Creates an Amazon Bedrock AgentCore Runtime.
", "idempotent":true }, "CreateAgentRuntimeEndpoint":{ "name":"CreateAgentRuntimeEndpoint", "http":{ "method":"PUT", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/", "responseCode":202 }, "input":{"shape":"CreateAgentRuntimeEndpointRequest"}, "output":{"shape":"CreateAgentRuntimeEndpointResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates an AgentCore Runtime endpoint.
", "idempotent":true }, "CreateApiKeyCredentialProvider":{ "name":"CreateApiKeyCredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/CreateApiKeyCredentialProvider", "responseCode":201 }, "input":{"shape":"CreateApiKeyCredentialProviderRequest"}, "output":{"shape":"CreateApiKeyCredentialProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"UnauthorizedException"}, {"shape":"ResourceLimitExceededException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"EncryptionFailure"} ], "documentation":"Creates a new API key credential provider.
", "idempotent":true }, "CreateBrowser":{ "name":"CreateBrowser", "http":{ "method":"PUT", "requestUri":"/browsers", "responseCode":202 }, "input":{"shape":"CreateBrowserRequest"}, "output":{"shape":"CreateBrowserResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a custom browser.
", "idempotent":true }, "CreateBrowserProfile":{ "name":"CreateBrowserProfile", "http":{ "method":"PUT", "requestUri":"/browser-profiles", "responseCode":200 }, "input":{"shape":"CreateBrowserProfileRequest"}, "output":{"shape":"CreateBrowserProfileResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a browser profile in Amazon Bedrock AgentCore. A browser profile stores persistent browser data such as cookies, local storage, session storage, and browsing history that can be saved from browser sessions and reused in subsequent sessions.
", "idempotent":true }, "CreateCodeInterpreter":{ "name":"CreateCodeInterpreter", "http":{ "method":"PUT", "requestUri":"/code-interpreters", "responseCode":202 }, "input":{"shape":"CreateCodeInterpreterRequest"}, "output":{"shape":"CreateCodeInterpreterResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a custom code interpreter.
", "idempotent":true }, "CreateConfigurationBundle":{ "name":"CreateConfigurationBundle", "http":{ "method":"POST", "requestUri":"/configuration-bundles/create", "responseCode":201 }, "input":{"shape":"CreateConfigurationBundleRequest"}, "output":{"shape":"CreateConfigurationBundleResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a new configuration bundle resource. A configuration bundle stores versioned component configurations for agent evaluation workflows.
" }, "CreateEvaluator":{ "name":"CreateEvaluator", "http":{ "method":"POST", "requestUri":"/evaluators/create", "responseCode":202 }, "input":{"shape":"CreateEvaluatorRequest"}, "output":{"shape":"CreateEvaluatorResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a custom evaluator for agent quality assessment. Custom evaluators can use either LLM-as-a-Judge configurations with user-defined prompts, rating scales, and model settings, or code-based configurations with customer-managed Lambda functions to evaluate agent performance at tool call, trace, or session levels.
" }, "CreateGateway":{ "name":"CreateGateway", "http":{ "method":"POST", "requestUri":"/gateways/", "responseCode":202 }, "input":{"shape":"CreateGatewayRequest"}, "output":{"shape":"CreateGatewayResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a gateway for Amazon Bedrock Agent. A gateway serves as an integration point between your agent and external services.
If you specify CUSTOM_JWT as the authorizerType, you must provide an authorizerConfiguration.
Creates a rule for a gateway. Rules define conditions and actions that control how requests are routed and processed through the gateway, including principal-based access control and path-based routing.
", "idempotent":true }, "CreateGatewayTarget":{ "name":"CreateGatewayTarget", "http":{ "method":"POST", "requestUri":"/gateways/{gatewayIdentifier}/targets/", "responseCode":202 }, "input":{"shape":"CreateGatewayTargetRequest"}, "output":{"shape":"CreateGatewayTargetResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a target for a gateway. A target defines an endpoint that the gateway can connect to.
", "idempotent":true }, "CreateHarness":{ "name":"CreateHarness", "http":{ "method":"POST", "requestUri":"/harnesses", "responseCode":201 }, "input":{"shape":"CreateHarnessRequest"}, "output":{"shape":"CreateHarnessResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Operation to create a Harness.
", "idempotent":true }, "CreateMemory":{ "name":"CreateMemory", "http":{ "method":"POST", "requestUri":"/memories/create", "responseCode":202 }, "input":{"shape":"CreateMemoryInput"}, "output":{"shape":"CreateMemoryOutput"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ServiceException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Creates a new Amazon Bedrock AgentCore Memory resource.
", "idempotent":true }, "CreateOauth2CredentialProvider":{ "name":"CreateOauth2CredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/CreateOauth2CredentialProvider", "responseCode":201 }, "input":{"shape":"CreateOauth2CredentialProviderRequest"}, "output":{"shape":"CreateOauth2CredentialProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"UnauthorizedException"}, {"shape":"ResourceLimitExceededException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"EncryptionFailure"} ], "documentation":"Creates a new OAuth2 credential provider.
", "idempotent":true }, "CreateOnlineEvaluationConfig":{ "name":"CreateOnlineEvaluationConfig", "http":{ "method":"POST", "requestUri":"/online-evaluation-configs/create", "responseCode":202 }, "input":{"shape":"CreateOnlineEvaluationConfigRequest"}, "output":{"shape":"CreateOnlineEvaluationConfigResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates an online evaluation configuration for continuous monitoring of agent performance. Online evaluation automatically samples live traffic from CloudWatch logs at specified rates and applies evaluators to assess agent quality in production.
" }, "CreatePolicy":{ "name":"CreatePolicy", "http":{ "method":"POST", "requestUri":"/policy-engines/{policyEngineId}/policies", "responseCode":202 }, "input":{"shape":"CreatePolicyRequest"}, "output":{"shape":"CreatePolicyResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a policy within the AgentCore Policy system. Policies provide real-time, deterministic control over agentic interactions with AgentCore Gateway. Using the Cedar policy language, you can define fine-grained policies that specify which interactions with Gateway tools are permitted based on input parameters and OAuth claims, ensuring agents operate within defined boundaries and business rules. The policy is validated during creation against the Cedar schema generated from the Gateway's tools' input schemas, which defines the available tools, their parameters, and expected data types. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Creates a new policy engine within the AgentCore Policy system. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with Gateways (each Gateway can be associated with at most one policy engine, but multiple Gateways can be associated with the same engine), the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Creates a new registry in your Amazon Web Services account. A registry serves as a centralized catalog for organizing and managing registry records, including MCP servers, A2A agents, agent skills, and custom resource types.
If you specify CUSTOM_JWT as the authorizerType, you must provide an authorizerConfiguration.
Creates a new registry record within the specified registry. A registry record represents an individual AI resource's metadata in the registry. This could be an MCP server (and associated tools), A2A agent, agent skill, or a custom resource with a custom schema.
The record is processed asynchronously and returns HTTP 202 Accepted.
", "idempotent":true }, "CreateWorkloadIdentity":{ "name":"CreateWorkloadIdentity", "http":{ "method":"POST", "requestUri":"/identities/CreateWorkloadIdentity", "responseCode":201 }, "input":{"shape":"CreateWorkloadIdentityRequest"}, "output":{"shape":"CreateWorkloadIdentityResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Creates a new workload identity.
", "idempotent":true }, "DeleteAgentRuntime":{ "name":"DeleteAgentRuntime", "http":{ "method":"DELETE", "requestUri":"/runtimes/{agentRuntimeId}/", "responseCode":202 }, "input":{"shape":"DeleteAgentRuntimeRequest"}, "output":{"shape":"DeleteAgentRuntimeResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an Amazon Bedrock AgentCore Runtime.
", "idempotent":true }, "DeleteAgentRuntimeEndpoint":{ "name":"DeleteAgentRuntimeEndpoint", "http":{ "method":"DELETE", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", "responseCode":202 }, "input":{"shape":"DeleteAgentRuntimeEndpointRequest"}, "output":{"shape":"DeleteAgentRuntimeEndpointResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an AAgentCore Runtime endpoint.
", "idempotent":true }, "DeleteApiKeyCredentialProvider":{ "name":"DeleteApiKeyCredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/DeleteApiKeyCredentialProvider", "responseCode":204 }, "input":{"shape":"DeleteApiKeyCredentialProviderRequest"}, "output":{"shape":"DeleteApiKeyCredentialProviderResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an API key credential provider.
", "idempotent":true }, "DeleteBrowser":{ "name":"DeleteBrowser", "http":{ "method":"DELETE", "requestUri":"/browsers/{browserId}", "responseCode":202 }, "input":{"shape":"DeleteBrowserRequest"}, "output":{"shape":"DeleteBrowserResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a custom browser.
", "idempotent":true }, "DeleteBrowserProfile":{ "name":"DeleteBrowserProfile", "http":{ "method":"DELETE", "requestUri":"/browser-profiles/{profileId}", "responseCode":200 }, "input":{"shape":"DeleteBrowserProfileRequest"}, "output":{"shape":"DeleteBrowserProfileResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a browser profile.
", "idempotent":true }, "DeleteCodeInterpreter":{ "name":"DeleteCodeInterpreter", "http":{ "method":"DELETE", "requestUri":"/code-interpreters/{codeInterpreterId}", "responseCode":202 }, "input":{"shape":"DeleteCodeInterpreterRequest"}, "output":{"shape":"DeleteCodeInterpreterResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a custom code interpreter.
", "idempotent":true }, "DeleteConfigurationBundle":{ "name":"DeleteConfigurationBundle", "http":{ "method":"DELETE", "requestUri":"/configuration-bundles/{bundleId}", "responseCode":202 }, "input":{"shape":"DeleteConfigurationBundleRequest"}, "output":{"shape":"DeleteConfigurationBundleResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a configuration bundle and all of its versions.
", "idempotent":true }, "DeleteEvaluator":{ "name":"DeleteEvaluator", "http":{ "method":"DELETE", "requestUri":"/evaluators/{evaluatorId}", "responseCode":202 }, "input":{"shape":"DeleteEvaluatorRequest"}, "output":{"shape":"DeleteEvaluatorResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a custom evaluator. Builtin evaluators cannot be deleted. The evaluator must not be referenced by any active online evaluation configurations.
", "idempotent":true }, "DeleteGateway":{ "name":"DeleteGateway", "http":{ "method":"DELETE", "requestUri":"/gateways/{gatewayIdentifier}/", "responseCode":202 }, "input":{"shape":"DeleteGatewayRequest"}, "output":{"shape":"DeleteGatewayResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a gateway.
", "idempotent":true }, "DeleteGatewayRule":{ "name":"DeleteGatewayRule", "http":{ "method":"DELETE", "requestUri":"/gateways/{gatewayIdentifier}/rules/{ruleId}", "responseCode":202 }, "input":{"shape":"DeleteGatewayRuleRequest"}, "output":{"shape":"DeleteGatewayRuleResponse"}, "errors":[ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a gateway rule.
", "idempotent":true }, "DeleteGatewayTarget":{ "name":"DeleteGatewayTarget", "http":{ "method":"DELETE", "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", "responseCode":202 }, "input":{"shape":"DeleteGatewayTargetRequest"}, "output":{"shape":"DeleteGatewayTargetResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a gateway target.
You cannot delete a target that is in a pending authorization state (CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before deleting the target.
Operation to delete a Harness.
", "idempotent":true }, "DeleteMemory":{ "name":"DeleteMemory", "http":{ "method":"DELETE", "requestUri":"/memories/{memoryId}/delete", "responseCode":202 }, "input":{"shape":"DeleteMemoryInput"}, "output":{"shape":"DeleteMemoryOutput"}, "errors":[ {"shape":"ServiceException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Deletes an Amazon Bedrock AgentCore Memory resource.
", "idempotent":true }, "DeleteOauth2CredentialProvider":{ "name":"DeleteOauth2CredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/DeleteOauth2CredentialProvider", "responseCode":204 }, "input":{"shape":"DeleteOauth2CredentialProviderRequest"}, "output":{"shape":"DeleteOauth2CredentialProviderResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an OAuth2 credential provider.
", "idempotent":true }, "DeleteOnlineEvaluationConfig":{ "name":"DeleteOnlineEvaluationConfig", "http":{ "method":"DELETE", "requestUri":"/online-evaluation-configs/{onlineEvaluationConfigId}", "responseCode":202 }, "input":{"shape":"DeleteOnlineEvaluationConfigRequest"}, "output":{"shape":"DeleteOnlineEvaluationConfigResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an online evaluation configuration and stops any ongoing evaluation processes associated with it.
", "idempotent":true }, "DeletePolicy":{ "name":"DeletePolicy", "http":{ "method":"DELETE", "requestUri":"/policy-engines/{policyEngineId}/policies/{policyId}", "responseCode":202 }, "input":{"shape":"DeletePolicyRequest"}, "output":{"shape":"DeletePolicyResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes an existing policy from the AgentCore Policy system. Once deleted, the policy can no longer be used for agent behavior control and all references to it become invalid. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Deletes an existing policy engine from the AgentCore Policy system. The policy engine must not have any associated policies before deletion. Once deleted, the policy engine and all its configurations become unavailable for policy management and evaluation. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Deletes a registry. The registry must contain zero records before it can be deleted. This operation initiates the deletion process asynchronously.
", "idempotent":true }, "DeleteRegistryRecord":{ "name":"DeleteRegistryRecord", "http":{ "method":"DELETE", "requestUri":"/registries/{registryId}/records/{recordId}", "responseCode":200 }, "input":{"shape":"DeleteRegistryRecordRequest"}, "output":{"shape":"DeleteRegistryRecordResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Deletes a registry record. The record's status transitions to DELETING and the record is removed asynchronously.
Deletes the resource-based policy for a specified resource.
This feature is currently available only for AgentCore Runtime and Gateway.
Deletes a workload identity.
", "idempotent":true }, "GetAgentRuntime":{ "name":"GetAgentRuntime", "http":{ "method":"GET", "requestUri":"/runtimes/{agentRuntimeId}/", "responseCode":200 }, "input":{"shape":"GetAgentRuntimeRequest"}, "output":{"shape":"GetAgentRuntimeResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets an Amazon Bedrock AgentCore Runtime.
", "readonly":true }, "GetAgentRuntimeEndpoint":{ "name":"GetAgentRuntimeEndpoint", "http":{ "method":"GET", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", "responseCode":200 }, "input":{"shape":"GetAgentRuntimeEndpointRequest"}, "output":{"shape":"GetAgentRuntimeEndpointResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets information about an Amazon Secure AgentEndpoint.
", "readonly":true }, "GetApiKeyCredentialProvider":{ "name":"GetApiKeyCredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/GetApiKeyCredentialProvider", "responseCode":200 }, "input":{"shape":"GetApiKeyCredentialProviderRequest"}, "output":{"shape":"GetApiKeyCredentialProviderResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about an API key credential provider.
", "readonly":true }, "GetBrowser":{ "name":"GetBrowser", "http":{ "method":"GET", "requestUri":"/browsers/{browserId}", "responseCode":200 }, "input":{"shape":"GetBrowserRequest"}, "output":{"shape":"GetBrowserResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets information about a custom browser.
", "readonly":true }, "GetBrowserProfile":{ "name":"GetBrowserProfile", "http":{ "method":"GET", "requestUri":"/browser-profiles/{profileId}", "responseCode":200 }, "input":{"shape":"GetBrowserProfileRequest"}, "output":{"shape":"GetBrowserProfileResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets information about a browser profile.
", "readonly":true }, "GetCodeInterpreter":{ "name":"GetCodeInterpreter", "http":{ "method":"GET", "requestUri":"/code-interpreters/{codeInterpreterId}", "responseCode":200 }, "input":{"shape":"GetCodeInterpreterRequest"}, "output":{"shape":"GetCodeInterpreterResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets information about a custom code interpreter.
", "readonly":true }, "GetConfigurationBundle":{ "name":"GetConfigurationBundle", "http":{ "method":"GET", "requestUri":"/configuration-bundles/{bundleId}", "responseCode":200 }, "input":{"shape":"GetConfigurationBundleRequest"}, "output":{"shape":"GetConfigurationBundleResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Gets the latest version of a configuration bundle. By default, returns the latest version on the mainline branch. Use GetConfigurationBundleVersion to retrieve a specific historical version.
Gets a specific version of a configuration bundle by its version identifier.
", "readonly":true }, "GetEvaluator":{ "name":"GetEvaluator", "http":{ "method":"GET", "requestUri":"/evaluators/{evaluatorId}", "responseCode":200 }, "input":{"shape":"GetEvaluatorRequest"}, "output":{"shape":"GetEvaluatorResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about an evaluator, including its configuration, status, and metadata. Works with both built-in and custom evaluators.
", "readonly":true }, "GetGateway":{ "name":"GetGateway", "http":{ "method":"GET", "requestUri":"/gateways/{gatewayIdentifier}/", "responseCode":200 }, "input":{"shape":"GetGatewayRequest"}, "output":{"shape":"GetGatewayResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a specific Gateway.
", "readonly":true }, "GetGatewayRule":{ "name":"GetGatewayRule", "http":{ "method":"GET", "requestUri":"/gateways/{gatewayIdentifier}/rules/{ruleId}", "responseCode":200 }, "input":{"shape":"GetGatewayRuleRequest"}, "output":{"shape":"GetGatewayRuleResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about a specific gateway rule.
", "readonly":true }, "GetGatewayTarget":{ "name":"GetGatewayTarget", "http":{ "method":"GET", "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", "responseCode":200 }, "input":{"shape":"GetGatewayTargetRequest"}, "output":{"shape":"GetGatewayTargetResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a specific gateway target.
", "readonly":true }, "GetHarness":{ "name":"GetHarness", "http":{ "method":"GET", "requestUri":"/harnesses/{harnessId}", "responseCode":200 }, "input":{"shape":"GetHarnessRequest"}, "output":{"shape":"GetHarnessResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Operation to get a single Harness.
", "readonly":true }, "GetMemory":{ "name":"GetMemory", "http":{ "method":"GET", "requestUri":"/memories/{memoryId}/details", "responseCode":200 }, "input":{"shape":"GetMemoryInput"}, "output":{"shape":"GetMemoryOutput"}, "errors":[ {"shape":"ServiceException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Retrieve an existing Amazon Bedrock AgentCore Memory resource.
", "readonly":true }, "GetOauth2CredentialProvider":{ "name":"GetOauth2CredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/GetOauth2CredentialProvider", "responseCode":200 }, "input":{"shape":"GetOauth2CredentialProviderRequest"}, "output":{"shape":"GetOauth2CredentialProviderResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about an OAuth2 credential provider.
", "readonly":true }, "GetOnlineEvaluationConfig":{ "name":"GetOnlineEvaluationConfig", "http":{ "method":"GET", "requestUri":"/online-evaluation-configs/{onlineEvaluationConfigId}", "responseCode":200 }, "input":{"shape":"GetOnlineEvaluationConfigRequest"}, "output":{"shape":"GetOnlineEvaluationConfigResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about an online evaluation configuration, including its rules, data sources, evaluators, and execution status.
", "readonly":true }, "GetPolicy":{ "name":"GetPolicy", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policies/{policyId}", "responseCode":200 }, "input":{"shape":"GetPolicyRequest"}, "output":{"shape":"GetPolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about a specific policy within the AgentCore Policy system. This operation returns the complete policy definition, metadata, and current status, allowing administrators to review and manage policy configurations.
", "readonly":true }, "GetPolicyEngine":{ "name":"GetPolicyEngine", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}", "responseCode":200 }, "input":{"shape":"GetPolicyEngineRequest"}, "output":{"shape":"GetPolicyEngineResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves detailed information about a specific policy engine within the AgentCore Policy system. This operation returns the complete policy engine configuration, metadata, and current status, allowing administrators to review and manage policy engine settings.
", "readonly":true }, "GetPolicyGeneration":{ "name":"GetPolicyGeneration", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policy-generations/{policyGenerationId}", "responseCode":200 }, "input":{"shape":"GetPolicyGenerationRequest"}, "output":{"shape":"GetPolicyGenerationResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a policy generation request within the AgentCore Policy system. Policy generation converts natural language descriptions into Cedar policy statements using AI-powered translation, enabling non-technical users to create policies.
", "readonly":true }, "GetRegistry":{ "name":"GetRegistry", "http":{ "method":"GET", "requestUri":"/registries/{registryId}", "responseCode":200 }, "input":{"shape":"GetRegistryRequest"}, "output":{"shape":"GetRegistryResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a specific registry.
", "readonly":true }, "GetRegistryRecord":{ "name":"GetRegistryRecord", "http":{ "method":"GET", "requestUri":"/registries/{registryId}/records/{recordId}", "responseCode":200 }, "input":{"shape":"GetRegistryRecordRequest"}, "output":{"shape":"GetRegistryRecordResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a specific registry record.
", "readonly":true }, "GetResourcePolicy":{ "name":"GetResourcePolicy", "http":{ "method":"GET", "requestUri":"/resourcepolicy/{resourceArn}", "responseCode":200 }, "input":{"shape":"GetResourcePolicyRequest"}, "output":{"shape":"GetResourcePolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves the resource-based policy for a specified resource.
This feature is currently available only for AgentCore Runtime and Gateway.
Retrieves information about a token vault.
", "readonly":true }, "GetWorkloadIdentity":{ "name":"GetWorkloadIdentity", "http":{ "method":"POST", "requestUri":"/identities/GetWorkloadIdentity", "responseCode":200 }, "input":{"shape":"GetWorkloadIdentityRequest"}, "output":{"shape":"GetWorkloadIdentityResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves information about a workload identity.
", "readonly":true }, "ListAgentRuntimeEndpoints":{ "name":"ListAgentRuntimeEndpoints", "http":{ "method":"POST", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/", "responseCode":200 }, "input":{"shape":"ListAgentRuntimeEndpointsRequest"}, "output":{"shape":"ListAgentRuntimeEndpointsResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all endpoints for a specific Amazon Secure Agent.
", "readonly":true }, "ListAgentRuntimeVersions":{ "name":"ListAgentRuntimeVersions", "http":{ "method":"POST", "requestUri":"/runtimes/{agentRuntimeId}/versions/", "responseCode":200 }, "input":{"shape":"ListAgentRuntimeVersionsRequest"}, "output":{"shape":"ListAgentRuntimeVersionsResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all versions of a specific Amazon Secure Agent.
", "readonly":true }, "ListAgentRuntimes":{ "name":"ListAgentRuntimes", "http":{ "method":"POST", "requestUri":"/runtimes/", "responseCode":200 }, "input":{"shape":"ListAgentRuntimesRequest"}, "output":{"shape":"ListAgentRuntimesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all Amazon Secure Agents in your account.
", "readonly":true }, "ListApiKeyCredentialProviders":{ "name":"ListApiKeyCredentialProviders", "http":{ "method":"POST", "requestUri":"/identities/ListApiKeyCredentialProviders", "responseCode":200 }, "input":{"shape":"ListApiKeyCredentialProvidersRequest"}, "output":{"shape":"ListApiKeyCredentialProvidersResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all API key credential providers in your account.
", "readonly":true }, "ListBrowserProfiles":{ "name":"ListBrowserProfiles", "http":{ "method":"POST", "requestUri":"/browser-profiles", "responseCode":200 }, "input":{"shape":"ListBrowserProfilesRequest"}, "output":{"shape":"ListBrowserProfilesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all browser profiles in your account.
", "readonly":true }, "ListBrowsers":{ "name":"ListBrowsers", "http":{ "method":"POST", "requestUri":"/browsers", "responseCode":200 }, "input":{"shape":"ListBrowsersRequest"}, "output":{"shape":"ListBrowsersResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all custom browsers in your account.
", "readonly":true }, "ListCodeInterpreters":{ "name":"ListCodeInterpreters", "http":{ "method":"POST", "requestUri":"/code-interpreters", "responseCode":200 }, "input":{"shape":"ListCodeInterpretersRequest"}, "output":{"shape":"ListCodeInterpretersResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all custom code interpreters in your account.
", "readonly":true }, "ListConfigurationBundleVersions":{ "name":"ListConfigurationBundleVersions", "http":{ "method":"POST", "requestUri":"/configuration-bundles/{bundleId}/versions", "responseCode":200 }, "input":{"shape":"ListConfigurationBundleVersionsRequest"}, "output":{"shape":"ListConfigurationBundleVersionsResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all versions of a configuration bundle, with optional filtering by branch name or creation source.
", "readonly":true }, "ListConfigurationBundles":{ "name":"ListConfigurationBundles", "http":{ "method":"POST", "requestUri":"/configuration-bundles", "responseCode":200 }, "input":{"shape":"ListConfigurationBundlesRequest"}, "output":{"shape":"ListConfigurationBundlesResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all configuration bundles in the account.
", "readonly":true }, "ListEvaluators":{ "name":"ListEvaluators", "http":{ "method":"POST", "requestUri":"/evaluators", "responseCode":200 }, "input":{"shape":"ListEvaluatorsRequest"}, "output":{"shape":"ListEvaluatorsResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all available evaluators, including both builtin evaluators provided by the service and custom evaluators created by the user.
", "readonly":true }, "ListGatewayRules":{ "name":"ListGatewayRules", "http":{ "method":"GET", "requestUri":"/gateways/{gatewayIdentifier}/rules", "responseCode":200 }, "input":{"shape":"ListGatewayRulesRequest"}, "output":{"shape":"ListGatewayRulesResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all rules for a gateway.
", "readonly":true }, "ListGatewayTargets":{ "name":"ListGatewayTargets", "http":{ "method":"GET", "requestUri":"/gateways/{gatewayIdentifier}/targets/", "responseCode":200 }, "input":{"shape":"ListGatewayTargetsRequest"}, "output":{"shape":"ListGatewayTargetsResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all targets for a specific gateway.
", "readonly":true }, "ListGateways":{ "name":"ListGateways", "http":{ "method":"GET", "requestUri":"/gateways/", "responseCode":200 }, "input":{"shape":"ListGatewaysRequest"}, "output":{"shape":"ListGatewaysResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all gateways in the account.
", "readonly":true }, "ListHarnesses":{ "name":"ListHarnesses", "http":{ "method":"GET", "requestUri":"/harnesses", "responseCode":200 }, "input":{"shape":"ListHarnessesRequest"}, "output":{"shape":"ListHarnessesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Operation to list Harnesses.
", "readonly":true }, "ListMemories":{ "name":"ListMemories", "http":{ "method":"POST", "requestUri":"/memories/", "responseCode":200 }, "input":{"shape":"ListMemoriesInput"}, "output":{"shape":"ListMemoriesOutput"}, "errors":[ {"shape":"ServiceException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Lists the available Amazon Bedrock AgentCore Memory resources in the current Amazon Web Services Region.
", "readonly":true }, "ListOauth2CredentialProviders":{ "name":"ListOauth2CredentialProviders", "http":{ "method":"POST", "requestUri":"/identities/ListOauth2CredentialProviders", "responseCode":200 }, "input":{"shape":"ListOauth2CredentialProvidersRequest"}, "output":{"shape":"ListOauth2CredentialProvidersResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all OAuth2 credential providers in your account.
", "readonly":true }, "ListOnlineEvaluationConfigs":{ "name":"ListOnlineEvaluationConfigs", "http":{ "method":"POST", "requestUri":"/online-evaluation-configs", "responseCode":200 }, "input":{"shape":"ListOnlineEvaluationConfigsRequest"}, "output":{"shape":"ListOnlineEvaluationConfigsResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all online evaluation configurations in the account, providing summary information about each configuration's status and settings.
", "readonly":true }, "ListPolicies":{ "name":"ListPolicies", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policies", "responseCode":200 }, "input":{"shape":"ListPoliciesRequest"}, "output":{"shape":"ListPoliciesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves a list of policies within the AgentCore Policy engine. This operation supports pagination and filtering to help administrators manage and discover policies across policy engines. Results can be filtered by policy engine or resource associations.
", "readonly":true }, "ListPolicyEngines":{ "name":"ListPolicyEngines", "http":{ "method":"GET", "requestUri":"/policy-engines", "responseCode":200 }, "input":{"shape":"ListPolicyEnginesRequest"}, "output":{"shape":"ListPolicyEnginesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves a list of policy engines within the AgentCore Policy system. This operation supports pagination to help administrators discover and manage policy engines across their account. Each policy engine serves as a container for related policies.
", "readonly":true }, "ListPolicyGenerationAssets":{ "name":"ListPolicyGenerationAssets", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policy-generations/{policyGenerationId}/assets", "responseCode":200 }, "input":{"shape":"ListPolicyGenerationAssetsRequest"}, "output":{"shape":"ListPolicyGenerationAssetsResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves a list of generated policy assets from a policy generation request within the AgentCore Policy system. This operation returns the actual Cedar policies and related artifacts produced by the AI-powered policy generation process, allowing users to review and select from multiple generated policy options.
", "readonly":true }, "ListPolicyGenerations":{ "name":"ListPolicyGenerations", "http":{ "method":"GET", "requestUri":"/policy-engines/{policyEngineId}/policy-generations", "responseCode":200 }, "input":{"shape":"ListPolicyGenerationsRequest"}, "output":{"shape":"ListPolicyGenerationsResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Retrieves a list of policy generation requests within the AgentCore Policy system. This operation supports pagination and filtering to help track and manage AI-powered policy generation operations.
", "readonly":true }, "ListRegistries":{ "name":"ListRegistries", "http":{ "method":"GET", "requestUri":"/registries", "responseCode":200 }, "input":{"shape":"ListRegistriesRequest"}, "output":{"shape":"ListRegistriesResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Lists all registries in the account. You can optionally filter results by status using the status parameter.
Lists registry records within a registry. You can optionally filter results using the name, status, and descriptorType parameters. When multiple filters are specified, they are combined using AND logic.
Lists the tags associated with the specified resource.
This feature is currently available only for AgentCore Runtime, Browser, Browser Profile, Code Interpreter tool, and Gateway.
Lists all workload identities in your account.
", "readonly":true }, "PutResourcePolicy":{ "name":"PutResourcePolicy", "http":{ "method":"PUT", "requestUri":"/resourcepolicy/{resourceArn}", "responseCode":201 }, "input":{"shape":"PutResourcePolicyRequest"}, "output":{"shape":"PutResourcePolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Creates or updates a resource-based policy for a resource with the specified resourceArn.
This feature is currently available only for AgentCore Runtime and Gateway.
Sets the customer master key (CMK) for a token vault.
" }, "StartPolicyGeneration":{ "name":"StartPolicyGeneration", "http":{ "method":"POST", "requestUri":"/policy-engines/{policyEngineId}/policy-generations", "responseCode":202 }, "input":{"shape":"StartPolicyGenerationRequest"}, "output":{"shape":"StartPolicyGenerationResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Initiates the AI-powered generation of Cedar policies from natural language descriptions within the AgentCore Policy system. This feature enables both technical and non-technical users to create policies by describing their authorization requirements in plain English, which is then automatically translated into formal Cedar policy statements. The generation process analyzes the natural language input along with the Gateway's tool context to produce validated policy options. Generated policy assets are automatically deleted after 7 days, so you should review and create policies from the generated assets within this timeframe. Once created, policies are permanent and not subject to this expiration. Generated policies should be reviewed and tested in log-only mode before deploying to production. Use this when you want to describe policy intent naturally rather than learning Cedar syntax, though generated policies may require refinement for complex scenarios.
" }, "SubmitRegistryRecordForApproval":{ "name":"SubmitRegistryRecordForApproval", "http":{ "method":"POST", "requestUri":"/registries/{registryId}/records/{recordId}/submit-for-approval", "responseCode":202 }, "input":{"shape":"SubmitRegistryRecordForApprovalRequest"}, "output":{"shape":"SubmitRegistryRecordForApprovalResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Submits a registry record for approval. This transitions the record from DRAFT status to PENDING_APPROVAL status. If the registry has auto-approval enabled, the record is automatically approved.
Synchronizes the gateway targets by fetching the latest tool definitions from the target endpoints.
You cannot synchronize a target that is in a pending authorization state (CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before synchronizing.
You cannot synchronize a target that has a static tool schema (mcpToolSchema) configured. Remove the static schema through an UpdateGatewayTarget call to enable dynamic tool synchronization.
Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are also deleted.
This feature is currently available only for AgentCore Runtime, Browser, Browser Profile, Code Interpreter tool, and Gateway.
Removes the specified tags from the specified resource.
This feature is currently available only for AgentCore Runtime, Browser, Browser Profile, Code Interpreter tool, and Gateway.
Updates an existing Amazon Secure Agent.
", "idempotent":true }, "UpdateAgentRuntimeEndpoint":{ "name":"UpdateAgentRuntimeEndpoint", "http":{ "method":"PUT", "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", "responseCode":202 }, "input":{"shape":"UpdateAgentRuntimeEndpointRequest"}, "output":{"shape":"UpdateAgentRuntimeEndpointResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing Amazon Bedrock AgentCore Runtime endpoint.
", "idempotent":true }, "UpdateApiKeyCredentialProvider":{ "name":"UpdateApiKeyCredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/UpdateApiKeyCredentialProvider", "responseCode":200 }, "input":{"shape":"UpdateApiKeyCredentialProviderRequest"}, "output":{"shape":"UpdateApiKeyCredentialProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"EncryptionFailure"} ], "documentation":"Updates an existing API key credential provider.
", "idempotent":true }, "UpdateConfigurationBundle":{ "name":"UpdateConfigurationBundle", "http":{ "method":"PUT", "requestUri":"/configuration-bundles/{bundleId}", "responseCode":200 }, "input":{"shape":"UpdateConfigurationBundleRequest"}, "output":{"shape":"UpdateConfigurationBundleResponse"}, "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates a configuration bundle by creating a new version with the specified changes. Each update creates a new version in the version history.
" }, "UpdateEvaluator":{ "name":"UpdateEvaluator", "http":{ "method":"PUT", "requestUri":"/evaluators/{evaluatorId}", "responseCode":202 }, "input":{"shape":"UpdateEvaluatorRequest"}, "output":{"shape":"UpdateEvaluatorResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates a custom evaluator's configuration, description, or evaluation level. Built-in evaluators cannot be updated. The evaluator must not be locked for modification.
", "idempotent":true }, "UpdateGateway":{ "name":"UpdateGateway", "http":{ "method":"PUT", "requestUri":"/gateways/{gatewayIdentifier}/", "responseCode":202 }, "input":{"shape":"UpdateGatewayRequest"}, "output":{"shape":"UpdateGatewayResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing gateway.
", "idempotent":true }, "UpdateGatewayRule":{ "name":"UpdateGatewayRule", "http":{ "method":"PATCH", "requestUri":"/gateways/{gatewayIdentifier}/rules/{ruleId}", "responseCode":202 }, "input":{"shape":"UpdateGatewayRuleRequest"}, "output":{"shape":"UpdateGatewayRuleResponse"}, "errors":[ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates a gateway rule's priority, conditions, actions, or description.
", "idempotent":true }, "UpdateGatewayTarget":{ "name":"UpdateGatewayTarget", "http":{ "method":"PUT", "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", "responseCode":202 }, "input":{"shape":"UpdateGatewayTargetRequest"}, "output":{"shape":"UpdateGatewayTargetResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing gateway target.
You cannot update a target that is in a pending authorization state (CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before updating the target.
Operation to update a Harness.
", "idempotent":true }, "UpdateMemory":{ "name":"UpdateMemory", "http":{ "method":"PUT", "requestUri":"/memories/{memoryId}/update", "responseCode":202 }, "input":{"shape":"UpdateMemoryInput"}, "output":{"shape":"UpdateMemoryOutput"}, "errors":[ {"shape":"ServiceException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottledException"} ], "documentation":"Update an Amazon Bedrock AgentCore Memory resource memory.
", "idempotent":true }, "UpdateOauth2CredentialProvider":{ "name":"UpdateOauth2CredentialProvider", "http":{ "method":"POST", "requestUri":"/identities/UpdateOauth2CredentialProvider", "responseCode":200 }, "input":{"shape":"UpdateOauth2CredentialProviderRequest"}, "output":{"shape":"UpdateOauth2CredentialProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"DecryptionFailure"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"EncryptionFailure"} ], "documentation":"Updates an existing OAuth2 credential provider.
" }, "UpdateOnlineEvaluationConfig":{ "name":"UpdateOnlineEvaluationConfig", "http":{ "method":"PUT", "requestUri":"/online-evaluation-configs/{onlineEvaluationConfigId}", "responseCode":202 }, "input":{"shape":"UpdateOnlineEvaluationConfigRequest"}, "output":{"shape":"UpdateOnlineEvaluationConfigResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an online evaluation configuration's settings, including rules, data sources, evaluators, and execution status. Changes take effect immediately for ongoing evaluations.
", "idempotent":true }, "UpdatePolicy":{ "name":"UpdatePolicy", "http":{ "method":"PATCH", "requestUri":"/policy-engines/{policyEngineId}/policies/{policyId}", "responseCode":202 }, "input":{"shape":"UpdatePolicyRequest"}, "output":{"shape":"UpdatePolicyResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing policy within the AgentCore Policy system. This operation allows modification of the policy description and definition while maintaining the policy's identity. The updated policy is validated against the Cedar schema before being applied. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.
Updates an existing policy engine within the AgentCore Policy system. This operation allows modification of the policy engine description while maintaining its identity. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.
Updates an existing registry. This operation uses PATCH semantics, so you only need to specify the fields you want to change.
" }, "UpdateRegistryRecord":{ "name":"UpdateRegistryRecord", "http":{ "method":"PATCH", "requestUri":"/registries/{registryId}/records/{recordId}", "responseCode":202 }, "input":{"shape":"UpdateRegistryRecordRequest"}, "output":{"shape":"UpdateRegistryRecordResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing registry record. This operation uses PATCH semantics, so you only need to specify the fields you want to change. The update is processed asynchronously and returns HTTP 202 Accepted.
" }, "UpdateRegistryRecordStatus":{ "name":"UpdateRegistryRecordStatus", "http":{ "method":"PATCH", "requestUri":"/registries/{registryId}/records/{recordId}/status", "responseCode":202 }, "input":{"shape":"UpdateRegistryRecordStatusRequest"}, "output":{"shape":"UpdateRegistryRecordStatusResponse"}, "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates the status of a registry record. Use this operation to approve, reject, or deprecate a registry record.
" }, "UpdateWorkloadIdentity":{ "name":"UpdateWorkloadIdentity", "http":{ "method":"POST", "requestUri":"/identities/UpdateWorkloadIdentity", "responseCode":200 }, "input":{"shape":"UpdateWorkloadIdentityRequest"}, "output":{"shape":"UpdateWorkloadIdentityResponse"}, "errors":[ {"shape":"UnauthorizedException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"Updates an existing workload identity.
", "idempotent":true } }, "shapes":{ "A2aDescriptor":{ "type":"structure", "members":{ "agentCard":{ "shape":"AgentCardDefinition", "documentation":"The agent card definition for the A2A agent, as defined by the A2A protocol specification.
" } }, "documentation":"The Agent-to-Agent (A2A) protocol descriptor for a registry record. Contains the agent card definition as defined by the A2A protocol specification.
" }, "AccessDeniedException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when a request is denied per access permissions
", "error":{ "httpStatusCode":403, "senderFault":true }, "exception":true }, "Action":{ "type":"structure", "members":{ "configurationBundle":{ "shape":"ConfigurationBundleAction", "documentation":"An action that applies a configuration bundle override to the request.
" }, "routeToTarget":{ "shape":"RouteToTargetAction", "documentation":"An action that routes the request to a specific target.
" } }, "documentation":"An action to take when a gateway rule's conditions are met.
", "union":true }, "Actions":{ "type":"list", "member":{"shape":"Action"}, "max":2, "min":1 }, "ActorTokenContentType":{ "type":"string", "enum":[ "NONE", "M2M", "AWS_IAM_ID_TOKEN_JWT" ] }, "AdditionalModelRequestFields":{ "type":"structure", "members":{}, "document":true }, "AgentCardDefinition":{ "type":"structure", "members":{ "schemaVersion":{ "shape":"SchemaVersion", "documentation":"The schema version of the agent card based on the A2A protocol specification.
" }, "inlineContent":{ "shape":"InlineContent", "documentation":"The JSON content containing the A2A agent card definition, conforming to the A2A protocol specification.
" } }, "documentation":"The agent card definition for an A2A descriptor. Contains the schema version and inline content for the agent card.
" }, "AgentEndpointDescription":{ "type":"string", "max":256, "min":1 }, "AgentManagedRuntimeType":{ "type":"string", "enum":[ "PYTHON_3_10", "PYTHON_3_11", "PYTHON_3_12", "PYTHON_3_13", "PYTHON_3_14", "NODE_22" ] }, "AgentRuntime":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeId", "agentRuntimeVersion", "agentRuntimeName", "description", "lastUpdatedAt", "status" ], "members":{ "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the agent runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the agent runtime.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the agent runtime.
" }, "agentRuntimeName":{ "shape":"AgentRuntimeName", "documentation":"The name of the agent runtime.
" }, "description":{ "shape":"Description", "documentation":"The description of the agent runtime.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the agent runtime was last updated.
" }, "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the agent runtime.
" } }, "documentation":"Contains information about an agent runtime. An agent runtime is the execution environment for a Amazon Bedrock AgentCore Agent.
" }, "AgentRuntimeArn":{ "type":"string", "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:agent/[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}:([0-9]{0,4}[1-9][0-9]{0,4})" }, "AgentRuntimeArtifact":{ "type":"structure", "members":{ "containerConfiguration":{ "shape":"ContainerConfiguration", "documentation":"The container configuration for the agent artifact.
" }, "codeConfiguration":{ "shape":"CodeConfiguration", "documentation":"The code configuration for the agent runtime artifact, including the source code location and execution settings.
" } }, "documentation":"The artifact of the agent.
", "union":true }, "AgentRuntimeEndpoint":{ "type":"structure", "required":[ "name", "agentRuntimeEndpointArn", "agentRuntimeArn", "status", "id", "createdAt", "lastUpdatedAt" ], "members":{ "name":{ "shape":"EndpointName", "documentation":"The name of the agent runtime endpoint.
" }, "liveVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The live version of the agent runtime endpoint. This is the version that is currently serving requests.
" }, "targetVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The target version of the agent runtime endpoint. This is the version that the endpoint is being updated to.
" }, "agentRuntimeEndpointArn":{ "shape":"AgentRuntimeEndpointArn", "documentation":"The Amazon Resource Name (ARN) of the agent runtime endpoint.
" }, "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the agent runtime associated with the endpoint.
" }, "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the agent runtime endpoint.
" }, "id":{ "shape":"AgentRuntimeEndpointId", "documentation":"The unique identifier of the agent runtime endpoint.
" }, "description":{ "shape":"AgentEndpointDescription", "documentation":"The description of the agent runtime endpoint.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the agent runtime endpoint was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the agent runtime endpoint was last updated.
" } }, "documentation":"Contains information about an agent runtime endpoint. An endpoint provides a way to connect to and interact with an agent runtime.
" }, "AgentRuntimeEndpointArn":{ "type":"string", "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:agentEndpoint/[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}" }, "AgentRuntimeEndpointId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,99}-[a-zA-Z0-9]{10}" }, "AgentRuntimeEndpointStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "READY", "DELETING" ] }, "AgentRuntimeEndpoints":{ "type":"list", "member":{"shape":"AgentRuntimeEndpoint"} }, "AgentRuntimeId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,99}-[a-zA-Z0-9]{10}" }, "AgentRuntimeName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "AgentRuntimeStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "READY", "DELETING" ] }, "AgentRuntimeVersion":{ "type":"string", "max":5, "min":1, "pattern":"([1-9][0-9]{0,4})" }, "AgentRuntimes":{ "type":"list", "member":{"shape":"AgentRuntime"} }, "AgentSkillsDescriptor":{ "type":"structure", "members":{ "skillMd":{ "shape":"SkillMdDefinition", "documentation":"The optional skill markdown definition describing the agent's skills in a human-readable format.
" }, "skillDefinition":{ "shape":"SkillDefinition", "documentation":"The structured skill definition with schema version and content.
" } }, "documentation":"The agent skills descriptor for a registry record. Contains an optional skill markdown definition in human-readable format and an optional structured skill definition.
" }, "AllowedAudience":{"type":"string"}, "AllowedAudienceList":{ "type":"list", "member":{"shape":"AllowedAudience"}, "min":1 }, "AllowedClient":{"type":"string"}, "AllowedClientsList":{ "type":"list", "member":{"shape":"AllowedClient"}, "min":1 }, "AllowedQueryParameters":{ "type":"list", "member":{"shape":"HttpQueryParameterName"}, "max":10, "min":1 }, "AllowedRequestHeaders":{ "type":"list", "member":{"shape":"HttpHeaderName"}, "max":10, "min":1 }, "AllowedResponseHeaders":{ "type":"list", "member":{"shape":"HttpHeaderName"}, "max":10, "min":1 }, "AllowedScopeType":{ "type":"string", "max":255, "min":1, "pattern":"[\\x21\\x23-\\x5B\\x5D-\\x7E]+" }, "AllowedScopesType":{ "type":"list", "member":{"shape":"AllowedScopeType"}, "min":1 }, "AllowedStringListValue":{ "type":"string", "max":64, "min":1, "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "AllowedStringListValuesList":{ "type":"list", "member":{"shape":"AllowedStringListValue"}, "max":10, "min":1 }, "AllowedStringValue":{ "type":"string", "max":256, "min":1, "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "AllowedStringValuesList":{ "type":"list", "member":{"shape":"AllowedStringValue"}, "max":10, "min":1 }, "ApiGatewayTargetConfiguration":{ "type":"structure", "required":[ "restApiId", "stage", "apiGatewayToolConfiguration" ], "members":{ "restApiId":{ "shape":"String", "documentation":"The ID of the API Gateway REST API.
" }, "stage":{ "shape":"String", "documentation":"The ID of the stage of the REST API to add as a target.
" }, "apiGatewayToolConfiguration":{ "shape":"ApiGatewayToolConfiguration", "documentation":"The configuration for defining REST API tool filters and overrides for the gateway target.
" } }, "documentation":"The configuration for an Amazon API Gateway target.
" }, "ApiGatewayToolConfiguration":{ "type":"structure", "required":["toolFilters"], "members":{ "toolOverrides":{ "shape":"ApiGatewayToolOverrides", "documentation":"A list of explicit tool definitions with optional custom names and descriptions.
" }, "toolFilters":{ "shape":"ApiGatewayToolFilters", "documentation":"A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
" } }, "documentation":"The configuration for defining REST API tool filters and overrides for the gateway target.
" }, "ApiGatewayToolFilter":{ "type":"structure", "required":[ "filterPath", "methods" ], "members":{ "filterPath":{ "shape":"String", "documentation":"Resource path to match in the REST API. Supports exact paths (for example, /pets) or wildcard paths (for example, /pets/* to match all paths under /pets). Must match existing paths in the REST API.
The methods to filter for.
" } }, "documentation":"Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
" }, "ApiGatewayToolFilters":{ "type":"list", "member":{"shape":"ApiGatewayToolFilter"} }, "ApiGatewayToolOverride":{ "type":"structure", "required":[ "name", "path", "method" ], "members":{ "name":{ "shape":"String", "documentation":"The name of tool. Identifies the tool in the Model Context Protocol.
" }, "description":{ "shape":"String", "documentation":"The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
" }, "path":{ "shape":"String", "documentation":"Resource path in the REST API (e.g., /pets). Must explicitly match an existing path in the REST API.
The HTTP method to expose for the specified path.
" } }, "documentation":"Settings to override configurations for a tool.
" }, "ApiGatewayToolOverrides":{ "type":"list", "member":{"shape":"ApiGatewayToolOverride"} }, "ApiKeyArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:token-vault/[a-zA-Z0-9-.]+/apikeycredentialprovider/[a-zA-Z0-9-.]+" }, "ApiKeyCredentialLocation":{ "type":"string", "enum":[ "HEADER", "QUERY_PARAMETER" ] }, "ApiKeyCredentialParameterName":{ "type":"string", "max":64, "min":1 }, "ApiKeyCredentialPrefix":{ "type":"string", "max":64, "min":1 }, "ApiKeyCredentialProvider":{ "type":"structure", "required":["providerArn"], "members":{ "providerArn":{ "shape":"ApiKeyCredentialProviderArn", "documentation":"The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
" }, "credentialParameterName":{ "shape":"ApiKeyCredentialParameterName", "documentation":"The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
" }, "credentialPrefix":{ "shape":"ApiKeyCredentialPrefix", "documentation":"The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
" }, "credentialLocation":{ "shape":"ApiKeyCredentialLocation", "documentation":"The location of the API key credential. This field specifies where in the request the API key should be placed.
" } }, "documentation":"An API key credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using an API key.
" }, "ApiKeyCredentialProviderArn":{ "type":"string", "pattern":"arn:([^:]*):([^:]*):([^:]*):([0-9]{12})?:(.+)" }, "ApiKeyCredentialProviderArnType":{ "type":"string", "pattern":"arn:(aws|aws-us-gov):acps:[A-Za-z0-9-]{1,64}:[0-9]{12}:token-vault/[a-zA-Z0-9-.]+/apikeycredentialprovider/[a-zA-Z0-9-.]+" }, "ApiKeyCredentialProviderItem":{ "type":"structure", "required":[ "name", "credentialProviderArn", "createdTime", "lastUpdatedTime" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider.
" }, "credentialProviderArn":{ "shape":"ApiKeyCredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the API key credential provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was last updated.
" } }, "documentation":"Contains information about an API key credential provider.
" }, "ApiKeyCredentialProviders":{ "type":"list", "member":{"shape":"ApiKeyCredentialProviderItem"} }, "ApiKeyType":{ "type":"string", "max":65536, "min":1, "sensitive":true }, "ApiSchemaConfiguration":{ "type":"structure", "members":{ "s3":{"shape":"S3Configuration"}, "inlinePayload":{ "shape":"InlinePayload", "documentation":"The inline payload containing the API schema definition.
" } }, "documentation":"Configuration for API schema.
", "union":true }, "ApprovalConfiguration":{ "type":"structure", "members":{ "autoApproval":{ "shape":"Boolean", "documentation":"Whether registry records are auto-approved. When set to true, records are automatically approved upon creation. When set to false (the default), records require explicit approval for security purposes.
Configuration for the registry record approval workflow. Controls whether records added to the registry require explicit approval before becoming active.
" }, "Arn":{ "type":"string", "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}" }, "AtlassianOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Atlassian OAuth2 provider. This identifier is assigned by Atlassian when you register your application.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Atlassian OAuth2 provider. This secret is assigned by Atlassian and used along with the client ID to authenticate your application.
" } }, "documentation":"Configuration settings for connecting to Atlassian services using OAuth2 authentication. This includes the client credentials required to authenticate with Atlassian's OAuth2 authorization server.
" }, "AtlassianOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{"shape":"Oauth2Discovery"}, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Atlassian OAuth2 provider.
" } }, "documentation":"The configuration details returned for an Atlassian OAuth2 provider, including the client ID and OAuth2 discovery information.
" }, "AuthorizationData":{ "type":"structure", "members":{ "oauth2":{ "shape":"OAuth2AuthorizationData", "documentation":"OAuth2 authorization data for the gateway target.
" } }, "documentation":"Contains the authorization data that is returned when a gateway target is configured with a credential provider with authorization code grant type and requires user federation.
", "union":true }, "AuthorizationEndpointType":{"type":"string"}, "AuthorizerConfiguration":{ "type":"structure", "members":{ "customJWTAuthorizer":{ "shape":"CustomJWTAuthorizerConfiguration", "documentation":"The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
" } }, "documentation":"Represents inbound authorization configuration options used to authenticate incoming requests.
", "union":true }, "AuthorizerType":{ "type":"string", "enum":[ "CUSTOM_JWT", "AWS_IAM", "NONE", "AUTHENTICATE_ONLY" ] }, "AuthorizingClaimMatchValueType":{ "type":"structure", "required":[ "claimMatchValue", "claimMatchOperator" ], "members":{ "claimMatchValue":{ "shape":"ClaimMatchValueType", "documentation":"The value or values to match for.
" }, "claimMatchOperator":{ "shape":"ClaimMatchOperatorType", "documentation":"Defines the relationship between the claim field value and the value or values you're matching for.
" } }, "documentation":"Defines the value or values to match for and the relationship of the match.
" }, "AwsAccountId":{ "type":"string", "pattern":"[0-9]{12}" }, "BedrockAgentcoreResourceArn":{ "type":"string", "max":1011, "min":20 }, "BedrockEvaluatorModelConfig":{ "type":"structure", "required":["modelId"], "members":{ "modelId":{ "shape":"ModelId", "documentation":"The identifier of the Amazon Bedrock model to use for evaluation. Must be a supported foundation model available in your region.
" }, "inferenceConfig":{ "shape":"InferenceConfiguration", "documentation":"The inference configuration parameters that control model behavior during evaluation, including temperature, token limits, and sampling settings.
" }, "additionalModelRequestFields":{ "shape":"AdditionalModelRequestFields", "documentation":"Additional model-specific request fields to customize model behavior beyond the standard inference configuration.
" } }, "documentation":"The configuration for using Amazon Bedrock models in evaluator assessments, including model selection and inference parameters.
" }, "Boolean":{ "type":"boolean", "box":true }, "BranchName":{ "type":"string", "max":128, "min":1, "pattern":"[a-zA-Z][a-zA-Z0-9_/-]{0,127}" }, "BrowserArn":{ "type":"string", "pattern":"arn:aws(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:(aws|[0-9]{12}):browser(-custom)?/(aws\\.browser\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" }, "BrowserEnterprisePolicies":{ "type":"list", "member":{"shape":"BrowserEnterprisePolicy"}, "max":100, "min":0 }, "BrowserEnterprisePolicy":{ "type":"structure", "required":["location"], "members":{ "location":{ "shape":"ResourceLocation", "documentation":"The location of the enterprise policy file.
" }, "type":{ "shape":"BrowserEnterprisePolicyType", "documentation":"The type of browser enterprise policy. Available values are MANAGED and RECOMMENDED.
Browser enterprise policy configuration.
" }, "BrowserEnterprisePolicyType":{ "type":"string", "enum":[ "MANAGED", "RECOMMENDED" ] }, "BrowserId":{ "type":"string", "pattern":"(aws\\.browser\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" }, "BrowserNetworkConfiguration":{ "type":"structure", "required":["networkMode"], "members":{ "networkMode":{ "shape":"BrowserNetworkMode", "documentation":"The network mode for the browser. This field specifies how the browser connects to the network.
" }, "vpcConfig":{"shape":"VpcConfig"} }, "documentation":"The network configuration for a browser. This structure defines how the browser connects to the network.
" }, "BrowserNetworkMode":{ "type":"string", "enum":[ "PUBLIC", "VPC" ] }, "BrowserProfileArn":{ "type":"string", "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:browser-profile/[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10}" }, "BrowserProfileId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10}" }, "BrowserProfileName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "BrowserProfileStatus":{ "type":"string", "documentation":"The status of a browser profile.
", "enum":[ "READY", "DELETING", "DELETED", "SAVING" ] }, "BrowserProfileSummaries":{ "type":"list", "member":{"shape":"BrowserProfileSummary"} }, "BrowserProfileSummary":{ "type":"structure", "required":[ "profileId", "profileArn", "name", "status", "createdAt", "lastUpdatedAt" ], "members":{ "profileId":{ "shape":"BrowserProfileId", "documentation":"The unique identifier of the browser profile.
" }, "profileArn":{ "shape":"BrowserProfileArn", "documentation":"The Amazon Resource Name (ARN) of the browser profile.
" }, "name":{ "shape":"BrowserProfileName", "documentation":"The name of the browser profile.
" }, "description":{ "shape":"Description", "documentation":"The description of the browser profile.
" }, "status":{ "shape":"BrowserProfileStatus", "documentation":"The current status of the browser profile. Possible values include READY, SAVING, DELETING, and DELETED.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser profile was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser profile was last updated.
" }, "lastSavedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when browser session data was last saved to this profile.
" }, "lastSavedBrowserSessionId":{ "shape":"BrowserSessionId", "documentation":"The identifier of the browser session from which data was last saved to this profile.
" }, "lastSavedBrowserId":{ "shape":"BrowserId", "documentation":"The identifier of the browser from which data was last saved to this profile.
" } }, "documentation":"Contains summary information about a browser profile. A browser profile stores persistent browser data that can be reused across browser sessions.
" }, "BrowserSessionId":{ "type":"string", "pattern":"[0-9a-zA-Z]{1,40}" }, "BrowserSigningConfigInput":{ "type":"structure", "required":["enabled"], "members":{ "enabled":{ "shape":"Boolean", "documentation":"Specifies whether browser signing is enabled. When enabled, the browser will cryptographically sign HTTP requests to identify itself as an AI agent to bot control vendors.
" } }, "documentation":"Configuration for enabling browser signing capabilities that allow agents to cryptographically identify themselves to websites using HTTP message signatures.
" }, "BrowserSigningConfigOutput":{ "type":"structure", "required":["enabled"], "members":{ "enabled":{ "shape":"Boolean", "documentation":"Indicates whether browser signing is currently enabled for cryptographic agent identification using HTTP message signatures.
" } }, "documentation":"The current browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
" }, "BrowserStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "READY", "DELETING", "DELETE_FAILED", "DELETED" ] }, "BrowserSummaries":{ "type":"list", "member":{"shape":"BrowserSummary"} }, "BrowserSummary":{ "type":"structure", "required":[ "browserId", "browserArn", "status", "createdAt" ], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the browser.
" }, "browserArn":{ "shape":"BrowserArn", "documentation":"The Amazon Resource Name (ARN) of the browser.
" }, "name":{ "shape":"SandboxName", "documentation":"The name of the browser.
" }, "description":{ "shape":"Description", "documentation":"The description of the browser.
" }, "status":{ "shape":"BrowserStatus", "documentation":"The current status of the browser.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was last updated.
" } }, "documentation":"Contains summary information about a browser. A browser enables Amazon Bedrock AgentCore Agent to interact with web content.
" }, "CategoricalScaleDefinition":{ "type":"structure", "required":[ "definition", "label" ], "members":{ "definition":{ "shape":"String", "documentation":"The description that explains what this categorical rating represents and when it should be used.
" }, "label":{ "shape":"CategoricalScaleDefinitionLabelString", "documentation":"The label or name of this categorical rating option.
" } }, "documentation":"The definition of a categorical rating scale option that provides a named category with its description for evaluation scoring.
" }, "CategoricalScaleDefinitionLabelString":{ "type":"string", "max":100, "min":1 }, "CategoricalScaleDefinitions":{ "type":"list", "member":{"shape":"CategoricalScaleDefinition"} }, "CedarPolicy":{ "type":"structure", "required":["statement"], "members":{ "statement":{ "shape":"Statement", "documentation":"The Cedar policy statement that defines the authorization logic. This statement follows Cedar syntax and specifies principals, actions, resources, and conditions that determine when access should be allowed or denied.
" } }, "documentation":"Represents a Cedar policy statement within the AgentCore Policy system. Cedar is a policy language designed for authorization that provides human-readable, analyzable, and high-performance policy evaluation for controlling agent behavior and access decisions.
" }, "Certificate":{ "type":"structure", "required":["location"], "members":{ "location":{ "shape":"CertificateLocation", "documentation":"The location of the certificate.
" } }, "documentation":"A certificate to install in the browser or code interpreter.
" }, "CertificateLocation":{ "type":"structure", "members":{ "secretsManager":{ "shape":"SecretsManagerLocation", "documentation":"The Amazon Web Services Secrets Manager location of the certificate.
" } }, "documentation":"The location from which to retrieve a certificate.
", "union":true }, "Certificates":{ "type":"list", "member":{"shape":"Certificate"}, "max":200, "min":1 }, "ClaimMatchOperatorType":{ "type":"string", "enum":[ "EQUALS", "CONTAINS", "CONTAINS_ANY" ] }, "ClaimMatchValueType":{ "type":"structure", "members":{ "matchValueString":{ "shape":"MatchValueString", "documentation":"The string value to match for.
" }, "matchValueStringList":{ "shape":"MatchValueStringList", "documentation":"An array of strings to check for a match.
" } }, "documentation":"The value or values to match for.
Include a matchValueString with the EQUALS operator to specify a string that matches the claim field value.
Include a matchValueArray to specify an array of string values. You can use the following operators:
Use CONTAINS to yield a match if the claim field value is in the array.
Use CONTAINS_ANY to yield a match if the claim field value contains any of the strings in the array.
The list of CloudWatch log group names to monitor for agent traces.
" }, "serviceNames":{ "shape":"CloudWatchLogsInputConfigServiceNamesList", "documentation":"The list of service names to filter traces within the specified log groups. Used to identify relevant agent sessions.
" } }, "documentation":"The configuration for reading agent traces from CloudWatch logs as input for online evaluation.
" }, "CloudWatchLogsInputConfigLogGroupNamesList":{ "type":"list", "member":{"shape":"LogGroupName"}, "max":5, "min":1 }, "CloudWatchLogsInputConfigServiceNamesList":{ "type":"list", "member":{"shape":"ServiceName"}, "max":1, "min":1 }, "CloudWatchOutputConfig":{ "type":"structure", "required":["logGroupName"], "members":{ "logGroupName":{ "shape":"LogGroupName", "documentation":"The name of the CloudWatch log group where evaluation results will be written. The log group will be created if it doesn't exist.
" } }, "documentation":"The configuration for writing evaluation results to CloudWatch logs with embedded metric format (EMF) for monitoring.
" }, "Code":{ "type":"structure", "members":{ "s3":{ "shape":"S3Location", "documentation":"The Amazon Amazon S3 object that contains the source code for the agent runtime.
" } }, "documentation":"The source code configuration that specifies the location and details of the code to be executed.
", "union":true }, "CodeBasedEvaluatorConfig":{ "type":"structure", "members":{ "lambdaConfig":{ "shape":"LambdaEvaluatorConfig", "documentation":"The Lambda function configuration for code-based evaluation.
" } }, "documentation":"Configuration for a code-based evaluator. Specify the Lambda function to use for evaluation.
", "union":true }, "CodeConfiguration":{ "type":"structure", "required":[ "code", "runtime", "entryPoint" ], "members":{ "code":{ "shape":"Code", "documentation":"The source code location and configuration details.
" }, "runtime":{ "shape":"AgentManagedRuntimeType", "documentation":"The runtime environment for executing the agent code. Specify the programming language and version to use for the agent runtime. For valid values, see the list of supported runtimes.
" }, "entryPoint":{ "shape":"CodeConfigurationEntryPointList", "documentation":"The entry point for the code execution, specifying the function or method that should be invoked when the code runs.
" } }, "documentation":"The configuration for the source code that defines how the agent runtime code should be executed, including the code location, runtime environment, and entry point.
" }, "CodeConfigurationEntryPointList":{ "type":"list", "member":{"shape":"entryPoint"}, "max":2, "min":1 }, "CodeInterpreterArn":{ "type":"string", "pattern":"arn:aws(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:(aws|[0-9]{12}):code-interpreter(-custom)?/(aws\\.codeinterpreter\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" }, "CodeInterpreterId":{ "type":"string", "pattern":"(aws\\.codeinterpreter\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" }, "CodeInterpreterNetworkConfiguration":{ "type":"structure", "required":["networkMode"], "members":{ "networkMode":{ "shape":"CodeInterpreterNetworkMode", "documentation":"The network mode for the code interpreter. This field specifies how the code interpreter connects to the network.
" }, "vpcConfig":{"shape":"VpcConfig"} }, "documentation":"The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.
" }, "CodeInterpreterNetworkMode":{ "type":"string", "enum":[ "PUBLIC", "SANDBOX", "VPC" ] }, "CodeInterpreterStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "READY", "DELETING", "DELETE_FAILED", "DELETED" ] }, "CodeInterpreterSummaries":{ "type":"list", "member":{"shape":"CodeInterpreterSummary"} }, "CodeInterpreterSummary":{ "type":"structure", "required":[ "codeInterpreterId", "codeInterpreterArn", "status", "createdAt" ], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the code interpreter.
" }, "codeInterpreterArn":{ "shape":"CodeInterpreterArn", "documentation":"The Amazon Resource Name (ARN) of the code interpreter.
" }, "name":{ "shape":"SandboxName", "documentation":"The name of the code interpreter.
" }, "description":{ "shape":"Description", "documentation":"The description of the code interpreter.
" }, "status":{ "shape":"CodeInterpreterStatus", "documentation":"The current status of the code interpreter.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was last updated.
" } }, "documentation":"Contains summary information about a code interpreter. A code interpreter enables Amazon Bedrock AgentCore Agent to execute code.
" }, "ComponentConfiguration":{ "type":"structure", "required":["configuration"], "members":{ "configuration":{ "shape":"Document", "documentation":"The configuration values as a flexible JSON document.
" } }, "documentation":"The configuration for a component within a configuration bundle. The component type is inferred from the component identifier ARN.
", "sensitive":true }, "ComponentConfigurationMap":{ "type":"map", "key":{"shape":"ComponentIdentifier"}, "value":{"shape":"ComponentConfiguration"} }, "ComponentIdentifier":{ "type":"string", "max":2048, "min":1, "pattern":"[a-zA-Z][a-zA-Z0-9_:/.\\-]{0,2047}" }, "ConcurrentModificationException":{ "type":"structure", "required":["message"], "members":{ "message":{"shape":"String"} }, "documentation":"Exception thrown when a resource is modified concurrently by multiple requests.
", "error":{ "httpStatusCode":409, "senderFault":true }, "exception":true }, "Condition":{ "type":"structure", "members":{ "matchPrincipals":{ "shape":"MatchPrincipals", "documentation":"A condition that matches on the identity of the caller making the request.
" }, "matchPaths":{ "shape":"MatchPaths", "documentation":"A condition that matches on the request path.
" } }, "documentation":"A condition that determines when a gateway rule applies. Conditions can match on principals or request paths.
", "union":true }, "Conditions":{ "type":"list", "member":{"shape":"Condition"}, "max":2, "min":1 }, "ConfigurationBundleAction":{ "type":"structure", "members":{ "staticOverride":{ "shape":"StaticOverride", "documentation":"A static configuration bundle override that applies a single bundle version to all matching requests.
" }, "weightedOverride":{ "shape":"WeightedOverride", "documentation":"A weighted configuration bundle override that splits traffic between multiple bundle versions based on configured weights.
" } }, "documentation":"An action that applies a configuration bundle override, either as a static override or a weighted split for A/B testing.
", "union":true }, "ConfigurationBundleArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:configuration-bundle/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "ConfigurationBundleDescription":{ "type":"string", "max":500, "min":1, "pattern":".+", "sensitive":true }, "ConfigurationBundleId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "ConfigurationBundleName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,99}" }, "ConfigurationBundleReference":{ "type":"structure", "required":[ "bundleArn", "bundleVersion" ], "members":{ "bundleArn":{ "shape":"GatewayConfigurationBundleArn", "documentation":"The Amazon Resource Name (ARN) of the configuration bundle.
" }, "bundleVersion":{ "shape":"ConfigurationBundleReferenceBundleVersionString", "documentation":"The version of the configuration bundle.
" } }, "documentation":"A reference to a specific version of a configuration bundle.
" }, "ConfigurationBundleReferenceBundleVersionString":{ "type":"string", "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, "ConfigurationBundleStatus":{ "type":"string", "enum":[ "ACTIVE", "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "DELETING", "DELETE_FAILED" ] }, "ConfigurationBundleSummary":{ "type":"structure", "required":[ "bundleArn", "bundleId", "bundleName" ], "members":{ "bundleArn":{ "shape":"ConfigurationBundleArn", "documentation":"The Amazon Resource Name (ARN) of the configuration bundle.
" }, "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle.
" }, "bundleName":{ "shape":"ConfigurationBundleName", "documentation":"The name of the configuration bundle.
" }, "description":{ "shape":"ConfigurationBundleDescription", "documentation":"The description of the configuration bundle.
" } }, "documentation":"Summary information about a configuration bundle.
" }, "ConfigurationBundleSummaryList":{ "type":"list", "member":{"shape":"ConfigurationBundleSummary"} }, "ConfigurationBundleVersion":{ "type":"string", "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, "ConfigurationBundleVersionList":{ "type":"list", "member":{"shape":"ConfigurationBundleVersion"} }, "ConfigurationBundleVersionSummary":{ "type":"structure", "required":[ "bundleArn", "bundleId", "versionId", "versionCreatedAt" ], "members":{ "bundleArn":{ "shape":"ConfigurationBundleArn", "documentation":"The Amazon Resource Name (ARN) of the configuration bundle.
" }, "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle.
" }, "versionId":{ "shape":"ConfigurationBundleVersion", "documentation":"The version identifier of this configuration bundle version.
" }, "lineageMetadata":{ "shape":"VersionLineageMetadata", "documentation":"The version lineage metadata, including parent versions, branch name, and creation source.
" }, "versionCreatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when this version was created.
" } }, "documentation":"Summary information about a configuration bundle version.
" }, "ConfigurationBundleVersionSummaryList":{ "type":"list", "member":{"shape":"ConfigurationBundleVersionSummary"} }, "ConflictException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when there is a conflict performing an operation
", "error":{ "httpStatusCode":409, "senderFault":true }, "exception":true }, "ConsolidationConfiguration":{ "type":"structure", "members":{ "customConsolidationConfiguration":{ "shape":"CustomConsolidationConfiguration", "documentation":"The custom consolidation configuration.
" } }, "documentation":"Contains consolidation configuration information for a memory strategy.
", "union":true }, "ContainerConfiguration":{ "type":"structure", "required":["containerUri"], "members":{ "containerUri":{ "shape":"RuntimeContainerUri", "documentation":"The ECR URI of the container.
" } }, "documentation":"Representation of a container configuration.
" }, "Content":{ "type":"structure", "members":{ "rawText":{ "shape":"NaturalLanguage", "documentation":"The raw text content containing natural language descriptions of desired policy behavior. This text is processed by AI to generate corresponding Cedar policy statements that match the described intent.
" } }, "documentation":"Represents content input for policy generation operations. This structure encapsulates the natural language descriptions or other content formats that are used as input for AI-powered policy generation.
", "union":true }, "ContentConfiguration":{ "type":"structure", "required":["type"], "members":{ "type":{ "shape":"ContentType", "documentation":"Type of content to stream.
" }, "level":{ "shape":"ContentLevel", "documentation":"Level of detail for streamed content.
" } }, "documentation":"Defines what content to stream and at what level of detail.
" }, "ContentLevel":{ "type":"string", "enum":[ "METADATA_ONLY", "FULL_CONTENT" ] }, "ContentType":{ "type":"string", "enum":["MEMORY_RECORDS"] }, "CreateAgentRuntimeEndpointRequest":{ "type":"structure", "required":[ "agentRuntimeId", "name" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to create an endpoint for.
", "location":"uri", "locationName":"agentRuntimeId" }, "name":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the AgentCore Runtime to use for the endpoint.
" }, "description":{ "shape":"AgentEndpointDescription", "documentation":"The description of the AgentCore Runtime endpoint.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the agent runtime endpoint. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateAgentRuntimeEndpointResponse":{ "type":"structure", "required":[ "targetVersion", "agentRuntimeEndpointArn", "agentRuntimeArn", "status", "createdAt" ], "members":{ "targetVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The target version of the AgentCore Runtime for the endpoint.
" }, "agentRuntimeEndpointArn":{ "shape":"AgentRuntimeEndpointArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
" }, "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint.
" }, "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the AgentCore Runtime endpoint.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was created.
" } } }, "CreateAgentRuntimeRequest":{ "type":"structure", "required":[ "agentRuntimeName", "agentRuntimeArtifact", "roleArn", "networkConfiguration" ], "members":{ "agentRuntimeName":{ "shape":"AgentRuntimeName", "documentation":"The name of the AgentCore Runtime.
" }, "agentRuntimeArtifact":{ "shape":"AgentRuntimeArtifact", "documentation":"The artifact of the AgentCore Runtime.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the AgentCore Runtime.
" }, "networkConfiguration":{ "shape":"NetworkConfiguration", "documentation":"The network configuration for the AgentCore Runtime.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true }, "description":{ "shape":"Description", "documentation":"The description of the AgentCore Runtime.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The authorizer configuration for the AgentCore Runtime.
" }, "requestHeaderConfiguration":{ "shape":"RequestHeaderConfiguration", "documentation":"Configuration for HTTP request headers that will be passed through to the runtime.
" }, "protocolConfiguration":{"shape":"ProtocolConfiguration"}, "lifecycleConfiguration":{ "shape":"LifecycleConfiguration", "documentation":"The life cycle configuration for the AgentCore Runtime.
" }, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Environment variables to set in the AgentCore Runtime environment.
" }, "filesystemConfigurations":{ "shape":"FilesystemConfigurations", "documentation":"The filesystem configurations to mount into the AgentCore Runtime. Use filesystem configurations to provide persistent storage to your AgentCore Runtime sessions.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the agent runtime. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateAgentRuntimeResponse":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeId", "agentRuntimeVersion", "createdAt", "status" ], "members":{ "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the AgentCore Runtime.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was created.
" }, "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the AgentCore Runtime.
" } } }, "CreateApiKeyCredentialProviderRequest":{ "type":"structure", "required":[ "name", "apiKey" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider. The name must be unique within your account.
" }, "apiKey":{ "shape":"ApiKeyType", "documentation":"The API key to use for authentication. This value is encrypted and stored securely.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the API key credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateApiKeyCredentialProviderResponse":{ "type":"structure", "required":[ "apiKeySecretArn", "name", "credentialProviderArn" ], "members":{ "apiKeySecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the secret containing the API key.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the created API key credential provider.
" }, "credentialProviderArn":{ "shape":"ApiKeyCredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the created API key credential provider.
" } } }, "CreateBrowserProfileRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"BrowserProfileName", "documentation":"The name of the browser profile. The name must be unique within your account and can contain alphanumeric characters and underscores.
" }, "description":{ "shape":"Description", "documentation":"A description of the browser profile. Use this field to describe the purpose or contents of the profile.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock AgentCore ignores the request but does not return an error.
", "idempotencyToken":true }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the browser profile. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateBrowserProfileResponse":{ "type":"structure", "required":[ "profileId", "profileArn", "createdAt", "status" ], "members":{ "profileId":{ "shape":"BrowserProfileId", "documentation":"The unique identifier of the created browser profile.
" }, "profileArn":{ "shape":"BrowserProfileArn", "documentation":"The Amazon Resource Name (ARN) of the created browser profile.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser profile was created.
" }, "status":{ "shape":"BrowserProfileStatus", "documentation":"The current status of the browser profile.
" } } }, "CreateBrowserRequest":{ "type":"structure", "required":[ "name", "networkConfiguration" ], "members":{ "name":{ "shape":"SandboxName", "documentation":"The name of the browser. The name must be unique within your account.
" }, "description":{ "shape":"Description", "documentation":"The description of the browser.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the browser to access Amazon Web Services services.
" }, "networkConfiguration":{ "shape":"BrowserNetworkConfiguration", "documentation":"The network configuration for the browser. This configuration specifies the network mode for the browser.
" }, "recording":{ "shape":"RecordingConfig", "documentation":"The recording configuration for the browser. When enabled, browser sessions are recorded and stored in the specified Amazon S3 location.
" }, "browserSigning":{ "shape":"BrowserSigningConfigInput", "documentation":"The browser signing configuration that enables cryptographic agent identification using HTTP message signatures for web bot authentication.
" }, "enterprisePolicies":{ "shape":"BrowserEnterprisePolicies", "documentation":"A list of enterprise policy files for the browser.
" }, "certificates":{ "shape":"Certificates", "documentation":"A list of certificates to install in the browser.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock AgentCore ignores the request but does not return an error.
", "idempotencyToken":true }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the browser. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateBrowserResponse":{ "type":"structure", "required":[ "browserId", "browserArn", "createdAt", "status" ], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the created browser.
" }, "browserArn":{ "shape":"BrowserArn", "documentation":"The Amazon Resource Name (ARN) of the created browser.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was created.
" }, "status":{ "shape":"BrowserStatus", "documentation":"The current status of the browser.
" } } }, "CreateCodeInterpreterRequest":{ "type":"structure", "required":[ "name", "networkConfiguration" ], "members":{ "name":{ "shape":"SandboxName", "documentation":"The name of the code interpreter. The name must be unique within your account.
" }, "description":{ "shape":"Description", "documentation":"The description of the code interpreter.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the code interpreter to access Amazon Web Services services.
" }, "networkConfiguration":{ "shape":"CodeInterpreterNetworkConfiguration", "documentation":"The network configuration for the code interpreter. This configuration specifies the network mode for the code interpreter.
" }, "certificates":{ "shape":"Certificates", "documentation":"A list of certificates to install in the code interpreter.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock AgentCore ignores the request but does not return an error.
", "idempotencyToken":true }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the code interpreter. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateCodeInterpreterResponse":{ "type":"structure", "required":[ "codeInterpreterId", "codeInterpreterArn", "createdAt", "status" ], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the created code interpreter.
" }, "codeInterpreterArn":{ "shape":"CodeInterpreterArn", "documentation":"The Amazon Resource Name (ARN) of the created code interpreter.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was created.
" }, "status":{ "shape":"CodeInterpreterStatus", "documentation":"The current status of the code interpreter.
" } } }, "CreateConfigurationBundleRequest":{ "type":"structure", "required":[ "bundleName", "components" ], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "bundleName":{ "shape":"ConfigurationBundleName", "documentation":"The name for the configuration bundle. Names must be unique within your account.
" }, "description":{ "shape":"ConfigurationBundleDescription", "documentation":"The description for the configuration bundle.
" }, "components":{ "shape":"ComponentConfigurationMap", "documentation":"A map of component identifiers to their configurations. Each component represents a configurable element within the bundle.
" }, "branchName":{ "shape":"BranchName", "documentation":"The branch name for version tracking. Defaults to mainline if not specified.
A commit message describing the initial version of the configuration bundle.
" }, "createdBy":{ "shape":"VersionCreatedBySource", "documentation":"The source that created this version, including the source name and optional ARN.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the configuration bundle. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateConfigurationBundleRequestCommitMessageString":{ "type":"string", "max":500, "min":1 }, "CreateConfigurationBundleResponse":{ "type":"structure", "required":[ "bundleArn", "bundleId", "versionId", "createdAt" ], "members":{ "bundleArn":{ "shape":"ConfigurationBundleArn", "documentation":"The Amazon Resource Name (ARN) of the created configuration bundle.
" }, "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the created configuration bundle.
" }, "versionId":{ "shape":"ConfigurationBundleVersion", "documentation":"The initial version identifier of the configuration bundle.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the configuration bundle was created.
" } } }, "CreateEvaluatorRequest":{ "type":"structure", "required":[ "evaluatorName", "evaluatorConfig", "level" ], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "evaluatorName":{ "shape":"CustomEvaluatorName", "documentation":"The name of the evaluator. Must be unique within your account.
" }, "description":{ "shape":"EvaluatorDescription", "documentation":"The description of the evaluator that explains its purpose and evaluation criteria.
" }, "evaluatorConfig":{ "shape":"EvaluatorConfig", "documentation":"The configuration for the evaluator. Specify either LLM-as-a-Judge settings with instructions, rating scale, and model configuration, or code-based settings with a customer-managed Lambda function.
" }, "level":{ "shape":"EvaluatorLevel", "documentation":" The evaluation level that determines the scope of evaluation. Valid values are TOOL_CALL for individual tool invocations, TRACE for single request-response interactions, or SESSION for entire conversation sessions.
The Amazon Resource Name (ARN) of a customer managed KMS key to use for encrypting sensitive evaluator data, including instructions and rating scale. If you don't specify a KMS key, the evaluator data is encrypted with an Amazon Web Services owned key. Only symmetric encryption KMS keys are supported. For more information, see Encryption at rest for AgentCore Evaluations.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to an AgentCore Evaluator. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateEvaluatorResponse":{ "type":"structure", "required":[ "evaluatorArn", "evaluatorId", "createdAt", "status" ], "members":{ "evaluatorArn":{ "shape":"CustomEvaluatorArn", "documentation":"The Amazon Resource Name (ARN) of the created evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the created evaluator.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was created.
" }, "status":{ "shape":"EvaluatorStatus", "documentation":"The status of the evaluator creation operation.
" } } }, "CreateGatewayRequest":{ "type":"structure", "required":[ "name", "roleArn", "authorizerType" ], "members":{ "name":{ "shape":"GatewayName", "documentation":"The name of the gateway. The name must be unique within your account.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The description of the gateway.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "roleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the gateway to access Amazon Web Services services.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The protocol type for the gateway.
" }, "protocolConfiguration":{ "shape":"GatewayProtocolConfiguration", "documentation":"The configuration settings for the protocol specified in the protocolType parameter.
The type of authorizer to use for the gateway.
CUSTOM_JWT - Authorize with a bearer token.
AWS_IAM - Authorize with your Amazon Web Services IAM credentials.
NONE - No authorization
The authorizer configuration for the gateway. Required if authorizerType is CUSTOM_JWT.
The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"A list of configuration settings for a gateway interceptor. Gateway interceptors allow custom code to be invoked during gateway invocations.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The policy engine configuration for the gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
A map of key-value pairs to associate with the gateway as metadata tags.
" } } }, "CreateGatewayResponse":{ "type":"structure", "required":[ "gatewayArn", "gatewayId", "createdAt", "updatedAt", "status", "name", "authorizerType" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the created gateway.
" }, "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the created gateway.
" }, "gatewayUrl":{ "shape":"GatewayUrl", "documentation":"The URL endpoint for the created gateway.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was last updated.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the gateway.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway.
" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The description of the gateway.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role associated with the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The protocol type of the gateway.
" }, "protocolConfiguration":{ "shape":"GatewayProtocolConfiguration", "documentation":"The configuration settings for the protocol used by the gateway.
" }, "authorizerType":{ "shape":"AuthorizerType", "documentation":"The type of authorizer used by the gateway.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The authorizer configuration for the created gateway.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"The list of interceptor configurations for the created gateway.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The policy engine configuration for the created gateway.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the created gateway.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The identifier of the gateway to create a rule for.
", "location":"uri", "locationName":"gatewayIdentifier" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "priority":{ "shape":"GatewayRulePriority", "documentation":"The priority of the rule. Rules are evaluated in order of priority, with lower numbers evaluated first. Must be between 1 and 1,000,000.
" }, "conditions":{ "shape":"Conditions", "documentation":"The conditions that must be met for the rule to apply. Conditions can match on principals (IAM ARNs) or request paths.
" }, "actions":{ "shape":"Actions", "documentation":"The actions to take when the rule conditions are met. Actions can route to a specific target or apply a configuration bundle override.
" }, "description":{ "shape":"GatewayRuleDescription", "documentation":"The description of the gateway rule.
" } } }, "CreateGatewayRuleResponse":{ "type":"structure", "required":[ "ruleId", "gatewayArn", "priority", "actions", "createdAt", "status" ], "members":{ "ruleId":{ "shape":"GatewayRuleId", "documentation":"The unique identifier of the gateway rule.
" }, "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway that the rule belongs to.
" }, "priority":{ "shape":"GatewayRulePriority", "documentation":"The priority of the rule. Rules are evaluated in order of priority, with lower numbers evaluated first.
" }, "conditions":{ "shape":"Conditions", "documentation":"The conditions that must be met for the rule to apply.
" }, "actions":{ "shape":"Actions", "documentation":"The actions to take when the rule conditions are met.
" }, "description":{ "shape":"GatewayRuleDescription", "documentation":"The description of the gateway rule.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the rule was created.
" }, "status":{ "shape":"GatewayRuleStatus", "documentation":"The current status of the rule.
" }, "system":{ "shape":"SystemManagedBlock", "documentation":"System-managed metadata for rules created by automated processes.
" } } }, "CreateGatewayTargetRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "name", "targetConfiguration" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to create a target for.
", "location":"uri", "locationName":"gatewayIdentifier" }, "name":{ "shape":"TargetName", "documentation":"The name of the gateway target. The name must be unique within the gateway.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description of the gateway target.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "targetConfiguration":{ "shape":"TargetConfiguration", "documentation":"The configuration settings for the target, including endpoint information and schema definitions.
" }, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The credential provider configurations for the target. These configurations specify how the gateway authenticates with the target endpoint.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"Optional configuration for HTTP header and query parameter propagation to and from the gateway target.
" }, "privateEndpoint":{ "shape":"PrivateEndpoint", "documentation":"The private endpoint configuration for the gateway target. Use this to connect the gateway to private resources in your VPC.
" } } }, "CreateGatewayTargetResponse":{ "type":"structure", "required":[ "gatewayArn", "targetId", "createdAt", "updatedAt", "status", "name", "targetConfiguration", "credentialProviderConfigurations" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the created target.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the target was last updated.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the target.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the target.
" }, "name":{ "shape":"TargetName", "documentation":"The name of the target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description of the target.
" }, "targetConfiguration":{ "shape":"TargetConfiguration", "documentation":"The configuration settings for the target.
" }, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The credential provider configurations for the target.
" }, "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"The last synchronization of the target.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"The metadata configuration that was applied to the created gateway target.
" }, "privateEndpoint":{ "shape":"PrivateEndpoint", "documentation":"The private endpoint configuration for the gateway target.
" }, "privateEndpointManagedResources":{ "shape":"PrivateEndpointManagedResources", "documentation":"The managed resources created by the gateway for private endpoint connectivity.
" }, "authorizationData":{ "shape":"AuthorizationData", "documentation":"OAuth2 authorization data for the created gateway target. This data is returned when a target is configured with a credential provider with authorization code grant type and requires user federation.
" }, "protocolType":{ "shape":"TargetProtocolType", "documentation":"The protocol type of the created gateway target.
" } } }, "CreateHarnessRequest":{ "type":"structure", "required":[ "harnessName", "executionRoleArn" ], "members":{ "harnessName":{ "shape":"HarnessName", "documentation":"The name of the harness. Must start with a letter and contain only alphanumeric characters and underscores.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The ARN of the IAM role that the harness assumes when running. This role must have permissions for the services the agent needs to access, such as Amazon Bedrock for model invocation.
" }, "environment":{ "shape":"HarnessEnvironmentProviderRequest", "documentation":"The compute environment configuration for the harness, including network and lifecycle settings.
" }, "environmentArtifact":{ "shape":"HarnessEnvironmentArtifact", "documentation":"The environment artifact for the harness, such as a custom container image containing additional dependencies.
" }, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Environment variables to set in the harness runtime environment.
" }, "authorizerConfiguration":{"shape":"AuthorizerConfiguration"}, "model":{ "shape":"HarnessModelConfiguration", "documentation":"The model configuration for the harness. Supports Amazon Bedrock, OpenAI, and Google Gemini model providers.
" }, "systemPrompt":{ "shape":"HarnessSystemPrompt", "documentation":"The system prompt that defines the agent's behavior and instructions.
" }, "tools":{ "shape":"HarnessTools", "documentation":"The tools available to the agent, such as remote MCP servers, AgentCore Gateway, AgentCore Browser, Code Interpreter, or inline functions.
" }, "skills":{ "shape":"HarnessSkills", "documentation":"The skills available to the agent. Skills are bundles of files that the agent can pull into its context on demand.
" }, "allowedTools":{ "shape":"HarnessAllowedTools", "documentation":"The tools that the agent is allowed to use. Supports glob patterns such as * for all tools, @builtin for all built-in tools, or @serverName/toolName for specific MCP server tools.
" }, "memory":{ "shape":"HarnessMemoryConfiguration", "documentation":"The AgentCore Memory configuration for persisting conversation context across sessions.
" }, "truncation":{ "shape":"HarnessTruncationConfiguration", "documentation":"The truncation configuration for managing conversation context when it exceeds model limits.
" }, "maxIterations":{ "shape":"Integer", "documentation":"The maximum number of iterations the agent loop can execute per invocation.
" }, "maxTokens":{ "shape":"Integer", "documentation":"The maximum total number of output tokens the agent can generate across all model calls within a single invocation.
" }, "timeoutSeconds":{ "shape":"Integer", "documentation":"The maximum duration in seconds for the agent loop execution per invocation.
" }, "tags":{ "shape":"TagsMap", "documentation":"Tags to apply to the harness resource.
" } } }, "CreateHarnessResponse":{ "type":"structure", "required":["harness"], "members":{ "harness":{ "shape":"Harness", "documentation":"The harness that was created.
" } } }, "CreateMemoryInput":{ "type":"structure", "required":[ "name", "eventExpiryDuration" ], "members":{ "clientToken":{ "shape":"CreateMemoryInputClientTokenString", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.
", "idempotencyToken":true }, "name":{ "shape":"Name", "documentation":"The name of the memory. The name must be unique within your account.
" }, "description":{ "shape":"Description", "documentation":"The description of the memory.
" }, "encryptionKeyArn":{ "shape":"Arn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the memory data.
" }, "memoryExecutionRoleArn":{ "shape":"Arn", "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the memory to access Amazon Web Services services.
" }, "eventExpiryDuration":{ "shape":"CreateMemoryInputEventExpiryDurationInteger", "documentation":"The duration after which memory events expire. Specified as an ISO 8601 duration.
" }, "memoryStrategies":{ "shape":"MemoryStrategyInputList", "documentation":"The memory strategies to use for this memory. Strategies define how information is extracted, processed, and consolidated.
" }, "indexedKeys":{ "shape":"IndexedKeysList", "documentation":"Metadata keys to index for filtering. Once declared, indexed keys cannot be removed.
" }, "streamDeliveryResources":{ "shape":"StreamDeliveryResources", "documentation":"Configuration for streaming memory record data to external resources.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to an AgentCore Memory. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateMemoryInputClientTokenString":{ "type":"string", "max":500, "min":0 }, "CreateMemoryInputEventExpiryDurationInteger":{ "type":"integer", "box":true, "max":365, "min":3 }, "CreateMemoryOutput":{ "type":"structure", "members":{ "memory":{ "shape":"Memory", "documentation":"The details of the created memory, including its ID, ARN, name, description, and configuration settings.
" } } }, "CreateOauth2CredentialProviderRequest":{ "type":"structure", "required":[ "name", "credentialProviderVendor", "oauth2ProviderConfigInput" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider. The name must be unique within your account.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider. This specifies which OAuth2 implementation to use.
" }, "oauth2ProviderConfigInput":{ "shape":"Oauth2ProviderConfigInput", "documentation":"The configuration settings for the OAuth2 provider, including client ID, client secret, and other vendor-specific settings.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the OAuth2 credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateOauth2CredentialProviderResponse":{ "type":"structure", "required":[ "clientSecretArn", "name", "credentialProviderArn" ], "members":{ "clientSecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider.
" }, "credentialProviderArn":{ "shape":"CredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the OAuth2 credential provider.
" }, "callbackUrl":{ "shape":"String", "documentation":"Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
" }, "oauth2ProviderConfigOutput":{"shape":"Oauth2ProviderConfigOutput"}, "status":{ "shape":"Status", "documentation":"The current status of the OAuth2 credential provider.
" } } }, "CreateOnlineEvaluationConfigRequest":{ "type":"structure", "required":[ "onlineEvaluationConfigName", "rule", "dataSourceConfig", "evaluators", "evaluationExecutionRoleArn", "enableOnCreate" ], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "onlineEvaluationConfigName":{ "shape":"EvaluationConfigName", "documentation":"The name of the online evaluation configuration. Must be unique within your account.
" }, "description":{ "shape":"EvaluationConfigDescription", "documentation":"The description of the online evaluation configuration that explains its monitoring purpose and scope.
" }, "rule":{ "shape":"Rule", "documentation":"The evaluation rule that defines sampling configuration, filters, and session detection settings for the online evaluation.
" }, "dataSourceConfig":{ "shape":"DataSourceConfig", "documentation":"The data source configuration that specifies CloudWatch log groups and service names to monitor for agent traces.
" }, "evaluators":{ "shape":"EvaluatorList", "documentation":" The list of evaluators to apply during online evaluation. Can include both built-in evaluators and custom evaluators created with CreateEvaluator.
The Amazon Resource Name (ARN) of the IAM role that grants permissions to read from CloudWatch logs, write evaluation results, and invoke Amazon Bedrock models for evaluation. If the configuration references evaluators encrypted with a customer managed KMS key, this role must also have kms:Decrypt permission on the KMS key. The service validates this permission at configuration creation time. For more information, see Encryption at rest for AgentCore Evaluations.
Whether to enable the online evaluation configuration immediately upon creation. If true, evaluation begins automatically.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to an AgentCore Online Evaluation Config. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateOnlineEvaluationConfigResponse":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "createdAt", "status", "executionStatus" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the created online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the created online evaluation configuration.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was created.
" }, "outputConfig":{"shape":"OutputConfig"}, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The execution status indicating whether the online evaluation is currently running.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the online evaluation configuration creation or execution failed.
" } } }, "CreatePolicyEngineRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned immutable name for the policy engine. This name identifies the policy engine and cannot be changed after creation.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy engine's purpose and scope (1-4,096 characters). This helps administrators understand the policy engine's role in the overall governance strategy. Document which Gateway this engine will be associated with, what types of tools or workflows it governs, and the team or service responsible for maintaining it. Clear descriptions are essential when managing multiple policy engines across different services or environments.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy engine.
", "idempotencyToken":true }, "encryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to an AgentCore Policy. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreatePolicyEngineResponse":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier for the created policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and is used for all subsequent policy engine operations.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned name of the created policy engine. This matches the name provided in the request and serves as the human-readable identifier.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy engine's purpose.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was created. This is automatically set by the service and used for auditing and lifecycle management.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was last updated. For newly created policy engines, this matches the createdAt timestamp.
The Amazon Resource Name (ARN) of the created policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The current status of the policy engine. A status of ACTIVE indicates the policy engine is ready for use.
Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine creation process.
" }, "encryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.
" } } }, "CreatePolicyRequest":{ "type":"structure", "required":[ "name", "definition", "policyEngineId" ], "members":{ "name":{ "shape":"PolicyName", "documentation":"The customer-assigned immutable name for the policy. Must be unique within the account. This name is used for policy identification and cannot be changed after creation.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The Cedar policy statement that defines the access control rules. This contains the actual policy logic written in Cedar policy language, specifying effect (permit or forbid), principals, actions, resources, and conditions for agent behavior control.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy's purpose and functionality (1-4,096 characters). This helps policy administrators understand the policy's intent, business rules, and operational scope. Use this field to document why the policy exists, what business requirement it addresses, and any special considerations for maintenance. Clear descriptions are essential for policy governance, auditing, and troubleshooting.
" }, "validationMode":{ "shape":"PolicyValidationMode", "documentation":"The validation mode for the policy creation. Determines how Cedar analyzer validation results are handled during policy creation. FAIL_ON_ANY_FINDINGS (default) runs the Cedar analyzer to validate the policy against the Cedar schema and tool context, failing creation if the analyzer detects any validation issues to ensure strict conformance. IGNORE_ALL_FINDINGS runs the Cedar analyzer but allows policy creation even if validation issues are detected, useful for testing or when the policy schema is evolving. Use FAIL_ON_ANY_FINDINGS for production policies to ensure correctness, and IGNORE_ALL_FINDINGS only when you understand and accept the analyzer findings.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine which contains this policy. Policy engines group related policies and provide the execution context for policy evaluation.
", "location":"uri", "locationName":"policyEngineId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure the idempotency of the request. The AWS SDK automatically generates this token, so you don't need to provide it in most cases. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy.
", "idempotencyToken":true } } }, "CreatePolicyResponse":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier for the created policy. This is a system-generated identifier consisting of the user name plus a 10-character generated suffix, used for all subsequent policy operations.
" }, "name":{ "shape":"PolicyName", "documentation":"The customer-assigned name of the created policy. This matches the name provided in the request and serves as the human-readable identifier for the policy.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages this policy. This confirms the policy engine assignment and is used for policy evaluation routing.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The Cedar policy statement that was created. This is the validated policy definition that will be used for agent behavior control and access decisions.
" }, "description":{ "shape":"Description", "documentation":"The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was created. This is automatically set by the service and used for auditing and lifecycle management.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was last updated. For newly created policies, this matches the createdAt timestamp.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The Amazon Resource Name (ARN) of the created policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The current status of the policy. A status of ACTIVE indicates the policy is ready for use.
Additional information about the policy status. This provides details about any failures or the current state of the policy creation process.
" } } }, "CreateRegistryRecordRequest":{ "type":"structure", "required":[ "registryId", "name", "descriptorType" ], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry where the record will be created. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" }, "name":{ "shape":"RegistryRecordName", "documentation":"The name of the registry record.
" }, "description":{ "shape":"Description", "documentation":"A description of the registry record.
" }, "descriptorType":{ "shape":"DescriptorType", "documentation":"The descriptor type of the registry record.
MCP - Model Context Protocol descriptor for MCP-compatible servers and tools.
A2A - Agent-to-Agent protocol descriptor.
CUSTOM - Custom descriptor type for resources such as APIs, Lambda functions, or servers not conforming to a standard protocol.
AGENT_SKILLS - Agent skills descriptor for defining agent skill definitions.
The descriptor-type-specific configuration containing the resource schema and metadata. The structure of this field depends on the descriptorType you specify.
The version of the registry record. Use this to track different versions of the record's content.
" }, "synchronizationType":{ "shape":"SynchronizationType", "documentation":"The type of synchronization to use for keeping the record metadata up to date from an external source. Possible values include FROM_URL and NONE.
The configuration for synchronizing registry record metadata from an external source, such as a URL-based MCP server.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true } } }, "CreateRegistryRecordResponse":{ "type":"structure", "required":[ "recordArn", "status" ], "members":{ "recordArn":{ "shape":"RegistryRecordArn", "documentation":"The Amazon Resource Name (ARN) of the created registry record.
" }, "status":{ "shape":"RegistryRecordStatus", "documentation":"The status of the registry record. Set to CREATING while the asynchronous workflow is in progress.
The name of the registry. The name must be unique within your account and can contain alphanumeric characters and underscores.
" }, "description":{ "shape":"Description", "documentation":"A description of the registry.
" }, "authorizerType":{ "shape":"RegistryAuthorizerType", "documentation":"The type of authorizer to use for the registry. This controls the authorization method for the Search and Invoke APIs used by consumers, and does not affect the standard CRUDL APIs for registry and registry record management used by administrators.
CUSTOM_JWT - Authorize with a bearer token.
AWS_IAM - Authorize with your Amazon Web Services IAM credentials.
The authorizer configuration for the registry. Required if authorizerType is CUSTOM_JWT. For details, see the AuthorizerConfiguration data type.
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "approvalConfiguration":{ "shape":"ApprovalConfiguration", "documentation":"The approval configuration for registry records. Controls whether records require explicit approval before becoming active. See the ApprovalConfiguration data type for supported configuration options.
The Amazon Resource Name (ARN) of the created registry.
" } } }, "CreateWorkloadIdentityRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity. The name must be unique within your account.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The list of allowed OAuth2 return URLs for resources associated with this workload identity.
" }, "tags":{ "shape":"TagsMap", "documentation":"A map of tag keys and values to assign to the workload identity. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
" } } }, "CreateWorkloadIdentityResponse":{ "type":"structure", "required":[ "name", "workloadIdentityArn" ], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity.
" }, "workloadIdentityArn":{ "shape":"WorkloadIdentityArnType", "documentation":"The Amazon Resource Name (ARN) of the workload identity.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The list of allowed OAuth2 return URLs for resources associated with this workload identity.
" } } }, "CredentialProvider":{ "type":"structure", "members":{ "oauthCredentialProvider":{ "shape":"OAuthCredentialProvider", "documentation":"The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
" }, "apiKeyCredentialProvider":{ "shape":"ApiKeyCredentialProvider", "documentation":"The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
" }, "iamCredentialProvider":{ "shape":"IamCredentialProvider", "documentation":"The IAM credential provider. This provider uses IAM authentication with SigV4 signing to access the target endpoint.
" } }, "documentation":"A credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint.
", "union":true }, "CredentialProviderArn":{ "type":"string", "max":2048, "min":1, "pattern":"arn:aws(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:.*" }, "CredentialProviderArnType":{ "type":"string", "pattern":"arn:(aws|aws-us-gov):acps:[A-Za-z0-9-]{1,64}:[0-9]{12}:token-vault/[a-zA-Z0-9-.]+/oauth2credentialprovider/[a-zA-Z0-9-.]+" }, "CredentialProviderConfiguration":{ "type":"structure", "required":["credentialProviderType"], "members":{ "credentialProviderType":{ "shape":"CredentialProviderType", "documentation":"The type of credential provider. This field specifies which authentication method the gateway uses.
" }, "credentialProvider":{ "shape":"CredentialProvider", "documentation":"The credential provider. This field contains the specific configuration for the credential provider type.
" } }, "documentation":"The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
" }, "CredentialProviderConfigurations":{ "type":"list", "member":{"shape":"CredentialProviderConfiguration"}, "max":1, "min":1 }, "CredentialProviderName":{ "type":"string", "max":128, "min":1, "pattern":"[a-zA-Z0-9\\-_]+" }, "CredentialProviderType":{ "type":"string", "enum":[ "GATEWAY_IAM_ROLE", "OAUTH", "API_KEY", "CALLER_IAM_CREDENTIALS", "JWT_PASSTHROUGH" ] }, "CredentialProviderVendorType":{ "type":"string", "enum":[ "GoogleOauth2", "GithubOauth2", "SlackOauth2", "SalesforceOauth2", "MicrosoftOauth2", "CustomOauth2", "AtlassianOauth2", "LinkedinOauth2", "XOauth2", "OktaOauth2", "OneLoginOauth2", "PingOneOauth2", "FacebookOauth2", "YandexOauth2", "RedditOauth2", "ZoomOauth2", "TwitchOauth2", "SpotifyOauth2", "DropboxOauth2", "NotionOauth2", "HubspotOauth2", "CyberArkOauth2", "FusionAuthOauth2", "Auth0Oauth2", "CognitoOauth2" ] }, "CustomClaimValidationType":{ "type":"structure", "required":[ "inboundTokenClaimName", "inboundTokenClaimValueType", "authorizingClaimMatchValue" ], "members":{ "inboundTokenClaimName":{ "shape":"InboundTokenClaimNameType", "documentation":"The name of the custom claim field to check.
" }, "inboundTokenClaimValueType":{ "shape":"InboundTokenClaimValueType", "documentation":"The data type of the claim value to check for.
Use STRING if you want to find an exact match to a string you define.
Use STRING_ARRAY if you want to fnd a match to at least one value in an array you define.
Defines the value or values to match for and the relationship of the match.
" } }, "documentation":"Defines the name of a custom claim field and rules for finding matches to authenticate its value.
" }, "CustomClaimValidationsType":{ "type":"list", "member":{"shape":"CustomClaimValidationType"}, "min":1 }, "CustomConfigurationInput":{ "type":"structure", "members":{ "semanticOverride":{ "shape":"SemanticOverrideConfigurationInput", "documentation":"The semantic override configuration for a custom memory strategy.
" }, "summaryOverride":{ "shape":"SummaryOverrideConfigurationInput", "documentation":"The summary override configuration for a custom memory strategy.
" }, "userPreferenceOverride":{ "shape":"UserPreferenceOverrideConfigurationInput", "documentation":"The user preference override configuration for a custom memory strategy.
" }, "episodicOverride":{ "shape":"EpisodicOverrideConfigurationInput", "documentation":"The episodic memory strategy override configuration for a custom memory strategy.
" }, "selfManagedConfiguration":{ "shape":"SelfManagedConfigurationInput", "documentation":"The self managed configuration for a custom memory strategy.
" } }, "documentation":"Input for custom configuration of a memory strategy.
", "union":true }, "CustomConsolidationConfiguration":{ "type":"structure", "members":{ "semanticConsolidationOverride":{ "shape":"SemanticConsolidationOverride", "documentation":"The semantic consolidation override configuration.
" }, "summaryConsolidationOverride":{ "shape":"SummaryConsolidationOverride", "documentation":"The summary consolidation override configuration.
" }, "userPreferenceConsolidationOverride":{ "shape":"UserPreferenceConsolidationOverride", "documentation":"The user preference consolidation override configuration.
" }, "episodicConsolidationOverride":{ "shape":"EpisodicConsolidationOverride", "documentation":"The configurations to override the default consolidation step for the episodic memory strategy.
" } }, "documentation":"Contains custom consolidation configuration information.
", "union":true }, "CustomConsolidationConfigurationInput":{ "type":"structure", "members":{ "semanticConsolidationOverride":{ "shape":"SemanticOverrideConsolidationConfigurationInput", "documentation":"The semantic consolidation override configuration input.
" }, "summaryConsolidationOverride":{ "shape":"SummaryOverrideConsolidationConfigurationInput", "documentation":"The summary consolidation override configuration input.
" }, "userPreferenceConsolidationOverride":{ "shape":"UserPreferenceOverrideConsolidationConfigurationInput", "documentation":"The user preference consolidation override configuration input.
" }, "episodicConsolidationOverride":{ "shape":"EpisodicOverrideConsolidationConfigurationInput", "documentation":"Configurations to override the consolidation step of the episodic strategy.
" } }, "documentation":"Input for a custom consolidation configuration.
", "union":true }, "CustomDescriptor":{ "type":"structure", "members":{ "inlineContent":{ "shape":"InlineContent", "documentation":"The custom descriptor content as a valid JSON document. You can define any custom schema that describes your resource.
" } }, "documentation":"A custom descriptor for a registry record. Use this for resources such as APIs, Lambda functions, or servers that do not conform to a standard protocol like MCP or A2A.
" }, "CustomEvaluatorArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:evaluator\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "CustomEvaluatorName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "CustomExtractionConfiguration":{ "type":"structure", "members":{ "semanticExtractionOverride":{ "shape":"SemanticExtractionOverride", "documentation":"The semantic extraction override configuration.
" }, "userPreferenceExtractionOverride":{ "shape":"UserPreferenceExtractionOverride", "documentation":"The user preference extraction override configuration.
" }, "episodicExtractionOverride":{ "shape":"EpisodicExtractionOverride", "documentation":"The configurations to override the default extraction step for the episodic memory strategy.
" } }, "documentation":"Contains custom extraction configuration information.
", "union":true }, "CustomExtractionConfigurationInput":{ "type":"structure", "members":{ "semanticExtractionOverride":{ "shape":"SemanticOverrideExtractionConfigurationInput", "documentation":"The semantic extraction override configuration input.
" }, "userPreferenceExtractionOverride":{ "shape":"UserPreferenceOverrideExtractionConfigurationInput", "documentation":"The user preference extraction override configuration input.
" }, "episodicExtractionOverride":{ "shape":"EpisodicOverrideExtractionConfigurationInput", "documentation":"Configurations to override the extraction step of the episodic strategy.
" } }, "documentation":"Input for a custom extraction configuration.
", "union":true }, "CustomJWTAuthorizerConfiguration":{ "type":"structure", "required":["discoveryUrl"], "members":{ "discoveryUrl":{ "shape":"DiscoveryUrl", "documentation":"This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
" }, "allowedAudience":{ "shape":"AllowedAudienceList", "documentation":"Represents individual audience values that are validated in the incoming JWT token validation process.
" }, "allowedClients":{ "shape":"AllowedClientsList", "documentation":"Represents individual client IDs that are validated in the incoming JWT token validation process.
" }, "allowedScopes":{ "shape":"AllowedScopesType", "documentation":"An array of scopes that are allowed to access the token.
" }, "customClaims":{ "shape":"CustomClaimValidationsType", "documentation":"An array of objects that define a custom claim validation name, value, and operation
" }, "privateEndpoint":{"shape":"PrivateEndpoint"}, "privateEndpointOverrides":{ "shape":"PrivateEndpointOverrides", "documentation":"A list of private endpoint overrides for the JWT authorizer. Each override maps a specific domain to a private endpoint, enabling secure connectivity through VPC Lattice resource configurations.
" } }, "documentation":"Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.
" }, "CustomMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the custom memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the custom memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the custom memory strategy.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates associated with the custom memory strategy.
" }, "configuration":{ "shape":"CustomConfigurationInput", "documentation":"The configuration for the custom memory strategy.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Schema for metadata fields on records generated by this strategy.
" } }, "documentation":"Input for creating a custom memory strategy.
" }, "CustomOauth2ProviderConfigInput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the custom provider.
" }, "clientId":{ "shape":"DefaultClientIdType", "documentation":"The client ID for the custom OAuth2 provider.
" }, "clientSecret":{ "shape":"DefaultClientSecretType", "documentation":"The client secret for the custom OAuth2 provider.
" }, "privateEndpoint":{ "shape":"PrivateEndpoint", "documentation":"The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
" }, "privateEndpointOverrides":{ "shape":"PrivateEndpointOverrides", "documentation":"The list of private endpoint overrides for the custom OAuth2 provider. Each override maps a specific domain to a private endpoint, enabling secure connectivity through VPC Lattice resource configurations.
" }, "onBehalfOfTokenExchangeConfig":{ "shape":"OnBehalfOfTokenExchangeConfigType", "documentation":"The configuration for on-behalf-of token exchange. This enables authentication flows that use RFC 8693 token exchange or RFC 7523 JWT authorization grants.
" }, "clientAuthenticationMethod":{ "shape":"ClientAuthenticationMethodType", "documentation":"The client authentication method to use when authenticating with the token endpoint.
" } }, "documentation":"Input configuration for a custom OAuth2 provider.
" }, "CustomOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the custom provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the custom OAuth2 provider.
" }, "privateEndpoint":{ "shape":"PrivateEndpoint", "documentation":"The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
" }, "privateEndpointOverrides":{ "shape":"PrivateEndpointOverrides", "documentation":"The list of private endpoint overrides for the custom OAuth2 provider. Each override maps a specific domain to a private endpoint, enabling secure connectivity through VPC Lattice resource configurations.
" }, "onBehalfOfTokenExchangeConfig":{ "shape":"OnBehalfOfTokenExchangeConfigType", "documentation":"The configuration for on-behalf-of token exchange.
" }, "clientAuthenticationMethod":{ "shape":"ClientAuthenticationMethodType", "documentation":"The client authentication method used when authenticating with the token endpoint.
" } }, "documentation":"Output configuration for a custom OAuth2 provider.
" }, "CustomParameterMap":{ "type":"map", "key":{"shape":"String"}, "value":{"shape":"String"} }, "CustomReflectionConfiguration":{ "type":"structure", "members":{ "episodicReflectionOverride":{ "shape":"EpisodicReflectionOverride", "documentation":"The configuration for a reflection strategy to override the default one.
" } }, "documentation":"Contains configurations for a custom reflection strategy.
", "union":true }, "CustomReflectionConfigurationInput":{ "type":"structure", "members":{ "episodicReflectionOverride":{ "shape":"EpisodicOverrideReflectionConfigurationInput", "documentation":"The reflection override configuration input.
" } }, "documentation":"Input for a custom reflection configuration.
", "union":true }, "DataSourceConfig":{ "type":"structure", "members":{ "cloudWatchLogs":{ "shape":"CloudWatchLogsInputConfig", "documentation":"The CloudWatch logs configuration for reading agent traces from log groups.
" } }, "documentation":"The configuration that specifies where to read agent traces for online evaluation.
", "union":true }, "DateTimestamp":{ "type":"timestamp", "timestampFormat":"iso8601" }, "DecryptionFailure":{ "type":"structure", "required":["message"], "members":{ "message":{"shape":"String"} }, "documentation":"Exception thrown when decryption of a secret fails.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "DefaultClientIdType":{ "type":"string", "max":256, "min":0 }, "DefaultClientSecretType":{ "type":"string", "max":2048, "min":0, "sensitive":true }, "Definition":{ "type":"string", "max":1000, "min":1, "sensitive":true }, "DeleteAgentRuntimeEndpointRequest":{ "type":"structure", "required":[ "agentRuntimeId", "endpointName" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime associated with the endpoint.
", "location":"uri", "locationName":"agentRuntimeId" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint to delete.
", "location":"uri", "locationName":"endpointName" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteAgentRuntimeEndpointResponse":{ "type":"structure", "required":["status"], "members":{ "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the AgentCore Runtime endpoint deletion.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint.
" } } }, "DeleteAgentRuntimeRequest":{ "type":"structure", "required":["agentRuntimeId"], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to delete.
", "location":"uri", "locationName":"agentRuntimeId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service ignores the request but does not return an error.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteAgentRuntimeResponse":{ "type":"structure", "required":["status"], "members":{ "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the AgentCore Runtime deletion.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" } } }, "DeleteApiKeyCredentialProviderRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider to delete.
" } } }, "DeleteApiKeyCredentialProviderResponse":{ "type":"structure", "members":{} }, "DeleteBrowserProfileRequest":{ "type":"structure", "required":["profileId"], "members":{ "profileId":{ "shape":"BrowserProfileId", "documentation":"The unique identifier of the browser profile to delete.
", "location":"uri", "locationName":"profileId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteBrowserProfileResponse":{ "type":"structure", "required":[ "profileId", "profileArn", "status", "lastUpdatedAt" ], "members":{ "profileId":{ "shape":"BrowserProfileId", "documentation":"The unique identifier of the deleted browser profile.
" }, "profileArn":{ "shape":"BrowserProfileArn", "documentation":"The Amazon Resource Name (ARN) of the deleted browser profile.
" }, "status":{ "shape":"BrowserProfileStatus", "documentation":"The current status of the browser profile deletion.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser profile was last updated.
" }, "lastSavedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when browser session data was last saved to this profile before deletion.
" } } }, "DeleteBrowserRequest":{ "type":"structure", "required":["browserId"], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the browser to delete.
", "location":"uri", "locationName":"browserId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteBrowserResponse":{ "type":"structure", "required":[ "browserId", "status", "lastUpdatedAt" ], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the deleted browser.
" }, "status":{ "shape":"BrowserStatus", "documentation":"The current status of the browser deletion.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was last updated.
" } } }, "DeleteCodeInterpreterRequest":{ "type":"structure", "required":["codeInterpreterId"], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the code interpreter to delete.
", "location":"uri", "locationName":"codeInterpreterId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteCodeInterpreterResponse":{ "type":"structure", "required":[ "codeInterpreterId", "status", "lastUpdatedAt" ], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the deleted code interpreter.
" }, "status":{ "shape":"CodeInterpreterStatus", "documentation":"The current status of the code interpreter deletion.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was last updated.
" } } }, "DeleteConfigurationBundleRequest":{ "type":"structure", "required":["bundleId"], "members":{ "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle to delete.
", "location":"uri", "locationName":"bundleId" } } }, "DeleteConfigurationBundleResponse":{ "type":"structure", "required":[ "bundleId", "status" ], "members":{ "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the deleted configuration bundle.
" }, "status":{ "shape":"ConfigurationBundleStatus", "documentation":"The status of the configuration bundle deletion operation.
" } } }, "DeleteEvaluatorRequest":{ "type":"structure", "required":["evaluatorId"], "members":{ "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator to delete.
", "location":"uri", "locationName":"evaluatorId" } } }, "DeleteEvaluatorResponse":{ "type":"structure", "required":[ "evaluatorArn", "evaluatorId", "status" ], "members":{ "evaluatorArn":{ "shape":"EvaluatorArn", "documentation":"The Amazon Resource Name (ARN) of the deleted evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the deleted evaluator.
" }, "status":{ "shape":"EvaluatorStatus", "documentation":"The status of the evaluator deletion operation.
" } } }, "DeleteGatewayRequest":{ "type":"structure", "required":["gatewayIdentifier"], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to delete.
", "location":"uri", "locationName":"gatewayIdentifier" } } }, "DeleteGatewayResponse":{ "type":"structure", "required":[ "gatewayId", "status" ], "members":{ "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the deleted gateway.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the gateway deletion.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway deletion.
" } } }, "DeleteGatewayRuleRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "ruleId" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway containing the rule.
", "location":"uri", "locationName":"gatewayIdentifier" }, "ruleId":{ "shape":"GatewayRuleId", "documentation":"The unique identifier of the rule to delete.
", "location":"uri", "locationName":"ruleId" } } }, "DeleteGatewayRuleResponse":{ "type":"structure", "required":[ "ruleId", "status" ], "members":{ "ruleId":{ "shape":"GatewayRuleId", "documentation":"The unique identifier of the deleted rule.
" }, "status":{ "shape":"GatewayRuleStatus", "documentation":"The status of the rule deletion operation.
" } } }, "DeleteGatewayTargetRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "targetId" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The unique identifier of the gateway associated with the target.
", "location":"uri", "locationName":"gatewayIdentifier" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the gateway target to delete.
", "location":"uri", "locationName":"targetId" } } }, "DeleteGatewayTargetResponse":{ "type":"structure", "required":[ "gatewayArn", "targetId", "status" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the deleted gateway target.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the gateway target deletion.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway target deletion.
" } } }, "DeleteHarnessRequest":{ "type":"structure", "required":["harnessId"], "members":{ "harnessId":{ "shape":"HarnessId", "documentation":"The ID of the harness to delete.
", "location":"uri", "locationName":"harnessId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" } } }, "DeleteHarnessResponse":{ "type":"structure", "members":{ "harness":{ "shape":"Harness", "documentation":"The harness that was deleted.
" } } }, "DeleteMemoryInput":{ "type":"structure", "required":["memoryId"], "members":{ "clientToken":{ "shape":"DeleteMemoryInputClientTokenString", "documentation":"A client token is used for keeping track of idempotent requests. It can contain a session id which can be around 250 chars, combined with a unique AWS identifier.
", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" }, "memoryId":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory to delete.
", "location":"uri", "locationName":"memoryId" } } }, "DeleteMemoryInputClientTokenString":{ "type":"string", "max":500, "min":0 }, "DeleteMemoryOutput":{ "type":"structure", "required":["memoryId"], "members":{ "memoryId":{ "shape":"MemoryId", "documentation":"The unique identifier of the deleted AgentCore Memory resource.
" }, "status":{ "shape":"MemoryStatus", "documentation":"The current status of the AgentCore Memory resource deletion.
" } } }, "DeleteMemoryStrategiesList":{ "type":"list", "member":{"shape":"DeleteMemoryStrategyInput"} }, "DeleteMemoryStrategyInput":{ "type":"structure", "required":["memoryStrategyId"], "members":{ "memoryStrategyId":{ "shape":"String", "documentation":"The unique identifier of the memory strategy to delete.
" } }, "documentation":"Input for deleting a memory strategy.
" }, "DeleteOauth2CredentialProviderRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider to delete.
" } } }, "DeleteOauth2CredentialProviderResponse":{ "type":"structure", "members":{} }, "DeleteOnlineEvaluationConfigRequest":{ "type":"structure", "required":["onlineEvaluationConfigId"], "members":{ "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration to delete.
", "location":"uri", "locationName":"onlineEvaluationConfigId" } } }, "DeleteOnlineEvaluationConfigResponse":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "status" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the deleted online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the deleted online evaluation configuration.
" }, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration deletion operation.
" } } }, "DeletePolicyEngineRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine to be deleted. This must be a valid policy engine ID that exists within the account.
", "location":"uri", "locationName":"policyEngineId" } } }, "DeletePolicyEngineResponse":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine being deleted. This confirms which policy engine the deletion operation targets.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned name of the deleted policy engine.
" }, "description":{ "shape":"Description", "documentation":"The human-readable description of the deleted policy engine.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the deleted policy engine was originally created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the deleted policy engine was last modified before deletion. This tracks the final state of the policy engine before it was removed from the system.
" }, "policyEngineArn":{ "shape":"PolicyEngineArn", "documentation":"The Amazon Resource Name (ARN) of the deleted policy engine. This globally unique identifier confirms which policy engine resource was successfully removed.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The status of the policy engine deletion operation. This provides status about any issues that occurred during the deletion process.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.
" }, "encryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.
" } } }, "DeletePolicyRequest":{ "type":"structure", "required":[ "policyEngineId", "policyId" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages the policy to be deleted. This ensures the policy is deleted from the correct policy engine context.
", "location":"uri", "locationName":"policyEngineId" }, "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy to be deleted. This must be a valid policy ID that exists within the specified policy engine.
", "location":"uri", "locationName":"policyId" } } }, "DeletePolicyResponse":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy being deleted. This confirms which policy the deletion operation targets.
" }, "name":{ "shape":"PolicyName", "documentation":"The customer-assigned name of the deleted policy. This confirms which policy was successfully removed from the system and matches the name that was originally assigned during policy creation.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine from which the policy was deleted. This confirms the policy engine context for the deletion operation.
" }, "definition":{"shape":"PolicyDefinition"}, "description":{ "shape":"Description", "documentation":"The human-readable description of the deleted policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the deleted policy was originally created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the deleted policy was last modified before deletion. This tracks the final state of the policy before it was removed from the system.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The Amazon Resource Name (ARN) of the deleted policy. This globally unique identifier confirms which policy resource was successfully removed.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The status of the policy deletion operation. This provides information about any issues that occurred during the deletion process.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.
" } } }, "DeleteRegistryRecordRequest":{ "type":"structure", "required":[ "registryId", "recordId" ], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry containing the record. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" }, "recordId":{ "shape":"RecordIdentifier", "documentation":"The identifier of the registry record to delete. You can specify either the Amazon Resource Name (ARN) or the ID of the record.
", "location":"uri", "locationName":"recordId" } } }, "DeleteRegistryRecordResponse":{ "type":"structure", "members":{} }, "DeleteRegistryRequest":{ "type":"structure", "required":["registryId"], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry to delete. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" } } }, "DeleteRegistryResponse":{ "type":"structure", "required":["status"], "members":{ "status":{ "shape":"RegistryStatus", "documentation":"The current status of the registry, set to DELETING when deletion is initiated. For a list of all possible registry statuses, see the RegistryStatus data type.
The Amazon Resource Name (ARN) of the resource for which to delete the resource policy.
", "location":"uri", "locationName":"resourceArn" } } }, "DeleteResourcePolicyResponse":{ "type":"structure", "members":{} }, "DeleteWorkloadIdentityRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity to delete.
" } } }, "DeleteWorkloadIdentityResponse":{ "type":"structure", "members":{} }, "Description":{ "type":"string", "max":4096, "min":1, "sensitive":true }, "DescriptorType":{ "type":"string", "enum":[ "MCP", "A2A", "CUSTOM", "AGENT_SKILLS" ] }, "Descriptors":{ "type":"structure", "members":{ "mcp":{ "shape":"McpDescriptor", "documentation":"The Model Context Protocol (MCP) descriptor configuration. Use this when the descriptorType is MCP.
The Agent-to-Agent (A2A) protocol descriptor configuration. Use this when the descriptorType is A2A.
The custom descriptor configuration. Use this when the descriptorType is CUSTOM.
The agent skills descriptor configuration. Use this when the descriptorType is AGENT_SKILLS.
Contains descriptor-type-specific configurations for a registry record. Only the descriptor matching the record's descriptorType should be populated.
The ARN of the EFS access point to mount into the AgentCore Runtime.
" }, "mountPath":{ "shape":"MountPath", "documentation":"The mount path for the EFS access point inside the AgentCore Runtime. The path must be under /mnt with exactly one subdirectory level (for example, /mnt/data).
Configuration for an Amazon EFS access point filesystem mounted into the AgentCore Runtime. EFS access points provide shared file storage accessible from your AgentCore Runtime sessions.
" }, "EncryptionFailure":{ "type":"structure", "required":["message"], "members":{ "message":{"shape":"String"} }, "documentation":"Exception thrown when encryption of a secret fails.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "EndpointIpAddressType":{ "type":"string", "enum":[ "IPV4", "IPV6" ] }, "EndpointName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}", "sensitive":true }, "EnvironmentVariableKey":{ "type":"string", "max":100, "min":1 }, "EnvironmentVariableValue":{ "type":"string", "max":5000, "min":0 }, "EnvironmentVariablesMap":{ "type":"map", "key":{"shape":"EnvironmentVariableKey"}, "value":{"shape":"EnvironmentVariableValue"}, "max":50, "min":0, "sensitive":true }, "EpisodicConsolidationOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text appended to the prompt for the consolidation step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID used for the consolidation step of the episodic memory strategy.
" } }, "documentation":"Contains configurations to override the default consolidation step for the episodic memory strategy.
" }, "EpisodicExtractionOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text appended to the prompt for the extraction step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID used for the extraction step of the episodic memory strategy.
" } }, "documentation":"Contains configurations to override the default extraction step for the episodic memory strategy.
" }, "EpisodicMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the episodic memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the episodic memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces for which to create episodes.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates for which to create episodes.
" }, "reflectionConfiguration":{ "shape":"EpisodicReflectionConfigurationInput", "documentation":"The configuration for the reflections created with the episodic memory strategy.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Schema for metadata fields on records generated by this strategy.
" } }, "documentation":"Input for creating an episodic memory strategy.
" }, "EpisodicOverrideConfigurationInput":{ "type":"structure", "members":{ "extraction":{ "shape":"EpisodicOverrideExtractionConfigurationInput", "documentation":"Contains configurations for overriding the extraction step of the episodic memory strategy.
" }, "consolidation":{ "shape":"EpisodicOverrideConsolidationConfigurationInput", "documentation":"Contains configurations for overriding the consolidation step of the episodic memory strategy.
" }, "reflection":{ "shape":"EpisodicOverrideReflectionConfigurationInput", "documentation":"Contains configurations for overriding the reflection step of the episodic memory strategy.
" } }, "documentation":"Input for the configuration to override the episodic memory strategy.
" }, "EpisodicOverrideConsolidationConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for the consolidation step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for the consolidation step of the episodic memory strategy.
" } }, "documentation":"Configurations for overriding the consolidation step of the episodic memory strategy.
" }, "EpisodicOverrideExtractionConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for the extraction step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for the extraction step of the episodic memory strategy.
" } }, "documentation":"Configurations for overriding the extraction step of the episodic memory strategy.
" }, "EpisodicOverrideReflectionConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for reflection step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for the reflection step of the episodic memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces to use for episodic reflection. Can be less nested than the episodic namespaces.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates to use for episodic reflection. Can be less nested than the episodic namespaces.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Schema for metadata fields on records generated by this reflection override.
" } }, "documentation":"Configurations for overriding the reflection step of the episodic memory strategy.
" }, "EpisodicReflectionConfiguration":{ "type":"structure", "members":{ "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces for which to create reflections. Can be less nested than the episodic namespaces.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates for which to create reflections. Can be less nested than the episodic namespaces.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"\"Schema for metadata fields on records generated by reflections.
" } }, "documentation":"The configuration for the reflections created with the episodic memory strategy.
" }, "EpisodicReflectionConfigurationInput":{ "type":"structure", "members":{ "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces over which to create reflections. Can be less nested than episode namespaces.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates over which to create reflections. Can be less nested than episode namespaces.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Schema for metadata fields on records generated by reflections.
" } }, "documentation":"An episodic reflection configuration input.
" }, "EpisodicReflectionOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text appended to the prompt for the reflection step of the episodic memory strategy.
" }, "modelId":{ "shape":"String", "documentation":"The model ID used for the reflection step of the episodic memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces over which reflections were created. Can be less nested than the episodic namespaces.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates over which reflections were created. Can be less nested than the episodic namespaces.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Schema for metadata fields on records generated by this reflection override.
" } }, "documentation":"Contains configurations to override the default reflection step for the episodic memory strategy.
" }, "EvaluationConfigDescription":{ "type":"string", "max":200, "min":1, "pattern":".+", "sensitive":true }, "EvaluationConfigName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "EvaluatorArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:evaluator\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}$|^arn:aws:bedrock-agentcore:::evaluator/Builtin.[a-zA-Z0-9_-]+" }, "EvaluatorConfig":{ "type":"structure", "members":{ "llmAsAJudge":{ "shape":"LlmAsAJudgeEvaluatorConfig", "documentation":"The LLM-as-a-Judge configuration that uses a language model to evaluate agent performance based on custom instructions and rating scales.
" }, "codeBased":{ "shape":"CodeBasedEvaluatorConfig", "documentation":"Configuration for a code-based evaluator that uses a customer-managed Lambda function to programmatically assess agent performance.
" } }, "documentation":"The configuration that defines how an evaluator assesses agent performance, including the evaluation method and parameters.
", "union":true }, "EvaluatorDescription":{ "type":"string", "max":200, "min":1, "sensitive":true }, "EvaluatorId":{ "type":"string", "pattern":"(Builtin.[a-zA-Z0-9_-]+|[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10})" }, "EvaluatorInstructions":{ "type":"string", "sensitive":true }, "EvaluatorLevel":{ "type":"string", "enum":[ "TOOL_CALL", "TRACE", "SESSION" ] }, "EvaluatorList":{ "type":"list", "member":{"shape":"EvaluatorReference"}, "max":10, "min":1 }, "EvaluatorModelConfig":{ "type":"structure", "members":{ "bedrockEvaluatorModelConfig":{ "shape":"BedrockEvaluatorModelConfig", "documentation":"The Amazon Bedrock model configuration for evaluation.
" } }, "documentation":"The model configuration that specifies which foundation model to use for evaluation and how to configure it.
", "union":true }, "EvaluatorName":{ "type":"string", "pattern":"(Builtin.[a-zA-Z0-9_-]+|[a-zA-Z][a-zA-Z0-9_]{0,47})" }, "EvaluatorReference":{ "type":"structure", "members":{ "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator. Can reference builtin evaluators (e.g., Builtin.Helpfulness) or custom evaluators.
" } }, "documentation":"The reference to an evaluator used in online evaluation configurations, containing the evaluator identifier.
", "union":true }, "EvaluatorStatus":{ "type":"string", "enum":[ "ACTIVE", "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "DELETING" ] }, "EvaluatorSummary":{ "type":"structure", "required":[ "evaluatorArn", "evaluatorId", "evaluatorName", "evaluatorType", "status", "createdAt", "updatedAt" ], "members":{ "evaluatorArn":{ "shape":"EvaluatorArn", "documentation":"The Amazon Resource Name (ARN) of the evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator.
" }, "evaluatorName":{ "shape":"EvaluatorName", "documentation":"The name of the evaluator.
" }, "description":{ "shape":"EvaluatorDescription", "documentation":"The description of the evaluator.
" }, "evaluatorType":{ "shape":"EvaluatorType", "documentation":"The type of evaluator, indicating whether it is a built-in evaluator provided by the service or a custom evaluator created by the user.
" }, "level":{ "shape":"EvaluatorLevel", "documentation":" The evaluation level (TOOL_CALL, TRACE, or SESSION) that determines the scope of evaluation.
The current status of the evaluator.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was last updated.
" }, "lockedForModification":{ "shape":"Boolean", "documentation":"Whether the evaluator is locked for modification due to being referenced by active online evaluation configurations.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the customer managed KMS key used to encrypt the evaluator's sensitive data. This field is only present for evaluators encrypted with a customer managed key.
" } }, "documentation":"The summary information about an evaluator, including basic metadata and status information.
" }, "EvaluatorSummaryList":{ "type":"list", "member":{"shape":"EvaluatorSummary"} }, "EvaluatorType":{ "type":"string", "enum":[ "Builtin", "Custom", "CustomCode" ] }, "ExceptionLevel":{ "type":"string", "enum":["DEBUG"] }, "ExtractionConfig":{ "type":"structure", "members":{ "llmExtractionConfig":{ "shape":"LlmExtractionConfig", "documentation":"Model-based extraction using a definition and instructions.
" } }, "documentation":"Configuration for metadata extraction from conversational content.
", "union":true }, "ExtractionConfiguration":{ "type":"structure", "members":{ "customExtractionConfiguration":{ "shape":"CustomExtractionConfiguration", "documentation":"The custom extraction configuration.
" } }, "documentation":"Contains extraction configuration information for a memory strategy.
", "union":true }, "FilesystemConfiguration":{ "type":"structure", "members":{ "sessionStorage":{ "shape":"SessionStorageConfiguration", "documentation":"Configuration for session storage. Session storage provides persistent storage that is preserved across AgentCore Runtime session invocations.
" }, "s3FilesAccessPoint":{ "shape":"S3FilesAccessPointConfiguration", "documentation":"Configuration for an Amazon S3 Files access point to mount into the AgentCore Runtime.
" }, "efsAccessPoint":{ "shape":"EfsAccessPointConfiguration", "documentation":"Configuration for an Amazon EFS access point to mount into the AgentCore Runtime.
" } }, "documentation":"Configuration for a filesystem that can be mounted into the AgentCore Runtime.
", "union":true }, "FilesystemConfigurations":{ "type":"list", "member":{"shape":"FilesystemConfiguration"}, "max":5, "min":0 }, "Filter":{ "type":"structure", "required":[ "key", "operator", "value" ], "members":{ "key":{ "shape":"FilterKeyString", "documentation":"The key or field name to filter on within the agent trace data.
" }, "operator":{ "shape":"FilterOperator", "documentation":"The comparison operator to use for filtering.
" }, "value":{ "shape":"FilterValue", "documentation":"The value to compare against using the specified operator.
" } }, "documentation":"The filter that applies conditions to agent traces during online evaluation to determine which traces should be evaluated.
" }, "FilterKeyString":{ "type":"string", "max":256, "min":1, "pattern":"[a-zA-Z0-9._-]+" }, "FilterList":{ "type":"list", "member":{"shape":"Filter"}, "max":5, "min":0 }, "FilterOperator":{ "type":"string", "enum":[ "Equals", "NotEquals", "GreaterThan", "LessThan", "GreaterThanOrEqual", "LessThanOrEqual", "Contains", "NotContains" ] }, "FilterValue":{ "type":"structure", "members":{ "stringValue":{ "shape":"FilterValueStringValueString", "documentation":"The string value for text-based filtering.
" }, "doubleValue":{ "shape":"Double", "documentation":"The numeric value for numerical filtering and comparisons.
" }, "booleanValue":{ "shape":"Boolean", "documentation":"The boolean value for true/false filtering conditions.
" } }, "documentation":"The value used in filter comparisons, supporting different data types for flexible filtering criteria.
", "union":true }, "FilterValueStringValueString":{ "type":"string", "max":1024, "min":1 }, "Finding":{ "type":"structure", "members":{ "type":{ "shape":"FindingType", "documentation":"The type or category of the finding. This classifies the finding as an error, warning, recommendation, or informational message to help users understand the severity and nature of the issue.
" }, "description":{ "shape":"String", "documentation":"A human-readable description of the finding. This provides detailed information about the issue, recommendation, or validation result to help users understand and address the finding.
" } }, "documentation":"Represents a finding or issue discovered during policy generation or validation. Findings provide insights about potential problems, recommendations, or validation results from policy analysis operations. Finding types include: VALID (policy is ready to use), INVALID (policy has validation errors that must be fixed), NOT_TRANSLATABLE (input couldn't be converted to policy), ALLOW_ALL (policy would allow all actions, potential security risk), ALLOW_NONE (policy would allow no actions, unusable), DENY_ALL (policy would deny all actions, may be too restrictive), and DENY_NONE (policy would deny no actions, ineffective). Review all findings before creating policies from generated assets to ensure they match your security requirements.
" }, "FindingType":{ "type":"string", "enum":[ "VALID", "INVALID", "NOT_TRANSLATABLE", "ALLOW_ALL", "ALLOW_NONE", "DENY_ALL", "DENY_NONE" ] }, "Findings":{ "type":"list", "member":{"shape":"Finding"} }, "Float":{ "type":"float", "box":true }, "FromUrlSynchronizationConfiguration":{ "type":"structure", "required":["url"], "members":{ "url":{ "shape":"McpServerUrl", "documentation":"The HTTPS URL of the MCP server to synchronize from.
" }, "credentialProviderConfigurations":{ "shape":"RegistryRecordCredentialProviderConfigurationList", "documentation":"Optional list of credential provider configurations for authenticating with the MCP server. At most one credential provider configuration can be specified.
" } }, "documentation":"Configuration for synchronizing from a URL-based MCP server.
" }, "GatewayArn":{ "type":"string", "pattern":"arn:aws(|-cn|-us-gov):bedrock-agentcore:[a-z0-9-]{1,20}:[0-9]{12}:gateway/([0-9a-z][-]?){1,48}-[a-z0-9]{10}" }, "GatewayConfigurationBundleArn":{ "type":"string", "pattern":"arn:aws[a-zA-Z-]*:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:configuration-bundle/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "GatewayDescription":{ "type":"string", "max":200, "min":1, "sensitive":true }, "GatewayId":{ "type":"string", "pattern":"([0-9a-z][-]?){1,100}-[0-9a-z]{10}" }, "GatewayIdentifier":{ "type":"string", "pattern":"([0-9a-z][-]?){1,100}-[0-9a-z]{10}" }, "GatewayInterceptionPoint":{ "type":"string", "enum":[ "REQUEST", "RESPONSE" ] }, "GatewayInterceptionPoints":{ "type":"list", "member":{"shape":"GatewayInterceptionPoint"}, "max":2, "min":1 }, "GatewayInterceptorConfiguration":{ "type":"structure", "required":[ "interceptor", "interceptionPoints" ], "members":{ "interceptor":{ "shape":"InterceptorConfiguration", "documentation":"The infrastructure settings of an interceptor configuration. This structure defines how the interceptor can be invoked.
" }, "interceptionPoints":{ "shape":"GatewayInterceptionPoints", "documentation":"The supported points of interception. This field specifies which points during the gateway invocation to invoke the interceptor
" }, "inputConfiguration":{ "shape":"InterceptorInputConfiguration", "documentation":"The configuration for the input of the interceptor. This field specifies how the input to the interceptor is constructed
" } }, "documentation":"The configuration for an interceptor on a gateway. This structure defines settings for an interceptor that will be invoked during the invocation of the gateway.
" }, "GatewayInterceptorConfigurations":{ "type":"list", "member":{"shape":"GatewayInterceptorConfiguration"}, "max":2, "min":1 }, "GatewayMaxResults":{ "type":"integer", "box":true, "max":1000, "min":1 }, "GatewayName":{ "type":"string", "pattern":"([0-9a-zA-Z][-]?){1,100}", "sensitive":true }, "GatewayNextToken":{ "type":"string", "max":2048, "min":1, "pattern":"\\S*" }, "GatewayPolicyEngineArn":{ "type":"string", "max":170, "min":1, "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:policy-engine\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9_]{10}" }, "GatewayPolicyEngineConfiguration":{ "type":"structure", "required":[ "arn", "mode" ], "members":{ "arn":{ "shape":"GatewayPolicyEngineArn", "documentation":"The ARN of the policy engine. The policy engine contains Cedar policies that define fine-grained authorization rules specifying who can perform what actions on which resources as agents interact through the gateway.
" }, "mode":{ "shape":"GatewayPolicyEngineMode", "documentation":"The enforcement mode for the policy engine. Valid values include:
LOG_ONLY - The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement.
ENFORCE - The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies in LOG_ONLY mode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
The configuration for a policy engine associated with a gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
" }, "GatewayPolicyEngineMode":{ "type":"string", "enum":[ "LOG_ONLY", "ENFORCE" ] }, "GatewayProtocolConfiguration":{ "type":"structure", "members":{ "mcp":{ "shape":"MCPGatewayConfiguration", "documentation":"The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.
" } }, "documentation":"The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.
", "union":true }, "GatewayProtocolType":{ "type":"string", "enum":["MCP"] }, "GatewayRuleDescription":{ "type":"string", "max":256, "min":1 }, "GatewayRuleDetail":{ "type":"structure", "required":[ "ruleId", "gatewayArn", "priority", "actions", "createdAt", "status" ], "members":{ "ruleId":{ "shape":"GatewayRuleId", "documentation":"The unique identifier of the gateway rule.
" }, "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway that the rule belongs to.
" }, "priority":{ "shape":"GatewayRulePriority", "documentation":"The priority of the rule. Rules are evaluated in order of priority, with lower numbers evaluated first.
" }, "conditions":{ "shape":"Conditions", "documentation":"The conditions that must be met for the rule to apply.
" }, "actions":{ "shape":"Actions", "documentation":"The actions to take when the rule conditions are met.
" }, "description":{ "shape":"GatewayRuleDescription", "documentation":"The description of the gateway rule.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the rule was created.
" }, "status":{ "shape":"GatewayRuleStatus", "documentation":"The current status of the rule.
" }, "system":{ "shape":"SystemManagedBlock", "documentation":"System-managed metadata for rules created by automated processes.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the rule was last updated.
" } }, "documentation":"Detailed information about a gateway rule.
" }, "GatewayRuleId":{ "type":"string", "max":36, "min":36, "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" }, "GatewayRuleMaxResults":{ "type":"integer", "box":true, "max":100, "min":1 }, "GatewayRuleNextToken":{ "type":"string", "max":2048, "min":1, "pattern":"\\S*" }, "GatewayRulePriority":{ "type":"integer", "box":true, "max":1000000, "min":1 }, "GatewayRuleStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "UPDATING", "DELETING" ] }, "GatewayRules":{ "type":"list", "member":{"shape":"GatewayRuleDetail"} }, "GatewayStatus":{ "type":"string", "enum":[ "CREATING", "UPDATING", "UPDATE_UNSUCCESSFUL", "DELETING", "READY", "FAILED" ] }, "GatewaySummaries":{ "type":"list", "member":{"shape":"GatewaySummary"} }, "GatewaySummary":{ "type":"structure", "required":[ "gatewayId", "name", "status", "createdAt", "updatedAt", "authorizerType" ], "members":{ "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the gateway.
" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the gateway.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The description of the gateway.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was last updated.
" }, "authorizerType":{ "shape":"AuthorizerType", "documentation":"The type of authorizer used by the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The protocol type used by the gateway.
" } }, "documentation":"Contains summary information about a gateway.
" }, "GatewayTarget":{ "type":"structure", "required":[ "gatewayArn", "targetId", "createdAt", "updatedAt", "status", "name", "targetConfiguration", "credentialProviderConfigurations" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway target.
" }, "targetId":{ "shape":"TargetId", "documentation":"The target ID.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The date and time at which the target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The date and time at which the target was updated.
" }, "status":{ "shape":"TargetStatus", "documentation":"The status of the gateway target.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The status reasons for the target status.
" }, "name":{ "shape":"TargetName", "documentation":"The name of the gateway target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description for the gateway target.
" }, "targetConfiguration":{"shape":"TargetConfiguration"}, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The provider configurations.
" }, "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"The last synchronization time.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"The metadata configuration for HTTP header and query parameter propagation to and from this gateway target.
" }, "privateEndpoint":{"shape":"PrivateEndpoint"}, "privateEndpointManagedResources":{ "shape":"PrivateEndpointManagedResources", "documentation":"A list of managed resources created by the gateway for private endpoint connectivity. These resources are created in your account when you use a managed VPC Lattice resource configuration.
" }, "authorizationData":{ "shape":"AuthorizationData", "documentation":"OAuth2 authorization data for the gateway target. This data is returned when a target is configured with a credential provider with authorization code grant type and requires user federation.
" }, "protocolType":{ "shape":"TargetProtocolType", "documentation":"The protocol type of the gateway target.
" } }, "documentation":"The gateway target.
" }, "GatewayTargetList":{ "type":"list", "member":{"shape":"GatewayTarget"} }, "GatewayUrl":{ "type":"string", "max":1024, "min":1 }, "GetAgentRuntimeEndpointRequest":{ "type":"structure", "required":[ "agentRuntimeId", "endpointName" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime associated with the endpoint.
", "location":"uri", "locationName":"agentRuntimeId" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint to retrieve.
", "location":"uri", "locationName":"endpointName" } } }, "GetAgentRuntimeEndpointResponse":{ "type":"structure", "required":[ "agentRuntimeEndpointArn", "agentRuntimeArn", "status", "createdAt", "lastUpdatedAt", "name", "id" ], "members":{ "liveVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The currently deployed version of the AgentCore Runtime on the endpoint.
" }, "targetVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The target version of the AgentCore Runtime for the endpoint.
" }, "agentRuntimeEndpointArn":{ "shape":"AgentRuntimeEndpointArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
" }, "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "description":{ "shape":"AgentEndpointDescription", "documentation":"The description of the AgentCore Runtime endpoint.
" }, "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the AgentCore Runtime endpoint.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was last updated.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the AgentCore Runtime endpoint is in a failed state.
" }, "name":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint.
" }, "id":{ "shape":"AgentRuntimeEndpointId", "documentation":"The unique identifier of the AgentCore Runtime endpoint.
" } } }, "GetAgentRuntimeRequest":{ "type":"structure", "required":["agentRuntimeId"], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to retrieve.
", "location":"uri", "locationName":"agentRuntimeId" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the AgentCore Runtime to retrieve.
", "location":"querystring", "locationName":"version" } } }, "GetAgentRuntimeResponse":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeName", "agentRuntimeId", "agentRuntimeVersion", "createdAt", "lastUpdatedAt", "roleArn", "networkConfiguration", "status", "lifecycleConfiguration" ], "members":{ "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "agentRuntimeName":{ "shape":"AgentRuntimeName", "documentation":"The name of the AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the AgentCore Runtime.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was last updated.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the AgentCore Runtime.
" }, "networkConfiguration":{ "shape":"NetworkConfiguration", "documentation":"The network configuration for the AgentCore Runtime.
" }, "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the AgentCore Runtime.
" }, "lifecycleConfiguration":{ "shape":"LifecycleConfiguration", "documentation":"The life cycle configuration for the AgentCore Runtime.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the AgentCore Runtime is in a failed state.
" }, "description":{ "shape":"Description", "documentation":"The description of the AgentCore Runtime.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the AgentCore Runtime.
" }, "agentRuntimeArtifact":{ "shape":"AgentRuntimeArtifact", "documentation":"The artifact of the AgentCore Runtime.
" }, "protocolConfiguration":{"shape":"ProtocolConfiguration"}, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Environment variables set in the AgentCore Runtime environment.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The authorizer configuration for the AgentCore Runtime.
" }, "requestHeaderConfiguration":{ "shape":"RequestHeaderConfiguration", "documentation":"Configuration for HTTP request headers that will be passed through to the runtime.
" }, "metadataConfiguration":{ "shape":"RuntimeMetadataConfiguration", "documentation":"Configuration for microVM Metadata Service (MMDS) settings for the AgentCore Runtime.
" }, "filesystemConfigurations":{ "shape":"FilesystemConfigurations", "documentation":"The filesystem configurations mounted into the AgentCore Runtime.
" } } }, "GetApiKeyCredentialProviderRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider to retrieve.
" } } }, "GetApiKeyCredentialProviderResponse":{ "type":"structure", "required":[ "apiKeySecretArn", "name", "credentialProviderArn", "createdTime", "lastUpdatedTime" ], "members":{ "apiKeySecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider.
" }, "credentialProviderArn":{ "shape":"ApiKeyCredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the API key credential provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was last updated.
" } } }, "GetBrowserProfileRequest":{ "type":"structure", "required":["profileId"], "members":{ "profileId":{ "shape":"BrowserProfileId", "documentation":"The unique identifier of the browser profile to retrieve.
", "location":"uri", "locationName":"profileId" } } }, "GetBrowserProfileResponse":{ "type":"structure", "required":[ "profileId", "profileArn", "name", "status", "createdAt", "lastUpdatedAt" ], "members":{ "profileId":{ "shape":"BrowserProfileId", "documentation":"The unique identifier of the browser profile.
" }, "profileArn":{ "shape":"BrowserProfileArn", "documentation":"The Amazon Resource Name (ARN) of the browser profile.
" }, "name":{ "shape":"BrowserProfileName", "documentation":"The name of the browser profile.
" }, "description":{ "shape":"Description", "documentation":"The description of the browser profile.
" }, "status":{ "shape":"BrowserProfileStatus", "documentation":"The current status of the browser profile.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser profile was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser profile was last updated.
" }, "lastSavedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when browser session data was last saved to this profile.
" }, "lastSavedBrowserSessionId":{ "shape":"BrowserSessionId", "documentation":"The identifier of the browser session from which data was last saved to this profile.
" }, "lastSavedBrowserId":{ "shape":"BrowserId", "documentation":"The identifier of the browser from which data was last saved to this profile.
" } } }, "GetBrowserRequest":{ "type":"structure", "required":["browserId"], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the browser to retrieve.
", "location":"uri", "locationName":"browserId" } } }, "GetBrowserResponse":{ "type":"structure", "required":[ "browserId", "browserArn", "name", "networkConfiguration", "status", "createdAt", "lastUpdatedAt" ], "members":{ "browserId":{ "shape":"BrowserId", "documentation":"The unique identifier of the browser.
" }, "browserArn":{ "shape":"BrowserArn", "documentation":"The Amazon Resource Name (ARN) of the browser.
" }, "name":{ "shape":"SandboxName", "documentation":"The name of the browser.
" }, "description":{ "shape":"Description", "documentation":"The description of the browser.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the browser.
" }, "networkConfiguration":{"shape":"BrowserNetworkConfiguration"}, "recording":{"shape":"RecordingConfig"}, "browserSigning":{ "shape":"BrowserSigningConfigOutput", "documentation":"The browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.
" }, "enterprisePolicies":{ "shape":"BrowserEnterprisePolicies", "documentation":"The list of enterprise policy files configured for the browser.
" }, "certificates":{ "shape":"Certificates", "documentation":"The list of certificates configured for the browser.
" }, "status":{ "shape":"BrowserStatus", "documentation":"The current status of the browser.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the browser is in a failed state.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the browser was last updated.
" } } }, "GetCodeInterpreterRequest":{ "type":"structure", "required":["codeInterpreterId"], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the code interpreter to retrieve.
", "location":"uri", "locationName":"codeInterpreterId" } } }, "GetCodeInterpreterResponse":{ "type":"structure", "required":[ "codeInterpreterId", "codeInterpreterArn", "name", "networkConfiguration", "status", "createdAt", "lastUpdatedAt" ], "members":{ "codeInterpreterId":{ "shape":"CodeInterpreterId", "documentation":"The unique identifier of the code interpreter.
" }, "codeInterpreterArn":{ "shape":"CodeInterpreterArn", "documentation":"The Amazon Resource Name (ARN) of the code interpreter.
" }, "name":{ "shape":"SandboxName", "documentation":"The name of the code interpreter.
" }, "description":{ "shape":"Description", "documentation":"The description of the code interpreter.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the code interpreter.
" }, "networkConfiguration":{"shape":"CodeInterpreterNetworkConfiguration"}, "status":{ "shape":"CodeInterpreterStatus", "documentation":"The current status of the code interpreter.
" }, "certificates":{ "shape":"Certificates", "documentation":"The list of certificates configured for the code interpreter.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the code interpreter is in a failed state.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the code interpreter was last updated.
" } } }, "GetConfigurationBundleRequest":{ "type":"structure", "required":["bundleId"], "members":{ "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle to retrieve.
", "location":"uri", "locationName":"bundleId" }, "branchName":{ "shape":"BranchName", "documentation":"The branch name to get the latest version from. If not specified, returns the latest version on the mainline branch.
", "location":"querystring", "locationName":"branchName" } } }, "GetConfigurationBundleResponse":{ "type":"structure", "required":[ "bundleArn", "bundleId", "bundleName", "versionId", "components", "createdAt", "updatedAt" ], "members":{ "bundleArn":{ "shape":"ConfigurationBundleArn", "documentation":"The Amazon Resource Name (ARN) of the configuration bundle.
" }, "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle.
" }, "bundleName":{ "shape":"ConfigurationBundleName", "documentation":"The name of the configuration bundle.
" }, "description":{ "shape":"ConfigurationBundleDescription", "documentation":"The description of the configuration bundle.
" }, "versionId":{ "shape":"ConfigurationBundleVersion", "documentation":"The version identifier of this configuration bundle.
" }, "components":{ "shape":"ComponentConfigurationMap", "documentation":"A map of component identifiers to their configurations for this version.
" }, "lineageMetadata":{ "shape":"VersionLineageMetadata", "documentation":"The version lineage metadata, including parent versions, branch name, and creation source.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the configuration bundle was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the configuration bundle was last updated.
" } } }, "GetConfigurationBundleVersionRequest":{ "type":"structure", "required":[ "bundleId", "versionId" ], "members":{ "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle.
", "location":"uri", "locationName":"bundleId" }, "versionId":{ "shape":"ConfigurationBundleVersion", "documentation":"The version identifier of the configuration bundle version to retrieve.
", "location":"uri", "locationName":"versionId" } } }, "GetConfigurationBundleVersionResponse":{ "type":"structure", "required":[ "bundleArn", "bundleId", "bundleName", "versionId", "components", "createdAt", "versionCreatedAt" ], "members":{ "bundleArn":{ "shape":"ConfigurationBundleArn", "documentation":"The Amazon Resource Name (ARN) of the configuration bundle.
" }, "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle.
" }, "bundleName":{ "shape":"ConfigurationBundleName", "documentation":"The name of the configuration bundle.
" }, "description":{ "shape":"ConfigurationBundleDescription", "documentation":"The description of the configuration bundle.
" }, "versionId":{ "shape":"ConfigurationBundleVersion", "documentation":"The version identifier of this configuration bundle version.
" }, "components":{ "shape":"ComponentConfigurationMap", "documentation":"A map of component identifiers to their configurations for this version.
" }, "lineageMetadata":{ "shape":"VersionLineageMetadata", "documentation":"The version lineage metadata, including parent versions, branch name, and creation source.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the configuration bundle was created.
" }, "versionCreatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when this specific version was created.
" } } }, "GetEvaluatorRequest":{ "type":"structure", "required":["evaluatorId"], "members":{ "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator to retrieve. Can be a built-in evaluator ID (e.g., Builtin.Helpfulness) or a custom evaluator ID.
", "location":"uri", "locationName":"evaluatorId" }, "includedData":{ "shape":"IncludedData", "documentation":" Controls which data is returned in the response. ALL_DATA (default) returns the full evaluator including decrypted instructions and rating scale. For evaluators encrypted with a customer managed KMS key, this requires kms:Decrypt permission on the key. METADATA_ONLY returns evaluator metadata and model configuration without instructions or rating scale, and does not require any KMS permissions.
The Amazon Resource Name (ARN) of the evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator.
" }, "evaluatorName":{ "shape":"EvaluatorName", "documentation":"The name of the evaluator.
" }, "description":{ "shape":"EvaluatorDescription", "documentation":"The description of the evaluator.
" }, "evaluatorConfig":{ "shape":"EvaluatorConfig", "documentation":"The configuration of the evaluator, including LLM-as-a-Judge or code-based settings.
" }, "level":{ "shape":"EvaluatorLevel", "documentation":" The evaluation level (TOOL_CALL, TRACE, or SESSION) that determines the scope of evaluation.
The current status of the evaluator.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was last updated.
" }, "lockedForModification":{ "shape":"Boolean", "documentation":"Whether the evaluator is locked for modification due to being referenced by active online evaluation configurations.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the customer managed KMS key used to encrypt the evaluator's sensitive data. This field is only present for evaluators encrypted with a customer managed key.
" } } }, "GetGatewayRequest":{ "type":"structure", "required":["gatewayIdentifier"], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to retrieve.
", "location":"uri", "locationName":"gatewayIdentifier" } } }, "GetGatewayResponse":{ "type":"structure", "required":[ "gatewayArn", "gatewayId", "createdAt", "updatedAt", "status", "name", "authorizerType" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the gateway.
" }, "gatewayUrl":{ "shape":"GatewayUrl", "documentation":"An endpoint for invoking gateway.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was last updated.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the gateway.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway.
" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The description of the gateway.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The IAM role ARN that provides permissions for the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"Protocol applied to a gateway.
" }, "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, "authorizerType":{ "shape":"AuthorizerType", "documentation":"Authorizer type for the gateway.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The authorizer configuration for the gateway.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"The interceptors configured on the gateway.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The policy engine configuration for the gateway.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the gateway.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The identifier of the gateway containing the rule.
", "location":"uri", "locationName":"gatewayIdentifier" }, "ruleId":{ "shape":"GatewayRuleId", "documentation":"The unique identifier of the rule to retrieve.
", "location":"uri", "locationName":"ruleId" } } }, "GetGatewayRuleResponse":{ "type":"structure", "required":[ "ruleId", "gatewayArn", "priority", "actions", "createdAt", "status" ], "members":{ "ruleId":{ "shape":"GatewayRuleId", "documentation":"The unique identifier of the gateway rule.
" }, "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway that the rule belongs to.
" }, "priority":{ "shape":"GatewayRulePriority", "documentation":"The priority of the rule. Rules are evaluated in order of priority, with lower numbers evaluated first.
" }, "conditions":{ "shape":"Conditions", "documentation":"The conditions that must be met for the rule to apply.
" }, "actions":{ "shape":"Actions", "documentation":"The actions to take when the rule conditions are met.
" }, "description":{ "shape":"GatewayRuleDescription", "documentation":"The description of the gateway rule.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the rule was created.
" }, "status":{ "shape":"GatewayRuleStatus", "documentation":"The current status of the rule.
" }, "system":{ "shape":"SystemManagedBlock", "documentation":"System-managed metadata for rules created by automated processes.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the rule was last updated.
" } }, "documentation":"Create response excludes updatedAt (redundant on create). Get/Update responses include it via their own output structures.
" }, "GetGatewayTargetRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "targetId" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway that contains the target.
", "location":"uri", "locationName":"gatewayIdentifier" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the target to retrieve.
", "location":"uri", "locationName":"targetId" } } }, "GetGatewayTargetResponse":{ "type":"structure", "required":[ "gatewayArn", "targetId", "createdAt", "updatedAt", "status", "name", "targetConfiguration", "credentialProviderConfigurations" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the gateway target.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway target was last updated.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the gateway target.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the gateway target.
" }, "name":{ "shape":"TargetName", "documentation":"The name of the gateway target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description of the gateway target.
" }, "targetConfiguration":{"shape":"TargetConfiguration"}, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The credential provider configurations for the gateway target.
" }, "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"The last synchronization of the target.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"The metadata configuration for HTTP header and query parameter propagation for the retrieved gateway target.
" }, "privateEndpoint":{ "shape":"PrivateEndpoint", "documentation":"The private endpoint configuration for the gateway target.
" }, "privateEndpointManagedResources":{ "shape":"PrivateEndpointManagedResources", "documentation":"The managed resources created by the gateway for private endpoint connectivity.
" }, "authorizationData":{ "shape":"AuthorizationData", "documentation":"OAuth2 authorization data for the gateway target. This data is returned when a target is configured with a credential provider with authorization code grant type and requires user federation.
" }, "protocolType":{ "shape":"TargetProtocolType", "documentation":"The protocol type of the gateway target.
" } } }, "GetHarnessRequest":{ "type":"structure", "required":["harnessId"], "members":{ "harnessId":{ "shape":"HarnessId", "documentation":"The ID of the harness to retrieve.
", "location":"uri", "locationName":"harnessId" } } }, "GetHarnessResponse":{ "type":"structure", "required":["harness"], "members":{ "harness":{ "shape":"Harness", "documentation":"The harness resource.
" } } }, "GetMemoryInput":{ "type":"structure", "required":["memoryId"], "members":{ "memoryId":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory to retrieve.
", "location":"uri", "locationName":"memoryId" }, "view":{ "shape":"MemoryView", "documentation":"The level of detail to return for the memory.
", "location":"querystring", "locationName":"view" } } }, "GetMemoryOutput":{ "type":"structure", "required":["memory"], "members":{ "memory":{ "shape":"Memory", "documentation":"The retrieved AgentCore Memory resource details.
" } } }, "GetOauth2CredentialProviderRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider to retrieve.
" } } }, "GetOauth2CredentialProviderResponse":{ "type":"structure", "required":[ "clientSecretArn", "name", "credentialProviderArn", "credentialProviderVendor", "oauth2ProviderConfigOutput", "createdTime", "lastUpdatedTime" ], "members":{ "clientSecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider.
" }, "credentialProviderArn":{ "shape":"CredentialProviderArnType", "documentation":"ARN of the credential provider requested.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider.
" }, "callbackUrl":{ "shape":"String", "documentation":"Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
" }, "oauth2ProviderConfigOutput":{ "shape":"Oauth2ProviderConfigOutput", "documentation":"The configuration output for the OAuth2 provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was last updated.
" }, "status":{ "shape":"Status", "documentation":"The current status of the OAuth2 credential provider.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for the failure if the OAuth2 credential provider is in a failed state.
" } } }, "GetOnlineEvaluationConfigRequest":{ "type":"structure", "required":["onlineEvaluationConfigId"], "members":{ "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration to retrieve.
", "location":"uri", "locationName":"onlineEvaluationConfigId" } } }, "GetOnlineEvaluationConfigResponse":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "onlineEvaluationConfigName", "rule", "dataSourceConfig", "evaluators", "status", "executionStatus", "createdAt", "updatedAt" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration.
" }, "onlineEvaluationConfigName":{ "shape":"EvaluationConfigName", "documentation":"The name of the online evaluation configuration.
" }, "description":{ "shape":"EvaluationConfigDescription", "documentation":"The description of the online evaluation configuration.
" }, "rule":{ "shape":"Rule", "documentation":"The evaluation rule containing sampling configuration, filters, and session settings.
" }, "dataSourceConfig":{ "shape":"DataSourceConfig", "documentation":"The data source configuration specifying CloudWatch log groups and service names to monitor.
" }, "evaluators":{ "shape":"EvaluatorList", "documentation":"The list of evaluators applied during online evaluation.
" }, "outputConfig":{ "shape":"OutputConfig", "documentation":"The output configuration specifying where evaluation results are written.
" }, "evaluationExecutionRoleArn":{ "shape":"RoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role used for evaluation execution.
" }, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The execution status indicating whether the online evaluation is currently running.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was last updated.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the online evaluation configuration execution failed.
" } } }, "GetPolicyEngineRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine to be retrieved. This must be a valid policy engine ID that exists within the account.
", "location":"uri", "locationName":"policyEngineId" } } }, "GetPolicyEngineResponse":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the retrieved policy engine. This matches the policy engine ID provided in the request and serves as the system identifier.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned name of the policy engine. This is the human-readable identifier that was specified when the policy engine was created.
" }, "description":{ "shape":"Description", "documentation":"The human-readable description of the policy engine's purpose and scope. This helps administrators understand the policy engine's role in governance.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was originally created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration.
" }, "policyEngineArn":{ "shape":"PolicyEngineArn", "documentation":"The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The current status of the policy engine.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine.
" }, "encryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.
" } } }, "GetPolicyGenerationRequest":{ "type":"structure", "required":[ "policyGenerationId", "policyEngineId" ], "members":{ "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy generation request to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call.
", "location":"uri", "locationName":"policyGenerationId" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine associated with the policy generation request. This provides the context for the generation operation and schema validation.
", "location":"uri", "locationName":"policyEngineId" } } }, "GetPolicyGenerationResponse":{ "type":"structure", "required":[ "policyEngineId", "policyGenerationId", "name", "policyGenerationArn", "resource", "createdAt", "updatedAt", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine associated with this policy generation. This confirms the policy engine context for the generation operation.
" }, "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy generation request. This matches the generation ID provided in the request and serves as the tracking identifier.
" }, "name":{ "shape":"PolicyGenerationName", "documentation":"The customer-assigned name for the policy generation request. This helps identify and track generation operations across multiple requests.
" }, "policyGenerationArn":{ "shape":"PolicyGenerationArn", "documentation":"The Amazon Resource Name (ARN) of the policy generation. This globally unique identifier can be used for tracking, auditing, and cross-service references.
" }, "resource":{ "shape":"Resource", "documentation":"The resource information associated with the policy generation. This provides context about the target resources for which the policies are being generated.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy generation request was created. This is used for tracking and auditing generation operations and their lifecycle.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy generation was last updated. This tracks the progress of the generation process and any status changes.
" }, "status":{ "shape":"PolicyGenerationStatus", "documentation":"The current status of the policy generation. This indicates whether the generation is in progress, completed successfully, or failed during processing.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the generation status. This provides details about any failures, warnings, or the current state of the generation process.
" }, "findings":{ "shape":"String", "documentation":"The findings and results from the policy generation process. This includes any issues, recommendations, validation results, or insights from the generated policies.
" } } }, "GetPolicyRequest":{ "type":"structure", "required":[ "policyEngineId", "policyId" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages the policy to be retrieved.
", "location":"uri", "locationName":"policyEngineId" }, "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy to be retrieved. This must be a valid policy ID that exists within the specified policy engine.
", "location":"uri", "locationName":"policyId" } } }, "GetPolicyResponse":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the retrieved policy. This matches the policy ID provided in the request and serves as the system identifier for the policy.
" }, "name":{ "shape":"PolicyName", "documentation":"The customer-assigned name of the policy. This is the human-readable identifier that was specified when the policy was created.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages this policy. This confirms the policy engine context for the retrieved policy.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.
" }, "description":{ "shape":"Description", "documentation":"The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was originally created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The current status of the policy.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the policy status. This provides details about any failures or the current state of the policy.
" } } }, "GetRegistryRecordRequest":{ "type":"structure", "required":[ "registryId", "recordId" ], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry containing the record. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" }, "recordId":{ "shape":"RecordIdentifier", "documentation":"The identifier of the registry record to retrieve. You can specify either the Amazon Resource Name (ARN) or the ID of the record.
", "location":"uri", "locationName":"recordId" } } }, "GetRegistryRecordResponse":{ "type":"structure", "required":[ "registryArn", "recordArn", "recordId", "name", "descriptorType", "descriptors", "status", "createdAt", "updatedAt" ], "members":{ "registryArn":{ "shape":"RegistryArn", "documentation":"The Amazon Resource Name (ARN) of the registry that contains the record.
" }, "recordArn":{ "shape":"RegistryRecordArn", "documentation":"The Amazon Resource Name (ARN) of the registry record.
" }, "recordId":{ "shape":"RegistryRecordId", "documentation":"The unique identifier of the registry record.
" }, "name":{ "shape":"RegistryRecordName", "documentation":"The name of the registry record.
" }, "description":{ "shape":"Description", "documentation":"The description of the registry record.
" }, "descriptorType":{ "shape":"DescriptorType", "documentation":"The descriptor type of the registry record. Possible values are MCP, A2A, CUSTOM, and AGENT_SKILLS.
The descriptor-type-specific configuration containing the resource schema and metadata. For details, see the Descriptors data type.
The version of the registry record.
" }, "status":{ "shape":"RegistryRecordStatus", "documentation":"The current status of the registry record. Possible values include CREATING, DRAFT, APPROVED, PENDING_APPROVAL, REJECTED, DEPRECATED, UPDATING, CREATE_FAILED, and UPDATE_FAILED. A record transitions from CREATING to DRAFT, then to PENDING_APPROVAL (via SubmitRegistryRecordForApproval), and finally to APPROVED upon approval.
The timestamp when the registry record was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry record was last updated.
" }, "statusReason":{ "shape":"String", "documentation":"The reason for the current status, typically set when the status is a failure state.
" }, "synchronizationType":{ "shape":"SynchronizationType", "documentation":"The type of synchronization used for this record.
" }, "synchronizationConfiguration":{ "shape":"SynchronizationConfiguration", "documentation":"The configuration for synchronizing registry record metadata from an external source.
" } } }, "GetRegistryRequest":{ "type":"structure", "required":["registryId"], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry to retrieve. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" } } }, "GetRegistryResponse":{ "type":"structure", "required":[ "name", "registryId", "registryArn", "status", "createdAt", "updatedAt" ], "members":{ "name":{ "shape":"RegistryName", "documentation":"The name of the registry.
" }, "description":{ "shape":"Description", "documentation":"The description of the registry.
" }, "registryId":{ "shape":"RegistryId", "documentation":"The unique identifier of the registry.
" }, "registryArn":{ "shape":"RegistryArn", "documentation":"The Amazon Resource Name (ARN) of the registry.
" }, "authorizerType":{ "shape":"RegistryAuthorizerType", "documentation":"The type of authorizer used by the registry. This controls the authorization method for the Search and Invoke APIs used by consumers.
CUSTOM_JWT - Authorize with a bearer token.
AWS_IAM - Authorize with your Amazon Web Services IAM credentials.
The authorizer configuration for the registry. For details, see the AuthorizerConfiguration data type.
The approval configuration for registry records. For details, see the ApprovalConfiguration data type.
The current status of the registry. Possible values include CREATING, READY, UPDATING, CREATE_FAILED, UPDATE_FAILED, DELETING, and DELETE_FAILED.
The reason for the current status, typically set when the status is a failure state.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry was last updated.
" } } }, "GetResourcePolicyRequest":{ "type":"structure", "required":["resourceArn"], "members":{ "resourceArn":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"The Amazon Resource Name (ARN) of the resource for which to retrieve the resource policy.
", "location":"uri", "locationName":"resourceArn" } } }, "GetResourcePolicyResponse":{ "type":"structure", "members":{ "policy":{ "shape":"ResourcePolicyBody", "documentation":"The resource policy associated with the specified resource.
" } } }, "GetTokenVaultRequest":{ "type":"structure", "members":{ "tokenVaultId":{ "shape":"TokenVaultIdType", "documentation":"The unique identifier of the token vault to retrieve.
" } } }, "GetTokenVaultResponse":{ "type":"structure", "required":[ "tokenVaultId", "kmsConfiguration", "lastModifiedDate" ], "members":{ "tokenVaultId":{ "shape":"TokenVaultIdType", "documentation":"The ID of the token vault.
" }, "kmsConfiguration":{ "shape":"KmsConfiguration", "documentation":"The KMS configuration for the token vault.
" }, "lastModifiedDate":{ "shape":"Timestamp", "documentation":"The timestamp when the token vault was last modified.
" } } }, "GetWorkloadIdentityRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity to retrieve.
" } } }, "GetWorkloadIdentityResponse":{ "type":"structure", "required":[ "name", "workloadIdentityArn", "createdTime", "lastUpdatedTime" ], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity.
" }, "workloadIdentityArn":{ "shape":"WorkloadIdentityArnType", "documentation":"The Amazon Resource Name (ARN) of the workload identity.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The list of allowed OAuth2 return URLs for resources associated with this workload identity.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the workload identity was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the workload identity was last updated.
" } } }, "GithubOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the GitHub OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the GitHub OAuth2 provider.
" } }, "documentation":"Input configuration for a GitHub OAuth2 provider.
" }, "GithubOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the GitHub provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the GitHub OAuth2 provider.
" } }, "documentation":"Output configuration for a GitHub OAuth2 provider.
" }, "GoogleOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Google OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Google OAuth2 provider.
" } }, "documentation":"Input configuration for a Google OAuth2 provider.
" }, "GoogleOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the Google provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Google OAuth2 provider.
" } }, "documentation":"Output configuration for a Google OAuth2 provider.
" }, "Harness":{ "type":"structure", "required":[ "harnessId", "harnessName", "arn", "status", "executionRoleArn", "createdAt", "updatedAt", "model", "systemPrompt", "tools", "skills", "allowedTools", "truncation", "environment" ], "members":{ "harnessId":{ "shape":"HarnessId", "documentation":"The ID of the Harness.
" }, "harnessName":{ "shape":"HarnessName", "documentation":"The name of the Harness.
" }, "arn":{ "shape":"HarnessArn", "documentation":"The ARN of the Harness.
" }, "status":{ "shape":"HarnessStatus", "documentation":"The status of the Harness.
" }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"IAM role the Harness assumes when running.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The createdAt time of the Harness.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The updatedAt time of the Harness.
" }, "model":{ "shape":"HarnessModelConfiguration", "documentation":"The configuration of the default model used by the Harness.
" }, "systemPrompt":{ "shape":"HarnessSystemPrompt", "documentation":"The system prompt of the Harness.
" }, "tools":{ "shape":"HarnessTools", "documentation":"The tools of the Harness.
" }, "skills":{ "shape":"HarnessSkills", "documentation":"The skills of the Harness.
" }, "allowedTools":{ "shape":"HarnessAllowedTools", "documentation":"The allowed tools of the Harness. All tools are allowed by default.
" }, "truncation":{ "shape":"HarnessTruncationConfiguration", "documentation":"Configuration for truncating model context.
" }, "environment":{ "shape":"HarnessEnvironmentProvider", "documentation":"The compute environment on which the Harness runs.
" }, "environmentArtifact":{ "shape":"HarnessEnvironmentArtifact", "documentation":"The environment artifact (e.g., container) in which the Harness operates.
" }, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Environment variables exposed in the environment in which the Harness operates.
" }, "authorizerConfiguration":{"shape":"AuthorizerConfiguration"}, "memory":{ "shape":"HarnessMemoryConfiguration", "documentation":"AgentCore Memory instance configuration for short and long term memory.
" }, "maxIterations":{ "shape":"Integer", "documentation":"The maximum number of iterations in the agent loop allowed before exiting per invocation.
" }, "maxTokens":{ "shape":"Integer", "documentation":"The maximum total number of output tokens the agent can generate across all model calls within a single invocation.
" }, "timeoutSeconds":{ "shape":"Integer", "documentation":"The maximum duration per invocation.
" }, "failureReason":{ "shape":"String", "documentation":"Reason why create or update operations fail.
" } }, "documentation":"Representation of a Harness.
" }, "HarnessAgentCoreBrowserConfig":{ "type":"structure", "members":{ "browserArn":{ "shape":"BrowserArn", "documentation":"If not populated, the built-in Browser ARN is used.
" } }, "documentation":"Configuration for AgentCore Browser.
" }, "HarnessAgentCoreCodeInterpreterConfig":{ "type":"structure", "members":{ "codeInterpreterArn":{ "shape":"CodeInterpreterArn", "documentation":"If not populated, the built-in Code Interpreter ARN is used.
" } }, "documentation":"Configuration for AgentCore Code Interpreter.
" }, "HarnessAgentCoreGatewayConfig":{ "type":"structure", "required":["gatewayArn"], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The ARN of the desired AgentCore Gateway.
" }, "outboundAuth":{ "shape":"HarnessGatewayOutboundAuth", "documentation":"How harness authenticates to this Gateway. Defaults to AWS_IAM (SigV4) if omitted.
" } }, "documentation":"Configuration for AgentCore Gateway.
" }, "HarnessAgentCoreMemoryConfiguration":{ "type":"structure", "required":["arn"], "members":{ "arn":{ "shape":"MemoryArn", "documentation":"The ARN of the AgentCore Memory resource.
" }, "actorId":{ "shape":"String", "documentation":"The actor ID for memory operations.
" }, "messagesCount":{ "shape":"Integer", "documentation":"The number of messages to retrieve from memory.
" }, "retrievalConfig":{ "shape":"HarnessAgentCoreMemoryRetrievalConfigs", "documentation":"The retrieval configuration for long-term memory, mapping namespace path templates to retrieval settings.
" } }, "documentation":"Configuration for AgentCore Memory integration.
" }, "HarnessAgentCoreMemoryRetrievalConfig":{ "type":"structure", "members":{ "topK":{ "shape":"Integer", "documentation":"The maximum number of memory entries to retrieve.
" }, "relevanceScore":{ "shape":"Float", "documentation":"The minimum relevance score for retrieved memories.
" }, "strategyId":{ "shape":"String", "documentation":"The ID of the retrieval strategy to use.
" } }, "documentation":"Configuration for memory retrieval within a namespace.
" }, "HarnessAgentCoreMemoryRetrievalConfigs":{ "type":"map", "key":{"shape":"String"}, "value":{"shape":"HarnessAgentCoreMemoryRetrievalConfig"} }, "HarnessAgentCoreRuntimeEnvironment":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeName", "agentRuntimeId", "lifecycleConfiguration", "networkConfiguration" ], "members":{ "agentRuntimeArn":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"The ARN of the underlying AgentCore Runtime.
" }, "agentRuntimeName":{ "shape":"String", "documentation":"The name of the underlying AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"String", "documentation":"The ID of the underlying AgentCore Runtime.
" }, "lifecycleConfiguration":{"shape":"LifecycleConfiguration"}, "networkConfiguration":{"shape":"NetworkConfiguration"}, "filesystemConfigurations":{ "shape":"FilesystemConfigurations", "documentation":"The filesystem configurations for the runtime environment.
" } }, "documentation":"The AgentCore Runtime environment for a harness.
" }, "HarnessAgentCoreRuntimeEnvironmentRequest":{ "type":"structure", "members":{ "lifecycleConfiguration":{"shape":"LifecycleConfiguration"}, "networkConfiguration":{"shape":"NetworkConfiguration"}, "filesystemConfigurations":{ "shape":"FilesystemConfigurations", "documentation":"The filesystem configurations for the runtime environment.
" } }, "documentation":"The AgentCore Runtime environment request configuration.
" }, "HarnessAllowedTool":{ "type":"string", "max":64, "min":1, "pattern":"(\\*|@?[^/]+(/[^/]+)?)" }, "HarnessAllowedTools":{ "type":"list", "member":{"shape":"HarnessAllowedTool"} }, "HarnessArn":{ "type":"string", "pattern":"arn:([^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:harness/[a-zA-Z][a-zA-Z0-9_]{0,39}-[a-zA-Z0-9]{10}" }, "HarnessBedrockModelConfig":{ "type":"structure", "required":["modelId"], "members":{ "modelId":{ "shape":"ModelId", "documentation":"The Bedrock model ID.
" }, "maxTokens":{ "shape":"MaxTokens", "documentation":"The maximum number of tokens to allow in the generated response per model call.
" }, "temperature":{ "shape":"Temperature", "documentation":"The temperature to set when calling the model.
" }, "topP":{ "shape":"TopP", "documentation":"The topP set when calling the model.
" } }, "documentation":"Configuration for an Amazon Bedrock model provider.
" }, "HarnessEnvironmentArtifact":{ "type":"structure", "members":{ "containerConfiguration":{"shape":"ContainerConfiguration"} }, "documentation":"The environment artifact for a harness, such as a container image containing custom dependencies.
", "union":true }, "HarnessEnvironmentProvider":{ "type":"structure", "members":{ "agentCoreRuntimeEnvironment":{ "shape":"HarnessAgentCoreRuntimeEnvironment", "documentation":"The AgentCore Runtime environment configuration.
" } }, "documentation":"The environment provider for a harness.
", "union":true }, "HarnessEnvironmentProviderRequest":{ "type":"structure", "members":{ "agentCoreRuntimeEnvironment":{ "shape":"HarnessAgentCoreRuntimeEnvironmentRequest", "documentation":"The AgentCore Runtime environment configuration.
" } }, "documentation":"The environment provider request configuration.
", "union":true }, "HarnessGatewayOutboundAuth":{ "type":"structure", "members":{ "awsIam":{ "shape":"Unit", "documentation":"SigV4-sign requests using the agent's execution role.
" }, "none":{ "shape":"Unit", "documentation":"No authentication.
" }, "oauth":{"shape":"OAuthCredentialProvider"} }, "documentation":"Authentication method for calling a Gateway.
", "union":true }, "HarnessGeminiModelConfig":{ "type":"structure", "required":[ "modelId", "apiKeyArn" ], "members":{ "modelId":{ "shape":"ModelId", "documentation":"The Gemini model ID.
" }, "apiKeyArn":{ "shape":"ApiKeyArn", "documentation":"The ARN of your Gemini API key on AgentCore Identity.
" }, "maxTokens":{ "shape":"MaxTokens", "documentation":"The maximum number of tokens to allow in the generated response per model call.
" }, "temperature":{ "shape":"Temperature", "documentation":"The temperature to set when calling the model.
" }, "topP":{ "shape":"TopP", "documentation":"The topP set when calling the model.
" }, "topK":{ "shape":"TopK", "documentation":"The topK set when calling the model.
" } }, "documentation":"Configuration for a Google Gemini model provider. Requires an API key stored in AgentCore Identity.
" }, "HarnessId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,39}-[a-zA-Z0-9]{10}" }, "HarnessInlineFunctionConfig":{ "type":"structure", "required":[ "description", "inputSchema" ], "members":{ "description":{ "shape":"HarnessInlineFunctionDescription", "documentation":"Description of what the tool does, provided to the model.
" }, "inputSchema":{ "shape":"SensitiveJson", "documentation":"JSON Schema describing the tool's input parameters.
" } }, "documentation":"Configuration for an inline function tool. When the agent calls this tool, the tool call is returned to the caller for external execution.
" }, "HarnessInlineFunctionDescription":{ "type":"string", "max":4096, "min":1, "sensitive":true }, "HarnessMemoryConfiguration":{ "type":"structure", "members":{ "agentCoreMemoryConfiguration":{ "shape":"HarnessAgentCoreMemoryConfiguration", "documentation":"The AgentCore Memory configuration.
" } }, "documentation":"The memory configuration for a harness.
", "union":true }, "HarnessModelConfiguration":{ "type":"structure", "members":{ "bedrockModelConfig":{ "shape":"HarnessBedrockModelConfig", "documentation":"Configuration for an Amazon Bedrock model.
" }, "openAiModelConfig":{ "shape":"HarnessOpenAiModelConfig", "documentation":"Configuration for an OpenAI model.
" }, "geminiModelConfig":{ "shape":"HarnessGeminiModelConfig", "documentation":"Configuration for a Google Gemini model.
" } }, "documentation":"Specification of which model to use.
", "union":true }, "HarnessName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,39}" }, "HarnessOpenAiModelConfig":{ "type":"structure", "required":[ "modelId", "apiKeyArn" ], "members":{ "modelId":{ "shape":"ModelId", "documentation":"The OpenAI model ID.
" }, "apiKeyArn":{ "shape":"ApiKeyArn", "documentation":"The ARN of your OpenAI API key on AgentCore Identity.
" }, "maxTokens":{ "shape":"MaxTokens", "documentation":"The maximum number of tokens to allow in the generated response per model call.
" }, "temperature":{ "shape":"Temperature", "documentation":"The temperature to set when calling the model.
" }, "topP":{ "shape":"TopP", "documentation":"The topP set when calling the model.
" } }, "documentation":"Configuration for an OpenAI model provider. Requires an API key stored in AgentCore Identity.
" }, "HarnessRemoteMcpConfig":{ "type":"structure", "required":["url"], "members":{ "url":{ "shape":"HarnessRemoteMcpUrl", "documentation":"URL of the MCP endpoint.
" }, "headers":{ "shape":"HttpHeadersMap", "documentation":"Custom headers to include when connecting to the remote MCP server.
" } }, "documentation":"Configuration for connecting to a remote MCP server.
" }, "HarnessRemoteMcpUrl":{ "type":"string", "max":16383, "min":1, "sensitive":true }, "HarnessSkill":{ "type":"structure", "members":{ "path":{ "shape":"HarnessSkillPath", "documentation":"The filesystem path to the skill definition.
" } }, "documentation":"A skill available to the agent.
", "union":true }, "HarnessSkillPath":{ "type":"string", "min":1 }, "HarnessSkills":{ "type":"list", "member":{"shape":"HarnessSkill"} }, "HarnessSlidingWindowConfiguration":{ "type":"structure", "members":{ "messagesCount":{ "shape":"Integer", "documentation":"The number of recent messages to retain in the context window.
" } }, "documentation":"Configuration for sliding window truncation strategy.
" }, "HarnessStatus":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "READY", "DELETING", "DELETE_FAILED" ] }, "HarnessSummaries":{ "type":"list", "member":{"shape":"HarnessSummary"} }, "HarnessSummarizationConfiguration":{ "type":"structure", "members":{ "summaryRatio":{ "shape":"Float", "documentation":"The ratio of content to summarize.
" }, "preserveRecentMessages":{ "shape":"Integer", "documentation":"The number of recent messages to preserve without summarization.
" }, "summarizationSystemPrompt":{ "shape":"String", "documentation":"The system prompt used for generating summaries.
" } }, "documentation":"Configuration for summarization-based truncation strategy.
" }, "HarnessSummary":{ "type":"structure", "required":[ "harnessId", "harnessName", "arn", "status", "createdAt", "updatedAt" ], "members":{ "harnessId":{ "shape":"HarnessId", "documentation":"The ID of the harness.
" }, "harnessName":{ "shape":"HarnessName", "documentation":"The name of the harness.
" }, "arn":{ "shape":"HarnessArn", "documentation":"The ARN of the harness.
" }, "status":{ "shape":"HarnessStatus", "documentation":"The current status of the harness.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the harness was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the harness was last updated.
" } }, "documentation":"Summary information about a harness.
" }, "HarnessSystemContentBlock":{ "type":"structure", "members":{ "text":{ "shape":"SensitiveText", "documentation":"The text content of the system prompt block.
" } }, "documentation":"A content block in the system prompt.
", "union":true }, "HarnessSystemPrompt":{ "type":"list", "member":{"shape":"HarnessSystemContentBlock"} }, "HarnessTool":{ "type":"structure", "required":["type"], "members":{ "type":{ "shape":"HarnessToolType", "documentation":"The type of tool.
" }, "name":{ "shape":"HarnessToolName", "documentation":"Unique name for the tool. If not provided, a name will be inferred or generated.
" }, "config":{ "shape":"HarnessToolConfiguration", "documentation":"Tool-specific configuration.
" } }, "documentation":"A tool available to the agent loop.
" }, "HarnessToolConfiguration":{ "type":"structure", "members":{ "remoteMcp":{ "shape":"HarnessRemoteMcpConfig", "documentation":"Configuration for remote MCP server.
" }, "agentCoreBrowser":{ "shape":"HarnessAgentCoreBrowserConfig", "documentation":"Configuration for AgentCore Browser.
" }, "agentCoreGateway":{ "shape":"HarnessAgentCoreGatewayConfig", "documentation":"Configuration for AgentCore Gateway.
" }, "inlineFunction":{ "shape":"HarnessInlineFunctionConfig", "documentation":"Configuration for an inline function tool.
" }, "agentCoreCodeInterpreter":{ "shape":"HarnessAgentCoreCodeInterpreterConfig", "documentation":"Configuration for AgentCore Code Interpreter.
" } }, "documentation":"Configuration union for different tool types.
", "union":true }, "HarnessToolName":{ "type":"string", "max":64, "min":1, "pattern":"[a-zA-Z0-9_-]+" }, "HarnessToolType":{ "type":"string", "enum":[ "remote_mcp", "agentcore_browser", "agentcore_gateway", "inline_function", "agentcore_code_interpreter" ] }, "HarnessTools":{ "type":"list", "member":{"shape":"HarnessTool"} }, "HarnessTruncationConfiguration":{ "type":"structure", "required":["strategy"], "members":{ "strategy":{ "shape":"HarnessTruncationStrategy", "documentation":"The truncation strategy to use.
" }, "config":{ "shape":"HarnessTruncationStrategyConfiguration", "documentation":"The strategy-specific configuration.
" } }, "documentation":"Configuration for truncating conversation context when it exceeds model limits.
" }, "HarnessTruncationStrategy":{ "type":"string", "enum":[ "sliding_window", "summarization", "none" ] }, "HarnessTruncationStrategyConfiguration":{ "type":"structure", "members":{ "slidingWindow":{ "shape":"HarnessSlidingWindowConfiguration", "documentation":"Configuration for sliding window truncation.
" }, "summarization":{ "shape":"HarnessSummarizationConfiguration", "documentation":"Configuration for summarization-based truncation.
" } }, "documentation":"Strategy-specific truncation configuration.
", "union":true }, "HeaderName":{ "type":"string", "max":256, "min":1, "pattern":"[A-Za-z][A-Za-z0-9_-]{0,255}" }, "HttpHeaderKey":{ "type":"string", "documentation":"The key of an HTTP header.
", "max":16383, "min":1 }, "HttpHeaderName":{ "type":"string", "max":100, "min":1 }, "HttpHeaderValue":{ "type":"string", "documentation":"The value of an HTTP header.
", "max":16383, "min":1 }, "HttpHeadersMap":{ "type":"map", "key":{"shape":"HttpHeaderKey"}, "value":{"shape":"HttpHeaderValue"}, "documentation":"Map of key/value pairs for HTTP headers.
", "sensitive":true }, "HttpQueryParameterName":{ "type":"string", "max":40, "min":1 }, "HttpTargetConfiguration":{ "type":"structure", "members":{ "agentcoreRuntime":{ "shape":"RuntimeTargetConfiguration", "documentation":"The AgentCore Runtime target configuration for HTTP-based communication with an agent runtime.
" } }, "documentation":"The HTTP target configuration for a gateway target. Contains the configuration for HTTP-based target endpoints.
", "union":true }, "IamCredentialProvider":{ "type":"structure", "required":["service"], "members":{ "service":{ "shape":"IamCredentialProviderServiceString", "documentation":"The target Amazon Web Services service name used for SigV4 signing. This value identifies the service that the gateway authenticates with when making requests to the target endpoint.
" }, "region":{ "shape":"IamCredentialProviderRegionString", "documentation":"The Amazon Web Services Region used for SigV4 signing. If not specified, defaults to the gateway's Region.
" } }, "documentation":"An IAM credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using IAM credentials and SigV4 signing.
" }, "IamCredentialProviderRegionString":{ "type":"string", "max":32, "min":1, "pattern":"[a-zA-Z0-9-]+" }, "IamCredentialProviderServiceString":{ "type":"string", "max":64, "min":1, "pattern":"[a-zA-Z0-9._-]+" }, "IamPrincipal":{ "type":"structure", "required":["arn"], "members":{ "arn":{ "shape":"IamPrincipalArn", "documentation":"The Amazon Resource Name (ARN) of the IAM principal. Supports user, role, and assumed-role ARNs. Wildcards can be used with the StringLike operator.
The match operator. StringEquals requires an exact match. StringLike supports wildcard patterns using * and ?.
An IAM principal specification for rule matching.
" }, "IamPrincipalArn":{ "type":"string", "max":2048, "min":0, "pattern":"(arn:aws[a-zA-Z-]*:iam::(\\d{12}|\\*):(user|role)/[\\w+=,.@*?/-]+|arn:aws[a-zA-Z-]*:sts::(\\d{12}|\\*):assumed-role/[\\w+=,.@*?/-]+)" }, "IamRoleArn":{ "type":"string", "max":2048, "min":20, "pattern":"arn:aws(-[^:]+)?:iam::[0-9]{12}:role/.+" }, "IamSigningRegion":{ "type":"string", "max":64, "min":1, "pattern":"[a-z0-9-]+" }, "IamSigningServiceName":{ "type":"string", "max":128, "min":1, "pattern":"[a-zA-Z0-9_-]+" }, "InboundTokenClaimNameType":{ "type":"string", "max":255, "min":1, "pattern":"[A-Za-z0-9_.-:]+" }, "InboundTokenClaimValueType":{ "type":"string", "enum":[ "STRING", "STRING_ARRAY" ] }, "IncludedData":{ "type":"string", "enum":[ "ALL_DATA", "METADATA_ONLY" ] }, "IncludedOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the supported OAuth2 provider. This identifier is assigned by the OAuth2 provider when you register your application.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.
" }, "issuer":{ "shape":"IssuerUrlType", "documentation":"Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.
" }, "authorizationEndpoint":{ "shape":"AuthorizationEndpointType", "documentation":"OAuth2 authorization endpoint for your isolated OAuth2 application tenant. This is where users are redirected to authenticate and authorize access to their resources.
" }, "tokenEndpoint":{ "shape":"TokenEndpointType", "documentation":"OAuth2 token endpoint for your isolated OAuth2 application tenant. This is where authorization codes are exchanged for access tokens.
" } }, "documentation":"Configuration settings for connecting to a supported OAuth2 provider. This includes client credentials and OAuth2 discovery information for providers that have built-in support.
" }, "IncludedOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{"shape":"Oauth2Discovery"}, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the supported OAuth2 provider.
" } }, "documentation":"The configuration details returned for a supported OAuth2 provider, including client credentials and OAuth2 discovery information.
" }, "IndexedKey":{ "type":"structure", "required":[ "key", "type" ], "members":{ "key":{ "shape":"MetadataKey", "documentation":"The metadata key name to index.
" }, "type":{ "shape":"MetadataValueType", "documentation":"The data type of the indexed key.
" } }, "documentation":"A metadata key indexed for filtering.
" }, "IndexedKeysList":{ "type":"list", "member":{"shape":"IndexedKey"}, "max":10, "min":1 }, "InferenceConfiguration":{ "type":"structure", "members":{ "maxTokens":{ "shape":"InferenceConfigurationMaxTokensInteger", "documentation":"The maximum number of tokens to generate in the model response during evaluation.
" }, "temperature":{ "shape":"InferenceConfigurationTemperatureFloat", "documentation":"The temperature value that controls randomness in the model's responses. Lower values produce more deterministic outputs.
" }, "topP":{ "shape":"InferenceConfigurationTopPFloat", "documentation":"The top-p sampling parameter that controls the diversity of the model's responses by limiting the cumulative probability of token choices.
" }, "stopSequences":{ "shape":"InferenceConfigurationStopSequencesList", "documentation":"The list of sequences that will cause the model to stop generating tokens when encountered.
" } }, "documentation":"The configuration parameters that control how the foundation model behaves during evaluation, including response generation settings.
" }, "InferenceConfigurationMaxTokensInteger":{ "type":"integer", "box":true, "min":1 }, "InferenceConfigurationStopSequencesList":{ "type":"list", "member":{"shape":"NonEmptyString"}, "max":2500, "min":0 }, "InferenceConfigurationTemperatureFloat":{ "type":"float", "box":true, "max":1, "min":0 }, "InferenceConfigurationTopPFloat":{ "type":"float", "box":true, "max":1, "min":0 }, "InlineContent":{ "type":"string", "max":102400, "min":1 }, "InlinePayload":{ "type":"string", "sensitive":true }, "Integer":{ "type":"integer", "box":true }, "InterceptorConfiguration":{ "type":"structure", "members":{ "lambda":{ "shape":"LambdaInterceptorConfiguration", "documentation":"The details of the lambda function used for the interceptor.
" } }, "documentation":"The interceptor configuration.
", "union":true }, "InterceptorInputConfiguration":{ "type":"structure", "required":["passRequestHeaders"], "members":{ "passRequestHeaders":{ "shape":"Boolean", "documentation":"Indicates whether to pass request headers as input into the interceptor. When set to true, request headers will be passed.
" } }, "documentation":"The input configuration of the interceptor.
" }, "InternalServerException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown if there was an unexpected error during processing of request
", "error":{"httpStatusCode":500}, "exception":true, "fault":true }, "InvocationConfiguration":{ "type":"structure", "required":[ "topicArn", "payloadDeliveryBucketName" ], "members":{ "topicArn":{ "shape":"Arn", "documentation":"The ARN of the SNS topic for job notifications.
" }, "payloadDeliveryBucketName":{ "shape":"String", "documentation":"The S3 bucket name for event payload delivery.
" } }, "documentation":"The configuration to invoke a self-managed memory processing pipeline with.
" }, "InvocationConfigurationInput":{ "type":"structure", "required":[ "topicArn", "payloadDeliveryBucketName" ], "members":{ "topicArn":{ "shape":"Arn", "documentation":"The ARN of the SNS topic for job notifications.
" }, "payloadDeliveryBucketName":{ "shape":"InvocationConfigurationInputPayloadDeliveryBucketNameString", "documentation":"The S3 bucket name for event payload delivery.
" } }, "documentation":"The configuration to invoke a self-managed memory processing pipeline with.
" }, "InvocationConfigurationInputPayloadDeliveryBucketNameString":{ "type":"string", "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" }, "IssuerUrlType":{"type":"string"}, "KeyType":{ "type":"string", "enum":[ "CustomerManagedKey", "ServiceManagedKey" ] }, "KinesisResource":{ "type":"structure", "required":[ "dataStreamArn", "contentConfigurations" ], "members":{ "dataStreamArn":{ "shape":"Arn", "documentation":"ARN of the Kinesis Data Stream.
" }, "contentConfigurations":{ "shape":"KinesisResourceContentConfigurationsList", "documentation":"Content configurations for stream delivery.
" } }, "documentation":"Configuration for Kinesis Data Stream delivery.
" }, "KinesisResourceContentConfigurationsList":{ "type":"list", "member":{"shape":"ContentConfiguration"}, "max":1, "min":1 }, "KmsConfiguration":{ "type":"structure", "required":["keyType"], "members":{ "keyType":{ "shape":"KeyType", "documentation":"The type of KMS key (CustomerManagedKey or ServiceManagedKey).
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key.
" } }, "documentation":"Contains the KMS configuration for a resource.
" }, "KmsKeyArn":{ "type":"string", "max":2048, "min":1, "pattern":"arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}" }, "LambdaArn":{ "type":"string", "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:([a-z]{2}(-gov)?-[a-z]+-\\d{1}):(\\d{12}):function:([a-zA-Z0-9-_.]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?" }, "LambdaEvaluatorConfig":{ "type":"structure", "required":["lambdaArn"], "members":{ "lambdaArn":{ "shape":"LambdaArn", "documentation":"The Amazon Resource Name (ARN) of the Lambda function that implements the evaluation logic.
" }, "lambdaTimeoutInSeconds":{ "shape":"LambdaEvaluatorConfigLambdaTimeoutInSecondsInteger", "documentation":"The timeout in seconds for the Lambda function invocation. Defaults to 60. Must be between 1 and 300.
" } }, "documentation":"Configuration for a Lambda function used as a code-based evaluator.
" }, "LambdaEvaluatorConfigLambdaTimeoutInSecondsInteger":{ "type":"integer", "box":true, "max":300, "min":1 }, "LambdaFunctionArn":{ "type":"string", "max":170, "min":1, "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:([a-z]{2}(-gov)?-[a-z]+-\\d{1}):(\\d{12}):function:([a-zA-Z0-9-_.]+)(:(\\$LATEST|[a-zA-Z0-9-]+))?" }, "LambdaInterceptorConfiguration":{ "type":"structure", "required":["arn"], "members":{ "arn":{ "shape":"LambdaFunctionArn", "documentation":"The arn of the lambda function to be invoked for the interceptor.
" } }, "documentation":"The lambda configuration for the interceptor
" }, "LifecycleConfiguration":{ "type":"structure", "members":{ "idleRuntimeSessionTimeout":{ "shape":"LifecycleConfigurationIdleRuntimeSessionTimeoutInteger", "documentation":"Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will be automatically terminated. Default: 900 seconds (15 minutes).
" }, "maxLifetime":{ "shape":"LifecycleConfigurationMaxLifetimeInteger", "documentation":"Maximum lifetime for the instance in seconds. Once reached, instances will be automatically terminated and replaced. Default: 28800 seconds (8 hours).
" } }, "documentation":"LifecycleConfiguration lets you manage the lifecycle of runtime sessions and resources in AgentCore Runtime. This configuration helps optimize resource utilization by automatically cleaning up idle sessions and preventing long-running instances from consuming resources indefinitely.
" }, "LifecycleConfigurationIdleRuntimeSessionTimeoutInteger":{ "type":"integer", "box":true, "max":28800, "min":60 }, "LifecycleConfigurationMaxLifetimeInteger":{ "type":"integer", "box":true, "max":28800, "min":60 }, "LinkedinOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the LinkedIn OAuth2 provider. This identifier is assigned by LinkedIn when you register your application.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the LinkedIn OAuth2 provider. This secret is assigned by LinkedIn and used along with the client ID to authenticate your application.
" } }, "documentation":"Configuration settings for connecting to LinkedIn services using OAuth2 authentication. This includes the client credentials required to authenticate with LinkedIn's OAuth2 authorization server.
" }, "LinkedinOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{"shape":"Oauth2Discovery"}, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the LinkedIn OAuth2 provider.
" } }, "documentation":"The configuration details returned for a LinkedIn OAuth2 provider, including the client ID and OAuth2 discovery information.
" }, "ListAgentRuntimeEndpointsRequest":{ "type":"structure", "required":["agentRuntimeId"], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to list endpoints for.
", "location":"uri", "locationName":"agentRuntimeId" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" } } }, "ListAgentRuntimeEndpointsResponse":{ "type":"structure", "required":["runtimeEndpoints"], "members":{ "runtimeEndpoints":{ "shape":"AgentRuntimeEndpoints", "documentation":"The list of AgentCore Runtime endpoints.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListAgentRuntimeVersionsRequest":{ "type":"structure", "required":["agentRuntimeId"], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to list versions for.
", "location":"uri", "locationName":"agentRuntimeId" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" } } }, "ListAgentRuntimeVersionsResponse":{ "type":"structure", "required":["agentRuntimes"], "members":{ "agentRuntimes":{ "shape":"AgentRuntimes", "documentation":"The list of AgentCore Runtime versions.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListAgentRuntimesRequest":{ "type":"structure", "members":{ "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" } } }, "ListAgentRuntimesResponse":{ "type":"structure", "required":["agentRuntimes"], "members":{ "agentRuntimes":{ "shape":"AgentRuntimes", "documentation":"The list of AgentCore Runtime resources.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListApiKeyCredentialProvidersRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"Pagination token.
" }, "maxResults":{ "shape":"MaxResults", "documentation":"Maximum number of results to return.
" } } }, "ListApiKeyCredentialProvidersResponse":{ "type":"structure", "required":["credentialProviders"], "members":{ "credentialProviders":{ "shape":"ApiKeyCredentialProviders", "documentation":"The list of API key credential providers.
" }, "nextToken":{ "shape":"String", "documentation":"Pagination token for the next page of results.
" } } }, "ListBrowserProfilesRequest":{ "type":"structure", "members":{ "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" }, "name":{ "shape":"BrowserProfileName", "documentation":"The name of the browser profile to filter results by.
" } } }, "ListBrowserProfilesResponse":{ "type":"structure", "required":["profileSummaries"], "members":{ "profileSummaries":{ "shape":"BrowserProfileSummaries", "documentation":"The list of browser profile summaries.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListBrowsersRequest":{ "type":"structure", "members":{ "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in a single call. The default value is 10. The maximum value is 50.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", "location":"querystring", "locationName":"nextToken" }, "type":{ "shape":"ResourceType", "documentation":"The type of browsers to list. If not specified, all browser types are returned.
", "location":"querystring", "locationName":"type" } } }, "ListBrowsersResponse":{ "type":"structure", "required":["browserSummaries"], "members":{ "browserSummaries":{ "shape":"BrowserSummaries", "documentation":"The list of browser summaries.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListCodeInterpretersRequest":{ "type":"structure", "members":{ "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" }, "type":{ "shape":"ResourceType", "documentation":"The type of code interpreters to list.
", "location":"querystring", "locationName":"type" } } }, "ListCodeInterpretersResponse":{ "type":"structure", "required":["codeInterpreterSummaries"], "members":{ "codeInterpreterSummaries":{ "shape":"CodeInterpreterSummaries", "documentation":"The list of code interpreter summaries.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A token to retrieve the next page of results.
" } } }, "ListConfigurationBundleVersionsRequest":{ "type":"structure", "required":["bundleId"], "members":{ "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle to list versions for.
", "location":"uri", "locationName":"bundleId" }, "nextToken":{ "shape":"String", "documentation":"If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
An optional filter for listing versions, including branch name, creation source, and whether to return only the latest version per branch.
" } } }, "ListConfigurationBundleVersionsRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":100, "min":1 }, "ListConfigurationBundleVersionsResponse":{ "type":"structure", "required":["versions"], "members":{ "versions":{ "shape":"ConfigurationBundleVersionSummaryList", "documentation":"The list of configuration bundle version summaries.
" }, "nextToken":{ "shape":"String", "documentation":"If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
The list of configuration bundle summaries.
" }, "nextToken":{ "shape":"String", "documentation":"If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
The pagination token from a previous request to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"ListEvaluatorsRequestMaxResultsInteger", "documentation":"The maximum number of evaluators to return in a single response.
", "location":"querystring", "locationName":"maxResults" } } }, "ListEvaluatorsRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":100, "min":1 }, "ListEvaluatorsResponse":{ "type":"structure", "required":["evaluators"], "members":{ "evaluators":{ "shape":"EvaluatorSummaryList", "documentation":"The list of evaluator summaries containing basic information about each evaluator.
" }, "nextToken":{ "shape":"String", "documentation":"The pagination token to use in a subsequent request to retrieve the next page of results.
" } } }, "ListGatewayRulesRequest":{ "type":"structure", "required":["gatewayIdentifier"], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to list rules for.
", "location":"uri", "locationName":"gatewayIdentifier" }, "maxResults":{ "shape":"GatewayRuleMaxResults", "documentation":"The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
The pagination token from a previous request.
", "location":"querystring", "locationName":"nextToken" } } }, "ListGatewayRulesResponse":{ "type":"structure", "required":["gatewayRules"], "members":{ "gatewayRules":{ "shape":"GatewayRules", "documentation":"The list of gateway rules.
" }, "nextToken":{ "shape":"GatewayRuleNextToken", "documentation":"The pagination token to use in a subsequent request.
" } } }, "ListGatewayTargetsRequest":{ "type":"structure", "required":["gatewayIdentifier"], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to list targets for.
", "location":"uri", "locationName":"gatewayIdentifier" }, "maxResults":{ "shape":"TargetMaxResults", "documentation":"The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
The list of gateway target summaries.
" }, "nextToken":{ "shape":"TargetNextToken", "documentation":"If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
The list of gateway summaries.
" }, "nextToken":{ "shape":"GatewayNextToken", "documentation":"If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
The maximum number of results to return in a single call.
", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", "documentation":"The token for the next set of results.
", "location":"querystring", "locationName":"nextToken" } } }, "ListHarnessesResponse":{ "type":"structure", "required":["harnesses"], "members":{ "harnesses":{ "shape":"HarnessSummaries", "documentation":"The list of harness summaries.
" }, "nextToken":{ "shape":"NextToken", "documentation":"The token for the next set of results.
" } } }, "ListMemoriesInput":{ "type":"structure", "members":{ "maxResults":{ "shape":"ListMemoriesInputMaxResultsInteger", "documentation":"The maximum number of results to return in a single call. The default value is 10. The maximum value is 50.
" }, "nextToken":{ "shape":"String", "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
" } } }, "ListMemoriesInputMaxResultsInteger":{ "type":"integer", "box":true, "max":100, "min":1 }, "ListMemoriesOutput":{ "type":"structure", "required":["memories"], "members":{ "memories":{ "shape":"MemorySummaryList", "documentation":"The list of AgentCore Memory resource summaries.
" }, "nextToken":{ "shape":"String", "documentation":"A token to retrieve the next page of results.
" } } }, "ListOauth2CredentialProvidersRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"Pagination token.
" }, "maxResults":{ "shape":"ListOauth2CredentialProvidersRequestMaxResultsInteger", "documentation":"Maximum number of results to return.
" } } }, "ListOauth2CredentialProvidersRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":20, "min":1 }, "ListOauth2CredentialProvidersResponse":{ "type":"structure", "required":["credentialProviders"], "members":{ "credentialProviders":{ "shape":"Oauth2CredentialProviders", "documentation":"The list of OAuth2 credential providers.
" }, "nextToken":{ "shape":"String", "documentation":"Pagination token for the next page of results.
" } } }, "ListOnlineEvaluationConfigsRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"The pagination token from a previous request to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"ListOnlineEvaluationConfigsRequestMaxResultsInteger", "documentation":"The maximum number of online evaluation configurations to return in a single response.
", "location":"querystring", "locationName":"maxResults" } } }, "ListOnlineEvaluationConfigsRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":100, "min":1 }, "ListOnlineEvaluationConfigsResponse":{ "type":"structure", "required":["onlineEvaluationConfigs"], "members":{ "onlineEvaluationConfigs":{ "shape":"OnlineEvaluationConfigSummaryList", "documentation":"The list of online evaluation configuration summaries containing basic information about each configuration.
" }, "nextToken":{ "shape":"String", "documentation":"The pagination token to use in a subsequent request to retrieve the next page of results.
" } } }, "ListPoliciesRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "nextToken":{ "shape":"NextToken", "documentation":"A pagination token returned from a previous ListPolicies call. Use this token to retrieve the next page of results when the response is paginated.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of policies to return in a single response. If not specified, the default is 10 policies per page, with a maximum of 100 per page.
", "location":"querystring", "locationName":"maxResults" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine whose policies to retrieve.
", "location":"uri", "locationName":"policyEngineId" }, "targetResourceScope":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"Optional filter to list policies that apply to a specific resource scope or resource type. This helps narrow down policy results to those relevant for particular Amazon Web Services resources, agent tools, or operational contexts within the policy engine ecosystem.
", "location":"querystring", "locationName":"targetResourceScope" } } }, "ListPoliciesResponse":{ "type":"structure", "required":["policies"], "members":{ "policies":{ "shape":"Policies", "documentation":"An array of policy objects that match the specified criteria. Each policy object contains the policy metadata, status, and key identifiers for further operations.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token that can be used in subsequent ListPolicies calls to retrieve additional results. This token is only present when there are more results available.
" } } }, "ListPolicyEnginesRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"NextToken", "documentation":"A pagination token returned from a previous ListPolicyEngines call. Use this token to retrieve the next page of results when the response is paginated.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of policy engines to return in a single response. If not specified, the default is 10 policy engines per page, with a maximum of 100 per page.
", "location":"querystring", "locationName":"maxResults" } } }, "ListPolicyEnginesResponse":{ "type":"structure", "required":["policyEngines"], "members":{ "policyEngines":{ "shape":"PolicyEngines", "documentation":"An array of policy engine objects that exist in the account. Each policy engine object contains the engine metadata, status, and key identifiers for further operations.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token that can be used in subsequent ListPolicyEngines calls to retrieve additional results. This token is only present when there are more results available.
" } } }, "ListPolicyGenerationAssetsRequest":{ "type":"structure", "required":[ "policyGenerationId", "policyEngineId" ], "members":{ "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy generation request whose assets are to be retrieved. This must be a valid generation ID from a previous StartPolicyGeneration call that has completed processing.
", "location":"uri", "locationName":"policyGenerationId" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine associated with the policy generation request. This provides the context for the generation operation and ensures assets are retrieved from the correct policy engine.
", "location":"uri", "locationName":"policyEngineId" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token returned from a previous ListPolicyGenerationAssets call. Use this token to retrieve the next page of assets when the response is paginated due to large numbers of generated policy options.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of policy generation assets to return in a single response. If not specified, the default is 10 assets per page, with a maximum of 100 per page. This helps control response size when dealing with policy generations that produce many alternative policy options.
", "location":"querystring", "locationName":"maxResults" } } }, "ListPolicyGenerationAssetsResponse":{ "type":"structure", "members":{ "policyGenerationAssets":{ "shape":"PolicyGenerationAssets", "documentation":"An array of generated policy assets including Cedar policies and related artifacts from the AI-powered policy generation process. Each asset represents a different policy option or variation generated from the original natural language input.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token that can be used in subsequent ListPolicyGenerationAssets calls to retrieve additional assets. This token is only present when there are more generated policy assets available beyond the current response.
" } } }, "ListPolicyGenerationsRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "nextToken":{ "shape":"NextToken", "documentation":"A pagination token for retrieving additional policy generations when results are paginated.
", "location":"querystring", "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of policy generations to return in a single response.
", "location":"querystring", "locationName":"maxResults" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine whose policy generations to retrieve.
", "location":"uri", "locationName":"policyEngineId" } } }, "ListPolicyGenerationsResponse":{ "type":"structure", "required":["policyGenerations"], "members":{ "policyGenerations":{ "shape":"PolicyGenerations", "documentation":"An array of policy generation objects that match the specified criteria.
" }, "nextToken":{ "shape":"NextToken", "documentation":"A pagination token for retrieving additional policy generations if more results are available.
" } } }, "ListRegistriesRequest":{ "type":"structure", "members":{ "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
Filter registries by their current status. Possible values include CREATING, READY, UPDATING, CREATE_FAILED, UPDATE_FAILED, DELETING, and DELETE_FAILED.
The list of registry summaries. For details about the fields in each summary, see the RegistrySummary data type.
If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
The identifier of the registry to list records from. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" }, "maxResults":{ "shape":"MaxResults", "documentation":"The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
Filter registry records by name.
", "location":"querystring", "locationName":"name" }, "status":{ "shape":"RegistryRecordStatus", "documentation":"Filter registry records by their current status. Possible values include CREATING, DRAFT, APPROVED, PENDING_APPROVAL, REJECTED, DEPRECATED, UPDATING, CREATE_FAILED, and UPDATE_FAILED.
Filter registry records by their descriptor type. Possible values are MCP, A2A, CUSTOM, and AGENT_SKILLS.
The list of registry record summaries. For details about the fields in each summary, see the RegistryRecordSummary data type.
If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
The Amazon Resource Name (ARN) of the resource for which you want to list tags.
", "location":"uri", "locationName":"resourceArn" } } }, "ListTagsForResourceResponse":{ "type":"structure", "members":{ "tags":{ "shape":"TagsMap", "documentation":"The tags associated with the resource.
" } } }, "ListWorkloadIdentitiesRequest":{ "type":"structure", "members":{ "nextToken":{ "shape":"String", "documentation":"Pagination token.
" }, "maxResults":{ "shape":"ListWorkloadIdentitiesRequestMaxResultsInteger", "documentation":"Maximum number of results to return.
" } } }, "ListWorkloadIdentitiesRequestMaxResultsInteger":{ "type":"integer", "box":true, "max":20, "min":1 }, "ListWorkloadIdentitiesResponse":{ "type":"structure", "required":["workloadIdentities"], "members":{ "workloadIdentities":{ "shape":"WorkloadIdentityList", "documentation":"The list of workload identities.
" }, "nextToken":{ "shape":"String", "documentation":"Pagination token for the next page of results.
" } } }, "ListingMode":{ "type":"string", "enum":[ "DEFAULT", "DYNAMIC" ] }, "LlmAsAJudgeEvaluatorConfig":{ "type":"structure", "required":[ "instructions", "ratingScale", "modelConfig" ], "members":{ "instructions":{ "shape":"EvaluatorInstructions", "documentation":"The evaluation instructions that guide the language model in assessing agent performance, including criteria and evaluation guidelines.
" }, "ratingScale":{ "shape":"RatingScale", "documentation":"The rating scale that defines how the evaluator should score agent performance, either numerical or categorical.
" }, "modelConfig":{ "shape":"EvaluatorModelConfig", "documentation":"The model configuration that specifies which foundation model to use and how to configure it for evaluation.
" } }, "documentation":"The configuration for LLM-as-a-Judge evaluation that uses a language model to assess agent performance based on custom instructions and rating scales.
" }, "LlmExtractionConfig":{ "type":"structure", "required":["definition"], "members":{ "llmExtractionInstruction":{ "shape":"LlmExtractionInstruction", "documentation":"Instructions for extraction. Supports built-in operators like LATEST_VALUE or custom natural-language instructions.
" }, "definition":{ "shape":"Definition", "documentation":"Description of what this metadata field represents.
" }, "validation":{ "shape":"Validation", "documentation":"Validation rules to constrain extracted values.
" } }, "documentation":"Model-based metadata extraction configuration.
" }, "LlmExtractionInstruction":{ "type":"string", "max":1000, "min":1, "sensitive":true }, "LogGroupName":{ "type":"string", "max":512, "min":1, "pattern":"[.\\-_/#A-Za-z0-9]+" }, "MCPGatewayConfiguration":{ "type":"structure", "members":{ "supportedVersions":{ "shape":"McpSupportedVersions", "documentation":"The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.
" }, "instructions":{ "shape":"McpInstructions", "documentation":"The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.
" }, "searchType":{ "shape":"SearchType", "documentation":"The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.
" }, "sessionConfiguration":{ "shape":"SessionConfiguration", "documentation":"The session configuration for the MCP gateway. This configuration controls session behavior, including session timeout settings.
" }, "streamingConfiguration":{ "shape":"StreamingConfiguration", "documentation":"The streaming configuration for the MCP gateway. This configuration controls whether response streaming is enabled for the gateway.
" } }, "documentation":"The configuration for a Model Context Protocol (MCP) gateway. This structure defines how the gateway implements the MCP protocol.
" }, "ManagedResourceDetails":{ "type":"structure", "members":{ "domain":{ "shape":"DomainName", "documentation":"The domain associated with this managed resource.
" }, "resourceGatewayArn":{ "shape":"ResourceGatewayArn", "documentation":"The ARN of the VPC Lattice resource gateway created in your account.
" }, "resourceAssociationArn":{ "shape":"ResourceAssociationArn", "documentation":"The ARN of the service network resource association.
" } }, "documentation":"Details of a resource created and managed by the gateway for private endpoint connectivity.
" }, "ManagedVpcResource":{ "type":"structure", "required":[ "vpcIdentifier", "subnetIds", "endpointIpAddressType" ], "members":{ "vpcIdentifier":{ "shape":"VpcIdentifier", "documentation":"The ID of the VPC that contains your private resource.
" }, "subnetIds":{ "shape":"SubnetIds", "documentation":"The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
" }, "endpointIpAddressType":{ "shape":"EndpointIpAddressType", "documentation":"The IP address type for the resource configuration endpoint.
" }, "securityGroupIds":{ "shape":"SecurityGroupIds", "documentation":"The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
" }, "tags":{ "shape":"TagsMap", "documentation":"Tags to apply to the managed VPC Lattice resource gateway.
" }, "routingDomain":{ "shape":"RoutingDomain", "documentation":"An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
" } }, "documentation":"Configuration for a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resource gateway and resource configuration on your behalf using a service-linked role.
" }, "MatchPathPattern":{ "type":"string", "max":512, "min":0, "pattern":"/[\\w\\-.]+/\\*" }, "MatchPaths":{ "type":"structure", "required":["anyOf"], "members":{ "anyOf":{ "shape":"MatchPathsAnyOfList", "documentation":"A list of path patterns. The condition is met if the request path matches any of the patterns.
" } }, "documentation":"A condition that matches requests based on the request path.
" }, "MatchPathsAnyOfList":{ "type":"list", "member":{"shape":"MatchPathPattern"}, "max":10, "min":1 }, "MatchPrincipalEntry":{ "type":"structure", "members":{ "iamPrincipal":{ "shape":"IamPrincipal", "documentation":"An IAM principal to match against, specified by ARN.
" } }, "documentation":"Union for principal matching. Currently supports IAM principal ARN glob matching. Extensible for future principal types (e.g., OAuth client ID).
", "union":true }, "MatchPrincipals":{ "type":"structure", "required":["anyOf"], "members":{ "anyOf":{ "shape":"MatchPrincipalsAnyOfList", "documentation":"A list of principal entries. The condition is met if any of the entries match the caller's identity.
" } }, "documentation":"A condition that matches requests based on the caller's identity.
" }, "MatchPrincipalsAnyOfList":{ "type":"list", "member":{"shape":"MatchPrincipalEntry"}, "max":100, "min":1 }, "MatchValueString":{ "type":"string", "max":255, "min":1, "pattern":"[A-Za-z0-9_.-]+" }, "MatchValueStringList":{ "type":"list", "member":{"shape":"MatchValueString"}, "min":1 }, "MaxResults":{ "type":"integer", "box":true, "max":100, "min":1 }, "MaxTokens":{ "type":"integer", "box":true, "min":1 }, "McpDescriptor":{ "type":"structure", "members":{ "server":{ "shape":"ServerDefinition", "documentation":"The MCP server definition, containing the server configuration and schema as defined by the MCP protocol specification.
" }, "tools":{ "shape":"ToolsDefinition", "documentation":"The MCP tools definition, containing the tools available on the MCP server as defined by the MCP protocol specification.
" } }, "documentation":"The Model Context Protocol (MCP) descriptor for a registry record. Contains the server definition and tools definition for an MCP-compatible server. The schema is validated against the MCP protocol specification.
" }, "McpInstructions":{ "type":"string", "max":2048, "min":1 }, "McpLambdaTargetConfiguration":{ "type":"structure", "required":[ "lambdaArn", "toolSchema" ], "members":{ "lambdaArn":{ "shape":"LambdaFunctionArn", "documentation":"The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
" }, "toolSchema":{ "shape":"ToolSchema", "documentation":"The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
" } }, "documentation":"The Lambda configuration for a Model Context Protocol target. This structure defines how the gateway uses a Lambda function to communicate with the target.
" }, "McpServerTargetConfiguration":{ "type":"structure", "required":["endpoint"], "members":{ "endpoint":{ "shape":"McpServerTargetConfigurationEndpointString", "documentation":"The endpoint for the MCP server target configuration.
" }, "mcpToolSchema":{ "shape":"McpToolSchemaConfiguration", "documentation":"The tool schema configuration for the MCP server target. Supported only when the credential provider is configured with an authorization code grant type. Dynamic tool discovery/synchronization will be disabled when target is configured with mcpToolSchema.
" }, "listingMode":{ "shape":"ListingMode", "documentation":"The listing mode for the MCP server target configuration. MCP resources for default targets are cached at the control plane for faster access. MCP resources for dynamic targets will be dynamically retrieved when listing tools.
" }, "resourcePriority":{ "shape":"TargetResourcePriority", "documentation":"Priority for resolving MCP server targets with shared resource URIs. Lower values take precedence. Defaults to 1000 when not set.
" } }, "documentation":"The target configuration for the MCP server.
" }, "McpServerTargetConfigurationEndpointString":{ "type":"string", "pattern":"https://.*" }, "McpServerUrl":{ "type":"string", "max":2048, "min":1, "pattern":"https://.*" }, "McpSupportedVersions":{ "type":"list", "member":{"shape":"McpVersion"} }, "McpTargetConfiguration":{ "type":"structure", "members":{ "openApiSchema":{ "shape":"ApiSchemaConfiguration", "documentation":"The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
" }, "smithyModel":{ "shape":"ApiSchemaConfiguration", "documentation":"The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
" }, "lambda":{ "shape":"McpLambdaTargetConfiguration", "documentation":"The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
" }, "mcpServer":{ "shape":"McpServerTargetConfiguration", "documentation":"The MCP server specified as the gateway target.
" }, "apiGateway":{ "shape":"ApiGatewayTargetConfiguration", "documentation":"The configuration for an Amazon API Gateway target.
" } }, "documentation":"The Model Context Protocol (MCP) configuration for a target. This structure defines how the gateway uses MCP to communicate with the target.
", "union":true }, "McpToolSchemaConfiguration":{ "type":"structure", "members":{ "s3":{ "shape":"S3Configuration", "documentation":"The Amazon S3 location of the tool schema. This location contains the schema definition file.
" }, "inlinePayload":{ "shape":"InlinePayload", "documentation":"The inline payload containing the MCP tool schema definition.
" } }, "documentation":"The MCP tool schema configuration for an MCP server target. The tool schema must be aligned with the MCP specification.
", "union":true }, "McpVersion":{"type":"string"}, "Memory":{ "type":"structure", "required":[ "arn", "id", "name", "eventExpiryDuration", "status", "createdAt", "updatedAt" ], "members":{ "arn":{ "shape":"MemoryArn", "documentation":"The Amazon Resource Name (ARN) of the memory.
" }, "id":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory.
" }, "name":{ "shape":"Name", "documentation":"The name of the memory.
" }, "description":{ "shape":"Description", "documentation":"The description of the memory.
" }, "encryptionKeyArn":{ "shape":"Arn", "documentation":"The ARN of the KMS key used to encrypt the memory.
" }, "memoryExecutionRoleArn":{ "shape":"Arn", "documentation":"The ARN of the IAM role that provides permissions for the memory.
" }, "eventExpiryDuration":{ "shape":"MemoryEventExpiryDurationInteger", "documentation":"The number of days after which memory events will expire.
" }, "status":{ "shape":"MemoryStatus", "documentation":"The current status of the memory.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the memory is in a failed state.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory was last updated.
" }, "strategies":{ "shape":"MemoryStrategyList", "documentation":"The list of memory strategies associated with this memory.
" }, "indexedKeys":{ "shape":"IndexedKeysList", "documentation":"The indexed metadata keys for this memory. Only indexed keys can be used in metadata filters.
" }, "streamDeliveryResources":{ "shape":"StreamDeliveryResources", "documentation":"Configuration for streaming memory record data to external resources.
" } }, "documentation":"Contains information about a memory resource.
" }, "MemoryArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:memory\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "MemoryEventExpiryDurationInteger":{ "type":"integer", "box":true, "max":365, "min":1 }, "MemoryId":{ "type":"string", "min":12, "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "MemoryRecordSchema":{ "type":"structure", "members":{ "metadataSchema":{ "shape":"MetadataSchemaList", "documentation":"The metadata field definitions for this strategy.
" } }, "documentation":"Schema for metadata on memory records generated by a strategy.
" }, "MemoryStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "FAILED", "DELETING" ] }, "MemoryStrategy":{ "type":"structure", "required":[ "strategyId", "name", "type", "namespaces", "namespaceTemplates" ], "members":{ "strategyId":{ "shape":"MemoryStrategyId", "documentation":"The unique identifier of the memory strategy.
" }, "name":{ "shape":"Name", "documentation":"The name of the memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the memory strategy.
" }, "configuration":{ "shape":"StrategyConfiguration", "documentation":"The configuration of the memory strategy.
" }, "type":{ "shape":"MemoryStrategyType", "documentation":"The type of the memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the memory strategy.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates associated with the memory strategy.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory strategy was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory strategy was last updated.
" }, "status":{ "shape":"MemoryStrategyStatus", "documentation":"The current status of the memory strategy.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Schema for metadata fields on records generated by this strategy.
" } }, "documentation":"Contains information about a memory strategy.
" }, "MemoryStrategyId":{ "type":"string", "min":12, "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "MemoryStrategyInput":{ "type":"structure", "members":{ "semanticMemoryStrategy":{ "shape":"SemanticMemoryStrategyInput", "documentation":"Input for creating a semantic memory strategy.
" }, "summaryMemoryStrategy":{ "shape":"SummaryMemoryStrategyInput", "documentation":"Input for creating a summary memory strategy.
" }, "userPreferenceMemoryStrategy":{ "shape":"UserPreferenceMemoryStrategyInput", "documentation":"Input for creating a user preference memory strategy.
" }, "customMemoryStrategy":{ "shape":"CustomMemoryStrategyInput", "documentation":"Input for creating a custom memory strategy.
" }, "episodicMemoryStrategy":{ "shape":"EpisodicMemoryStrategyInput", "documentation":"Input for creating an episodic memory strategy
" } }, "documentation":"Contains input information for creating a memory strategy.
", "union":true }, "MemoryStrategyInputList":{ "type":"list", "member":{"shape":"MemoryStrategyInput"} }, "MemoryStrategyList":{ "type":"list", "member":{"shape":"MemoryStrategy"} }, "MemoryStrategyStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "DELETING", "FAILED" ] }, "MemoryStrategyType":{ "type":"string", "enum":[ "SEMANTIC", "SUMMARIZATION", "USER_PREFERENCE", "CUSTOM", "EPISODIC" ] }, "MemorySummary":{ "type":"structure", "required":[ "createdAt", "updatedAt" ], "members":{ "arn":{ "shape":"MemoryArn", "documentation":"The Amazon Resource Name (ARN) of the memory.
" }, "id":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory.
" }, "status":{ "shape":"MemoryStatus", "documentation":"The current status of the memory.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the memory was last updated.
" } }, "documentation":"Contains summary information about a memory resource.
" }, "MemorySummaryList":{ "type":"list", "member":{"shape":"MemorySummary"} }, "MemoryView":{ "type":"string", "enum":[ "full", "without_decryption" ] }, "MessageBasedTrigger":{ "type":"structure", "members":{ "messageCount":{ "shape":"Integer", "documentation":"The number of messages that trigger memory processing.
" } }, "documentation":"The trigger configuration based on a message.
" }, "MessageBasedTriggerInput":{ "type":"structure", "members":{ "messageCount":{ "shape":"MessageBasedTriggerInputMessageCountInteger", "documentation":"The number of messages that trigger memory processing.
" } }, "documentation":"The trigger configuration based on a message.
" }, "MessageBasedTriggerInputMessageCountInteger":{ "type":"integer", "box":true, "max":50, "min":1 }, "MetadataConfiguration":{ "type":"structure", "members":{ "allowedRequestHeaders":{ "shape":"AllowedRequestHeaders", "documentation":"A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.
" }, "allowedQueryParameters":{ "shape":"AllowedQueryParameters", "documentation":"A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.
" }, "allowedResponseHeaders":{ "shape":"AllowedResponseHeaders", "documentation":"A list of HTTP headers that are allowed to be propagated from the target response back to the client.
" } }, "documentation":"Configuration for HTTP header and query parameter propagation between the gateway and target servers.
" }, "MetadataKey":{ "type":"string", "max":128, "min":1, "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "MetadataSchemaEntry":{ "type":"structure", "required":["key"], "members":{ "key":{ "shape":"MetadataKey", "documentation":"The metadata field name. Must match an indexed key to be queryable via metadata filters.
" }, "type":{ "shape":"MetadataValueType", "documentation":"The MetadataValueType.
" }, "extractionConfig":{ "shape":"ExtractionConfig", "documentation":"Configuration for extracting this metadata value from conversational content.
" } }, "documentation":"A metadata field definition within a strategy's schema.
" }, "MetadataSchemaList":{ "type":"list", "member":{"shape":"MetadataSchemaEntry"}, "max":20, "min":1 }, "MetadataValueType":{ "type":"string", "enum":[ "STRING", "STRINGLIST", "NUMBER" ] }, "MicrosoftOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Microsoft OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Microsoft OAuth2 provider.
" }, "tenantId":{ "shape":"TenantIdType", "documentation":"The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.
" } }, "documentation":"Input configuration for a Microsoft OAuth2 provider.
" }, "MicrosoftOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the Microsoft provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Microsoft OAuth2 provider.
" } }, "documentation":"Output configuration for a Microsoft OAuth2 provider.
" }, "ModelId":{"type":"string"}, "ModifyConsolidationConfiguration":{ "type":"structure", "members":{ "customConsolidationConfiguration":{ "shape":"CustomConsolidationConfigurationInput", "documentation":"The updated custom consolidation configuration.
" } }, "documentation":"Contains information for modifying a consolidation configuration.
", "union":true }, "ModifyExtractionConfiguration":{ "type":"structure", "members":{ "customExtractionConfiguration":{ "shape":"CustomExtractionConfigurationInput", "documentation":"The updated custom extraction configuration.
" } }, "documentation":"Contains information for modifying an extraction configuration.
", "union":true }, "ModifyInvocationConfigurationInput":{ "type":"structure", "members":{ "topicArn":{ "shape":"Arn", "documentation":"The updated ARN of the SNS topic for job notifications.
" }, "payloadDeliveryBucketName":{ "shape":"ModifyInvocationConfigurationInputPayloadDeliveryBucketNameString", "documentation":"The updated S3 bucket name for event payload delivery.
" } }, "documentation":"The configuration for updating invocation settings.
" }, "ModifyInvocationConfigurationInputPayloadDeliveryBucketNameString":{ "type":"string", "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" }, "ModifyMemoryStrategies":{ "type":"structure", "members":{ "addMemoryStrategies":{ "shape":"MemoryStrategyInputList", "documentation":"The list of memory strategies to add.
" }, "modifyMemoryStrategies":{ "shape":"ModifyMemoryStrategiesList", "documentation":"The list of memory strategies to modify.
" }, "deleteMemoryStrategies":{ "shape":"DeleteMemoryStrategiesList", "documentation":"The list of memory strategies to delete.
" } }, "documentation":"Contains information for modifying memory strategies.
" }, "ModifyMemoryStrategiesList":{ "type":"list", "member":{"shape":"ModifyMemoryStrategyInput"} }, "ModifyMemoryStrategyInput":{ "type":"structure", "required":["memoryStrategyId"], "members":{ "memoryStrategyId":{ "shape":"String", "documentation":"The unique identifier of the memory strategy to modify.
" }, "description":{ "shape":"Description", "documentation":"The updated description of the memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The updated namespaces for the memory strategy.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The updated namespaceTemplates for the memory strategy.
" }, "configuration":{ "shape":"ModifyStrategyConfiguration", "documentation":"The updated configuration for the memory strategy.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Updated metadata schema for records generated by this strategy.
" } }, "documentation":"Input for modifying a memory strategy.
" }, "ModifyReflectionConfiguration":{ "type":"structure", "members":{ "episodicReflectionConfiguration":{ "shape":"EpisodicReflectionConfigurationInput", "documentation":"The updated episodic reflection configuration.
" }, "customReflectionConfiguration":{ "shape":"CustomReflectionConfigurationInput", "documentation":"The updated custom reflection configuration.
" } }, "documentation":"Contains information for modifying a reflection configuration.
", "union":true }, "ModifySelfManagedConfiguration":{ "type":"structure", "members":{ "triggerConditions":{ "shape":"TriggerConditionInputList", "documentation":"The updated list of conditions that trigger memory processing.
" }, "invocationConfiguration":{ "shape":"ModifyInvocationConfigurationInput", "documentation":"The updated configuration to invoke self-managed memory processing pipeline.
" }, "historicalContextWindowSize":{ "shape":"ModifySelfManagedConfigurationHistoricalContextWindowSizeInteger", "documentation":"The updated number of historical messages to include in processing context.
" } }, "documentation":"The configuration for updating the self-managed memory strategy.
" }, "ModifySelfManagedConfigurationHistoricalContextWindowSizeInteger":{ "type":"integer", "box":true, "max":50, "min":0 }, "ModifyStrategyConfiguration":{ "type":"structure", "members":{ "extraction":{ "shape":"ModifyExtractionConfiguration", "documentation":"The updated extraction configuration.
" }, "consolidation":{ "shape":"ModifyConsolidationConfiguration", "documentation":"The updated consolidation configuration.
" }, "reflection":{ "shape":"ModifyReflectionConfiguration", "documentation":"The updated reflection configuration.
" }, "selfManagedConfiguration":{ "shape":"ModifySelfManagedConfiguration", "documentation":"The updated self-managed configuration.
" } }, "documentation":"Contains information for modifying a strategy configuration.
" }, "MountPath":{ "type":"string", "max":200, "min":6, "pattern":"/mnt/[a-zA-Z0-9._-]+/?" }, "Name":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "Namespace":{ "type":"string", "max":512, "min":1, "pattern":"[a-zA-Z0-9\\-_\\/]*(\\{(actorId|sessionId|memoryStrategyId)\\}[a-zA-Z0-9\\-_\\/]*)*" }, "NamespacesList":{ "type":"list", "member":{"shape":"Namespace"}, "max":1, "min":1 }, "NaturalLanguage":{ "type":"string", "max":2000, "min":1 }, "NetworkConfiguration":{ "type":"structure", "required":["networkMode"], "members":{ "networkMode":{ "shape":"NetworkMode", "documentation":"The network mode for the AgentCore Runtime.
" }, "networkModeConfig":{ "shape":"VpcConfig", "documentation":"The network mode configuration for the AgentCore Runtime.
" } }, "documentation":"SecurityConfig for the Agent.
" }, "NetworkMode":{ "type":"string", "enum":[ "PUBLIC", "VPC" ] }, "NextToken":{ "type":"string", "max":2048, "min":1, "pattern":"\\S*" }, "NonBlankString":{ "type":"string", "pattern":"[\\s\\S]+" }, "NonEmptyString":{ "type":"string", "min":1 }, "NumberValidation":{ "type":"structure", "members":{ "minValue":{ "shape":"Double", "documentation":"Minimum allowed value.
" }, "maxValue":{ "shape":"Double", "documentation":"Maximum allowed value.
" } }, "documentation":"Validation for NUMBER fields.
" }, "NumericalScaleDefinition":{ "type":"structure", "required":[ "definition", "value", "label" ], "members":{ "definition":{ "shape":"String", "documentation":"The description that explains what this numerical rating represents and when it should be used.
" }, "value":{ "shape":"NumericalScaleDefinitionValueDouble", "documentation":"The numerical value for this rating scale option.
" }, "label":{ "shape":"NumericalScaleDefinitionLabelString", "documentation":"The label or name that describes this numerical rating option.
" } }, "documentation":"The definition of a numerical rating scale option that provides a numeric value with its description for evaluation scoring.
" }, "NumericalScaleDefinitionLabelString":{ "type":"string", "max":100, "min":1 }, "NumericalScaleDefinitionValueDouble":{ "type":"double", "box":true, "min":0 }, "NumericalScaleDefinitions":{ "type":"list", "member":{"shape":"NumericalScaleDefinition"} }, "OAuth2AuthorizationData":{ "type":"structure", "required":["authorizationUrl"], "members":{ "authorizationUrl":{ "shape":"OAuth2AuthorizationDataAuthorizationUrlString", "documentation":"The URL to initiate the authorization process. This URL is provided when the OAuth2 access token requires user authorization.
" }, "userId":{ "shape":"OAuth2AuthorizationDataUserIdString", "documentation":"The user identifier associated with the OAuth2 authorization session that is defined by AgentCore Gateway.
" } }, "documentation":"OAuth2-specific authorization data, including the authorization URL and user identifier for the authorization session.
" }, "OAuth2AuthorizationDataAuthorizationUrlString":{ "type":"string", "min":1 }, "OAuth2AuthorizationDataUserIdString":{ "type":"string", "max":128, "min":1 }, "OAuthCredentialProvider":{ "type":"structure", "required":[ "providerArn", "scopes" ], "members":{ "providerArn":{ "shape":"OAuthCredentialProviderArn", "documentation":"The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
" }, "scopes":{ "shape":"OAuthScopes", "documentation":"The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
" }, "customParameters":{ "shape":"OAuthCustomParameters", "documentation":"The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
" }, "grantType":{ "shape":"OAuthGrantType", "documentation":"Specifies the kind of credentials to use for authorization:
CLIENT_CREDENTIALS - Authorization with a client ID and secret.
AUTHORIZATION_CODE - Authorization with a token that is specific to an individual end user.
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
" } }, "documentation":"An OAuth credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using OAuth.
" }, "OAuthCredentialProviderArn":{ "type":"string", "pattern":"arn:([^:]*):([^:]*):([^:]*):([0-9]{12})?:(.+)" }, "OAuthCustomParameters":{ "type":"map", "key":{"shape":"OAuthCustomParametersKey"}, "value":{"shape":"OAuthCustomParametersValue"}, "max":10, "min":1 }, "OAuthCustomParametersKey":{ "type":"string", "max":256, "min":1 }, "OAuthCustomParametersValue":{ "type":"string", "max":2048, "min":1, "sensitive":true }, "OAuthDefaultReturnUrl":{ "type":"string", "max":2048, "min":1, "pattern":"\\w+:(\\/?\\/?)[^\\s]+" }, "OAuthGrantType":{ "type":"string", "enum":[ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "TOKEN_EXCHANGE" ] }, "OAuthScope":{ "type":"string", "max":64, "min":1 }, "OAuthScopes":{ "type":"list", "member":{"shape":"OAuthScope"}, "max":100, "min":0 }, "Oauth2AuthorizationServerMetadata":{ "type":"structure", "required":[ "issuer", "authorizationEndpoint", "tokenEndpoint" ], "members":{ "issuer":{ "shape":"IssuerUrlType", "documentation":"The issuer URL for the OAuth2 authorization server.
" }, "authorizationEndpoint":{ "shape":"AuthorizationEndpointType", "documentation":"The authorization endpoint URL for the OAuth2 authorization server.
" }, "tokenEndpoint":{ "shape":"TokenEndpointType", "documentation":"The token endpoint URL for the OAuth2 authorization server.
" }, "responseTypes":{ "shape":"ResponseListType", "documentation":"The supported response types for the OAuth2 authorization server.
" }, "tokenEndpointAuthMethods":{ "shape":"TokenEndpointAuthMethodsType", "documentation":"The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
" } }, "documentation":"Contains the authorization server metadata for an OAuth2 provider.
" }, "Oauth2CredentialProviderItem":{ "type":"structure", "required":[ "name", "credentialProviderVendor", "credentialProviderArn", "createdTime", "lastUpdatedTime" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider.
" }, "credentialProviderArn":{ "shape":"CredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the OAuth2 credential provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was last updated.
" } }, "documentation":"Contains information about an OAuth2 credential provider.
" }, "Oauth2CredentialProviders":{ "type":"list", "member":{"shape":"Oauth2CredentialProviderItem"} }, "Oauth2Discovery":{ "type":"structure", "members":{ "discoveryUrl":{ "shape":"DiscoveryUrlType", "documentation":"The discovery URL for the OAuth2 provider.
" }, "authorizationServerMetadata":{ "shape":"Oauth2AuthorizationServerMetadata", "documentation":"The authorization server metadata for the OAuth2 provider.
" } }, "documentation":"Contains the discovery information for an OAuth2 provider.
", "union":true }, "Oauth2ProviderConfigInput":{ "type":"structure", "members":{ "customOauth2ProviderConfig":{ "shape":"CustomOauth2ProviderConfigInput", "documentation":"The configuration for a custom OAuth2 provider.
" }, "googleOauth2ProviderConfig":{ "shape":"GoogleOauth2ProviderConfigInput", "documentation":"The configuration for a Google OAuth2 provider.
" }, "githubOauth2ProviderConfig":{ "shape":"GithubOauth2ProviderConfigInput", "documentation":"The configuration for a GitHub OAuth2 provider.
" }, "slackOauth2ProviderConfig":{ "shape":"SlackOauth2ProviderConfigInput", "documentation":"The configuration for a Slack OAuth2 provider.
" }, "salesforceOauth2ProviderConfig":{ "shape":"SalesforceOauth2ProviderConfigInput", "documentation":"The configuration for a Salesforce OAuth2 provider.
" }, "microsoftOauth2ProviderConfig":{ "shape":"MicrosoftOauth2ProviderConfigInput", "documentation":"The configuration for a Microsoft OAuth2 provider.
" }, "atlassianOauth2ProviderConfig":{ "shape":"AtlassianOauth2ProviderConfigInput", "documentation":"Configuration settings for Atlassian OAuth2 provider integration.
" }, "linkedinOauth2ProviderConfig":{ "shape":"LinkedinOauth2ProviderConfigInput", "documentation":"Configuration settings for LinkedIn OAuth2 provider integration.
" }, "includedOauth2ProviderConfig":{ "shape":"IncludedOauth2ProviderConfigInput", "documentation":"The configuration for a non-custom OAuth2 provider. This includes settings for supported OAuth2 providers that have built-in integration support.
" } }, "documentation":"Contains the input configuration for an OAuth2 provider.
", "union":true }, "Oauth2ProviderConfigOutput":{ "type":"structure", "members":{ "customOauth2ProviderConfig":{ "shape":"CustomOauth2ProviderConfigOutput", "documentation":"The output configuration for a custom OAuth2 provider.
" }, "googleOauth2ProviderConfig":{ "shape":"GoogleOauth2ProviderConfigOutput", "documentation":"The output configuration for a Google OAuth2 provider.
" }, "githubOauth2ProviderConfig":{ "shape":"GithubOauth2ProviderConfigOutput", "documentation":"The output configuration for a GitHub OAuth2 provider.
" }, "slackOauth2ProviderConfig":{ "shape":"SlackOauth2ProviderConfigOutput", "documentation":"The output configuration for a Slack OAuth2 provider.
" }, "salesforceOauth2ProviderConfig":{ "shape":"SalesforceOauth2ProviderConfigOutput", "documentation":"The output configuration for a Salesforce OAuth2 provider.
" }, "microsoftOauth2ProviderConfig":{ "shape":"MicrosoftOauth2ProviderConfigOutput", "documentation":"The output configuration for a Microsoft OAuth2 provider.
" }, "atlassianOauth2ProviderConfig":{ "shape":"AtlassianOauth2ProviderConfigOutput", "documentation":"The configuration details for the Atlassian OAuth2 provider.
" }, "linkedinOauth2ProviderConfig":{ "shape":"LinkedinOauth2ProviderConfigOutput", "documentation":"The configuration details for the LinkedIn OAuth2 provider.
" }, "includedOauth2ProviderConfig":{ "shape":"IncludedOauth2ProviderConfigOutput", "documentation":"The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.
" } }, "documentation":"Contains the output configuration for an OAuth2 provider.
", "union":true }, "OnBehalfOfTokenExchangeConfigType":{ "type":"structure", "required":["grantType"], "members":{ "grantType":{ "shape":"OnBehalfOfTokenExchangeGrantTypeType", "documentation":"The grant type for the on-behalf-of token exchange.
" }, "tokenExchangeGrantTypeConfig":{ "shape":"TokenExchangeGrantTypeConfigType", "documentation":"Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
" } }, "documentation":"Configuration for on-behalf-of token exchange.
" }, "OnBehalfOfTokenExchangeGrantTypeType":{ "type":"string", "enum":[ "TOKEN_EXCHANGE", "JWT_AUTHORIZATION_GRANT" ] }, "OnlineEvaluationConfigArn":{ "type":"string", "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:online-evaluation-config\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "OnlineEvaluationConfigId":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" }, "OnlineEvaluationConfigStatus":{ "type":"string", "enum":[ "ACTIVE", "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "DELETING", "ERROR" ] }, "OnlineEvaluationConfigSummary":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "onlineEvaluationConfigName", "status", "executionStatus", "createdAt", "updatedAt" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration.
" }, "onlineEvaluationConfigName":{ "shape":"EvaluationConfigName", "documentation":"The name of the online evaluation configuration.
" }, "description":{ "shape":"EvaluationConfigDescription", "documentation":"The description of the online evaluation configuration.
" }, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The execution status indicating whether the online evaluation is currently running.
" }, "createdAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was created.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was last updated.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the online evaluation configuration execution failed.
" } }, "documentation":"The summary information about an online evaluation configuration, including basic metadata and execution status.
" }, "OnlineEvaluationConfigSummaryList":{ "type":"list", "member":{"shape":"OnlineEvaluationConfigSummary"} }, "OnlineEvaluationExecutionStatus":{ "type":"string", "enum":[ "ENABLED", "DISABLED" ] }, "OutputConfig":{ "type":"structure", "required":["cloudWatchConfig"], "members":{ "cloudWatchConfig":{ "shape":"CloudWatchOutputConfig", "documentation":"The CloudWatch configuration for writing evaluation results to CloudWatch logs with embedded metric format.
" } }, "documentation":"The configuration that specifies where evaluation results should be written for monitoring and analysis.
" }, "OverrideType":{ "type":"string", "enum":[ "SEMANTIC_OVERRIDE", "SUMMARY_OVERRIDE", "USER_PREFERENCE_OVERRIDE", "SELF_MANAGED", "EPISODIC_OVERRIDE" ] }, "Policies":{ "type":"list", "member":{"shape":"Policy"}, "max":100, "min":0 }, "Policy":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier for the policy. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy operations.
" }, "name":{ "shape":"PolicyName", "documentation":"The customer-assigned immutable name for the policy. This human-readable identifier must be unique within the account and cannot exceed 48 characters.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages this policy. This establishes the policy engine context for policy evaluation and management.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy's purpose and functionality. Limited to 4,096 characters, this helps administrators understand and manage the policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was originally created. This is automatically set by the service and used for auditing and lifecycle management.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration or metadata.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The current status of the policy.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the policy status. This provides details about any failures or the current state of the policy lifecycle.
" } }, "documentation":"Represents a complete policy resource within the AgentCore Policy system. Policies are ARN-able resources that contain Cedar policy statements and associated metadata for controlling agent behavior and access decisions. Each policy belongs to a policy engine and defines fine-grained authorization rules that are evaluated in real-time as agents interact with tools through Gateway. Policies use the Cedar policy language to specify who (principals based on OAuth claims like username, role, or scope) can perform what actions (tool calls) on which resources (Gateways), with optional conditions for attribute-based access control. Multiple policies can apply to a single request, with Cedar's forbid-wins semantics ensuring that security restrictions are never accidentally overridden.
" }, "PolicyArn":{ "type":"string", "max":203, "min":96, "pattern":"arn:aws[-a-z]{0,7}:bedrock-agentcore:[a-z0-9-]{9,15}:[0-9]{12}:policy-engine/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}/policy/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}" }, "PolicyDefinition":{ "type":"structure", "members":{ "cedar":{ "shape":"CedarPolicy", "documentation":"The Cedar policy definition within the policy definition structure. This contains the Cedar policy statement that defines the authorization logic using Cedar's human-readable, analyzable policy language. Cedar policies specify principals (who can access), actions (what operations are allowed), resources (what can be accessed), and optional conditions for fine-grained control. Cedar provides a formal policy language designed for authorization with deterministic evaluation, making policies testable, reviewable, and auditable. All Cedar policies follow a default-deny model where actions are denied unless explicitly permitted, and forbid policies always override permit policies.
" }, "policyGeneration":{ "shape":"PolicyGenerationDetails", "documentation":"The generated policy asset information within the policy definition structure. This contains information identifying a generated policy asset from the AI-powered policy generation process within the AgentCore Policy system. Each asset contains a Cedar policy statement generated from natural language input, along with associated metadata and analysis findings to help users evaluate and select the most appropriate policy option.
" } }, "documentation":"Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.
", "union":true }, "PolicyEngine":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier for the policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy engine operations.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The customer-assigned immutable name for the policy engine. This human-readable identifier must be unique within the account and cannot exceed 48 characters.
" }, "description":{ "shape":"Description", "documentation":"A human-readable description of the policy engine's purpose and scope. Limited to 4,096 characters, this helps administrators understand the policy engine's role in the overall governance strategy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was originally created. This is automatically set by the service and used for auditing and lifecycle management.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration or metadata.
" }, "policyEngineArn":{ "shape":"PolicyEngineArn", "documentation":"The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The current status of the policy engine.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine lifecycle.
" }, "encryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.
" } }, "documentation":"Represents a policy engine resource within the AgentCore Policy system. Policy engines serve as containers for grouping related policies and provide the execution context for policy evaluation and management. Each policy engine can be associated with one Gateway (one engine per Gateway), where it intercepts all agent tool calls and evaluates them against the contained policies before allowing tools to execute. The policy engine maintains the Cedar schema generated from the Gateway's tool manifest, ensuring that policies are validated against the actual tools and parameters available. Policy engines support two enforcement modes that can be configured when associating with a Gateway: log-only mode for testing (evaluates decisions without blocking) and enforce mode for production (actively allows or denies based on policy evaluation).
" }, "PolicyEngineArn":{ "type":"string", "max":136, "min":76, "pattern":"arn:aws[-a-z]{0,7}:bedrock-agentcore:[a-z0-9-]{9,15}:[0-9]{12}:policy-engine/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}" }, "PolicyEngineName":{ "type":"string", "max":48, "min":1, "pattern":"[A-Za-z][A-Za-z0-9_]*" }, "PolicyEngineStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED" ] }, "PolicyEngines":{ "type":"list", "member":{"shape":"PolicyEngine"}, "max":100, "min":0 }, "PolicyGeneration":{ "type":"structure", "required":[ "policyEngineId", "policyGenerationId", "name", "policyGenerationArn", "resource", "createdAt", "updatedAt", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine associated with this generation request.
" }, "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier for this policy generation request.
" }, "name":{ "shape":"PolicyGenerationName", "documentation":"The customer-assigned name for this policy generation request.
" }, "policyGenerationArn":{ "shape":"PolicyGenerationArn", "documentation":"The ARN of this policy generation request.
" }, "resource":{ "shape":"Resource", "documentation":"The resource information associated with this policy generation.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when this policy generation request was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when this policy generation was last updated.
" }, "status":{ "shape":"PolicyGenerationStatus", "documentation":"The current status of this policy generation request.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the generation status.
" }, "findings":{ "shape":"String", "documentation":"Findings and insights from this policy generation process.
" } }, "documentation":"Represents a policy generation request within the AgentCore Policy system. Tracks the AI-powered conversion of natural language descriptions into Cedar policy statements, enabling users to author policies by describing authorization requirements in plain English. The generation process analyzes the natural language input along with the Gateway's tool context and Cedar schema to produce one or more validated policy options. Each generation request tracks the status of the conversion process and maintains findings about the generated policies, including validation results and potential issues. Generated policy assets remain available for one week after successful generation, allowing time to review and create policies from the generated options.
" }, "PolicyGenerationArn":{ "type":"string", "max":210, "min":103, "pattern":"arn:aws[-a-z]{0,7}:bedrock-agentcore:[a-z0-9-]{9,15}:[0-9]{12}:policy-engine/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}/policy-generation/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}" }, "PolicyGenerationAsset":{ "type":"structure", "required":[ "policyGenerationAssetId", "rawTextFragment", "findings" ], "members":{ "policyGenerationAssetId":{ "shape":"ResourceId", "documentation":"The unique identifier for this generated policy asset within the policy generation request. This ID can be used to reference specific generated policy options when creating actual policies from the generation results.
" }, "definition":{"shape":"PolicyDefinition"}, "rawTextFragment":{ "shape":"NaturalLanguage", "documentation":"The portion of the original natural language input that this generated policy asset addresses. This helps users understand which part of their policy description was translated into this specific Cedar policy statement, enabling better policy selection and refinement. When a single natural language input describes multiple authorization requirements, the generation process creates separate policy assets for each requirement, with each asset's rawTextFragment showing which requirement it addresses. Use this mapping to verify that all parts of your natural language input were correctly translated into Cedar policies.
" }, "findings":{ "shape":"Findings", "documentation":"Analysis findings and insights related to this specific generated policy asset. These findings may include validation results, potential issues, or recommendations for improvement to help users evaluate the quality and appropriateness of the generated policy.
" } }, "documentation":"Represents a generated policy asset from the AI-powered policy generation process within the AgentCore Policy system. Each asset contains a Cedar policy statement generated from natural language input, along with associated metadata and analysis findings to help users evaluate and select the most appropriate policy option.
" }, "PolicyGenerationAssets":{ "type":"list", "member":{"shape":"PolicyGenerationAsset"} }, "PolicyGenerationDetails":{ "type":"structure", "required":[ "policyGenerationId", "policyGenerationAssetId" ], "members":{ "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier for this policy generation request.
" }, "policyGenerationAssetId":{ "shape":"ResourceId", "documentation":"The unique identifier for this generated policy asset within the policy generation request.
" } }, "documentation":"Represents the information identifying a generated policy asset from the AI-powered policy generation process within the AgentCore Policy system. Each asset contains a Cedar policy statement generated from natural language input, along with associated metadata and analysis findings to help users evaluate and select the most appropriate policy option.
" }, "PolicyGenerationName":{ "type":"string", "max":48, "min":1, "pattern":"[A-Za-z][A-Za-z0-9_]*" }, "PolicyGenerationStatus":{ "type":"string", "enum":[ "GENERATING", "GENERATED", "GENERATE_FAILED", "DELETE_FAILED" ] }, "PolicyGenerations":{ "type":"list", "member":{"shape":"PolicyGeneration"}, "max":100, "min":0 }, "PolicyName":{ "type":"string", "max":48, "min":1, "pattern":"[A-Za-z][A-Za-z0-9_]*" }, "PolicyStatus":{ "type":"string", "enum":[ "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED" ] }, "PolicyStatusReasons":{ "type":"list", "member":{"shape":"String"} }, "PolicyValidationMode":{ "type":"string", "enum":[ "FAIL_ON_ANY_FINDINGS", "IGNORE_ALL_FINDINGS" ] }, "PrincipalMatchOperator":{ "type":"string", "enum":[ "StringEquals", "StringLike" ] }, "PrivateEndpoint":{ "type":"structure", "members":{ "selfManagedLatticeResource":{ "shape":"SelfManagedLatticeResource", "documentation":"Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
" }, "managedVpcResource":{ "shape":"ManagedVpcResource", "documentation":"Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
" } }, "documentation":"The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.
", "union":true }, "PrivateEndpointManagedResources":{ "type":"list", "member":{"shape":"ManagedResourceDetails"}, "documentation":"A list of managed resources created by the gateway for private endpoint connectivity.
" }, "PrivateEndpointOverride":{ "type":"structure", "required":[ "domain", "privateEndpoint" ], "members":{ "domain":{ "shape":"PrivateEndpointOverrideDomain", "documentation":"The domain to override with a private endpoint.
" }, "privateEndpoint":{ "shape":"PrivateEndpoint", "documentation":"The private endpoint configuration for the specified domain.
" } }, "documentation":"A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
" }, "PrivateEndpointOverrideDomain":{ "type":"string", "max":253, "min":1 }, "PrivateEndpointOverrides":{ "type":"list", "member":{"shape":"PrivateEndpointOverride"}, "max":5, "min":0 }, "Prompt":{ "type":"string", "max":30000, "min":1, "sensitive":true }, "ProtocolConfiguration":{ "type":"structure", "required":["serverProtocol"], "members":{ "serverProtocol":{ "shape":"ServerProtocol", "documentation":"The server protocol for the agent runtime. This field specifies which protocol the agent runtime uses to communicate with clients.
" } }, "documentation":"The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.
" }, "PutResourcePolicyRequest":{ "type":"structure", "required":[ "resourceArn", "policy" ], "members":{ "resourceArn":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"The Amazon Resource Name (ARN) of the resource for which to create or update the resource policy.
", "location":"uri", "locationName":"resourceArn" }, "policy":{ "shape":"ResourcePolicyBody", "documentation":"The resource policy to create or update.
" } } }, "PutResourcePolicyResponse":{ "type":"structure", "required":["policy"], "members":{ "policy":{ "shape":"ResourcePolicyBody", "documentation":"The resource policy that was created or updated.
" } } }, "RatingScale":{ "type":"structure", "members":{ "numerical":{ "shape":"NumericalScaleDefinitions", "documentation":"The numerical rating scale with defined score values and descriptions for quantitative evaluation.
" }, "categorical":{ "shape":"CategoricalScaleDefinitions", "documentation":"The categorical rating scale with named categories and definitions for qualitative evaluation.
" } }, "documentation":"The rating scale that defines how evaluators should score agent performance, supporting both numerical and categorical scales.
", "sensitive":true, "union":true }, "RecordIdentifier":{ "type":"string", "max":2048, "min":1, "pattern":"(arn:aws(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:registry/[a-zA-Z0-9]{12,16}/record/)?[a-zA-Z0-9]{12}" }, "RecordingConfig":{ "type":"structure", "members":{ "enabled":{ "shape":"Boolean", "documentation":"Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.
" }, "s3Location":{ "shape":"S3Location", "documentation":"The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.
" } }, "documentation":"The recording configuration for a browser. This structure defines how browser sessions are recorded.
" }, "ReflectionConfiguration":{ "type":"structure", "members":{ "customReflectionConfiguration":{ "shape":"CustomReflectionConfiguration", "documentation":"The configuration for a custom reflection strategy.
" }, "episodicReflectionConfiguration":{ "shape":"EpisodicReflectionConfiguration", "documentation":"The configuration for the episodic reflection strategy.
" } }, "documentation":"Contains reflection configuration information for a memory strategy.
", "union":true }, "RegistryArn":{ "type":"string", "pattern":"arn:aws(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:registry/[a-zA-Z0-9]{12,16}" }, "RegistryAuthorizerType":{ "type":"string", "enum":[ "CUSTOM_JWT", "AWS_IAM" ] }, "RegistryId":{ "type":"string", "max":16, "min":12, "pattern":"[a-zA-Z0-9]{12,16}" }, "RegistryIdentifier":{ "type":"string", "max":2048, "min":1, "pattern":"(arn:aws(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:registry/)?[a-zA-Z0-9]{12,16}" }, "RegistryName":{ "type":"string", "max":64, "min":1, "pattern":"[a-zA-Z0-9][a-zA-Z0-9_\\-\\.\\/]*" }, "RegistryRecordArn":{ "type":"string", "max":2048, "min":1, "pattern":"arn:aws(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:registry/[a-zA-Z0-9]{12,16}/record/[a-zA-Z0-9]{12}" }, "RegistryRecordCredentialProviderConfiguration":{ "type":"structure", "required":[ "credentialProviderType", "credentialProvider" ], "members":{ "credentialProviderType":{ "shape":"RegistryRecordCredentialProviderType", "documentation":"The type of credential provider.
OAUTH - OAuth-based authentication.
IAM - Amazon Web Services IAM-based authentication using SigV4 signing.
The credential provider configuration details. The structure depends on the credentialProviderType.
A pairing of a credential provider type with its corresponding provider details for authenticating with external sources.
" }, "RegistryRecordCredentialProviderConfigurationList":{ "type":"list", "member":{"shape":"RegistryRecordCredentialProviderConfiguration"}, "max":1, "min":0 }, "RegistryRecordCredentialProviderType":{ "type":"string", "enum":[ "OAUTH", "IAM" ] }, "RegistryRecordCredentialProviderUnion":{ "type":"structure", "members":{ "oauthCredentialProvider":{ "shape":"RegistryRecordOAuthCredentialProvider", "documentation":"The OAuth credential provider configuration for authenticating with the external source.
" }, "iamCredentialProvider":{ "shape":"RegistryRecordIamCredentialProvider", "documentation":"The IAM credential provider configuration for authenticating with the external source using SigV4 signing.
" } }, "documentation":"Union of supported credential provider types for registry record synchronization.
", "union":true }, "RegistryRecordIamCredentialProvider":{ "type":"structure", "members":{ "roleArn":{ "shape":"IamRoleArn", "documentation":"The Amazon Resource Name (ARN) of the IAM role to assume for SigV4 signing.
" }, "service":{ "shape":"IamSigningServiceName", "documentation":"The SigV4 signing service name (for example, execute-api or bedrock-agentcore).
The Amazon Web Services region for SigV4 signing (for example, us-west-2). If not specified, the region is extracted from the MCP server URL hostname, with fallback to the service's own region.
IAM credential provider configuration for authenticating with an external source using SigV4 signing during synchronization.
" }, "RegistryRecordId":{ "type":"string", "max":12, "min":12, "pattern":"[a-zA-Z0-9]{12}" }, "RegistryRecordName":{ "type":"string", "max":255, "min":1, "pattern":"[a-zA-Z0-9][a-zA-Z0-9_\\-\\.\\/]*" }, "RegistryRecordOAuthCredentialProvider":{ "type":"structure", "required":["providerArn"], "members":{ "providerArn":{ "shape":"CredentialProviderArn", "documentation":"The Amazon Resource Name (ARN) of the OAuth credential provider resource.
" }, "grantType":{ "shape":"RegistryRecordOAuthGrantType", "documentation":"The OAuth grant type. Currently only CLIENT_CREDENTIALS is supported.
The OAuth scopes to request during authentication.
" }, "customParameters":{ "shape":"CustomParameterMap", "documentation":"Additional custom parameters for the OAuth flow.
" } }, "documentation":"OAuth credential provider configuration for authenticating with an external source during synchronization.
" }, "RegistryRecordOAuthGrantType":{ "type":"string", "enum":["CLIENT_CREDENTIALS"] }, "RegistryRecordStatus":{ "type":"string", "enum":[ "DRAFT", "PENDING_APPROVAL", "APPROVED", "REJECTED", "DEPRECATED", "CREATING", "UPDATING", "CREATE_FAILED", "UPDATE_FAILED" ] }, "RegistryRecordSummary":{ "type":"structure", "required":[ "registryArn", "recordArn", "recordId", "name", "descriptorType", "recordVersion", "status", "createdAt", "updatedAt" ], "members":{ "registryArn":{ "shape":"RegistryArn", "documentation":"The Amazon Resource Name (ARN) of the registry that contains the record.
" }, "recordArn":{ "shape":"RegistryRecordArn", "documentation":"The Amazon Resource Name (ARN) of the registry record.
" }, "recordId":{ "shape":"RegistryRecordId", "documentation":"The unique identifier of the registry record.
" }, "name":{ "shape":"RegistryRecordName", "documentation":"The name of the registry record.
" }, "description":{ "shape":"Description", "documentation":"The description of the registry record.
" }, "descriptorType":{ "shape":"DescriptorType", "documentation":"The descriptor type of the registry record. Possible values are MCP, A2A, CUSTOM, and AGENT_SKILLS.
The version of the registry record.
" }, "status":{ "shape":"RegistryRecordStatus", "documentation":"The current status of the registry record. Possible values include CREATING, DRAFT, APPROVED, PENDING_APPROVAL, REJECTED, DEPRECATED, UPDATING, CREATE_FAILED, and UPDATE_FAILED.
The timestamp when the registry record was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry record was last updated.
" } }, "documentation":"Contains summary information about a registry record.
" }, "RegistryRecordSummaryList":{ "type":"list", "member":{"shape":"RegistryRecordSummary"} }, "RegistryRecordVersion":{ "type":"string", "max":255, "min":1, "pattern":"[a-zA-Z0-9.-]+" }, "RegistryStatus":{ "type":"string", "enum":[ "CREATING", "READY", "UPDATING", "CREATE_FAILED", "UPDATE_FAILED", "DELETING", "DELETE_FAILED" ] }, "RegistrySummary":{ "type":"structure", "required":[ "name", "registryId", "registryArn", "status", "createdAt", "updatedAt" ], "members":{ "name":{ "shape":"RegistryName", "documentation":"The name of the registry.
" }, "description":{ "shape":"Description", "documentation":"The description of the registry.
" }, "registryId":{ "shape":"RegistryId", "documentation":"The unique identifier of the registry.
" }, "registryArn":{ "shape":"RegistryArn", "documentation":"The Amazon Resource Name (ARN) of the registry.
" }, "authorizerType":{ "shape":"RegistryAuthorizerType", "documentation":"The type of authorizer used by the registry. This controls the authorization method for the Search and Invoke APIs used by consumers.
CUSTOM_JWT - Authorize with a bearer token.
AWS_IAM - Authorize with your Amazon Web Services IAM credentials.
The current status of the registry. Possible values include CREATING, READY, UPDATING, CREATE_FAILED, UPDATE_FAILED, DELETING, and DELETE_FAILED.
The reason for the current status, typically set when the status is a failure state.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry was last updated.
" } }, "documentation":"Contains summary information about a registry.
" }, "RegistrySummaryList":{ "type":"list", "member":{"shape":"RegistrySummary"} }, "RequestHeaderAllowlist":{ "type":"list", "member":{"shape":"HeaderName"}, "max":20, "min":1 }, "RequestHeaderConfiguration":{ "type":"structure", "members":{ "requestHeaderAllowlist":{ "shape":"RequestHeaderAllowlist", "documentation":"A list of HTTP request headers that are allowed to be passed through to the runtime.
" } }, "documentation":"Configuration for HTTP request headers that will be passed through to the runtime.
", "union":true }, "RequiredProperties":{ "type":"list", "member":{"shape":"String"} }, "Resource":{ "type":"structure", "members":{ "arn":{ "shape":"BedrockAgentcoreResourceArn", "documentation":"The Amazon Resource Name (ARN) of the resource. This globally unique identifier specifies the exact resource that policies will be evaluated against for access control decisions.
" } }, "documentation":"Represents a resource within the AgentCore Policy system. Resources are the targets of policy evaluation. Currently, only AgentCore Gateways are supported as resources for policy enforcement.
", "union":true }, "ResourceAssociationArn":{ "type":"string", "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}" }, "ResourceConfigurationIdentifier":{ "type":"string", "max":2048, "min":20, "pattern":"((rcfg-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}))" }, "ResourceGatewayArn":{ "type":"string", "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}" }, "ResourceId":{ "type":"string", "max":59, "min":12, "pattern":"[A-Za-z][A-Za-z0-9_]*-[a-z0-9_]{10}" }, "ResourceLimitExceededException":{ "type":"structure", "members":{ "message":{"shape":"String"} }, "documentation":"Exception thrown when a resource limit is exceeded.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "ResourceLocation":{ "type":"structure", "members":{ "s3":{"shape":"S3Location"} }, "documentation":"The location of a resource.
", "union":true }, "ResourceNotFoundException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when a resource referenced by the operation does not exist
", "error":{ "httpStatusCode":404, "senderFault":true }, "exception":true }, "ResourceOauth2ReturnUrlListType":{ "type":"list", "member":{"shape":"ResourceOauth2ReturnUrlType"} }, "ResourceOauth2ReturnUrlType":{ "type":"string", "max":2048, "min":1, "pattern":"\\w+:(\\/?\\/?)[^\\s]+" }, "ResourcePolicyBody":{ "type":"string", "max":20480, "min":1 }, "ResourceType":{ "type":"string", "enum":[ "SYSTEM", "CUSTOM" ] }, "ResponseListType":{ "type":"list", "member":{"shape":"ResponseType"} }, "ResponseType":{"type":"string"}, "RestApiMethod":{ "type":"string", "enum":[ "GET", "DELETE", "HEAD", "OPTIONS", "PATCH", "PUT", "POST" ] }, "RestApiMethods":{ "type":"list", "member":{"shape":"RestApiMethod"} }, "RoleArn":{ "type":"string", "max":2048, "min":1, "pattern":"arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+" }, "RouteToTargetAction":{ "type":"structure", "members":{ "staticRoute":{ "shape":"StaticRoute", "documentation":"A static route that sends all matching requests to a single target.
" }, "weightedRoute":{ "shape":"WeightedRoute", "documentation":"A weighted route that splits traffic between multiple targets.
" } }, "documentation":"An action that routes requests to a gateway target, either statically or with weighted traffic splitting.
", "union":true }, "RoutingDomain":{ "type":"string", "max":255, "min":3 }, "Rule":{ "type":"structure", "required":["samplingConfig"], "members":{ "samplingConfig":{ "shape":"SamplingConfig", "documentation":"The sampling configuration that determines what percentage of agent traces to evaluate.
" }, "filters":{ "shape":"FilterList", "documentation":"The list of filters that determine which agent traces should be included in the evaluation based on trace properties.
" }, "sessionConfig":{ "shape":"SessionConfig", "documentation":"The session configuration that defines timeout settings for detecting when agent sessions are complete and ready for evaluation.
" } }, "documentation":"The evaluation rule that defines sampling configuration, filtering criteria, and session detection settings for online evaluation.
" }, "RuntimeArn":{ "type":"string", "pattern":"arn:aws(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:runtime/[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10}" }, "RuntimeContainerUri":{ "type":"string", "max":1024, "min":1, "pattern":"(([0-9]{12})\\.dkr\\.ecr\\.([a-z0-9-]+)\\.amazonaws\\.com(\\.cn)?|public\\.ecr\\.aws)/((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)(?::([^:@]{1,300}))?(?:@(.+))?" }, "RuntimeMetadataConfiguration":{ "type":"structure", "required":["requireMMDSV2"], "members":{ "requireMMDSV2":{ "shape":"Boolean", "documentation":"Enables MMDSv2 (microVM Metadata Service Version 2) requirement for the agent runtime. When set to true, the runtime microVM will only accept MMDSv2 requests.
Configuration for microVM metadata service settings.
" }, "RuntimeQualifier":{ "type":"string", "pattern":".*([1-9][0-9]{0,4})|([a-zA-Z][a-zA-Z0-9_]{0,47}).*" }, "RuntimeTargetConfiguration":{ "type":"structure", "required":["arn"], "members":{ "arn":{ "shape":"RuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime to route requests to.
" }, "qualifier":{ "shape":"RuntimeQualifier", "documentation":"The qualifier for the agent runtime, used to target a specific endpoint version. If not specified, the default endpoint is used.
" } }, "documentation":"Configuration for an AgentCore Runtime target. Specifies the agent runtime to route requests to via HTTP.
" }, "S3BucketUri":{ "type":"string", "pattern":"s3://.{1,2043}" }, "S3Configuration":{ "type":"structure", "members":{ "uri":{ "shape":"S3BucketUri", "documentation":"The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
" }, "bucketOwnerAccountId":{ "shape":"AwsAccountId", "documentation":"The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
" } }, "documentation":"The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
" }, "S3FilesAccessPointArn":{ "type":"string", "max":256, "min":0, "pattern":"arn:aws[-a-z]*:s3files:[0-9a-z-:]+:file-system/fs-[0-9a-f]{17,40}/access-point/fsap-[0-9a-f]{17,40}" }, "S3FilesAccessPointConfiguration":{ "type":"structure", "required":[ "accessPointArn", "mountPath" ], "members":{ "accessPointArn":{ "shape":"S3FilesAccessPointArn", "documentation":"The ARN of the S3 Files access point to mount into the AgentCore Runtime.
" }, "mountPath":{ "shape":"MountPath", "documentation":"The mount path for the S3 Files access point inside the AgentCore Runtime. The path must be under /mnt with exactly one subdirectory level (for example, /mnt/data).
Configuration for an Amazon S3 Files access point filesystem mounted into the AgentCore Runtime. S3 Files access points provide shared file storage accessible from your AgentCore Runtime sessions.
" }, "S3Location":{ "type":"structure", "required":[ "bucket", "prefix" ], "members":{ "bucket":{ "shape":"S3LocationBucketString", "documentation":"The name of the Amazon S3 bucket. This bucket contains the stored data.
" }, "prefix":{ "shape":"S3LocationPrefixString", "documentation":"The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.
" }, "versionId":{ "shape":"S3LocationVersionIdString", "documentation":"The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.
" } }, "documentation":"The Amazon S3 location for storing data. This structure defines where in Amazon S3 data is stored.
" }, "S3LocationBucketString":{ "type":"string", "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" }, "S3LocationPrefixString":{ "type":"string", "max":1024, "min":1 }, "S3LocationVersionIdString":{ "type":"string", "max":1024, "min":3 }, "SalesforceOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Salesforce OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Salesforce OAuth2 provider.
" } }, "documentation":"Input configuration for a Salesforce OAuth2 provider.
" }, "SalesforceOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the Salesforce provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Salesforce OAuth2 provider.
" } }, "documentation":"Output configuration for a Salesforce OAuth2 provider.
" }, "SamplingConfig":{ "type":"structure", "required":["samplingPercentage"], "members":{ "samplingPercentage":{ "shape":"SamplingConfigSamplingPercentageDouble", "documentation":"The percentage of agent traces to sample for evaluation, ranging from 0.01% to 100%.
" } }, "documentation":"The configuration that controls what percentage of agent traces are sampled for evaluation to manage evaluation volume and costs.
" }, "SamplingConfigSamplingPercentageDouble":{ "type":"double", "box":true, "max":100.0, "min":0.01 }, "SandboxName":{ "type":"string", "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" }, "SchemaDefinition":{ "type":"structure", "required":["type"], "members":{ "type":{ "shape":"SchemaType", "documentation":"The type of the schema definition. This field specifies the data type of the schema.
" }, "properties":{ "shape":"SchemaProperties", "documentation":"The properties of the schema definition. These properties define the fields in the schema.
" }, "required":{ "shape":"RequiredProperties", "documentation":"The required fields in the schema definition. These fields must be provided when using the schema.
" }, "items":{ "shape":"SchemaDefinition", "documentation":"The items in the schema definition. This field is used for array types to define the structure of the array elements.
" }, "description":{ "shape":"String", "documentation":"The description of the schema definition. This description provides information about the purpose and usage of the schema.
" } }, "documentation":"A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
" }, "SchemaProperties":{ "type":"map", "key":{"shape":"String"}, "value":{"shape":"SchemaDefinition"} }, "SchemaType":{ "type":"string", "enum":[ "string", "number", "object", "array", "boolean", "integer" ] }, "SchemaVersion":{ "type":"string", "max":255, "min":1 }, "ScopeList":{ "type":"list", "member":{"shape":"String"} }, "ScopeType":{ "type":"string", "max":128, "min":1 }, "ScopesListType":{ "type":"list", "member":{"shape":"ScopeType"} }, "SearchType":{ "type":"string", "enum":["SEMANTIC"] }, "Secret":{ "type":"structure", "required":["secretArn"], "members":{ "secretArn":{ "shape":"SecretArn", "documentation":"The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
" } }, "documentation":"Contains information about a secret in AWS Secrets Manager.
" }, "SecretArn":{ "type":"string", "pattern":"arn:(aws|aws-us-gov):secretsmanager:[A-Za-z0-9-]{1,64}:[0-9]{12}:secret:[a-zA-Z0-9-_/+=.@!]+" }, "SecretsManagerLocation":{ "type":"structure", "required":["secretArn"], "members":{ "secretArn":{ "shape":"ToolSecretArn", "documentation":"The ARN of the Amazon Web Services Secrets Manager secret containing the certificate.
" } }, "documentation":"The Amazon Web Services Secrets Manager location configuration.
" }, "SecurityGroupId":{ "type":"string", "pattern":"sg-[0-9a-zA-Z]{8,17}" }, "SecurityGroupIdentifier":{ "type":"string", "pattern":"sg-(([0-9a-z]{8})|([0-9a-z]{17}))" }, "SecurityGroupIds":{ "type":"list", "member":{"shape":"SecurityGroupIdentifier"}, "max":5, "min":0 }, "SecurityGroups":{ "type":"list", "member":{"shape":"SecurityGroupId"}, "max":16, "min":1 }, "SelfManagedConfiguration":{ "type":"structure", "required":[ "triggerConditions", "invocationConfiguration", "historicalContextWindowSize" ], "members":{ "triggerConditions":{ "shape":"TriggerConditionsList", "documentation":"A list of conditions that trigger memory processing.
" }, "invocationConfiguration":{ "shape":"InvocationConfiguration", "documentation":"The configuration to use when invoking memory processing.
" }, "historicalContextWindowSize":{ "shape":"Integer", "documentation":"The number of historical messages to include in processing context.
" } }, "documentation":"A configuration for a self-managed memory strategy.
" }, "SelfManagedConfigurationInput":{ "type":"structure", "required":["invocationConfiguration"], "members":{ "triggerConditions":{ "shape":"TriggerConditionInputList", "documentation":"A list of conditions that trigger memory processing.
" }, "invocationConfiguration":{ "shape":"InvocationConfigurationInput", "documentation":"Configuration to invoke a self-managed memory processing pipeline with.
" }, "historicalContextWindowSize":{ "shape":"SelfManagedConfigurationInputHistoricalContextWindowSizeInteger", "documentation":"Number of historical messages to include in processing context.
" } }, "documentation":"Input configuration for a self-managed memory strategy.
" }, "SelfManagedConfigurationInputHistoricalContextWindowSizeInteger":{ "type":"integer", "box":true, "max":50, "min":0 }, "SelfManagedLatticeResource":{ "type":"structure", "members":{ "resourceConfigurationIdentifier":{ "shape":"ResourceConfigurationIdentifier", "documentation":"The ARN or ID of the VPC Lattice resource configuration.
" } }, "documentation":"Configuration for a self-managed VPC Lattice resource. You create and manage the VPC Lattice resource gateway and resource configuration, then provide the resource configuration identifier.
", "union":true }, "SemanticConsolidationOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for semantic consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for semantic consolidation.
" } }, "documentation":"Contains semantic consolidation override configuration.
" }, "SemanticExtractionOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for semantic extraction.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for semantic extraction.
" } }, "documentation":"Contains semantic extraction override configuration.
" }, "SemanticMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the semantic memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the semantic memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the semantic memory strategy.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates associated with the semantic memory strategy.
" }, "memoryRecordSchema":{"shape":"MemoryRecordSchema"} }, "documentation":"Input for creating a semantic memory strategy.
" }, "SemanticOverrideConfigurationInput":{ "type":"structure", "members":{ "extraction":{ "shape":"SemanticOverrideExtractionConfigurationInput", "documentation":"The extraction configuration for a semantic override.
" }, "consolidation":{ "shape":"SemanticOverrideConsolidationConfigurationInput", "documentation":"The consolidation configuration for a semantic override.
" } }, "documentation":"Input for semantic override configuration in a memory strategy.
" }, "SemanticOverrideConsolidationConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for semantic consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for semantic consolidation.
" } }, "documentation":"Input for semantic override consolidation configuration in a memory strategy.
" }, "SemanticOverrideExtractionConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for semantic extraction.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for semantic extraction.
" } }, "documentation":"Input for semantic override extraction configuration in a memory strategy.
" }, "SensitiveJson":{ "type":"structure", "members":{}, "document":true, "sensitive":true }, "SensitiveText":{ "type":"string", "min":1, "sensitive":true }, "ServerDefinition":{ "type":"structure", "members":{ "schemaVersion":{ "shape":"SchemaVersion", "documentation":"The schema version of the server definition based on the MCP protocol specification. If not specified, the version is auto-detected from the content.
" }, "inlineContent":{ "shape":"InlineContent", "documentation":"The JSON content containing the MCP server definition, conforming to the MCP protocol specification.
" } }, "documentation":"The server definition for an MCP descriptor. Contains the schema version and inline content for the MCP server configuration.
" }, "ServerProtocol":{ "type":"string", "enum":[ "MCP", "HTTP", "A2A", "AGUI" ] }, "ServiceException":{ "type":"structure", "members":{ "message":{"shape":"String"} }, "documentation":"An internal error occurred.
", "error":{"httpStatusCode":500}, "exception":true, "fault":true, "retryable":{"throttling":false} }, "ServiceName":{ "type":"string", "max":256, "min":1, "pattern":"[a-zA-Z0-9._-]+" }, "ServiceQuotaExceededException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when a request is made beyond the service quota
", "error":{ "httpStatusCode":402, "senderFault":true }, "exception":true }, "SessionConfig":{ "type":"structure", "required":["sessionTimeoutMinutes"], "members":{ "sessionTimeoutMinutes":{ "shape":"SessionConfigSessionTimeoutMinutesInteger", "documentation":"The number of minutes of inactivity after which an agent session is considered complete and ready for evaluation. Default is 15 minutes.
" } }, "documentation":"The configuration that defines how agent sessions are detected and when they are considered complete for evaluation.
" }, "SessionConfigSessionTimeoutMinutesInteger":{ "type":"integer", "box":true, "max":1440, "min":1 }, "SessionConfiguration":{ "type":"structure", "members":{ "sessionTimeoutInSeconds":{ "shape":"SessionConfigurationSessionTimeoutInSecondsInteger", "documentation":"The session timeout in seconds. After this timeout, the session expires and subsequent requests to this session will receive an error. The minimum value is 900 seconds (15 minutes), the maximum value is 28800 seconds (8 hours), and the default value is 3600 seconds (1 hour).
" } }, "documentation":"The session configuration for an MCP gateway. This structure defines settings that control session behavior.
" }, "SessionConfigurationSessionTimeoutInSecondsInteger":{ "type":"integer", "box":true, "max":28800, "min":900 }, "SessionStorageConfiguration":{ "type":"structure", "required":["mountPath"], "members":{ "mountPath":{ "shape":"MountPath", "documentation":"The mount path for the session storage filesystem inside the AgentCore Runtime. The path must be under /mnt with exactly one subdirectory level (for example, /mnt/data).
Configuration for a session storage filesystem mounted into the AgentCore Runtime. Session storage provides persistent storage that is preserved across AgentCore Runtime session invocations.
" }, "SetTokenVaultCMKRequest":{ "type":"structure", "required":["kmsConfiguration"], "members":{ "tokenVaultId":{ "shape":"TokenVaultIdType", "documentation":"The unique identifier of the token vault to update.
" }, "kmsConfiguration":{ "shape":"KmsConfiguration", "documentation":"The KMS configuration for the token vault, including the key type and KMS key ARN.
" } } }, "SetTokenVaultCMKResponse":{ "type":"structure", "required":[ "tokenVaultId", "kmsConfiguration", "lastModifiedDate" ], "members":{ "tokenVaultId":{ "shape":"TokenVaultIdType", "documentation":"The ID of the token vault.
" }, "kmsConfiguration":{ "shape":"KmsConfiguration", "documentation":"The KMS configuration for the token vault.
" }, "lastModifiedDate":{ "shape":"Timestamp", "documentation":"The timestamp when the token vault was last modified.
" } } }, "SkillDefinition":{ "type":"structure", "members":{ "schemaVersion":{ "shape":"SchemaVersion", "documentation":"The version of the skill definition schema.
" }, "inlineContent":{ "shape":"InlineContent", "documentation":"The JSON content containing the structured skill definition.
" } }, "documentation":"The structured skill definition with schema version and content.
" }, "SkillMdDefinition":{ "type":"structure", "members":{ "inlineContent":{ "shape":"InlineContent", "documentation":"The markdown content describing the agent's skills in a human-readable format.
" } }, "documentation":"The skill markdown definition for an agent skills descriptor.
" }, "SlackOauth2ProviderConfigInput":{ "type":"structure", "required":[ "clientId", "clientSecret" ], "members":{ "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Slack OAuth2 provider.
" }, "clientSecret":{ "shape":"ClientSecretType", "documentation":"The client secret for the Slack OAuth2 provider.
" } }, "documentation":"Input configuration for a Slack OAuth2 provider.
" }, "SlackOauth2ProviderConfigOutput":{ "type":"structure", "required":["oauthDiscovery"], "members":{ "oauthDiscovery":{ "shape":"Oauth2Discovery", "documentation":"The OAuth2 discovery information for the Slack provider.
" }, "clientId":{ "shape":"ClientIdType", "documentation":"The client ID for the Slack OAuth2 provider.
" } }, "documentation":"Output configuration for a Slack OAuth2 provider.
" }, "StartPolicyGenerationRequest":{ "type":"structure", "required":[ "policyEngineId", "resource", "content", "name" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that provides the context for policy generation. This engine's schema and tool context are used to ensure generated policies are valid and applicable.
", "location":"uri", "locationName":"policyEngineId" }, "resource":{ "shape":"Resource", "documentation":"The resource information that provides context for policy generation. This helps the AI understand the target resources and generate appropriate access control rules.
" }, "content":{ "shape":"Content", "documentation":"The natural language description of the desired policy behavior. This content is processed by AI to generate corresponding Cedar policy statements that match the described intent.
" }, "name":{ "shape":"PolicyGenerationName", "documentation":"A customer-assigned name for the policy generation request. This helps track and identify generation operations, especially when running multiple generations simultaneously.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure the idempotency of the request. The AWS SDK automatically generates this token, so you don't need to provide it in most cases. If you retry a request with the same client token, the service returns the same response without starting a duplicate generation.
", "idempotencyToken":true } } }, "StartPolicyGenerationResponse":{ "type":"structure", "required":[ "policyEngineId", "policyGenerationId", "name", "policyGenerationArn", "resource", "createdAt", "updatedAt", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine associated with the started policy generation.
" }, "policyGenerationId":{ "shape":"ResourceId", "documentation":"The unique identifier assigned to the policy generation request for tracking progress.
" }, "name":{ "shape":"PolicyGenerationName", "documentation":"The customer-assigned name for the policy generation request.
" }, "policyGenerationArn":{ "shape":"PolicyGenerationArn", "documentation":"The ARN of the created policy generation request.
" }, "resource":{ "shape":"Resource", "documentation":"The resource information associated with the policy generation request.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy generation request was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy generation was last updated.
" }, "status":{ "shape":"PolicyGenerationStatus", "documentation":"The initial status of the policy generation request.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the generation status.
" }, "findings":{ "shape":"String", "documentation":"Initial findings from the policy generation process.
" } } }, "Statement":{ "type":"string", "max":10000, "min":35 }, "StaticOverride":{ "type":"structure", "required":[ "bundleArn", "bundleVersion" ], "members":{ "bundleArn":{ "shape":"GatewayConfigurationBundleArn", "documentation":"The Amazon Resource Name (ARN) of the configuration bundle to apply.
" }, "bundleVersion":{ "shape":"StaticOverrideBundleVersionString", "documentation":"The version of the configuration bundle to apply.
" } }, "documentation":"A static configuration bundle override.
" }, "StaticOverrideBundleVersionString":{ "type":"string", "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, "StaticRoute":{ "type":"structure", "required":["targetName"], "members":{ "targetName":{ "shape":"TargetName", "documentation":"The name of the target to route requests to.
" } }, "documentation":"A static route to a single gateway target.
" }, "Status":{ "type":"string", "enum":[ "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "READY", "DELETING", "DELETE_FAILED" ] }, "StatusReason":{ "type":"string", "max":2048, "min":0 }, "StatusReasons":{ "type":"list", "member":{"shape":"StatusReason"}, "max":100, "min":0 }, "StrategyConfiguration":{ "type":"structure", "members":{ "type":{ "shape":"OverrideType", "documentation":"The type of override for the strategy configuration.
" }, "extraction":{ "shape":"ExtractionConfiguration", "documentation":"The extraction configuration for the memory strategy.
" }, "consolidation":{ "shape":"ConsolidationConfiguration", "documentation":"The consolidation configuration for the memory strategy.
" }, "reflection":{ "shape":"ReflectionConfiguration", "documentation":"The reflection configuration for the memory strategy.
" }, "selfManagedConfiguration":{ "shape":"SelfManagedConfiguration", "documentation":"Self-managed configuration settings.
" } }, "documentation":"Contains configuration information for a memory strategy.
" }, "StreamDeliveryResource":{ "type":"structure", "members":{ "kinesis":{ "shape":"KinesisResource", "documentation":"Kinesis Data Stream configuration.
" } }, "documentation":"Supported stream delivery resource types.
", "union":true }, "StreamDeliveryResources":{ "type":"structure", "required":["resources"], "members":{ "resources":{ "shape":"StreamDeliveryResourcesList", "documentation":"List of stream delivery resource configurations.
" } }, "documentation":"Configuration for streaming memory record data to external resources.
" }, "StreamDeliveryResourcesList":{ "type":"list", "member":{"shape":"StreamDeliveryResource"}, "max":1, "min":0 }, "StreamingConfiguration":{ "type":"structure", "members":{ "enableResponseStreaming":{ "shape":"Boolean", "documentation":"Indicates whether response streaming is enabled for the gateway. When set to true, the gateway streams responses from targets back to the client.
The streaming configuration for an MCP gateway. This structure defines settings that control response streaming behavior.
" }, "String":{"type":"string"}, "StringListValidation":{ "type":"structure", "members":{ "allowedValues":{ "shape":"AllowedStringListValuesList", "documentation":"Allowed values for items in this STRINGLIST field.
" }, "maxItems":{ "shape":"StringListValidationMaxItemsInteger", "documentation":"Maximum number of items in the string list.
" } }, "documentation":"Validation for STRINGLIST fields.
" }, "StringListValidationMaxItemsInteger":{ "type":"integer", "box":true, "max":5, "min":1 }, "StringValidation":{ "type":"structure", "required":["allowedValues"], "members":{ "allowedValues":{ "shape":"AllowedStringValuesList", "documentation":"Allowed values for this STRING field.
" } }, "documentation":"Validation for STRING fields.
" }, "SubmitRegistryRecordForApprovalRequest":{ "type":"structure", "required":[ "registryId", "recordId" ], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry containing the record. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" }, "recordId":{ "shape":"RecordIdentifier", "documentation":"The identifier of the registry record to submit for approval. You can specify either the Amazon Resource Name (ARN) or the ID of the record.
", "location":"uri", "locationName":"recordId" } } }, "SubmitRegistryRecordForApprovalResponse":{ "type":"structure", "required":[ "registryArn", "recordArn", "recordId", "status", "updatedAt" ], "members":{ "registryArn":{ "shape":"RegistryArn", "documentation":"The Amazon Resource Name (ARN) of the registry that contains the record.
" }, "recordArn":{ "shape":"RegistryRecordArn", "documentation":"The Amazon Resource Name (ARN) of the registry record.
" }, "recordId":{ "shape":"RegistryRecordId", "documentation":"The unique identifier of the registry record.
" }, "status":{ "shape":"RegistryRecordStatus", "documentation":"The resulting status of the registry record after submission.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the record was last updated.
" } } }, "SubnetId":{ "type":"string", "pattern":"subnet-[0-9a-zA-Z]{8,17}" }, "SubnetIds":{ "type":"list", "member":{"shape":"SubnetId"} }, "Subnets":{ "type":"list", "member":{"shape":"SubnetId"}, "max":16, "min":1 }, "SummaryConsolidationOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for summary consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for summary consolidation.
" } }, "documentation":"Contains summary consolidation override configuration.
" }, "SummaryMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the summary memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the summary memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the summary memory strategy.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates associated with the summary memory strategy.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Schema for metadata fields on records generated by this strategy.
" } }, "documentation":"Input for creating a summary memory strategy.
" }, "SummaryOverrideConfigurationInput":{ "type":"structure", "members":{ "consolidation":{ "shape":"SummaryOverrideConsolidationConfigurationInput", "documentation":"The consolidation configuration for a summary override.
" } }, "documentation":"Input for summary override configuration in a memory strategy.
" }, "SummaryOverrideConsolidationConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for summary consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for summary consolidation.
" } }, "documentation":"Input for summary override consolidation configuration in a memory strategy.
" }, "SynchronizationConfiguration":{ "type":"structure", "members":{ "fromUrl":{ "shape":"FromUrlSynchronizationConfiguration", "documentation":"Configuration for synchronizing from a URL-based source.
" } }, "documentation":"Configuration for synchronizing registry record metadata from an external source.
" }, "SynchronizationType":{ "type":"string", "enum":["URL"] }, "SynchronizeGatewayTargetsRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "targetIdList" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The gateway Identifier.
", "location":"uri", "locationName":"gatewayIdentifier" }, "targetIdList":{ "shape":"TargetIdList", "documentation":"The target ID list.
" } } }, "SynchronizeGatewayTargetsResponse":{ "type":"structure", "members":{ "targets":{ "shape":"GatewayTargetList", "documentation":"The gateway targets for synchronization.
" } } }, "SystemManagedBlock":{ "type":"structure", "required":["managedBy"], "members":{ "managedBy":{ "shape":"String", "documentation":"The identifier of the system or process that manages this rule.
" } }, "documentation":"System-managed metadata for rules created by automated processes such as A/B tests.
" }, "TagKey":{ "type":"string", "max":128, "min":1, "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "TagKeyList":{ "type":"list", "member":{"shape":"TagKey"}, "max":200, "min":0 }, "TagResourceRequest":{ "type":"structure", "required":[ "resourceArn", "tags" ], "members":{ "resourceArn":{ "shape":"TaggableResourcesArn", "documentation":"The Amazon Resource Name (ARN) of the resource that you want to tag.
", "location":"uri", "locationName":"resourceArn" }, "tags":{ "shape":"TagsMap", "documentation":"The tags to add to the resource. A tag is a key-value pair.
" } } }, "TagResourceResponse":{ "type":"structure", "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0, "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "TaggableResourcesArn":{ "type":"string", "max":1011, "min":20, "pattern":"arn:(?:[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:([a-z-]+/[^/]+)(?:/[a-z-]+/[^/]+)*" }, "TagsMap":{ "type":"map", "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"}, "max":50, "min":0 }, "TargetConfiguration":{ "type":"structure", "members":{ "mcp":{ "shape":"McpTargetConfiguration", "documentation":"The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
" }, "http":{ "shape":"HttpTargetConfiguration", "documentation":"The HTTP target configuration. Use this to route gateway requests to an HTTP-based endpoint such as an AgentCore Runtime.
" } }, "documentation":"The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
", "union":true }, "TargetDescription":{ "type":"string", "max":200, "min":1, "sensitive":true }, "TargetId":{ "type":"string", "pattern":"[0-9a-zA-Z]{10}" }, "TargetIdList":{ "type":"list", "member":{"shape":"TargetId"}, "max":1, "min":1 }, "TargetMaxResults":{ "type":"integer", "box":true, "max":1000, "min":1 }, "TargetName":{ "type":"string", "pattern":"([0-9a-zA-Z][-]?){1,100}", "sensitive":true }, "TargetNextToken":{ "type":"string", "max":2048, "min":1, "pattern":"\\S*" }, "TargetProtocolType":{ "type":"string", "enum":[ "MCP", "HTTP" ] }, "TargetResourcePriority":{ "type":"integer", "box":true, "max":1000, "min":0 }, "TargetStatus":{ "type":"string", "enum":[ "CREATING", "UPDATING", "UPDATE_UNSUCCESSFUL", "DELETING", "READY", "FAILED", "SYNCHRONIZING", "SYNCHRONIZE_UNSUCCESSFUL", "CREATE_PENDING_AUTH", "UPDATE_PENDING_AUTH", "SYNCHRONIZE_PENDING_AUTH" ] }, "TargetSummaries":{ "type":"list", "member":{"shape":"TargetSummary"} }, "TargetSummary":{ "type":"structure", "required":[ "targetId", "name", "status", "createdAt", "updatedAt" ], "members":{ "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the target.
" }, "name":{ "shape":"TargetName", "documentation":"The name of the target.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The description of the target.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the target was last updated.
" }, "resourcePriority":{ "shape":"TargetResourcePriority", "documentation":"Priority for resolving resource URI conflicts across targets. Lower values take precedence. Defaults to 1000 when not set.
" } }, "documentation":"Contains summary information about a gateway target. A target represents an endpoint that the gateway can connect to.
" }, "TargetTrafficSplitEntries":{ "type":"list", "member":{"shape":"TargetTrafficSplitEntry"}, "max":2, "min":2 }, "TargetTrafficSplitEntry":{ "type":"structure", "required":[ "name", "weight", "targetName" ], "members":{ "name":{ "shape":"TargetTrafficSplitEntryNameString", "documentation":"The name of this traffic split variant.
" }, "weight":{ "shape":"TargetTrafficSplitEntryWeightInteger", "documentation":"The percentage of traffic to route to this variant.
" }, "targetName":{ "shape":"TargetName", "documentation":"The name of the target to route traffic to.
" }, "description":{ "shape":"TargetTrafficSplitEntryDescriptionString", "documentation":"The description of this traffic split variant.
" }, "metadata":{ "shape":"TrafficSplitMetadataMap", "documentation":"Key-value metadata associated with this traffic split variant.
" } }, "documentation":"An entry in a target traffic split configuration.
" }, "TargetTrafficSplitEntryDescriptionString":{ "type":"string", "max":200, "min":1 }, "TargetTrafficSplitEntryNameString":{ "type":"string", "max":64, "min":1, "pattern":"[a-zA-Z0-9]([a-zA-Z0-9-]{0,62}[a-zA-Z0-9])?" }, "TargetTrafficSplitEntryWeightInteger":{ "type":"integer", "box":true, "max":99, "min":1 }, "Temperature":{ "type":"float", "box":true, "max":2.0, "min":0.0 }, "TenantIdType":{ "type":"string", "max":2048, "min":1 }, "ThrottledException":{ "type":"structure", "members":{ "message":{"shape":"String"} }, "documentation":"API rate limit has been exceeded.
", "error":{ "httpStatusCode":429, "senderFault":true }, "exception":true, "retryable":{"throttling":false} }, "ThrottlingException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when the number of requests exceeds the limit
", "error":{ "httpStatusCode":429, "senderFault":true }, "exception":true }, "TimeBasedTrigger":{ "type":"structure", "members":{ "idleSessionTimeout":{ "shape":"Integer", "documentation":"Idle session timeout (seconds) that triggers memory processing.
" } }, "documentation":"Trigger configuration based on time.
" }, "TimeBasedTriggerInput":{ "type":"structure", "members":{ "idleSessionTimeout":{ "shape":"TimeBasedTriggerInputIdleSessionTimeoutInteger", "documentation":"Idle session timeout (seconds) that triggers memory processing.
" } }, "documentation":"Trigger configuration based on time.
" }, "TimeBasedTriggerInputIdleSessionTimeoutInteger":{ "type":"integer", "box":true, "max":3000, "min":10 }, "Timestamp":{"type":"timestamp"}, "TokenAuthMethod":{ "type":"string", "pattern":"(client_secret_post|client_secret_basic)" }, "TokenBasedTrigger":{ "type":"structure", "members":{ "tokenCount":{ "shape":"Integer", "documentation":"Number of tokens that trigger memory processing.
" } }, "documentation":"Trigger configuration based on tokens.
" }, "TokenBasedTriggerInput":{ "type":"structure", "members":{ "tokenCount":{ "shape":"TokenBasedTriggerInputTokenCountInteger", "documentation":"Number of tokens that trigger memory processing.
" } }, "documentation":"Trigger configuration based on tokens.
" }, "TokenBasedTriggerInputTokenCountInteger":{ "type":"integer", "box":true, "max":500000, "min":100 }, "TokenEndpointAuthMethodsType":{ "type":"list", "member":{"shape":"TokenAuthMethod"}, "max":2, "min":1 }, "TokenEndpointType":{"type":"string"}, "TokenExchangeGrantTypeConfigType":{ "type":"structure", "required":["actorTokenContent"], "members":{ "actorTokenContent":{ "shape":"ActorTokenContentType", "documentation":"The content type for the actor token in the token exchange.
" }, "actorTokenScopes":{ "shape":"ScopesListType", "documentation":"The scopes for the actor token. Only valid when actorTokenContent is M2M.
" } }, "documentation":"Configuration for RFC 8693 token exchange.
" }, "TokenVaultIdType":{ "type":"string", "max":64, "min":1, "pattern":"[a-zA-Z0-9\\-_]+" }, "ToolDefinition":{ "type":"structure", "required":[ "name", "description", "inputSchema" ], "members":{ "name":{ "shape":"String", "documentation":"The name of the tool. This name identifies the tool in the Model Context Protocol.
" }, "description":{ "shape":"String", "documentation":"The description of the tool. This description provides information about the purpose and usage of the tool.
" }, "inputSchema":{ "shape":"SchemaDefinition", "documentation":"The input schema for the tool. This schema defines the structure of the input that the tool accepts.
" }, "outputSchema":{ "shape":"SchemaDefinition", "documentation":"The output schema for the tool. This schema defines the structure of the output that the tool produces.
" } }, "documentation":"A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
" }, "ToolDefinitions":{ "type":"list", "member":{"shape":"ToolDefinition"} }, "ToolSchema":{ "type":"structure", "members":{ "s3":{ "shape":"S3Configuration", "documentation":"The Amazon S3 location of the tool schema. This location contains the schema definition file.
" }, "inlinePayload":{ "shape":"ToolDefinitions", "documentation":"The inline payload of the tool schema. This payload contains the schema definition directly in the request.
" } }, "documentation":"A tool schema for a gateway target. This structure defines the schema for a tool that the target exposes through the Model Context Protocol.
", "union":true }, "ToolSecretArn":{ "type":"string", "pattern":"arn:aws(-[a-z-]+)?:secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:[a-zA-Z0-9/_+=.@-]+" }, "ToolsDefinition":{ "type":"structure", "members":{ "protocolVersion":{ "shape":"SchemaVersion", "documentation":"The protocol version of the tools definition based on the MCP protocol specification. If not specified, the version is auto-detected from the content.
" }, "inlineContent":{ "shape":"InlineContent", "documentation":"The JSON content containing the MCP tools definition, conforming to the MCP protocol specification.
" } }, "documentation":"The tools definition for an MCP descriptor. Contains the protocol version and inline content describing the available tools.
" }, "TopK":{ "type":"integer", "box":true, "max":500, "min":0 }, "TopP":{ "type":"float", "box":true, "max":1.0, "min":0.0 }, "TrafficSplitEntries":{ "type":"list", "member":{"shape":"TrafficSplitEntry"}, "max":2, "min":2 }, "TrafficSplitEntry":{ "type":"structure", "required":[ "name", "weight", "configurationBundle" ], "members":{ "name":{ "shape":"TrafficSplitEntryNameString", "documentation":"The name of this traffic split variant.
" }, "weight":{ "shape":"TrafficSplitEntryWeightInteger", "documentation":"The percentage of traffic to route to this variant. Weights across all entries must sum to 100.
" }, "configurationBundle":{ "shape":"ConfigurationBundleReference", "documentation":"The configuration bundle reference for this variant.
" }, "description":{ "shape":"TrafficSplitEntryDescriptionString", "documentation":"The description of this traffic split variant.
" }, "metadata":{ "shape":"TrafficSplitMetadataMap", "documentation":"Key-value metadata associated with this traffic split variant.
" } }, "documentation":"An entry in a traffic split configuration, defining a named variant with a weight and configuration bundle reference.
" }, "TrafficSplitEntryDescriptionString":{ "type":"string", "max":200, "min":1 }, "TrafficSplitEntryNameString":{ "type":"string", "max":64, "min":1, "pattern":"[a-zA-Z0-9]([a-zA-Z0-9-]{0,62}[a-zA-Z0-9])?" }, "TrafficSplitEntryWeightInteger":{ "type":"integer", "box":true, "max":99, "min":1 }, "TrafficSplitMetadataKey":{ "type":"string", "max":128, "min":1 }, "TrafficSplitMetadataMap":{ "type":"map", "key":{"shape":"TrafficSplitMetadataKey"}, "value":{"shape":"TrafficSplitMetadataValue"}, "max":25, "min":0 }, "TrafficSplitMetadataValue":{ "type":"string", "max":256, "min":1 }, "TriggerCondition":{ "type":"structure", "members":{ "messageBasedTrigger":{ "shape":"MessageBasedTrigger", "documentation":"Message based trigger configuration.
" }, "tokenBasedTrigger":{ "shape":"TokenBasedTrigger", "documentation":"Token based trigger configuration.
" }, "timeBasedTrigger":{ "shape":"TimeBasedTrigger", "documentation":"Time based trigger configuration.
" } }, "documentation":"Condition that triggers memory processing.
", "union":true }, "TriggerConditionInput":{ "type":"structure", "members":{ "messageBasedTrigger":{ "shape":"MessageBasedTriggerInput", "documentation":"Message based trigger configuration.
" }, "tokenBasedTrigger":{ "shape":"TokenBasedTriggerInput", "documentation":"Token based trigger configuration.
" }, "timeBasedTrigger":{ "shape":"TimeBasedTriggerInput", "documentation":"Time based trigger configuration.
" } }, "documentation":"Condition that triggers memory processing.
", "union":true }, "TriggerConditionInputList":{ "type":"list", "member":{"shape":"TriggerConditionInput"}, "min":1 }, "TriggerConditionsList":{ "type":"list", "member":{"shape":"TriggerCondition"}, "min":1 }, "UnauthorizedException":{ "type":"structure", "members":{ "message":{"shape":"NonBlankString"} }, "documentation":"This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access
", "error":{ "httpStatusCode":401, "senderFault":true }, "exception":true }, "Unit":{ "type":"structure", "members":{} }, "UntagResourceRequest":{ "type":"structure", "required":[ "resourceArn", "tagKeys" ], "members":{ "resourceArn":{ "shape":"TaggableResourcesArn", "documentation":"The Amazon Resource Name (ARN) of the resource that you want to untag.
", "location":"uri", "locationName":"resourceArn" }, "tagKeys":{ "shape":"TagKeyList", "documentation":"The tag keys of the tags to remove from the resource.
", "location":"querystring", "locationName":"tagKeys" } } }, "UntagResourceResponse":{ "type":"structure", "members":{} }, "UpdateAgentRuntimeEndpointRequest":{ "type":"structure", "required":[ "agentRuntimeId", "endpointName" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime associated with the endpoint.
", "location":"uri", "locationName":"agentRuntimeId" }, "endpointName":{ "shape":"EndpointName", "documentation":"The name of the AgentCore Runtime endpoint to update.
", "location":"uri", "locationName":"endpointName" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The updated version of the AgentCore Runtime for the endpoint.
" }, "description":{ "shape":"AgentEndpointDescription", "documentation":"The updated description of the AgentCore Runtime endpoint.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true } } }, "UpdateAgentRuntimeEndpointResponse":{ "type":"structure", "required":[ "agentRuntimeEndpointArn", "agentRuntimeArn", "status", "createdAt", "lastUpdatedAt" ], "members":{ "liveVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The currently deployed version of the AgentCore Runtime on the endpoint.
" }, "targetVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The target version of the AgentCore Runtime for the endpoint.
" }, "agentRuntimeEndpointArn":{ "shape":"AgentRuntimeEndpointArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.
" }, "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the AgentCore Runtime.
" }, "status":{ "shape":"AgentRuntimeEndpointStatus", "documentation":"The current status of the updated AgentCore Runtime endpoint.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime endpoint was last updated.
" } } }, "UpdateAgentRuntimeRequest":{ "type":"structure", "required":[ "agentRuntimeId", "agentRuntimeArtifact", "roleArn", "networkConfiguration" ], "members":{ "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the AgentCore Runtime to update.
", "location":"uri", "locationName":"agentRuntimeId" }, "agentRuntimeArtifact":{ "shape":"AgentRuntimeArtifact", "documentation":"The updated artifact of the AgentCore Runtime.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The updated IAM role ARN that provides permissions for the AgentCore Runtime.
" }, "networkConfiguration":{ "shape":"NetworkConfiguration", "documentation":"The updated network configuration for the AgentCore Runtime.
" }, "description":{ "shape":"Description", "documentation":"The updated description of the AgentCore Runtime.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The updated authorizer configuration for the AgentCore Runtime.
" }, "requestHeaderConfiguration":{ "shape":"RequestHeaderConfiguration", "documentation":"The updated configuration for HTTP request headers that will be passed through to the runtime.
" }, "protocolConfiguration":{"shape":"ProtocolConfiguration"}, "lifecycleConfiguration":{ "shape":"LifecycleConfiguration", "documentation":"The updated life cycle configuration for the AgentCore Runtime.
" }, "metadataConfiguration":{ "shape":"RuntimeMetadataConfiguration", "documentation":"The updated configuration for microVM Metadata Service (MMDS) settings for the AgentCore Runtime.
" }, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Updated environment variables to set in the AgentCore Runtime environment.
" }, "filesystemConfigurations":{ "shape":"FilesystemConfigurations", "documentation":"The updated filesystem configurations to mount into the AgentCore Runtime.
" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true } } }, "UpdateAgentRuntimeResponse":{ "type":"structure", "required":[ "agentRuntimeArn", "agentRuntimeId", "agentRuntimeVersion", "createdAt", "lastUpdatedAt", "status" ], "members":{ "agentRuntimeArn":{ "shape":"AgentRuntimeArn", "documentation":"The Amazon Resource Name (ARN) of the updated AgentCore Runtime.
" }, "agentRuntimeId":{ "shape":"AgentRuntimeId", "documentation":"The unique identifier of the updated AgentCore Runtime.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the updated AgentCore Runtime.
" }, "agentRuntimeVersion":{ "shape":"AgentRuntimeVersion", "documentation":"The version of the updated AgentCore Runtime.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was created.
" }, "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the AgentCore Runtime was last updated.
" }, "status":{ "shape":"AgentRuntimeStatus", "documentation":"The current status of the updated AgentCore Runtime.
" } } }, "UpdateApiKeyCredentialProviderRequest":{ "type":"structure", "required":[ "name", "apiKey" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider to update.
" }, "apiKey":{ "shape":"ApiKeyType", "documentation":"The new API key to use for authentication. This value replaces the existing API key and is encrypted and stored securely.
" } } }, "UpdateApiKeyCredentialProviderResponse":{ "type":"structure", "required":[ "apiKeySecretArn", "name", "credentialProviderArn", "createdTime", "lastUpdatedTime" ], "members":{ "apiKeySecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the API key credential provider.
" }, "credentialProviderArn":{ "shape":"ApiKeyCredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the API key credential provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the API key credential provider was last updated.
" } } }, "UpdateConfigurationBundleRequest":{ "type":"structure", "required":["bundleId"], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the configuration bundle to update.
", "location":"uri", "locationName":"bundleId" }, "bundleName":{ "shape":"ConfigurationBundleName", "documentation":"The updated name for the configuration bundle.
" }, "description":{ "shape":"ConfigurationBundleDescription", "documentation":"The updated description for the configuration bundle.
" }, "components":{ "shape":"ComponentConfigurationMap", "documentation":"The updated component configurations. Creates a new version of the bundle.
" }, "parentVersionIds":{ "shape":"ConfigurationBundleVersionList", "documentation":"A list of parent version identifiers for lineage tracking. Regular commits have a single parent. Merge commits have two parents: the target branch parent and the source branch parent. If the branch already exists, the first parent must be the latest version on that branch.
" }, "branchName":{ "shape":"BranchName", "documentation":"The branch name for this version. If not specified, inherits the parent's branch or defaults to mainline.
A commit message describing the changes in this version.
" }, "createdBy":{ "shape":"VersionCreatedBySource", "documentation":"The source that created this version, including the source name and optional ARN.
" } } }, "UpdateConfigurationBundleRequestCommitMessageString":{ "type":"string", "max":500, "min":1 }, "UpdateConfigurationBundleResponse":{ "type":"structure", "required":[ "bundleArn", "bundleId", "versionId", "updatedAt" ], "members":{ "bundleArn":{ "shape":"ConfigurationBundleArn", "documentation":"The Amazon Resource Name (ARN) of the updated configuration bundle.
" }, "bundleId":{ "shape":"ConfigurationBundleId", "documentation":"The unique identifier of the updated configuration bundle.
" }, "versionId":{ "shape":"ConfigurationBundleVersion", "documentation":"The new version identifier created by this update.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the configuration bundle was updated.
" } } }, "UpdateEvaluatorRequest":{ "type":"structure", "required":["evaluatorId"], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the evaluator to update.
", "location":"uri", "locationName":"evaluatorId" }, "description":{ "shape":"EvaluatorDescription", "documentation":"The updated description of the evaluator.
" }, "evaluatorConfig":{ "shape":"EvaluatorConfig", "documentation":"The updated configuration for the evaluator. Specify either LLM-as-a-Judge settings with instructions, rating scale, and model configuration, or code-based settings with a customer-managed Lambda function.
" }, "level":{ "shape":"EvaluatorLevel", "documentation":" The updated evaluation level (TOOL_CALL, TRACE, or SESSION) that determines the scope of evaluation.
The Amazon Resource Name (ARN) of a customer managed KMS key to use for encrypting sensitive evaluator data. Specify a new key ARN to rotate the encryption key, or specify a key ARN to add encryption to an evaluator that was previously created without one. When you rotate to a new key, the service decrypts the existing data with the old key and re-encrypts it with the new key. Only symmetric encryption KMS keys are supported. For more information, see Encryption at rest for AgentCore Evaluations.
" } } }, "UpdateEvaluatorResponse":{ "type":"structure", "required":[ "evaluatorArn", "evaluatorId", "updatedAt", "status" ], "members":{ "evaluatorArn":{ "shape":"EvaluatorArn", "documentation":"The Amazon Resource Name (ARN) of the updated evaluator.
" }, "evaluatorId":{ "shape":"EvaluatorId", "documentation":"The unique identifier of the updated evaluator.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the evaluator was last updated.
" }, "status":{ "shape":"EvaluatorStatus", "documentation":"The status of the evaluator update operation.
" } } }, "UpdateGatewayRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "name", "roleArn", "authorizerType" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The identifier of the gateway to update.
", "location":"uri", "locationName":"gatewayIdentifier" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway. This name must be the same as the one when the gateway was created.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The updated description for the gateway.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The updated IAM role ARN that provides permissions for the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The updated protocol type for the gateway.
" }, "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, "authorizerType":{ "shape":"AuthorizerType", "documentation":"The updated authorizer type for the gateway.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The updated authorizer configuration for the gateway.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The updated ARN of the KMS key used to encrypt the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"The updated interceptor configurations for the gateway.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The updated policy engine configuration for the gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The Amazon Resource Name (ARN) of the updated gateway.
" }, "gatewayId":{ "shape":"GatewayId", "documentation":"The unique identifier of the updated gateway.
" }, "gatewayUrl":{ "shape":"GatewayUrl", "documentation":"An endpoint for invoking the updated gateway.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway was last updated.
" }, "status":{ "shape":"GatewayStatus", "documentation":"The current status of the updated gateway.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the updated gateway.
" }, "name":{ "shape":"GatewayName", "documentation":"The name of the gateway.
" }, "description":{ "shape":"GatewayDescription", "documentation":"The updated description of the gateway.
" }, "roleArn":{ "shape":"RoleArn", "documentation":"The updated IAM role ARN that provides permissions for the gateway.
" }, "protocolType":{ "shape":"GatewayProtocolType", "documentation":"The updated protocol type for the gateway.
" }, "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, "authorizerType":{ "shape":"AuthorizerType", "documentation":"The updated authorizer type for the gateway.
" }, "authorizerConfiguration":{ "shape":"AuthorizerConfiguration", "documentation":"The updated authorizer configuration for the gateway.
" }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"The updated ARN of the KMS key used to encrypt the gateway.
" }, "interceptorConfigurations":{ "shape":"GatewayInterceptorConfigurations", "documentation":"The updated interceptor configurations for the gateway.
" }, "policyEngineConfiguration":{ "shape":"GatewayPolicyEngineConfiguration", "documentation":"The updated policy engine configuration for the gateway.
" }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the updated gateway.
" }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The identifier of the gateway containing the rule.
", "location":"uri", "locationName":"gatewayIdentifier" }, "ruleId":{ "shape":"GatewayRuleId", "documentation":"The unique identifier of the rule to update.
", "location":"uri", "locationName":"ruleId" }, "priority":{ "shape":"GatewayRulePriority", "documentation":"The updated priority of the rule.
" }, "conditions":{ "shape":"Conditions", "documentation":"The updated conditions for the rule.
" }, "actions":{ "shape":"Actions", "documentation":"The updated actions for the rule.
" }, "description":{ "shape":"GatewayRuleDescription", "documentation":"The updated description of the rule.
" } } }, "UpdateGatewayRuleResponse":{ "type":"structure", "required":[ "ruleId", "gatewayArn", "priority", "actions", "createdAt", "status" ], "members":{ "ruleId":{ "shape":"GatewayRuleId", "documentation":"The unique identifier of the gateway rule.
" }, "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway that the rule belongs to.
" }, "priority":{ "shape":"GatewayRulePriority", "documentation":"The priority of the rule. Rules are evaluated in order of priority, with lower numbers evaluated first.
" }, "conditions":{ "shape":"Conditions", "documentation":"The conditions that must be met for the rule to apply.
" }, "actions":{ "shape":"Actions", "documentation":"The actions to take when the rule conditions are met.
" }, "description":{ "shape":"GatewayRuleDescription", "documentation":"The description of the gateway rule.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the rule was created.
" }, "status":{ "shape":"GatewayRuleStatus", "documentation":"The current status of the rule.
" }, "system":{ "shape":"SystemManagedBlock", "documentation":"System-managed metadata for rules created by automated processes.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the rule was last updated.
" } }, "documentation":"Create response excludes updatedAt (redundant on create). Get/Update responses include it via their own output structures.
" }, "UpdateGatewayTargetRequest":{ "type":"structure", "required":[ "gatewayIdentifier", "targetId", "name", "targetConfiguration" ], "members":{ "gatewayIdentifier":{ "shape":"GatewayIdentifier", "documentation":"The unique identifier of the gateway associated with the target.
", "location":"uri", "locationName":"gatewayIdentifier" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the gateway target to update.
", "location":"uri", "locationName":"targetId" }, "name":{ "shape":"TargetName", "documentation":"The updated name for the gateway target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The updated description for the gateway target.
" }, "targetConfiguration":{"shape":"TargetConfiguration"}, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The updated credential provider configurations for the gateway target.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"Configuration for HTTP header and query parameter propagation to the gateway target.
" }, "privateEndpoint":{ "shape":"PrivateEndpoint", "documentation":"The private endpoint configuration for the gateway target. Use this to connect the gateway to private resources in your VPC.
" } } }, "UpdateGatewayTargetResponse":{ "type":"structure", "required":[ "gatewayArn", "targetId", "createdAt", "updatedAt", "status", "name", "targetConfiguration", "credentialProviderConfigurations" ], "members":{ "gatewayArn":{ "shape":"GatewayArn", "documentation":"The Amazon Resource Name (ARN) of the gateway.
" }, "targetId":{ "shape":"TargetId", "documentation":"The unique identifier of the updated gateway target.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway target was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the gateway target was last updated.
" }, "status":{ "shape":"TargetStatus", "documentation":"The current status of the updated gateway target.
" }, "statusReasons":{ "shape":"StatusReasons", "documentation":"The reasons for the current status of the updated gateway target.
" }, "name":{ "shape":"TargetName", "documentation":"The updated name of the gateway target.
" }, "description":{ "shape":"TargetDescription", "documentation":"The updated description of the gateway target.
" }, "targetConfiguration":{"shape":"TargetConfiguration"}, "credentialProviderConfigurations":{ "shape":"CredentialProviderConfigurations", "documentation":"The updated credential provider configurations for the gateway target.
" }, "lastSynchronizedAt":{ "shape":"DateTimestamp", "documentation":"The date and time at which the targets were last synchronized.
" }, "metadataConfiguration":{ "shape":"MetadataConfiguration", "documentation":"The metadata configuration that was applied to the gateway target.
" }, "privateEndpoint":{ "shape":"PrivateEndpoint", "documentation":"The private endpoint configuration for the gateway target.
" }, "privateEndpointManagedResources":{ "shape":"PrivateEndpointManagedResources", "documentation":"The managed resources created by the gateway for private endpoint connectivity.
" }, "authorizationData":{ "shape":"AuthorizationData", "documentation":"OAuth2 authorization data for the updated gateway target. This data is returned when a target is configured with a credential provider with authorization code grant type and requires user federation.
" }, "protocolType":{ "shape":"TargetProtocolType", "documentation":"The protocol type of the updated gateway target.
" } } }, "UpdateHarnessRequest":{ "type":"structure", "required":["harnessId"], "members":{ "harnessId":{ "shape":"HarnessId", "documentation":"The ID of the harness to update.
", "location":"uri", "locationName":"harnessId" }, "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", "idempotencyToken":true }, "executionRoleArn":{ "shape":"RoleArn", "documentation":"The ARN of the IAM role that the harness assumes when running. If not specified, the existing value is retained.
" }, "environment":{ "shape":"HarnessEnvironmentProviderRequest", "documentation":"The compute environment configuration for the harness. If not specified, the existing value is retained.
" }, "environmentArtifact":{ "shape":"UpdatedHarnessEnvironmentArtifact", "documentation":"The environment artifact for the harness. Use the optionalValue wrapper to set a new value, or set it to null to clear the existing configuration.
" }, "environmentVariables":{ "shape":"EnvironmentVariablesMap", "documentation":"Environment variables to set in the harness runtime environment. If specified, this replaces all existing environment variables. If not specified, the existing value is retained.
" }, "authorizerConfiguration":{"shape":"UpdatedAuthorizerConfiguration"}, "model":{ "shape":"HarnessModelConfiguration", "documentation":"The model configuration for the harness. If not specified, the existing value is retained.
" }, "systemPrompt":{ "shape":"HarnessSystemPrompt", "documentation":"The system prompt that defines the agent's behavior. If not specified, the existing value is retained.
" }, "tools":{ "shape":"HarnessTools", "documentation":"The tools available to the agent. If specified, this replaces all existing tools. If not specified, the existing value is retained.
" }, "skills":{ "shape":"HarnessSkills", "documentation":"The skills available to the agent. If specified, this replaces all existing skills. If not specified, the existing value is retained.
" }, "allowedTools":{ "shape":"HarnessAllowedTools", "documentation":"The tools that the agent is allowed to use. If specified, this replaces all existing allowed tools. If not specified, the existing value is retained.
" }, "memory":{ "shape":"UpdatedHarnessMemoryConfiguration", "documentation":"The AgentCore Memory configuration. Use the optionalValue wrapper to set a new value, or set it to null to clear the existing configuration.
" }, "truncation":{ "shape":"HarnessTruncationConfiguration", "documentation":"The truncation configuration for managing conversation context. If not specified, the existing value is retained.
" }, "maxIterations":{ "shape":"Integer", "documentation":"The maximum number of iterations the agent loop can execute per invocation. If not specified, the existing value is retained.
" }, "maxTokens":{ "shape":"Integer", "documentation":"The maximum total number of output tokens the agent can generate across all model calls within a single invocation. If not specified, the existing value is retained.
" }, "timeoutSeconds":{ "shape":"Integer", "documentation":"The maximum duration in seconds for the agent loop execution per invocation. If not specified, the existing value is retained.
" } } }, "UpdateHarnessResponse":{ "type":"structure", "required":["harness"], "members":{ "harness":{ "shape":"Harness", "documentation":"The updated harness.
" } } }, "UpdateMemoryInput":{ "type":"structure", "required":["memoryId"], "members":{ "clientToken":{ "shape":"UpdateMemoryInputClientTokenString", "documentation":"A client token is used for keeping track of idempotent requests. It can contain a session id which can be around 250 chars, combined with a unique AWS identifier.
", "idempotencyToken":true }, "memoryId":{ "shape":"MemoryId", "documentation":"The unique identifier of the memory to update.
", "location":"uri", "locationName":"memoryId" }, "description":{ "shape":"Description", "documentation":"The updated description of the AgentCore Memory resource.
" }, "eventExpiryDuration":{ "shape":"UpdateMemoryInputEventExpiryDurationInteger", "documentation":"The number of days after which memory events will expire, between 7 and 365 days.
" }, "memoryExecutionRoleArn":{ "shape":"Arn", "documentation":"The ARN of the IAM role that provides permissions for the AgentCore Memory resource.
" }, "memoryStrategies":{ "shape":"ModifyMemoryStrategies", "documentation":"The memory strategies to add, modify, or delete.
" }, "addIndexedKeys":{ "shape":"IndexedKeysList", "documentation":"Additional metadata keys to index. Previously indexed keys cannot be removed.
" }, "streamDeliveryResources":{ "shape":"StreamDeliveryResources", "documentation":"Configuration for streaming memory record data to external resources.
" } } }, "UpdateMemoryInputClientTokenString":{ "type":"string", "max":500, "min":0 }, "UpdateMemoryInputEventExpiryDurationInteger":{ "type":"integer", "box":true, "max":365, "min":3 }, "UpdateMemoryOutput":{ "type":"structure", "members":{ "memory":{ "shape":"Memory", "documentation":"The updated AgentCore Memory resource details.
" } } }, "UpdateOauth2CredentialProviderRequest":{ "type":"structure", "required":[ "name", "credentialProviderVendor", "oauth2ProviderConfigInput" ], "members":{ "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider to update.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider.
" }, "oauth2ProviderConfigInput":{ "shape":"Oauth2ProviderConfigInput", "documentation":"The configuration input for the OAuth2 provider.
" } } }, "UpdateOauth2CredentialProviderResponse":{ "type":"structure", "required":[ "clientSecretArn", "name", "credentialProviderVendor", "credentialProviderArn", "oauth2ProviderConfigOutput", "createdTime", "lastUpdatedTime" ], "members":{ "clientSecretArn":{ "shape":"Secret", "documentation":"The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
" }, "name":{ "shape":"CredentialProviderName", "documentation":"The name of the OAuth2 credential provider.
" }, "credentialProviderVendor":{ "shape":"CredentialProviderVendorType", "documentation":"The vendor of the OAuth2 credential provider.
" }, "credentialProviderArn":{ "shape":"CredentialProviderArnType", "documentation":"The Amazon Resource Name (ARN) of the OAuth2 credential provider.
" }, "callbackUrl":{ "shape":"String", "documentation":"Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
" }, "oauth2ProviderConfigOutput":{ "shape":"Oauth2ProviderConfigOutput", "documentation":"The configuration output for the OAuth2 provider.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the OAuth2 credential provider was last updated.
" }, "status":{ "shape":"Status", "documentation":"The current status of the OAuth2 credential provider.
" } } }, "UpdateOnlineEvaluationConfigRequest":{ "type":"structure", "required":["onlineEvaluationConfigId"], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
", "idempotencyToken":true }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the online evaluation configuration to update.
", "location":"uri", "locationName":"onlineEvaluationConfigId" }, "description":{ "shape":"EvaluationConfigDescription", "documentation":"The updated description of the online evaluation configuration.
" }, "rule":{ "shape":"Rule", "documentation":"The updated evaluation rule containing sampling configuration, filters, and session settings.
" }, "dataSourceConfig":{ "shape":"DataSourceConfig", "documentation":"The updated data source configuration specifying CloudWatch log groups and service names to monitor.
" }, "evaluators":{ "shape":"EvaluatorList", "documentation":"The updated list of evaluators to apply during online evaluation.
" }, "evaluationExecutionRoleArn":{ "shape":"RoleArn", "documentation":"The updated Amazon Resource Name (ARN) of the IAM role used for evaluation execution.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The updated execution status to enable or disable the online evaluation.
" } } }, "UpdateOnlineEvaluationConfigResponse":{ "type":"structure", "required":[ "onlineEvaluationConfigArn", "onlineEvaluationConfigId", "updatedAt", "status", "executionStatus" ], "members":{ "onlineEvaluationConfigArn":{ "shape":"OnlineEvaluationConfigArn", "documentation":"The Amazon Resource Name (ARN) of the updated online evaluation configuration.
" }, "onlineEvaluationConfigId":{ "shape":"OnlineEvaluationConfigId", "documentation":"The unique identifier of the updated online evaluation configuration.
" }, "updatedAt":{ "shape":"Timestamp", "documentation":"The timestamp when the online evaluation configuration was last updated.
" }, "status":{ "shape":"OnlineEvaluationConfigStatus", "documentation":"The status of the online evaluation configuration.
" }, "executionStatus":{ "shape":"OnlineEvaluationExecutionStatus", "documentation":"The execution status indicating whether the online evaluation is currently running.
" }, "failureReason":{ "shape":"String", "documentation":"The reason for failure if the online evaluation configuration update or execution failed.
" } } }, "UpdatePolicyEngineRequest":{ "type":"structure", "required":["policyEngineId"], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy engine to be updated.
", "location":"uri", "locationName":"policyEngineId" }, "description":{ "shape":"UpdatedDescription", "documentation":"The new description for the policy engine.
" } } }, "UpdatePolicyEngineResponse":{ "type":"structure", "required":[ "policyEngineId", "name", "createdAt", "updatedAt", "policyEngineArn", "status", "statusReasons" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The unique identifier of the updated policy engine.
" }, "name":{ "shape":"PolicyEngineName", "documentation":"The name of the updated policy engine.
" }, "description":{ "shape":"Description", "documentation":"The updated description of the policy engine.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The original creation timestamp of the policy engine.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy engine was last updated.
" }, "policyEngineArn":{ "shape":"PolicyEngineArn", "documentation":"The ARN of the updated policy engine.
" }, "status":{ "shape":"PolicyEngineStatus", "documentation":"The current status of the updated policy engine.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the update status.
" }, "encryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.
" } } }, "UpdatePolicyRequest":{ "type":"structure", "required":[ "policyEngineId", "policyId" ], "members":{ "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine that manages the policy to be updated. This ensures the policy is updated within the correct policy engine context.
", "location":"uri", "locationName":"policyEngineId" }, "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the policy to be updated. This must be a valid policy ID that exists within the specified policy engine.
", "location":"uri", "locationName":"policyId" }, "description":{ "shape":"UpdatedDescription", "documentation":"The new human-readable description for the policy. This optional field allows updating the policy's documentation while keeping the same policy logic.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The new Cedar policy statement that defines the access control rules. This replaces the existing policy definition with new logic while maintaining the policy's identity.
" }, "validationMode":{ "shape":"PolicyValidationMode", "documentation":"The validation mode for the policy update. Determines how Cedar analyzer validation results are handled during policy updates. FAIL_ON_ANY_FINDINGS runs the Cedar analyzer and fails the update if validation issues are detected, ensuring the policy conforms to the Cedar schema and tool context. IGNORE_ALL_FINDINGS runs the Cedar analyzer but allows updates despite validation warnings. Use FAIL_ON_ANY_FINDINGS to ensure policy correctness during updates, especially when modifying policy logic or conditions.
" } } }, "UpdatePolicyResponse":{ "type":"structure", "required":[ "policyId", "name", "policyEngineId", "definition", "createdAt", "updatedAt", "policyArn", "status", "statusReasons" ], "members":{ "policyId":{ "shape":"ResourceId", "documentation":"The unique identifier of the updated policy.
" }, "name":{ "shape":"PolicyName", "documentation":"The name of the updated policy.
" }, "policyEngineId":{ "shape":"ResourceId", "documentation":"The identifier of the policy engine managing the updated policy.
" }, "definition":{ "shape":"PolicyDefinition", "documentation":"The updated Cedar policy statement.
" }, "description":{ "shape":"Description", "documentation":"The updated description of the policy.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The original creation timestamp of the policy.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the policy was last updated.
" }, "policyArn":{ "shape":"PolicyArn", "documentation":"The ARN of the updated policy.
" }, "status":{ "shape":"PolicyStatus", "documentation":"The current status of the updated policy.
" }, "statusReasons":{ "shape":"PolicyStatusReasons", "documentation":"Additional information about the update status.
" } } }, "UpdateRegistryRecordRequest":{ "type":"structure", "required":[ "registryId", "recordId" ], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry containing the record. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" }, "recordId":{ "shape":"RecordIdentifier", "documentation":"The identifier of the registry record to update. You can specify either the Amazon Resource Name (ARN) or the ID of the record.
", "location":"uri", "locationName":"recordId" }, "name":{ "shape":"RegistryRecordName", "documentation":"The updated name for the registry record.
" }, "description":{ "shape":"UpdatedDescription", "documentation":"The updated description for the registry record. To clear the description, include the UpdatedDescription wrapper with optionalValue not specified.
The updated descriptor type for the registry record. Changing the descriptor type may require updating the descriptors field to match the new type's schema requirements.
The updated descriptor-type-specific configuration containing the resource schema and metadata. Uses PATCH semantics where individual descriptor fields can be updated independently.
" }, "recordVersion":{ "shape":"RegistryRecordVersion", "documentation":"The version of the registry record for optimistic locking. If provided, it must match the current version of the record. The service automatically increments the version after a successful update.
" }, "synchronizationType":{ "shape":"UpdatedSynchronizationType", "documentation":"The updated synchronization type for the registry record.
" }, "synchronizationConfiguration":{ "shape":"UpdatedSynchronizationConfiguration", "documentation":"The updated synchronization configuration for the registry record.
" }, "triggerSynchronization":{ "shape":"Boolean", "documentation":"Whether to trigger synchronization using the stored or provided configuration. When set to true, the service will synchronize the record metadata from the configured external source.
The Amazon Resource Name (ARN) of the registry that contains the updated record.
" }, "recordArn":{ "shape":"RegistryRecordArn", "documentation":"The Amazon Resource Name (ARN) of the updated registry record.
" }, "recordId":{ "shape":"RegistryRecordId", "documentation":"The unique identifier of the updated registry record.
" }, "name":{ "shape":"RegistryRecordName", "documentation":"The name of the updated registry record.
" }, "description":{ "shape":"Description", "documentation":"The description of the updated registry record.
" }, "descriptorType":{ "shape":"DescriptorType", "documentation":"The descriptor type of the updated registry record. Possible values are MCP, A2A, CUSTOM, and AGENT_SKILLS.
The descriptor-type-specific configuration of the updated registry record. For details, see the Descriptors data type.
The version of the updated registry record.
" }, "status":{ "shape":"RegistryRecordStatus", "documentation":"The current status of the updated registry record. Possible values include CREATING, DRAFT, APPROVED, PENDING_APPROVAL, REJECTED, DEPRECATED, UPDATING, CREATE_FAILED, and UPDATE_FAILED.
The timestamp when the registry record was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry record was last updated.
" }, "statusReason":{ "shape":"String", "documentation":"The reason for the current status of the updated registry record.
" }, "synchronizationType":{ "shape":"SynchronizationType", "documentation":"The synchronization type of the updated registry record.
" }, "synchronizationConfiguration":{ "shape":"SynchronizationConfiguration", "documentation":"The synchronization configuration of the updated registry record.
" } } }, "UpdateRegistryRecordStatusRequest":{ "type":"structure", "required":[ "registryId", "recordId", "status", "statusReason" ], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry containing the record. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" }, "recordId":{ "shape":"RecordIdentifier", "documentation":"The identifier of the registry record to update the status for. You can specify either the Amazon Resource Name (ARN) or the ID of the record.
", "location":"uri", "locationName":"recordId" }, "status":{ "shape":"RegistryRecordStatus", "documentation":"The target status for the registry record.
" }, "statusReason":{ "shape":"UpdateRegistryRecordStatusRequestStatusReasonString", "documentation":"The reason for the status change, such as why the record was approved or rejected.
" } } }, "UpdateRegistryRecordStatusRequestStatusReasonString":{ "type":"string", "max":255, "min":0 }, "UpdateRegistryRecordStatusResponse":{ "type":"structure", "required":[ "registryArn", "recordArn", "recordId", "status", "statusReason", "updatedAt" ], "members":{ "registryArn":{ "shape":"RegistryArn", "documentation":"The Amazon Resource Name (ARN) of the registry that contains the record.
" }, "recordArn":{ "shape":"RegistryRecordArn", "documentation":"The Amazon Resource Name (ARN) of the registry record.
" }, "recordId":{ "shape":"RegistryRecordId", "documentation":"The unique identifier of the registry record.
" }, "status":{ "shape":"RegistryRecordStatus", "documentation":"The resulting status of the registry record.
" }, "statusReason":{ "shape":"String", "documentation":"The reason for the status change.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the record was last updated.
" } } }, "UpdateRegistryRequest":{ "type":"structure", "required":["registryId"], "members":{ "registryId":{ "shape":"RegistryIdentifier", "documentation":"The identifier of the registry to update. You can specify either the Amazon Resource Name (ARN) or the ID of the registry.
", "location":"uri", "locationName":"registryId" }, "name":{ "shape":"RegistryName", "documentation":"The updated name of the registry.
" }, "description":{ "shape":"UpdatedDescription", "documentation":"The updated description of the registry. To clear the description, include the UpdatedDescription wrapper with optionalValue not specified.
The updated authorizer configuration for the registry. Changing the authorizer configuration can break existing consumers of the registry who are using the authorization type prior to the update.
" }, "approvalConfiguration":{ "shape":"UpdatedApprovalConfiguration", "documentation":"The updated approval configuration for registry records. The updated configuration only affects new records that move to PENDING_APPROVAL status after the change. Existing records already in PENDING_APPROVAL status are not affected.
The name of the updated registry.
" }, "description":{ "shape":"Description", "documentation":"The description of the updated registry.
" }, "registryId":{ "shape":"RegistryId", "documentation":"The unique identifier of the updated registry.
" }, "registryArn":{ "shape":"RegistryArn", "documentation":"The Amazon Resource Name (ARN) of the updated registry.
" }, "authorizerType":{ "shape":"RegistryAuthorizerType", "documentation":"The type of authorizer used by the updated registry. This controls the authorization method for the Search and Invoke APIs used by consumers.
CUSTOM_JWT - Authorize with a bearer token.
AWS_IAM - Authorize with your Amazon Web Services IAM credentials.
The authorizer configuration for the updated registry. For details, see the AuthorizerConfiguration data type.
The approval configuration for the updated registry. For details, see the ApprovalConfiguration data type.
The current status of the updated registry. Possible values include CREATING, READY, UPDATING, CREATE_FAILED, UPDATE_FAILED, DELETING, and DELETE_FAILED.
The reason for the current status of the updated registry.
" }, "createdAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry was created.
" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"The timestamp when the registry was last updated.
" } } }, "UpdateWorkloadIdentityRequest":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity to update.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The new list of allowed OAuth2 return URLs for resources associated with this workload identity. This list replaces the existing list.
" } } }, "UpdateWorkloadIdentityResponse":{ "type":"structure", "required":[ "name", "workloadIdentityArn", "createdTime", "lastUpdatedTime" ], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity.
" }, "workloadIdentityArn":{ "shape":"WorkloadIdentityArnType", "documentation":"The Amazon Resource Name (ARN) of the workload identity.
" }, "allowedResourceOauth2ReturnUrls":{ "shape":"ResourceOauth2ReturnUrlListType", "documentation":"The list of allowed OAuth2 return URLs for resources associated with this workload identity.
" }, "createdTime":{ "shape":"Timestamp", "documentation":"The timestamp when the workload identity was created.
" }, "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"The timestamp when the workload identity was last updated.
" } } }, "UpdatedA2aDescriptor":{ "type":"structure", "members":{ "optionalValue":{ "shape":"A2aDescriptor", "documentation":"The updated A2A descriptor value.
" } }, "documentation":"Wrapper for updating an A2A descriptor with PATCH semantics. When present, the A2A descriptor is replaced with the provided value. When absent, the A2A descriptor is left unchanged. To unset, include the wrapper with the value set to null.
" }, "UpdatedAgentSkillsDescriptor":{ "type":"structure", "members":{ "optionalValue":{ "shape":"UpdatedAgentSkillsDescriptorFields", "documentation":"The updated agent skills descriptor fields.
" } }, "documentation":"Wrapper for updating an agent skills descriptor with PATCH semantics. When present with a value, individual fields can be updated independently. When present with a null value, the entire agent skills descriptor is unset. When absent, the agent skills descriptor is left unchanged.
" }, "UpdatedAgentSkillsDescriptorFields":{ "type":"structure", "members":{ "skillMd":{ "shape":"UpdatedSkillMdDefinition", "documentation":"The updated skill markdown definition.
" }, "skillDefinition":{ "shape":"UpdatedSkillDefinition", "documentation":"The updated skill definition.
" } }, "documentation":"Individual agent skills descriptor fields that can be updated independently.
" }, "UpdatedApprovalConfiguration":{ "type":"structure", "members":{ "optionalValue":{ "shape":"ApprovalConfiguration", "documentation":"The updated approval configuration value. Set to null to unset the approval configuration.
Wrapper for updating an optional approval configuration field with PATCH semantics. When present in an update request, the approval configuration is replaced with the provided value. When absent, the approval configuration is left unchanged.
" }, "UpdatedAuthorizerConfiguration":{ "type":"structure", "members":{ "optionalValue":{ "shape":"AuthorizerConfiguration", "documentation":"The updated authorizer configuration value. If not specified, it will clear the current authorizer configuration of the resource.
" } }, "documentation":"Wrapper for updating an optional AuthorizerConfiguration field with PATCH semantics. When present in an update request, the authorizer configuration is replaced with optionalValue. When absent, the authorizer configuration is left unchanged. To unset, include the wrapper with optionalValue not specified.
" }, "UpdatedCustomDescriptor":{ "type":"structure", "members":{ "optionalValue":{ "shape":"CustomDescriptor", "documentation":"The updated custom descriptor value.
" } }, "documentation":"Wrapper for updating a custom descriptor with PATCH semantics. When present, the custom descriptor is replaced with the provided value. When absent, the custom descriptor is left unchanged. To unset, include the wrapper with the value set to null.
" }, "UpdatedDescription":{ "type":"structure", "members":{ "optionalValue":{ "shape":"Description", "documentation":"Represents an optional value that is used to update the human-readable description of the resource. If not specified, it will clear the current description of the resource.
" } }, "documentation":"Wrapper for updating an optional Description field with PATCH semantics. When present in an update request, the description is replaced with optionalValue. When absent, the description is left unchanged. To unset the description, include the wrapper with optionalValue not specified.
" }, "UpdatedDescriptors":{ "type":"structure", "members":{ "optionalValue":{ "shape":"UpdatedDescriptorsUnion", "documentation":"The updated descriptors value. Contains per-descriptor-type wrappers that are each independently updatable.
" } }, "documentation":"Wrapper for updating an optional descriptors field with PATCH semantics. When present with a value, individual descriptors can be updated. When present with a null value, all descriptors are unset. When absent, descriptors are left unchanged.
" }, "UpdatedDescriptorsUnion":{ "type":"structure", "members":{ "mcp":{ "shape":"UpdatedMcpDescriptor", "documentation":"The updated MCP descriptor.
" }, "a2a":{ "shape":"UpdatedA2aDescriptor", "documentation":"The updated A2A descriptor.
" }, "custom":{ "shape":"UpdatedCustomDescriptor", "documentation":"The updated custom descriptor.
" }, "agentSkills":{ "shape":"UpdatedAgentSkillsDescriptor", "documentation":"The updated agent skills descriptor.
" } }, "documentation":"Contains per-descriptor-type wrappers for updating descriptors. Each descriptor type can be updated independently.
" }, "UpdatedHarnessEnvironmentArtifact":{ "type":"structure", "members":{ "optionalValue":{ "shape":"HarnessEnvironmentArtifact", "documentation":"The updated environment artifact value, or null to clear the existing configuration.
" } }, "documentation":"Wrapper for updating the environment artifact configuration.
" }, "UpdatedHarnessMemoryConfiguration":{ "type":"structure", "members":{ "optionalValue":{ "shape":"HarnessMemoryConfiguration", "documentation":"The updated memory configuration value, or null to clear the existing configuration.
" } }, "documentation":"Wrapper for updating the memory configuration.
" }, "UpdatedMcpDescriptor":{ "type":"structure", "members":{ "optionalValue":{ "shape":"UpdatedMcpDescriptorFields", "documentation":"The updated MCP descriptor fields.
" } }, "documentation":"Wrapper for updating an MCP descriptor with PATCH semantics. When present with a value, individual MCP fields can be updated independently. When present with a null value, the entire MCP descriptor is unset. When absent, the MCP descriptor is left unchanged.
" }, "UpdatedMcpDescriptorFields":{ "type":"structure", "members":{ "server":{ "shape":"UpdatedServerDefinition", "documentation":"The updated server definition for the MCP descriptor.
" }, "tools":{ "shape":"UpdatedToolsDefinition", "documentation":"The updated tools definition for the MCP descriptor.
" } }, "documentation":"Individual MCP descriptor fields that can be updated independently.
" }, "UpdatedServerDefinition":{ "type":"structure", "members":{ "optionalValue":{ "shape":"ServerDefinition", "documentation":"The updated server definition value.
" } }, "documentation":"Wrapper for updating a server definition with PATCH semantics. When present, the server definition is replaced with the provided value. When absent, the server definition is left unchanged. To unset, include the wrapper with the value set to null.
" }, "UpdatedSkillDefinition":{ "type":"structure", "members":{ "optionalValue":{ "shape":"SkillDefinition", "documentation":"The updated skill definition value.
" } }, "documentation":"Wrapper for updating a skill definition with PATCH semantics.
" }, "UpdatedSkillMdDefinition":{ "type":"structure", "members":{ "optionalValue":{ "shape":"SkillMdDefinition", "documentation":"The updated skill markdown definition value.
" } }, "documentation":"Wrapper for updating a skill markdown definition with PATCH semantics.
" }, "UpdatedSynchronizationConfiguration":{ "type":"structure", "members":{ "optionalValue":{ "shape":"SynchronizationConfiguration", "documentation":"The updated synchronization configuration value.
" } }, "documentation":"Wrapper for updating the synchronization configuration with PATCH semantics. Must be matched with UpdatedSynchronizationType.
The updated synchronization type value.
" } }, "documentation":"Wrapper for updating the synchronization type with PATCH semantics. Must be matched with UpdatedSynchronizationConfiguration.
The updated tools definition value.
" } }, "documentation":"Wrapper for updating a tools definition with PATCH semantics. When present, the tools definition is replaced with the provided value. When absent, the tools definition is left unchanged. To unset, include the wrapper with the value set to null.
" }, "UserPreferenceConsolidationOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for user preference consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for user preference consolidation.
" } }, "documentation":"Contains user preference consolidation override configuration.
" }, "UserPreferenceExtractionOverride":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for user preference extraction.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for user preference extraction.
" } }, "documentation":"Contains user preference extraction override configuration.
" }, "UserPreferenceMemoryStrategyInput":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"Name", "documentation":"The name of the user preference memory strategy.
" }, "description":{ "shape":"Description", "documentation":"The description of the user preference memory strategy.
" }, "namespaces":{ "shape":"NamespacesList", "documentation":"The namespaces associated with the user preference memory strategy.
", "deprecated":true, "deprecatedMessage":"Use namespaceTemplates instead", "deprecatedSince":"2026-03-02" }, "namespaceTemplates":{ "shape":"NamespacesList", "documentation":"The namespaceTemplates associated with the user preference memory strategy.
" }, "memoryRecordSchema":{ "shape":"MemoryRecordSchema", "documentation":"Schema for metadata fields on records generated by this strategy.
" } }, "documentation":"Input for creating a user preference memory strategy.
" }, "UserPreferenceOverrideConfigurationInput":{ "type":"structure", "members":{ "extraction":{ "shape":"UserPreferenceOverrideExtractionConfigurationInput", "documentation":"The extraction configuration for a user preference override.
" }, "consolidation":{ "shape":"UserPreferenceOverrideConsolidationConfigurationInput", "documentation":"The consolidation configuration for a user preference override.
" } }, "documentation":"Input for user preference override configuration in a memory strategy.
" }, "UserPreferenceOverrideConsolidationConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for user preference consolidation.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for user preference consolidation.
" } }, "documentation":"Input for user preference override consolidation configuration in a memory strategy.
" }, "UserPreferenceOverrideExtractionConfigurationInput":{ "type":"structure", "required":[ "appendToPrompt", "modelId" ], "members":{ "appendToPrompt":{ "shape":"Prompt", "documentation":"The text to append to the prompt for user preference extraction.
" }, "modelId":{ "shape":"String", "documentation":"The model ID to use for user preference extraction.
" } }, "documentation":"Input for user preference override extraction configuration in a memory strategy.
" }, "Validation":{ "type":"structure", "members":{ "stringValidation":{"shape":"StringValidation"}, "stringListValidation":{"shape":"StringListValidation"}, "numberValidation":{"shape":"NumberValidation"} }, "documentation":"Validation rules for extracted metadata values. Only one type can be specified, matching the field's data type.
", "union":true }, "ValidationException":{ "type":"structure", "required":[ "message", "reason" ], "members":{ "message":{"shape":"String"}, "reason":{"shape":"ValidationExceptionReason"}, "fieldList":{"shape":"ValidationExceptionFieldList"} }, "documentation":"The input fails to satisfy the constraints specified by the service.
", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true }, "ValidationExceptionField":{ "type":"structure", "required":[ "name", "message" ], "members":{ "name":{ "shape":"String", "documentation":"The name of the field.
" }, "message":{ "shape":"String", "documentation":"A message describing why this field failed validation.
" } }, "documentation":"Stores information about a field passed inside a request that resulted in an exception.
" }, "ValidationExceptionFieldList":{ "type":"list", "member":{"shape":"ValidationExceptionField"} }, "ValidationExceptionReason":{ "type":"string", "enum":[ "CannotParse", "FieldValidationFailed", "IdempotentParameterMismatchException", "EventInOtherSession", "ResourceConflict" ] }, "VersionCreatedBySource":{ "type":"structure", "required":["name"], "members":{ "name":{ "shape":"String", "documentation":"The name of the source (for example, user, optimization-job, or system).
The Amazon Resource Name (ARN) of the source, if applicable (for example, a user ARN or optimization job ARN).
" } }, "documentation":"The source that created a configuration bundle version.
" }, "VersionFilter":{ "type":"structure", "members":{ "branchName":{ "shape":"BranchName", "documentation":"Filter by branch name.
" }, "createdByName":{ "shape":"String", "documentation":"Filter by creation source name.
" }, "latestPerBranch":{ "shape":"Boolean", "documentation":"When true, returns only the latest version for each branch. When false or not specified, returns all versions. Can be combined with branchName to get the latest version for a specific branch.
A filter for listing configuration bundle versions.
" }, "VersionLineageMetadata":{ "type":"structure", "members":{ "parentVersionIds":{ "shape":"ConfigurationBundleVersionList", "documentation":"A list of parent version identifiers. Regular commits have 0-1 parents. Merge commits have 2 parents: the target branch parent and the source branch parent. The first parent represents the primary lineage.
" }, "branchName":{ "shape":"BranchName", "documentation":"The branch name for this version. If not specified, inherits the parent's branch or defaults to mainline.
The source that created this version.
" }, "commitMessage":{ "shape":"VersionLineageMetadataCommitMessageString", "documentation":"A commit message describing the changes in this version.
" } }, "documentation":"The version lineage metadata that tracks parent versions and creation source. Supports git-like two-parent merges for branch management.
" }, "VersionLineageMetadataCommitMessageString":{ "type":"string", "max":500, "min":1 }, "VpcConfig":{ "type":"structure", "required":[ "securityGroups", "subnets" ], "members":{ "securityGroups":{ "shape":"SecurityGroups", "documentation":"The security groups associated with the VPC configuration.
" }, "subnets":{ "shape":"Subnets", "documentation":"The subnets associated with the VPC configuration.
" } }, "documentation":"VpcConfig for the Agent.
" }, "VpcIdentifier":{ "type":"string", "pattern":"vpc-(([0-9a-z]{8})|([0-9a-z]{17}))" }, "WeightedOverride":{ "type":"structure", "required":["trafficSplit"], "members":{ "trafficSplit":{ "shape":"TrafficSplitEntries", "documentation":"The traffic split entries defining how traffic is distributed between configuration bundle versions.
" } }, "documentation":"A weighted configuration bundle override that splits traffic between multiple bundle versions.
" }, "WeightedRoute":{ "type":"structure", "required":["trafficSplit"], "members":{ "trafficSplit":{ "shape":"TargetTrafficSplitEntries", "documentation":"The traffic split entries defining how traffic is distributed between targets.
" } }, "documentation":"A weighted route that splits traffic between multiple gateway targets.
" }, "WorkloadIdentityArn":{ "type":"string", "max":1024, "min":1 }, "WorkloadIdentityArnType":{ "type":"string", "max":1024, "min":1 }, "WorkloadIdentityDetails":{ "type":"structure", "required":["workloadIdentityArn"], "members":{ "workloadIdentityArn":{ "shape":"WorkloadIdentityArn", "documentation":"The ARN associated with the workload identity.
" } }, "documentation":"The information about the workload identity.
" }, "WorkloadIdentityList":{ "type":"list", "member":{"shape":"WorkloadIdentityType"} }, "WorkloadIdentityNameType":{ "type":"string", "max":255, "min":3, "pattern":"[A-Za-z0-9_.-]+" }, "WorkloadIdentityType":{ "type":"structure", "required":[ "name", "workloadIdentityArn" ], "members":{ "name":{ "shape":"WorkloadIdentityNameType", "documentation":"The name of the workload identity.
" }, "workloadIdentityArn":{ "shape":"WorkloadIdentityArnType", "documentation":"The Amazon Resource Name (ARN) of the workload identity.
" } }, "documentation":"Contains information about a workload identity.
" }, "entryPoint":{ "type":"string", "max":128, "min":1 } }, "documentation":"Welcome to the Amazon Bedrock AgentCore Control plane API reference. Control plane actions configure, create, modify, and monitor Amazon Web Services resources.
" }