when a resource referenced by the operation does not exist
", "error":{ "httpStatusCode":404, "senderFault":true }, "exception":true }, "ResourceOauth2ReturnUrlListType":{ "type":"list", "member":{"shape":"ResourceOauth2ReturnUrlType"} }, "ResourceOauth2ReturnUrlType":{ "type":"string", "max":2048, "min":1, "pattern":"\\w+:(\\/?\\/?)[^\\s]+" }, "ResourcePolicyBody":{ "type":"string", "max":20480, "min":1 }, "ResourceType":{ "type":"string", "enum":[ "SYSTEM", "CUSTOM" ] }, "ResponseListType":{ "type":"list", "member":{"shape":"ResponseType"} }, "ResponseType":{"type":"string"}, "RestApiMethod":{ "type":"string", "enum":[ "GET", "DELETE", "HEAD", "OPTIONS", "PATCH", "PUT", "POST" ] }, "RestApiMethods":{ "type":"list", "member":{"shape":"RestApiMethod"} }, "RoleArn":{ "type":"string", "max":2048, "min":1, "pattern":"arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+" }, "Rule":{ "type":"structure", "required":["samplingConfig"], "members":{ "samplingConfig":{ "shape":"SamplingConfig", "documentation":"The sampling configuration that determines what percentage of agent traces to evaluate.
" }, "filters":{ "shape":"FilterList", "documentation":"The list of filters that determine which agent traces should be included in the evaluation based on trace properties.
" }, "sessionConfig":{ "shape":"SessionConfig", "documentation":"The session configuration that defines timeout settings for detecting when agent sessions are complete and ready for evaluation.
" } }, "documentation":"The evaluation rule that defines sampling configuration, filtering criteria, and session detection settings for online evaluation.
" }, "RuntimeContainerUri":{ "type":"string", "max":1024, "min":1, "pattern":"([0-9]{12})\\.dkr\\.ecr\\.([a-z0-9-]+)\\.amazonaws\\.com/((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)(?::([^:@]{1,300}))?(?:@(.+))?" }, "S3BucketUri":{ "type":"string", "pattern":"s3://.{1,2043}" }, "S3Configuration":{ "type":"structure", "members":{ "uri":{ "shape":"S3BucketUri", "documentation":"The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
" }, "bucketOwnerAccountId":{ "shape":"AwsAccountId", "documentation":"The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
" } }, "documentation":"The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
" }, "S3Location":{ "type":"structure", "required":[ "bucket", "prefix" ], "members":{ "bucket":{ "shape":"S3LocationBucketString", "documentation":"The name of the Amazon S3 bucket. This bucket contains the stored data.
" }, "prefix":{ "shape":"S3LocationPrefixString", "documentation":"The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
" }, "versionId":{ "shape":"S3LocationVersionIdString", "documentation":"The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
" } }, "documentation":"The Amazon S3 location for storing data. This structure defines where in Amazon S3 data is stored.
" }, "S3LocationBucketString":{ "type":"string", "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" }, "S3LocationPrefixString":{ "type":"string", "max":1024, "min":1 }, "S3LocationVersionIdString":{ "type":"string", "max":1024, "min":3 }, "SalesforceOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Salesforce OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Salesforce OAuth2 provider.
" } }, "documentation":"Input configuration for a Salesforce OAuth2 provider.
" }, "SalesforceOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the Salesforce provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Salesforce OAuth2 provider.
" } }, "documentation":"Output configuration for a Salesforce OAuth2 provider.
" }, "SamplingConfig":{ "type":"structure", "required":["samplingPercentage"], "members":{ "samplingPercentage":{ "shape":"SamplingConfigSamplingPercentageDouble", "documentation":"The percentage of agent traces to sample for evaluation, ranging from 0.01% to 100%.
" } }, "documentation":"The configuration that controls what percentage of agent traces are sampled for evaluation to manage evaluation volume and costs.
" }, "SamplingConfigSamplingPercentageDouble":{ "type":"double", "box":true, "max":100.0, "min":0.01 }, "SandboxName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "SchemaDefinition":{ "type":"structure", "required":["type"], "members":{ "type":{ "shape":"SchemaType", "documentation":"The type of the schema definition. This field specifies the data type of the schema.
" }, "properties":{ "shape":"SchemaProperties", "documentation":"The properties of the schema definition. These properties define the fields in the schema.
" }, "required":{ "shape":"RequiredProperties", "documentation":"The required fields in the schema definition. These fields must be provided when using the schema.
" }, "items":{ "shape":"SchemaDefinition", "documentation":"The items in the schema definition. This field is used for array types to define the structure of the array elements.
" }, "description":{ "shape":"String", "documentation":"The description of the schema definition. This description provides information about the purpose and usage of the schema.
" } }, "documentation":"A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
" }, "SchemaProperties":{ "type":"map", "key":{"shape":"String"}, "value":{"shape":"SchemaDefinition"} }, "SchemaType":{ "type":"string", "enum":[ "string", "number", "object", "array", "boolean", "integer" ] }, "SearchType":{ "type":"string", "enum":["SEMANTIC"] }, "Secret":{ "type":"structure", "required":["secretArn"], "members":{ "secretArn":{ "shape":"SecretArn", "documentation":"The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
" } }, "documentation":"Contains information about a secret in AWS Secrets Manager.
" }, "SecretArn":{ "type":"string", "pattern":"arn:(aws|aws-us-gov):secretsmanager:[A-Za-z0-9-]{1,64}:[0-9]{12}:secret:[a-zA-Z0-9-_/+=.@!]+" }, "SecurityGroupId":{ "type":"string", "pattern":"sg-[0-9a-zA-Z]{8,17}" }, "SecurityGroups":{ "type":"list", "member":{"shape":"SecurityGroupId"}, "max":16, "min":1 }, "SelfManagedConfiguration":{ "type":"structure", "required":[ "triggerConditions", "invocationConfiguration", "historicalContextWindowSize" ], "members":{ "triggerConditions":{ "shape":"TriggerConditionsList", "documentation":"A list of conditions that trigger memory processing.
" }, "invocationConfiguration":{ "shape":"InvocationConfiguration", "documentation":"The configuration to use when invoking memory processing.
" }, "historicalContextWindowSize":{ "shape":"Integer", "documentation":"The number of historical messages to include in processing context.
" } }, "documentation":"A configuration for a self-managed memory strategy.
" }, "SelfManagedConfigurationInput":{ "type":"structure", "required":["invocationConfiguration"], "members":{ "triggerConditions":{ "shape":"TriggerConditionInputList", "documentation":"A list of conditions that trigger memory processing.
" }, "invocationConfiguration":{ "shape":"InvocationConfigurationInput", "documentation":"Configuration to invoke a self-managed memory processing pipeline with.
" }, "historicalContextWindowSize":{ "shape":"SelfManagedConfigurationInputHistoricalContextWindowSizeInteger", "documentation":"Number of historical messages to include in processing context.
" } }, "documentation":"Input configuration for a self-managed memory strategy.
" }, "SelfManagedConfigurationInputHistoricalContextWindowSizeInteger":{ "type":"integer", "box":true, "max":50, "min":0 }, "SemanticConsolidationOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for semantic consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for semantic consolidation.
" } }, "documentation":"Contains semantic consolidation override configuration.
" }, "SemanticExtractionOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for semantic extraction.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for semantic extraction.
" } }, "documentation":"Contains semantic extraction override configuration.
" }, "SemanticMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the semantic memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the semantic memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the semantic memory strategy.
" } }, "documentation":"Input for creating a semantic memory strategy.
" }, "SemanticOverrideConfigurationInput":{ "type":"structure", "members":{ "extraction":{ "shape":"SemanticOverrideExtractionConfigurationInput", "documentation":"The extraction configuration for a semantic override.
" }, "consolidation":{ "shape":"SemanticOverrideConsolidationConfigurationInput", "documentation":"The consolidation configuration for a semantic override.
" } }, "documentation":"Input for semantic override configuration in a memory strategy.
" }, "SemanticOverrideConsolidationConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for semantic consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for semantic consolidation.
" } }, "documentation":"Input for semantic override consolidation configuration in a memory strategy.
" }, "SemanticOverrideExtractionConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for semantic extraction.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for semantic extraction.
" } }, "documentation":"Input for semantic override extraction configuration in a memory strategy.
" }, "ServerProtocol":{ "type":"string", "enum":[ "MCP", "HTTP", "A2A" ] }, "ServiceException":{ "type":"structure", "members":{ "message":{"shape":"String"} }, "documentation":"An internal error occurred.
", "error":{"httpStatusCode":500}, "exception":true, "fault":true, "retryable":{"throttling":false} }, "ServiceName":{ "type":"string", "max":256, "min":1, "pattern":"[a-zA-Z0-9._-]+" }, "ServiceQuotaExceededException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when a request is made beyond the service quota
", "error":{ "httpStatusCode":402, "senderFault":true }, "exception":true }, "SessionConfig":{ "type":"structure", "required":["sessionTimeoutMinutes"], "members":{ "sessionTimeoutMinutes":{ "shape":"SessionConfigSessionTimeoutMinutesInteger", "documentation":"The number of minutes of inactivity after which an agent session is considered complete and ready for evaluation. Default is 15 minutes.
" } }, "documentation":"The configuration that defines how agent sessions are detected and when they are considered complete for evaluation.
" }, "SessionConfigSessionTimeoutMinutesInteger":{ "type":"integer", "box":true, "max":1440, "min":1 }, "SetTokenVaultCMKRequest":{ "type":"structure", "required":["kmsConfiguration"], "members":{ "tokenVaultId":{ "shape":"TokenVaultIdType", "documentation":"The unique identifier of the token vault to update.
" }, "kmsConfiguration":{ "shape":"KmsConfiguration", "documentation":"The KMS configuration for the token vault, including the key type and KMS key ARN.
" } } }, "SetTokenVaultCMKResponse":{ "type":"structure", "required":[ "tokenVaultId", "kmsConfiguration", "lastModifiedDate" ], "members":{ "tokenVaultId":{ "shape":"TokenVaultIdType", "documentation":"The ID of the token vault.
" }, "kmsConfiguration":{ "shape":"KmsConfiguration", "documentation":"The KMS configuration for the token vault.
" }, "lastModifiedDate":{ "shape":"Timestamp", "documentation":"The timestamp when the token vault was last modified.
" } } }, "SlackOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Slack OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Slack OAuth2 provider.
" } }, "documentation":"Input configuration for a Slack OAuth2 provider.
" }, "SlackOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the Slack provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Slack OAuth2 provider.
" } }, "documentation":"Output configuration for a Slack OAuth2 provider.
" }, "StartPolicyGenerationRequest":{ "type":"structure", "required":[ "policyEngineId", "resource", "content", "name" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that provides the context for policy generation. This engine's schema and tool context are used to ensure generated policies are valid and applicable.
", "location":"uri", "locationName":"policyEngineId" }, "resource":{ "shape":"Resource", "documentation":"The resource information that provides context for policy generation. This helps the AI understand the target resources and generate appropriate access control rules.
" }, "content":{ "shape":"Content", "documentation":"The natural language description of the desired policy behavior. This content is processed by AI to generate corresponding Cedar policy statements that match the described intent.
" }, "name":{ "shape":"PolicyGenerationName", "documentation":"A customer-assigned name for the policy generation request. This helps track and identify generation operations, especially when running multiple generations simultaneously.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure the idempotency of the request. The AWS SDK automatically generates this token, so you don't need to provide it in most cases. If you retry a request with the same client token, the service returns the same response without starting a duplicate generation.
", "idempotencyToken":true } } }, "StartPolicyGenerationResponse":{ "type":"structure", "required":[ "policyEngineId", "policyGenerationId", "name", "policyGenerationArn", "resource", "createdAt", "updatedAt", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine associated with the started policy generation.
" }, "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier assigned to the policy generation request for tracking progress.
" }, "name":{ "shape":"PolicyGenerationName", "documentation":"The customer-assigned name for the policy generation request.
" }, "policyGenerationArn":{ "shape":"PolicyGenerationArn", "documentation":"The ARN of the created policy generation request.
" }, "resource":{ "shape":"Resource", "documentation":"The resource information associated with the policy generation request.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy generation request was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy generation was last updated.
" }, "status":{ "shape":"PolicyGenerationStatus", "documentation":"The initial status of the policy generation request.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the generation status.
" }, "findings":{ "shape":"String", "documentation":"Initial findings from the policy generation process.
" } } }, "Statement":{ "type":"string", "max":153600, "min":35 }, "StatusReason":{ "type":"string", "max":2048, "min":0 }, "StatusReasons":{ "type":"list", "member":{"shape":"StatusReason"}, "max":100, "min":0 }, "StrategyConfiguration":{ "type":"structure", "members":{ "type":{ "shape":"OverrideType", "documentation":"The type of override for the strategy configuration.
" }, "extraction":{ "shape":"ExtractionConfiguration", "documentation":"The extraction configuration for the memory strategy.
" }, "consolidation":{ "shape":"ConsolidationConfiguration", "documentation":"The consolidation configuration for the memory strategy.
" }, "reflection":{ "shape":"ReflectionConfiguration", "documentation":"The reflection configuration for the memory strategy.
" }, "selfManagedConfiguration":{ "shape":"SelfManagedConfiguration", "documentation":"Self-managed configuration settings.
" } }, "documentation":"Contains configuration information for a memory strategy.
" }, "String":{"type":"string"}, "SubnetId":{ "type":"string", "pattern":"subnet-[0-9a-zA-Z]{8,17}" }, "Subnets":{ "type":"list", "member":{"shape":"SubnetId"}, "max":16, "min":1 }, "SummaryConsolidationOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for summary consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for summary consolidation.
" } }, "documentation":"Contains summary consolidation override configuration.
" }, "SummaryMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the summary memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the summary memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the summary memory strategy.
" } }, "documentation":"Input for creating a summary memory strategy.
" }, "SummaryOverrideConfigurationInput":{ "type":"structure", "members":{ "consolidation":{ "shape":"SummaryOverrideConsolidationConfigurationInput", "documentation":"The consolidation configuration for a summary override.
" } }, "documentation":"Input for summary override configuration in a memory strategy.
" }, "SummaryOverrideConsolidationConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for summary consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for summary consolidation.
" } }, "documentation":"Input for summary override consolidation configuration in a memory strategy.
" }, "SynchronizeGatewayTargetsRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "targetIdList" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The gateway Identifier.
", "location":"uri", "locationName":"gatewayIdentifier" }, "targetIdList":{ "shape":"TargetIdList", "documentation":"The target ID list.
" } } }, "SynchronizeGatewayTargetsResponse":{ "type":"structure", "members":{ "targets":{ "shape":"GatewayTargetList", "documentation":"The gateway targets for synchronization.
" } } }, "TagKey":{ "type":"string", "max":128, "min":1, "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "TagKeyList":{ "type":"list", "member":{"shape":"TagKey"}, "max":200, "min":0 }, "TagResourceRequest":{ "type":"structure", "required":[ "resourceArn", "tags" ], "members":{ "resourceArn":{ "shape":"TaggableResourcesArn", "documentation":"The Amazon Resource Name (ARN) of the resource that you want to tag.
", "location":"uri", "locationName":"resourceArn" }, "tags":{ "shape":"TagsMap", "documentation":"The tags to add to the resource. A tag is a key-value pair.
" } } }, "TagResourceResponse":{ "type":"structure", "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0, "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "TaggableResourcesArn":{ "type":"string", "max":1011, "min":20, "pattern":"arn:(?:[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:([a-z-]+/[^/]+)(?:/[a-z-]+/[^/]+)*" }, "TagsMap":{ "type":"map", "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"}, "max":50, "min":0 }, "TargetConfiguration":{ "type":"structure", "members":{ "mcp":{ "shape":"McpTargetConfiguration", "documentation":"The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
" } }, "documentation":"The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
", "union":true }, "TargetDescription":{ "type":"string", "max":200, "min":1, "sensitive":true }, "TargetId":{ "type":"string", "pattern":"[0-9a-zA-Z]{10}" }, "TargetIdList":{ "type":"list", "member":{"shape":"TargetId"}, "max":1, "min":1 }, "TargetMaxResults":{ "type":"integer", "box":true, "max":1000, "min":1 }, "TargetName":{ "type":"string", "pattern":"([0-9a-zA-Z][-]?){1,100}", "sensitive":true }, "TargetNextToken":{ "type":"string", "max":2048, "min":1, "pattern":"\\S*" }, "TargetStatus":{ "type":"string", "enum":[ "CREATING", "UPDATING", "UPDATE_UNSUCCESSFUL", "DELETING", "READY", "FAILED", "SYNCHRONIZING", "SYNCHRONIZE_UNSUCCESSFUL" ] }, "TargetSummaries":{ "type":"list", "member":{"shape":"TargetSummary"} }, "TargetSummary":{ "type":"structure", "required":[ "targetId", "name", "status", "createdAt", "updatedAt" ], "members":{ "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the target.
" }, "name":{ "shape":"TargetName", "documentation":"The name of the target.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description of the target.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the target was last updated.
" } }, "documentation":"Contains summary information about a gateway target. A target represents an endpoint that the gateway can connect to.
" }, "TenantIdType":{ "type":"string", "max":2048, "min":1 }, "ThrottledException":{ "type":"structure", "members":{ "message":{"shape":"String"} }, "documentation":"API rate limit has been exceeded.
", "error":{ "httpStatusCode":429, "senderFault":true }, "exception":true, "retryable":{"throttling":false} }, "ThrottlingException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when the number of requests exceeds the limit
", "error":{ "httpStatusCode":429, "senderFault":true }, "exception":true }, "TimeBasedTrigger":{ "type":"structure", "members":{ "idleSessionTimeout":{ "shape":"Integer", "documentation":"Idle session timeout (seconds) that triggers memory processing.
" } }, "documentation":"Trigger configuration based on time.
" }, "TimeBasedTriggerInput":{ "type":"structure", "members":{ "idleSessionTimeout":{ "shape":"TimeBasedTriggerInputIdleSessionTimeoutInteger", "documentation":"Idle session timeout (seconds) that triggers memory processing.
" } }, "documentation":"Trigger configuration based on time.
" }, "TimeBasedTriggerInputIdleSessionTimeoutInteger":{ "type":"integer", "box":true, "max":3000, "min":10 }, "Timestamp":{"type":"timestamp"}, "TokenAuthMethod":{ "type":"string", "pattern":"(client_secret_post|client_secret_basic)" }, "TokenBasedTrigger":{ "type":"structure", "members":{ "tokenCount":{ "shape":"Integer", "documentation":"Number of tokens that trigger memory processing.
" } }, "documentation":"Trigger configuration based on tokens.
" }, "TokenBasedTriggerInput":{ "type":"structure", "members":{ "tokenCount":{ "shape":"TokenBasedTriggerInputTokenCountInteger", "documentation":"Number of tokens that trigger memory processing.
" } }, "documentation":"Trigger configuration based on tokens.
" }, "TokenBasedTriggerInputTokenCountInteger":{ "type":"integer", "box":true, "max":500000, "min":100 }, "TokenEndpointAuthMethodsType":{ "type":"list", "member":{"shape":"TokenAuthMethod"}, "max":2, "min":1 }, "TokenEndpointType":{"type":"string"}, "TokenVaultIdType":{ "type":"string", "max":64, "min":1, "pattern":"[a-zA-Z0-9\\-_]+" }, "ToolDefinition":{ "type":"structure", "required":[ "name", "description", "inputSchema" ], "members":{ "name":{ "shape":"String", "documentation":"The name of the tool. This name identifies the tool in the Model Context Protocol.
" }, "description":{ "shape":"String", "documentation":"The description of the tool. This description provides information about the purpose and usage of the tool.
" }, "inputSchema":{ "shape":"SchemaDefinition", "documentation":"The input schema for the tool. This schema defines the structure of the input that the tool accepts.
" }, "outputSchema":{ "shape":"SchemaDefinition", "documentation":"The output schema for the tool. This schema defines the structure of the output that the tool produces.
" } }, "documentation":"A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
" }, "ToolDefinitions":{ "type":"list", "member":{"shape":"ToolDefinition"} }, "ToolSchema":{ "type":"structure", "members":{ "s3":{ "shape":"S3Configuration", "documentation":"The Amazon S3 location of the tool schema. This location contains the schema definition file.
" }, "inlinePayload":{ "shape":"ToolDefinitions", "documentation":"The inline payload of the tool schema. This payload contains the schema definition directly in the request.
" } }, "documentation":"A tool schema for a gateway target. This structure defines the schema for a tool that the target exposes through the Model Context Protocol.
", "union":true }, "TriggerCondition":{ "type":"structure", "members":{ "messageBasedTrigger":{ "shape":"MessageBasedTrigger", "documentation":"Message based trigger configuration.
" }, "tokenBasedTrigger":{ "shape":"TokenBasedTrigger", "documentation":"Token based trigger configuration.
" }, "timeBasedTrigger":{ "shape":"TimeBasedTrigger", "documentation":"Time based trigger configuration.
" } }, "documentation":"Condition that triggers memory processing.
", "union":true }, "TriggerConditionInput":{ "type":"structure", "members":{ "messageBasedTrigger":{ "shape":"MessageBasedTriggerInput", "documentation":"Message based trigger configuration.
" }, "tokenBasedTrigger":{ "shape":"TokenBasedTriggerInput", "documentation":"Token based trigger configuration.
" }, "timeBasedTrigger":{ "shape":"TimeBasedTriggerInput", "documentation":"Time based trigger configuration.
" } }, "documentation":"Condition that triggers memory processing.
", "union":true }, "TriggerConditionInputList":{ "type":"list", "member":{"shape":"TriggerConditionInput"}, "min":1 }, "TriggerConditionsList":{ "type":"list", "member":{"shape":"TriggerCondition"}, "min":1 }, "UnauthorizedException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
", "error":{ "httpStatusCode":401, "senderFault":true }, "exception":true }, "UntagResourceRequest":{ "type":"structure", "required":[ "resourceArn", "tagKeys" ], "members":{ "resourceArn":{ "shape":"TaggableResourcesArn", "documentation":"The Amazon Resource Name (ARN) of the resource that you want to untag.
", "location":"uri", "locationName":"resourceArn" }, "tagKeys":{ "shape":"TagKeyList", "documentation":"The tag keys of the tags to remove from the resource.
", "location":"querystring", "locationName":"tagKeys" } } }, "UntagResourceResponse":{ "type":"structure", "members":{} }, "UpdateAgentRuntimeEndpointRequest":{ "type":"structure", "required":[ "agentRuntimeId", "endpointName" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime associated with the endpoint.
", "location":"uri", "locationName":"agentRuntimeId" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint to update.
", "location":"uri", "locationName":"endpointName" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The updated version of the AgentCore Runtime for the endpoint.
" }, "description":{ "shape":"AgentEndpointDescription", "documentation":"The updated description of the AgentCore Runtime endpoint.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true } } }, "UpdateAgentRuntimeEndpointResponse":{ "type":"structure", "required":[ "agentRuntimeEndpointArn", "agentRuntimeArn", "status", "createdAt", "lastUpdatedAt" ], "members":{ "liveVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The currently deployed version of the AgentCore Runtime on the endpoint.
" }, "targetVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The target version of the AgentCore Runtime for the endpoint.
" }, "agentRuntimeEndpointArn":{ "shape":"AgentRuntimeEndpointArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
" }, "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the updated AgentCore Runtime endpoint.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was last updated.
" } } }, "UpdateAgentRuntimeRequest":{ "type":"structure", "required":[ "agentRuntimeId", "agentRuntimeArtifact", "roleArn", "networkConfiguration" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to update.
", "location":"uri", "locationName":"agentRuntimeId" }, "agentRuntimeArtifact":{ "shape":"AgentRuntimeArtifact", "documentation":"The updated artifact of the AgentCore Runtime.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The updated IAM role ARN that provides permissions for the AgentCore Runtime.
" }, "networkConfiguration":{ "shape":"NetworkConfiguration", "documentation":"The updated network configuration for the AgentCore Runtime.
" }, "description":{ "shape":"Description", "documentation":"The updated description of the AgentCore Runtime.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The updated authorizer configuration for the AgentCore Runtime.
" }, "requestHeaderConfiguration":{ "shape":"RequestHeaderConfiguration", "documentation":"The updated configuration for HTTP request headers that will be passed through to the runtime.
" }, "protocolConfiguration":{"shape":"ProtocolConfiguration"}, "lifecycleConfiguration":{ "shape":"LifecycleConfiguration", "documentation":"The updated life cycle configuration for the AgentCore Runtime.
" }, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Updated environment variables to set in the AgentCore Runtime environment.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true } } }, "UpdateAgentRuntimeResponse":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeId", "agentRuntimeVersion", "createdAt", "lastUpdatedAt", "status" ], "members":{ "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the updated AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the updated AgentCore Runtime.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the updated AgentCore Runtime.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the updated AgentCore Runtime.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was last updated.
" }, "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the updated AgentCore Runtime.
" } } }, "UpdateApiKeyCredentialProviderRequest":{ "type":"structure", "required":[ "name", "apiKey" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider to update.
" }, "apiKey":{ "shape":"ApiKeyType", "documentation":"The new API key to use for authentication. This value replaces the existing API key and is encrypted and stored securely.
" } } }, "UpdateApiKeyCredentialProviderResponse":{ "type":"structure", "required":[ "apiKeySecretArn", "name", "credentialProviderArn", "createdTime", "lastUpdatedTime" ], "members":{ "apiKeySecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider.
" }, "credentialProviderArn":{ "shape":"ApiKeyCredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the API key credential provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was last updated.
" } } }, "UpdateEvaluatorRequest":{ "type":"structure", "required":["evaluatorId"], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator to update.
", "location":"uri", "locationName":"evaluatorId" }, "description":{ "shape":"EvaluatorDescription", "documentation":"The updated description of the evaluator.
" }, "evaluatorConfig":{ "shape":"EvaluatorConfig", "documentation":"The updated configuration for the evaluator, including LLM-as-a-Judge settings with instructions, rating scale, and model configuration.
" }, "level":{ "shape":"EvaluatorLevel", "documentation":" The updated evaluation level (TOOL_CALL, TRACE, or SESSION) that determines the scope of evaluation.
The Amazon Resource Name (ARN) of the updated evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the updated evaluator.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was last updated.
" }, "status":{ "shape":"EvaluatorStatus", "documentation":"The status of the evaluator update operation.
" } } }, "UpdateGatewayRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "name", "roleArn", "protocolType", "authorizerType" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to update.
", "location":"uri", "locationName":"gatewayIdentifier" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway. This name must be the same as the one when the gateway was created.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The updated description for the gateway.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The updated IAM role ARN that provides permissions for the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The updated protocol type for the gateway.
" }, "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, "authorizerType":{ "shape":"AuthorizerType", "documentation":"The updated authorizer type for the gateway.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The updated authorizer configuration for the gateway.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The updated ARN of the KMS key used to encrypt the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"The updated interceptor configurations for the gateway.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The updated policy engine configuration for the gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The Amazon Resource Name (ARN) of the updated gateway.
" }, "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the updated gateway.
" }, "gatewayUrl":{ "shape":"GatewayUrl", "documentation":"An endpoint for invoking the updated gateway.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was last updated.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the updated gateway.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the updated gateway.
" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The updated description of the gateway.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The updated IAM role ARN that provides permissions for the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The updated protocol type for the gateway.
" }, "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, "authorizerType":{ "shape":"AuthorizerType", "documentation":"The updated authorizer type for the gateway.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The updated authorizer configuration for the gateway.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The updated ARN of the KMS key used to encrypt the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"The updated interceptor configurations for the gateway.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The updated policy engine configuration for the gateway.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the updated gateway.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The unique identifier of the gateway associated with the target.
", "location":"uri", "locationName":"gatewayIdentifier" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the gateway target to update.
", "location":"uri", "locationName":"targetId" }, "name":{ "shape":"TargetName", "documentation":"The updated name for the gateway target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The updated description for the gateway target.
" }, "targetConfiguration":{"shape":"TargetConfiguration"}, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The updated credential provider configurations for the gateway target.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"Configuration for HTTP header and query parameter propagation to the gateway target.
" } } }, "UpdateGatewayTargetResponse":{ "type":"structure", "required":[ "gatewayArn", "targetId", "createdAt", "updatedAt", "status", "name", "targetConfiguration", "credentialProviderConfigurations" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the updated gateway target.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway target was last updated.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the updated gateway target.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the updated gateway target.
" }, "name":{ "shape":"TargetName", "documentation":"The updated name of the gateway target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The updated description of the gateway target.
" }, "targetConfiguration":{"shape":"TargetConfiguration"}, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The updated credential provider configurations for the gateway target.
" }, "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"The date and time at which the targets were last synchronized.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"The metadata configuration that was applied to the gateway target.
" } } }, "UpdateMemoryInput":{ "type":"structure", "required":["memoryId"], "members":{ "clientToken":{ "shape":"UpdateMemoryInputClientTokenString", "documentation":"A client token is used for keeping track of idempotent requests. It can contain a session id which can be around 250 chars, combined with a unique AWS identifier.
", "idempotencyToken":true }, "memoryId":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory to update.
", "location":"uri", "locationName":"memoryId" }, "description":{ "shape":"Description", "documentation":"The updated description of the AgentCore Memory resource.
" }, "eventExpiryDuration":{ "shape":"UpdateMemoryInputEventExpiryDurationInteger", "documentation":"The number of days after which memory events will expire, between 7 and 365 days.
" }, "memoryExecutionRoleArn":{ "shape":"Arn", "documentation":"The ARN of the IAM role that provides permissions for the AgentCore Memory resource.
" }, "memoryStrategies":{ "shape":"ModifyMemoryStrategies", "documentation":"The memory strategies to add, modify, or delete.
" } } }, "UpdateMemoryInputClientTokenString":{ "type":"string", "max":500, "min":0 }, "UpdateMemoryInputEventExpiryDurationInteger":{ "type":"integer", "box":true, "max":365, "min":3 }, "UpdateMemoryOutput":{ "type":"structure", "members":{ "memory":{ "shape":"Memory", "documentation":"The updated AgentCore Memory resource details.
" } } }, "UpdateOauth2CredentialProviderRequest":{ "type":"structure", "required":[ "name", "credentialProviderVendor", "oauth2ProviderConfigInput" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider to update.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider.
" }, "oauth2ProviderConfigInput":{ "shape":"Oauth2ProviderConfigInput", "documentation":"The configuration input for the OAuth2 provider.
" } } }, "UpdateOauth2CredentialProviderResponse":{ "type":"structure", "required":[ "clientSecretArn", "name", "credentialProviderVendor", "credentialProviderArn", "oauth2ProviderConfigOutput", "createdTime", "lastUpdatedTime" ], "members":{ "clientSecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider.
" }, "credentialProviderArn":{ "shape":"CredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the OAuth2 credential provider.
" }, "callbackUrl":{ "shape":"String", "documentation":"Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
" }, "oauth2ProviderConfigOutput":{ "shape":"Oauth2ProviderConfigOutput", "documentation":"The configuration output for the OAuth2 provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was last updated.
" } } }, "UpdateOnlineEvaluationConfigRequest":{ "type":"structure", "required":["onlineEvaluationConfigId"], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration to update.
", "location":"uri", "locationName":"onlineEvaluationConfigId" }, "description":{ "shape":"EvaluationConfigDescription", "documentation":"The updated description of the online evaluation configuration.
" }, "rule":{ "shape":"Rule", "documentation":"The updated evaluation rule containing sampling configuration, filters, and session settings.
" }, "dataSourceConfig":{ "shape":"DataSourceConfig", "documentation":"The updated data source configuration specifying CloudWatch log groups and service names to monitor.
" }, "evaluators":{ "shape":"EvaluatorList", "documentation":"The updated list of evaluators to apply during online evaluation.
" }, "evaluationExecutionRoleArn":{ "shape":"RoleArn", "documentation":"The updated Amazon Resource Name (ARN) of the IAM role used for evaluation execution.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The updated execution status to enable or disable the online evaluation.
" } } }, "UpdateOnlineEvaluationConfigResponse":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "updatedAt", "status", "executionStatus" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the updated online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the updated online evaluation configuration.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was last updated.
" }, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The execution status indicating whether the online evaluation is currently running.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the online evaluation configuration update or execution failed.
" } } }, "UpdatePolicyEngineRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine to be updated.
", "location":"uri", "locationName":"policyEngineId" }, "description":{ "shape":"Description", "documentation":"The new description for the policy engine.
" } } }, "UpdatePolicyEngineResponse":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the updated policy engine.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The name of the updated policy engine.
" }, "description":{ "shape":"Description", "documentation":"The updated description of the policy engine.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The original creation timestamp of the policy engine.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was last updated.
" }, "policyEngineArn":{ "shape":"PolicyEngineArn", "documentation":"The ARN of the updated policy engine.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The current status of the updated policy engine.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the update status.
" } } }, "UpdatePolicyRequest":{ "type":"structure", "required":[ "policyEngineId", "policyId", "definition" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages the policy to be updated. This ensures the policy is updated within the correct policy engine context.
", "location":"uri", "locationName":"policyEngineId" }, "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy to be updated. This must be a valid policy ID that exists within the specified policy engine.
", "location":"uri", "locationName":"policyId" }, "description":{ "shape":"Description", "documentation":"The new human-readable description for the policy. This optional field allows updating the policy's documentation while keeping the same policy logic.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The new Cedar policy statement that defines the access control rules. This replaces the existing policy definition with new logic while maintaining the policy's identity.
" }, "validationMode":{ "shape":"PolicyValidationMode", "documentation":"The validation mode for the policy update. Determines how Cedar analyzer validation results are handled during policy updates. FAIL_ON_ANY_FINDINGS runs the Cedar analyzer and fails the update if validation issues are detected, ensuring the policy conforms to the Cedar schema and tool context. IGNORE_ALL_FINDINGS runs the Cedar analyzer but allows updates despite validation warnings. Use FAIL_ON_ANY_FINDINGS to ensure policy correctness during updates, especially when modifying policy logic or conditions.
" } } }, "UpdatePolicyResponse":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the updated policy.
" }, "name":{ "shape":"PolicyName", "documentation":"The name of the updated policy.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine managing the updated policy.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The updated Cedar policy statement.
" }, "description":{ "shape":"Description", "documentation":"The updated description of the policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The original creation timestamp of the policy.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was last updated.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The ARN of the updated policy.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The current status of the updated policy.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the update status.
" } } }, "UpdateWorkloadIdentityRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity to update.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The new list of allowed OAuth2 return URLs for resources associated with this workload identity. This list replaces the existing list.
" } } }, "UpdateWorkloadIdentityResponse":{ "type":"structure", "required":[ "name", "workloadIdentityArn", "createdTime", "lastUpdatedTime" ], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity.
" }, "workloadIdentityArn":{ "shape":"WorkloadIdentityArnType", "documentation":"The Amazon Resource Name (ARN) of the workload identity.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The list of allowed OAuth2 return URLs for resources associated with this workload identity.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the workload identity was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the workload identity was last updated.
" } } }, "UserPreferenceConsolidationOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for user preference consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for user preference consolidation.
" } }, "documentation":"Contains user preference consolidation override configuration.
" }, "UserPreferenceExtractionOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for user preference extraction.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for user preference extraction.
" } }, "documentation":"Contains user preference extraction override configuration.
" }, "UserPreferenceMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the user preference memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the user preference memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the user preference memory strategy.
" } }, "documentation":"Input for creating a user preference memory strategy.
" }, "UserPreferenceOverrideConfigurationInput":{ "type":"structure", "members":{ "extraction":{ "shape":"UserPreferenceOverrideExtractionConfigurationInput", "documentation":"The extraction configuration for a user preference override.
" }, "consolidation":{ "shape":"UserPreferenceOverrideConsolidationConfigurationInput", "documentation":"The consolidation configuration for a user preference override.
" } }, "documentation":"Input for user preference override configuration in a memory strategy.
" }, "UserPreferenceOverrideConsolidationConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for user preference consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for user preference consolidation.
" } }, "documentation":"Input for user preference override consolidation configuration in a memory strategy.
" }, "UserPreferenceOverrideExtractionConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for user preference extraction.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for user preference extraction.
" } }, "documentation":"Input for user preference override extraction configuration in a memory strategy.
" }, "ValidationException":{ "type":"structure", "required":[ "message", "reason" ], "members":{ "message":{"shape":"String"}, "reason":{"shape":"ValidationExceptionReason"}, "fieldList":{"shape":"ValidationExceptionFieldList"} }, "documentation":"The input fails to satisfy the constraints specified by the service.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "ValidationExceptionField":{ "type":"structure", "required":[ "name", "message" ], "members":{ "name":{ "shape":"String", "documentation":"The name of the field.
" }, "message":{ "shape":"String", "documentation":"A message describing why this field failed validation.
" } }, "documentation":"Stores information about a field passed inside a request that resulted in an exception.
" }, "ValidationExceptionFieldList":{ "type":"list", "member":{"shape":"ValidationExceptionField"} }, "ValidationExceptionReason":{ "type":"string", "enum":[ "CannotParse", "FieldValidationFailed", "IdempotentParameterMismatchException", "EventInOtherSession", "ResourceConflict" ] }, "VpcConfig":{ "type":"structure", "required":[ "securityGroups", "subnets" ], "members":{ "securityGroups":{ "shape":"SecurityGroups", "documentation":"The security groups associated with the VPC configuration.
" }, "subnets":{ "shape":"Subnets", "documentation":"The subnets associated with the VPC configuration.
" } }, "documentation":"VpcConfig for the Agent.
" }, "WorkloadIdentityArn":{ "type":"string", "max":1024, "min":1 }, "WorkloadIdentityArnType":{ "type":"string", "max":1024, "min":1 }, "WorkloadIdentityDetails":{ "type":"structure", "required":["workloadIdentityArn"], "members":{ "workloadIdentityArn":{ "shape":"WorkloadIdentityArn", "documentation":"The ARN associated with the workload identity.
" } }, "documentation":"The information about the workload identity.
" }, "WorkloadIdentityList":{ "type":"list", "member":{"shape":"WorkloadIdentityType"} }, "WorkloadIdentityNameType":{ "type":"string", "max":255, "min":3, "pattern":"[A-Za-z0-9_.-]+" }, "WorkloadIdentityType":{ "type":"structure", "required":[ "name", "workloadIdentityArn" ], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity.
" }, "workloadIdentityArn":{ "shape":"WorkloadIdentityArnType", "documentation":"The Amazon Resource Name (ARN) of the workload identity.
" } }, "documentation":"Contains information about a workload identity.
" }, "entryPoint":{ "type":"string", "max":128, "min":1 } }, "documentation":"Welcome to the Amazon Bedrock AgentCore Control plane API reference. Control plane actions configure, create, modify, and monitor Amazon Web Services resources.
" }