aws-sdk-bedrockagentcorecontrol 1.44.0 → 1.46.0

data/lib/aws-sdk-bedrockagentcorecontrol/client.rb

@@ -562,6 +562,7 @@ module Aws::BedrockAgentCoreControl
     #       network_mode_config: {
     #         security_groups: ["SecurityGroupId"], # required
     #         subnets: ["SubnetId"], # required
+    #         require_service_s3_endpoint: false,
     #       },
     #     },
     #     client_token: "ClientToken",
@@ -851,6 +852,7 @@ module Aws::BedrockAgentCoreControl
     #       vpc_config: {
     #         security_groups: ["SecurityGroupId"], # required
     #         subnets: ["SubnetId"], # required
+    #         require_service_s3_endpoint: false,
     #       },
     #     },
     #     recording: {
@@ -1021,6 +1023,7 @@ module Aws::BedrockAgentCoreControl
     #       vpc_config: {
     #         security_groups: ["SecurityGroupId"], # required
     #         subnets: ["SubnetId"], # required
+    #         require_service_s3_endpoint: false,
     #       },
     #     },
     #     certificates: [
@@ -2137,6 +2140,7 @@ module Aws::BedrockAgentCoreControl
     #           network_mode_config: {
     #             security_groups: ["SecurityGroupId"], # required
     #             subnets: ["SubnetId"], # required
+    #             require_service_s3_endpoint: false,
     #           },
     #         },
     #         filesystem_configurations: [
@@ -2394,6 +2398,7 @@ module Aws::BedrockAgentCoreControl
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.security_groups[0] #=> String
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.subnets #=> Array
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.subnets[0] #=> String
+    #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.require_service_s3_endpoint #=> Boolean
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations #=> Array
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations[0].session_storage.mount_path #=> String
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations[0].s3_files_access_point.access_point_arn #=> String
@@ -3338,6 +3343,348 @@ module Aws::BedrockAgentCoreControl
       req.send_request(options)
     end
 
+    # Creates a new payment connector for a payment manager. A payment
+    # connector integrates with a supported payment provider to enable
+    # payment processing capabilities.
+    #
+    # @option params [required, String] :payment_manager_id
+    #   The unique identifier of the payment manager to create the connector
+    #   for.
+    #
+    # @option params [required, String] :name
+    #   The name of the payment connector.
+    #
+    # @option params [String] :description
+    #   A description of the payment connector.
+    #
+    # @option params [required, String] :type
+    #   The type of payment connector, which determines the payment provider
+    #   integration.
+    #
+    # @option params [required, Array<Types::CredentialsProviderConfiguration>] :credential_provider_configurations
+    #   The credential provider configurations for the payment connector.
+    #   These configurations specify how the connector authenticates with the
+    #   payment provider.
+    #
+    # @option params [String] :client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a previous
+    #   request, the service ignores the request, but doesn't return an
+    #   error. For more information, see [Ensuring idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #
+    # @return [Types::CreatePaymentConnectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreatePaymentConnectorResponse#payment_connector_id #payment_connector_id} => String
+    #   * {Types::CreatePaymentConnectorResponse#payment_manager_id #payment_manager_id} => String
+    #   * {Types::CreatePaymentConnectorResponse#name #name} => String
+    #   * {Types::CreatePaymentConnectorResponse#type #type} => String
+    #   * {Types::CreatePaymentConnectorResponse#credential_provider_configurations #credential_provider_configurations} => Array&lt;Types::CredentialsProviderConfiguration&gt;
+    #   * {Types::CreatePaymentConnectorResponse#created_at #created_at} => Time
+    #   * {Types::CreatePaymentConnectorResponse#status #status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_payment_connector({
+    #     payment_manager_id: "PaymentManagerId", # required
+    #     name: "PaymentConnectorName", # required
+    #     description: "PaymentsDescription",
+    #     type: "CoinbaseCDP", # required, accepts CoinbaseCDP, StripePrivy
+    #     credential_provider_configurations: [ # required
+    #       {
+    #         coinbase_cdp: {
+    #           credential_provider_arn: "PaymentCredentialProviderArn", # required
+    #         },
+    #         stripe_privy: {
+    #           credential_provider_arn: "PaymentCredentialProviderArn", # required
+    #         },
+    #       },
+    #     ],
+    #     client_token: "ClientToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.payment_connector_id #=> String
+    #   resp.payment_manager_id #=> String
+    #   resp.name #=> String
+    #   resp.type #=> String, one of "CoinbaseCDP", "StripePrivy"
+    #   resp.credential_provider_configurations #=> Array
+    #   resp.credential_provider_configurations[0].coinbase_cdp.credential_provider_arn #=> String
+    #   resp.credential_provider_configurations[0].stripe_privy.credential_provider_arn #=> String
+    #   resp.created_at #=> Time
+    #   resp.status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentConnector AWS API Documentation
+    #
+    # @overload create_payment_connector(params = {})
+    # @param [Hash] params ({})
+    def create_payment_connector(params = {}, options = {})
+      req = build_request(:create_payment_connector, params)
+      req.send_request(options)
+    end
+
+    # Creates a new payment credential provider for storing authentication
+    # credentials used by payment connectors to communicate with external
+    # payment providers.
+    #
+    # @option params [required, String] :name
+    #   Unique name for the payment credential provider.
+    #
+    # @option params [required, String] :credential_provider_vendor
+    #   The vendor type for the payment credential provider (e.g.,
+    #   CoinbaseCDP, StripePrivy).
+    #
+    # @option params [required, Types::PaymentProviderConfigurationInput] :provider_configuration_input
+    #   Configuration specific to the vendor, including API credentials.
+    #
+    # @option params [Hash<String,String>] :tags
+    #   Optional tags for resource organization.
+    #
+    # @return [Types::CreatePaymentCredentialProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreatePaymentCredentialProviderResponse#name #name} => String
+    #   * {Types::CreatePaymentCredentialProviderResponse#credential_provider_vendor #credential_provider_vendor} => String
+    #   * {Types::CreatePaymentCredentialProviderResponse#credential_provider_arn #credential_provider_arn} => String
+    #   * {Types::CreatePaymentCredentialProviderResponse#provider_configuration_output #provider_configuration_output} => Types::PaymentProviderConfigurationOutput
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_payment_credential_provider({
+    #     name: "CredentialProviderName", # required
+    #     credential_provider_vendor: "CoinbaseCDP", # required, accepts CoinbaseCDP, StripePrivy
+    #     provider_configuration_input: { # required
+    #       coinbase_cdp_configuration: {
+    #         api_key_id: "CoinbaseCdpApiKeyIdType", # required
+    #         api_key_secret: "CoinbaseCdpApiKeySecretType", # required
+    #         wallet_secret: "CoinbaseCdpWalletSecretType", # required
+    #       },
+    #       stripe_privy_configuration: {
+    #         app_id: "StripePrivyAppIdType", # required
+    #         app_secret: "StripePrivyAppSecretType", # required
+    #         authorization_private_key: "StripePrivyAuthorizationPrivateKeyType", # required
+    #         authorization_id: "StripePrivyAuthorizationIdType", # required
+    #       },
+    #     },
+    #     tags: {
+    #       "TagKey" => "TagValue",
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.name #=> String
+    #   resp.credential_provider_vendor #=> String, one of "CoinbaseCDP", "StripePrivy"
+    #   resp.credential_provider_arn #=> String
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.api_key_id #=> String
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.api_key_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.wallet_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.app_id #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.app_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.authorization_private_key_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.authorization_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentCredentialProvider AWS API Documentation
+    #
+    # @overload create_payment_credential_provider(params = {})
+    # @param [Hash] params ({})
+    def create_payment_credential_provider(params = {}, options = {})
+      req = build_request(:create_payment_credential_provider, params)
+      req.send_request(options)
+    end
+
+    # Creates a new payment manager in your Amazon Web Services account. A
+    # payment manager serves as the top-level resource for managing payment
+    # processing capabilities, including payment connectors that integrate
+    # with supported payment providers.
+    #
+    # If you specify `CUSTOM_JWT` as the `authorizerType`, you must provide
+    # an `authorizerConfiguration`.
+    #
+    # @option params [required, String] :name
+    #   The name of the payment manager.
+    #
+    # @option params [String] :description
+    #   A description of the payment manager.
+    #
+    # @option params [required, String] :authorizer_type
+    #   The type of authorizer to use for the payment manager.
+    #
+    #   * `CUSTOM_JWT` - Authorize with a bearer token.
+    #
+    #   * `AWS_IAM` - Authorize with your Amazon Web Services IAM credentials.
+    #
+    # @option params [Types::AuthorizerConfiguration] :authorizer_configuration
+    #   The authorizer configuration for the payment manager.
+    #
+    # @option params [required, String] :role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role that the payment
+    #   manager assumes to access resources on your behalf.
+    #
+    # @option params [String] :client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a previous
+    #   request, the service ignores the request, but doesn't return an
+    #   error. For more information, see [Ensuring idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #
+    # @option params [Hash<String,String>] :tags
+    #   A map of tag keys and values to assign to the payment manager.
+    #
+    # @return [Types::CreatePaymentManagerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreatePaymentManagerResponse#payment_manager_arn #payment_manager_arn} => String
+    #   * {Types::CreatePaymentManagerResponse#payment_manager_id #payment_manager_id} => String
+    #   * {Types::CreatePaymentManagerResponse#name #name} => String
+    #   * {Types::CreatePaymentManagerResponse#authorizer_type #authorizer_type} => String
+    #   * {Types::CreatePaymentManagerResponse#authorizer_configuration #authorizer_configuration} => Types::AuthorizerConfiguration
+    #   * {Types::CreatePaymentManagerResponse#role_arn #role_arn} => String
+    #   * {Types::CreatePaymentManagerResponse#workload_identity_details #workload_identity_details} => Types::WorkloadIdentityDetails
+    #   * {Types::CreatePaymentManagerResponse#created_at #created_at} => Time
+    #   * {Types::CreatePaymentManagerResponse#status #status} => String
+    #   * {Types::CreatePaymentManagerResponse#tags #tags} => Hash&lt;String,String&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_payment_manager({
+    #     name: "PaymentManagerName", # required
+    #     description: "PaymentsDescription",
+    #     authorizer_type: "CUSTOM_JWT", # required, accepts CUSTOM_JWT, AWS_IAM
+    #     authorizer_configuration: {
+    #       custom_jwt_authorizer: {
+    #         discovery_url: "DiscoveryUrl", # required
+    #         allowed_audience: ["AllowedAudience"],
+    #         allowed_clients: ["AllowedClient"],
+    #         allowed_scopes: ["AllowedScopeType"],
+    #         custom_claims: [
+    #           {
+    #             inbound_token_claim_name: "InboundTokenClaimNameType", # required
+    #             inbound_token_claim_value_type: "STRING", # required, accepts STRING, STRING_ARRAY
+    #             authorizing_claim_match_value: { # required
+    #               claim_match_value: { # required
+    #                 match_value_string: "MatchValueString",
+    #                 match_value_string_list: ["MatchValueString"],
+    #               },
+    #               claim_match_operator: "EQUALS", # required, accepts EQUALS, CONTAINS, CONTAINS_ANY
+    #             },
+    #           },
+    #         ],
+    #         private_endpoint: {
+    #           self_managed_lattice_resource: {
+    #             resource_configuration_identifier: "ResourceConfigurationIdentifier",
+    #           },
+    #           managed_vpc_resource: {
+    #             vpc_identifier: "VpcIdentifier", # required
+    #             subnet_ids: ["SubnetId"], # required
+    #             endpoint_ip_address_type: "IPV4", # required, accepts IPV4, IPV6
+    #             security_group_ids: ["SecurityGroupIdentifier"],
+    #             tags: {
+    #               "TagKey" => "TagValue",
+    #             },
+    #             routing_domain: "RoutingDomain",
+    #           },
+    #         },
+    #         private_endpoint_overrides: [
+    #           {
+    #             domain: "PrivateEndpointOverrideDomain", # required
+    #             private_endpoint: { # required
+    #               self_managed_lattice_resource: {
+    #                 resource_configuration_identifier: "ResourceConfigurationIdentifier",
+    #               },
+    #               managed_vpc_resource: {
+    #                 vpc_identifier: "VpcIdentifier", # required
+    #                 subnet_ids: ["SubnetId"], # required
+    #                 endpoint_ip_address_type: "IPV4", # required, accepts IPV4, IPV6
+    #                 security_group_ids: ["SecurityGroupIdentifier"],
+    #                 tags: {
+    #                   "TagKey" => "TagValue",
+    #                 },
+    #                 routing_domain: "RoutingDomain",
+    #               },
+    #             },
+    #           },
+    #         ],
+    #       },
+    #     },
+    #     role_arn: "RoleArn", # required
+    #     client_token: "ClientToken",
+    #     tags: {
+    #       "TagKey" => "TagValue",
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.payment_manager_arn #=> String
+    #   resp.payment_manager_id #=> String
+    #   resp.name #=> String
+    #   resp.authorizer_type #=> String, one of "CUSTOM_JWT", "AWS_IAM"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.discovery_url #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_audience #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_audience[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_clients #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_clients[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_scopes #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_scopes[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].inbound_token_claim_name #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].inbound_token_claim_value_type #=> String, one of "STRING", "STRING_ARRAY"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].authorizing_claim_match_value.claim_match_value.match_value_string #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].authorizing_claim_match_value.claim_match_value.match_value_string_list #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].authorizing_claim_match_value.claim_match_value.match_value_string_list[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].authorizing_claim_match_value.claim_match_operator #=> String, one of "EQUALS", "CONTAINS", "CONTAINS_ANY"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.self_managed_lattice_resource.resource_configuration_identifier #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.vpc_identifier #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.subnet_ids #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.subnet_ids[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.endpoint_ip_address_type #=> String, one of "IPV4", "IPV6"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.security_group_ids #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.security_group_ids[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.tags #=> Hash
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.tags["TagKey"] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.routing_domain #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].domain #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.self_managed_lattice_resource.resource_configuration_identifier #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.vpc_identifier #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.subnet_ids #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.subnet_ids[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.endpoint_ip_address_type #=> String, one of "IPV4", "IPV6"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.security_group_ids #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.security_group_ids[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.tags #=> Hash
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.tags["TagKey"] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.routing_domain #=> String
+    #   resp.role_arn #=> String
+    #   resp.workload_identity_details.workload_identity_arn #=> String
+    #   resp.created_at #=> Time
+    #   resp.status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.tags #=> Hash
+    #   resp.tags["TagKey"] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentManager AWS API Documentation
+    #
+    # @overload create_payment_manager(params = {})
+    # @param [Hash] params ({})
+    def create_payment_manager(params = {}, options = {})
+      req = build_request(:create_payment_manager, params)
+      req.send_request(options)
+    end
+
     # Creates a policy within the AgentCore Policy system. Policies provide
     # real-time, deterministic control over agentic interactions with
     # AgentCore Gateway. Using the Cedar policy language, you can define
@@ -3407,12 +3754,12 @@ module Aws::BedrockAgentCoreControl
     #   * {Types::CreatePolicyResponse#policy_id #policy_id} => String
     #   * {Types::CreatePolicyResponse#name #name} => String
     #   * {Types::CreatePolicyResponse#policy_engine_id #policy_engine_id} => String
-    #   * {Types::CreatePolicyResponse#definition #definition} => Types::PolicyDefinition
-    #   * {Types::CreatePolicyResponse#description #description} => String
     #   * {Types::CreatePolicyResponse#created_at #created_at} => Time
     #   * {Types::CreatePolicyResponse#updated_at #updated_at} => Time
     #   * {Types::CreatePolicyResponse#policy_arn #policy_arn} => String
     #   * {Types::CreatePolicyResponse#status #status} => String
+    #   * {Types::CreatePolicyResponse#definition #definition} => Types::PolicyDefinition
+    #   * {Types::CreatePolicyResponse#description #description} => String
     #   * {Types::CreatePolicyResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
@@ -3439,14 +3786,14 @@ module Aws::BedrockAgentCoreControl
     #   resp.policy_id #=> String
     #   resp.name #=> String
     #   resp.policy_engine_id #=> String
-    #   resp.definition.cedar.statement #=> String
-    #   resp.definition.policy_generation.policy_generation_id #=> String
-    #   resp.definition.policy_generation.policy_generation_asset_id #=> String
-    #   resp.description #=> String
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.policy_arn #=> String
     #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.definition.cedar.statement #=> String
+    #   resp.definition.policy_generation.policy_generation_id #=> String
+    #   resp.definition.policy_generation.policy_generation_asset_id #=> String
+    #   resp.description #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
     #
@@ -3508,13 +3855,13 @@ module Aws::BedrockAgentCoreControl
     #
     #   * {Types::CreatePolicyEngineResponse#policy_engine_id #policy_engine_id} => String
     #   * {Types::CreatePolicyEngineResponse#name #name} => String
-    #   * {Types::CreatePolicyEngineResponse#description #description} => String
     #   * {Types::CreatePolicyEngineResponse#created_at #created_at} => Time
     #   * {Types::CreatePolicyEngineResponse#updated_at #updated_at} => Time
     #   * {Types::CreatePolicyEngineResponse#policy_engine_arn #policy_engine_arn} => String
     #   * {Types::CreatePolicyEngineResponse#status #status} => String
-    #   * {Types::CreatePolicyEngineResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #   * {Types::CreatePolicyEngineResponse#encryption_key_arn #encryption_key_arn} => String
+    #   * {Types::CreatePolicyEngineResponse#description #description} => String
+    #   * {Types::CreatePolicyEngineResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -3532,14 +3879,14 @@ module Aws::BedrockAgentCoreControl
     #
     #   resp.policy_engine_id #=> String
     #   resp.name #=> String
-    #   resp.description #=> String
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.policy_engine_arn #=> String
     #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.encryption_key_arn #=> String
+    #   resp.description #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
-    #   resp.encryption_key_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePolicyEngine AWS API Documentation
     #
@@ -4371,6 +4718,7 @@ module Aws::BedrockAgentCoreControl
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.security_groups[0] #=> String
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.subnets #=> Array
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.subnets[0] #=> String
+    #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.require_service_s3_endpoint #=> Boolean
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations #=> Array
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations[0].session_storage.mount_path #=> String
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations[0].s3_files_access_point.access_point_arn #=> String
@@ -4532,6 +4880,125 @@ module Aws::BedrockAgentCoreControl
       req.send_request(options)
     end
 
+    # Deletes a payment connector.
+    #
+    # @option params [required, String] :payment_manager_id
+    #   The unique identifier of the parent payment manager.
+    #
+    # @option params [required, String] :payment_connector_id
+    #   The unique identifier of the payment connector to delete.
+    #
+    # @option params [String] :client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a previous
+    #   request, the service ignores the request, but doesn't return an
+    #   error. For more information, see [Ensuring idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #
+    # @return [Types::DeletePaymentConnectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeletePaymentConnectorResponse#status #status} => String
+    #   * {Types::DeletePaymentConnectorResponse#payment_connector_id #payment_connector_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_payment_connector({
+    #     payment_manager_id: "PaymentManagerId", # required
+    #     payment_connector_id: "PaymentConnectorId", # required
+    #     client_token: "ClientToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.payment_connector_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentConnector AWS API Documentation
+    #
+    # @overload delete_payment_connector(params = {})
+    # @param [Hash] params ({})
+    def delete_payment_connector(params = {}, options = {})
+      req = build_request(:delete_payment_connector, params)
+      req.send_request(options)
+    end
+
+    # Deletes a payment credential provider and its associated stored
+    # credentials.
+    #
+    # @option params [required, String] :name
+    #   The name of the payment credential provider to delete.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_payment_credential_provider({
+    #     name: "CredentialProviderName", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentCredentialProvider AWS API Documentation
+    #
+    # @overload delete_payment_credential_provider(params = {})
+    # @param [Hash] params ({})
+    def delete_payment_credential_provider(params = {}, options = {})
+      req = build_request(:delete_payment_credential_provider, params)
+      req.send_request(options)
+    end
+
+    # Deletes a payment manager. All payment connectors associated with the
+    # payment manager must be deleted before the payment manager can be
+    # deleted. This operation initiates the deletion process asynchronously.
+    #
+    # @option params [required, String] :payment_manager_id
+    #   The unique identifier of the payment manager to delete.
+    #
+    # @option params [String] :client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a previous
+    #   request, the service ignores the request, but doesn't return an
+    #   error. For more information, see [Ensuring idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #
+    # @return [Types::DeletePaymentManagerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeletePaymentManagerResponse#status #status} => String
+    #   * {Types::DeletePaymentManagerResponse#payment_manager_id #payment_manager_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_payment_manager({
+    #     payment_manager_id: "PaymentManagerId", # required
+    #     client_token: "ClientToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.payment_manager_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentManager AWS API Documentation
+    #
+    # @overload delete_payment_manager(params = {})
+    # @param [Hash] params ({})
+    def delete_payment_manager(params = {}, options = {})
+      req = build_request(:delete_payment_manager, params)
+      req.send_request(options)
+    end
+
     # Deletes an existing policy from the AgentCore Policy system. Once
     # deleted, the policy can no longer be used for agent behavior control
     # and all references to it become invalid. This is an asynchronous
@@ -4552,12 +5019,12 @@ module Aws::BedrockAgentCoreControl
     #   * {Types::DeletePolicyResponse#policy_id #policy_id} => String
     #   * {Types::DeletePolicyResponse#name #name} => String
     #   * {Types::DeletePolicyResponse#policy_engine_id #policy_engine_id} => String
-    #   * {Types::DeletePolicyResponse#definition #definition} => Types::PolicyDefinition
-    #   * {Types::DeletePolicyResponse#description #description} => String
     #   * {Types::DeletePolicyResponse#created_at #created_at} => Time
     #   * {Types::DeletePolicyResponse#updated_at #updated_at} => Time
     #   * {Types::DeletePolicyResponse#policy_arn #policy_arn} => String
     #   * {Types::DeletePolicyResponse#status #status} => String
+    #   * {Types::DeletePolicyResponse#definition #definition} => Types::PolicyDefinition
+    #   * {Types::DeletePolicyResponse#description #description} => String
     #   * {Types::DeletePolicyResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
@@ -4572,14 +5039,14 @@ module Aws::BedrockAgentCoreControl
     #   resp.policy_id #=> String
     #   resp.name #=> String
     #   resp.policy_engine_id #=> String
-    #   resp.definition.cedar.statement #=> String
-    #   resp.definition.policy_generation.policy_generation_id #=> String
-    #   resp.definition.policy_generation.policy_generation_asset_id #=> String
-    #   resp.description #=> String
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.policy_arn #=> String
     #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.definition.cedar.statement #=> String
+    #   resp.definition.policy_generation.policy_generation_id #=> String
+    #   resp.definition.policy_generation.policy_generation_asset_id #=> String
+    #   resp.description #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
     #
@@ -4607,13 +5074,13 @@ module Aws::BedrockAgentCoreControl
     #
     #   * {Types::DeletePolicyEngineResponse#policy_engine_id #policy_engine_id} => String
     #   * {Types::DeletePolicyEngineResponse#name #name} => String
-    #   * {Types::DeletePolicyEngineResponse#description #description} => String
     #   * {Types::DeletePolicyEngineResponse#created_at #created_at} => Time
     #   * {Types::DeletePolicyEngineResponse#updated_at #updated_at} => Time
     #   * {Types::DeletePolicyEngineResponse#policy_engine_arn #policy_engine_arn} => String
     #   * {Types::DeletePolicyEngineResponse#status #status} => String
-    #   * {Types::DeletePolicyEngineResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #   * {Types::DeletePolicyEngineResponse#encryption_key_arn #encryption_key_arn} => String
+    #   * {Types::DeletePolicyEngineResponse#description #description} => String
+    #   * {Types::DeletePolicyEngineResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -4625,14 +5092,14 @@ module Aws::BedrockAgentCoreControl
     #
     #   resp.policy_engine_id #=> String
     #   resp.name #=> String
-    #   resp.description #=> String
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.policy_engine_arn #=> String
     #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.encryption_key_arn #=> String
+    #   resp.description #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
-    #   resp.encryption_key_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePolicyEngine AWS API Documentation
     #
@@ -4805,6 +5272,7 @@ module Aws::BedrockAgentCoreControl
     #   resp.network_configuration.network_mode_config.security_groups[0] #=> String
     #   resp.network_configuration.network_mode_config.subnets #=> Array
     #   resp.network_configuration.network_mode_config.subnets[0] #=> String
+    #   resp.network_configuration.network_mode_config.require_service_s3_endpoint #=> Boolean
     #   resp.status #=> String, one of "CREATING", "CREATE_FAILED", "UPDATING", "UPDATE_FAILED", "READY", "DELETING"
     #   resp.lifecycle_configuration.idle_runtime_session_timeout #=> Integer
     #   resp.lifecycle_configuration.max_lifetime #=> Integer
@@ -5005,6 +5473,7 @@ module Aws::BedrockAgentCoreControl
     #   resp.network_configuration.vpc_config.security_groups[0] #=> String
     #   resp.network_configuration.vpc_config.subnets #=> Array
     #   resp.network_configuration.vpc_config.subnets[0] #=> String
+    #   resp.network_configuration.vpc_config.require_service_s3_endpoint #=> Boolean
     #   resp.recording.enabled #=> Boolean
     #   resp.recording.s3_location.bucket #=> String
     #   resp.recording.s3_location.prefix #=> String
@@ -5114,6 +5583,7 @@ module Aws::BedrockAgentCoreControl
     #   resp.network_configuration.vpc_config.security_groups[0] #=> String
     #   resp.network_configuration.vpc_config.subnets #=> Array
     #   resp.network_configuration.vpc_config.subnets[0] #=> String
+    #   resp.network_configuration.vpc_config.require_service_s3_endpoint #=> Boolean
     #   resp.status #=> String, one of "CREATING", "CREATE_FAILED", "READY", "DELETING", "DELETE_FAILED", "DELETED"
     #   resp.certificates #=> Array
     #   resp.certificates[0].location.secrets_manager.secret_arn #=> String
@@ -5716,6 +6186,7 @@ module Aws::BedrockAgentCoreControl
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.security_groups[0] #=> String
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.subnets #=> Array
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.subnets[0] #=> String
+    #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.require_service_s3_endpoint #=> Boolean
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations #=> Array
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations[0].session_storage.mount_path #=> String
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations[0].s3_files_access_point.access_point_arn #=> String
@@ -6138,6 +6609,187 @@ module Aws::BedrockAgentCoreControl
       req.send_request(options)
     end
 
+    # Retrieves information about a specific payment connector.
+    #
+    # @option params [required, String] :payment_manager_id
+    #   The unique identifier of the parent payment manager.
+    #
+    # @option params [required, String] :payment_connector_id
+    #   The unique identifier of the payment connector to retrieve.
+    #
+    # @return [Types::GetPaymentConnectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPaymentConnectorResponse#payment_connector_id #payment_connector_id} => String
+    #   * {Types::GetPaymentConnectorResponse#name #name} => String
+    #   * {Types::GetPaymentConnectorResponse#description #description} => String
+    #   * {Types::GetPaymentConnectorResponse#type #type} => String
+    #   * {Types::GetPaymentConnectorResponse#credential_provider_configurations #credential_provider_configurations} => Array&lt;Types::CredentialsProviderConfiguration&gt;
+    #   * {Types::GetPaymentConnectorResponse#created_at #created_at} => Time
+    #   * {Types::GetPaymentConnectorResponse#last_updated_at #last_updated_at} => Time
+    #   * {Types::GetPaymentConnectorResponse#status #status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_payment_connector({
+    #     payment_manager_id: "PaymentManagerId", # required
+    #     payment_connector_id: "PaymentConnectorId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.payment_connector_id #=> String
+    #   resp.name #=> String
+    #   resp.description #=> String
+    #   resp.type #=> String, one of "CoinbaseCDP", "StripePrivy"
+    #   resp.credential_provider_configurations #=> Array
+    #   resp.credential_provider_configurations[0].coinbase_cdp.credential_provider_arn #=> String
+    #   resp.credential_provider_configurations[0].stripe_privy.credential_provider_arn #=> String
+    #   resp.created_at #=> Time
+    #   resp.last_updated_at #=> Time
+    #   resp.status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentConnector AWS API Documentation
+    #
+    # @overload get_payment_connector(params = {})
+    # @param [Hash] params ({})
+    def get_payment_connector(params = {}, options = {})
+      req = build_request(:get_payment_connector, params)
+      req.send_request(options)
+    end
+
+    # Retrieves information about a specific payment credential provider.
+    #
+    # @option params [required, String] :name
+    #   The name of the payment credential provider to retrieve.
+    #
+    # @return [Types::GetPaymentCredentialProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPaymentCredentialProviderResponse#name #name} => String
+    #   * {Types::GetPaymentCredentialProviderResponse#credential_provider_arn #credential_provider_arn} => String
+    #   * {Types::GetPaymentCredentialProviderResponse#credential_provider_vendor #credential_provider_vendor} => String
+    #   * {Types::GetPaymentCredentialProviderResponse#provider_configuration_output #provider_configuration_output} => Types::PaymentProviderConfigurationOutput
+    #   * {Types::GetPaymentCredentialProviderResponse#created_time #created_time} => Time
+    #   * {Types::GetPaymentCredentialProviderResponse#last_updated_time #last_updated_time} => Time
+    #   * {Types::GetPaymentCredentialProviderResponse#tags #tags} => Hash&lt;String,String&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_payment_credential_provider({
+    #     name: "CredentialProviderName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.name #=> String
+    #   resp.credential_provider_arn #=> String
+    #   resp.credential_provider_vendor #=> String, one of "CoinbaseCDP", "StripePrivy"
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.api_key_id #=> String
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.api_key_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.wallet_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.app_id #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.app_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.authorization_private_key_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.authorization_id #=> String
+    #   resp.created_time #=> Time
+    #   resp.last_updated_time #=> Time
+    #   resp.tags #=> Hash
+    #   resp.tags["TagKey"] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentCredentialProvider AWS API Documentation
+    #
+    # @overload get_payment_credential_provider(params = {})
+    # @param [Hash] params ({})
+    def get_payment_credential_provider(params = {}, options = {})
+      req = build_request(:get_payment_credential_provider, params)
+      req.send_request(options)
+    end
+
+    # Retrieves information about a specific payment manager.
+    #
+    # @option params [required, String] :payment_manager_id
+    #   The unique identifier of the payment manager to retrieve.
+    #
+    # @return [Types::GetPaymentManagerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPaymentManagerResponse#payment_manager_arn #payment_manager_arn} => String
+    #   * {Types::GetPaymentManagerResponse#payment_manager_id #payment_manager_id} => String
+    #   * {Types::GetPaymentManagerResponse#name #name} => String
+    #   * {Types::GetPaymentManagerResponse#description #description} => String
+    #   * {Types::GetPaymentManagerResponse#authorizer_type #authorizer_type} => String
+    #   * {Types::GetPaymentManagerResponse#authorizer_configuration #authorizer_configuration} => Types::AuthorizerConfiguration
+    #   * {Types::GetPaymentManagerResponse#role_arn #role_arn} => String
+    #   * {Types::GetPaymentManagerResponse#workload_identity_details #workload_identity_details} => Types::WorkloadIdentityDetails
+    #   * {Types::GetPaymentManagerResponse#created_at #created_at} => Time
+    #   * {Types::GetPaymentManagerResponse#last_updated_at #last_updated_at} => Time
+    #   * {Types::GetPaymentManagerResponse#status #status} => String
+    #   * {Types::GetPaymentManagerResponse#tags #tags} => Hash&lt;String,String&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_payment_manager({
+    #     payment_manager_id: "PaymentManagerId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.payment_manager_arn #=> String
+    #   resp.payment_manager_id #=> String
+    #   resp.name #=> String
+    #   resp.description #=> String
+    #   resp.authorizer_type #=> String, one of "CUSTOM_JWT", "AWS_IAM"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.discovery_url #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_audience #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_audience[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_clients #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_clients[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_scopes #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.allowed_scopes[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].inbound_token_claim_name #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].inbound_token_claim_value_type #=> String, one of "STRING", "STRING_ARRAY"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].authorizing_claim_match_value.claim_match_value.match_value_string #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].authorizing_claim_match_value.claim_match_value.match_value_string_list #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].authorizing_claim_match_value.claim_match_value.match_value_string_list[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.custom_claims[0].authorizing_claim_match_value.claim_match_operator #=> String, one of "EQUALS", "CONTAINS", "CONTAINS_ANY"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.self_managed_lattice_resource.resource_configuration_identifier #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.vpc_identifier #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.subnet_ids #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.subnet_ids[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.endpoint_ip_address_type #=> String, one of "IPV4", "IPV6"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.security_group_ids #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.security_group_ids[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.tags #=> Hash
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.tags["TagKey"] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint.managed_vpc_resource.routing_domain #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].domain #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.self_managed_lattice_resource.resource_configuration_identifier #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.vpc_identifier #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.subnet_ids #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.subnet_ids[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.endpoint_ip_address_type #=> String, one of "IPV4", "IPV6"
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.security_group_ids #=> Array
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.security_group_ids[0] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.tags #=> Hash
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.tags["TagKey"] #=> String
+    #   resp.authorizer_configuration.custom_jwt_authorizer.private_endpoint_overrides[0].private_endpoint.managed_vpc_resource.routing_domain #=> String
+    #   resp.role_arn #=> String
+    #   resp.workload_identity_details.workload_identity_arn #=> String
+    #   resp.created_at #=> Time
+    #   resp.last_updated_at #=> Time
+    #   resp.status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.tags #=> Hash
+    #   resp.tags["TagKey"] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentManager AWS API Documentation
+    #
+    # @overload get_payment_manager(params = {})
+    # @param [Hash] params ({})
+    def get_payment_manager(params = {}, options = {})
+      req = build_request(:get_payment_manager, params)
+      req.send_request(options)
+    end
+
     # Retrieves detailed information about a specific policy within the
     # AgentCore Policy system. This operation returns the complete policy
     # definition, metadata, and current status, allowing administrators to
@@ -6156,12 +6808,12 @@ module Aws::BedrockAgentCoreControl
     #   * {Types::GetPolicyResponse#policy_id #policy_id} => String
     #   * {Types::GetPolicyResponse#name #name} => String
     #   * {Types::GetPolicyResponse#policy_engine_id #policy_engine_id} => String
-    #   * {Types::GetPolicyResponse#definition #definition} => Types::PolicyDefinition
-    #   * {Types::GetPolicyResponse#description #description} => String
     #   * {Types::GetPolicyResponse#created_at #created_at} => Time
     #   * {Types::GetPolicyResponse#updated_at #updated_at} => Time
     #   * {Types::GetPolicyResponse#policy_arn #policy_arn} => String
     #   * {Types::GetPolicyResponse#status #status} => String
+    #   * {Types::GetPolicyResponse#definition #definition} => Types::PolicyDefinition
+    #   * {Types::GetPolicyResponse#description #description} => String
     #   * {Types::GetPolicyResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
@@ -6176,14 +6828,14 @@ module Aws::BedrockAgentCoreControl
     #   resp.policy_id #=> String
     #   resp.name #=> String
     #   resp.policy_engine_id #=> String
-    #   resp.definition.cedar.statement #=> String
-    #   resp.definition.policy_generation.policy_generation_id #=> String
-    #   resp.definition.policy_generation.policy_generation_asset_id #=> String
-    #   resp.description #=> String
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.policy_arn #=> String
     #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.definition.cedar.statement #=> String
+    #   resp.definition.policy_generation.policy_generation_id #=> String
+    #   resp.definition.policy_generation.policy_generation_asset_id #=> String
+    #   resp.description #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
     #
@@ -6215,13 +6867,13 @@ module Aws::BedrockAgentCoreControl
     #
     #   * {Types::GetPolicyEngineResponse#policy_engine_id #policy_engine_id} => String
     #   * {Types::GetPolicyEngineResponse#name #name} => String
-    #   * {Types::GetPolicyEngineResponse#description #description} => String
     #   * {Types::GetPolicyEngineResponse#created_at #created_at} => Time
     #   * {Types::GetPolicyEngineResponse#updated_at #updated_at} => Time
     #   * {Types::GetPolicyEngineResponse#policy_engine_arn #policy_engine_arn} => String
     #   * {Types::GetPolicyEngineResponse#status #status} => String
-    #   * {Types::GetPolicyEngineResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #   * {Types::GetPolicyEngineResponse#encryption_key_arn #encryption_key_arn} => String
+    #   * {Types::GetPolicyEngineResponse#description #description} => String
+    #   * {Types::GetPolicyEngineResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -6233,14 +6885,14 @@ module Aws::BedrockAgentCoreControl
     #
     #   resp.policy_engine_id #=> String
     #   resp.name #=> String
-    #   resp.description #=> String
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.policy_engine_arn #=> String
     #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.encryption_key_arn #=> String
+    #   resp.description #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
-    #   resp.encryption_key_arn #=> String
     #
     #
     # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -6248,12 +6900,60 @@ module Aws::BedrockAgentCoreControl
     #   * policy_engine_active
     #   * policy_engine_deleted
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngine AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngine AWS API Documentation
+    #
+    # @overload get_policy_engine(params = {})
+    # @param [Hash] params ({})
+    def get_policy_engine(params = {}, options = {})
+      req = build_request(:get_policy_engine, params)
+      req.send_request(options)
+    end
+
+    # Retrieves a metadata-only summary of a specific policy engine without
+    # decrypting customer content. This lightweight read operation returns
+    # resource identifiers, status, timestamps, and the encryption key ARN,
+    # but does not include the description or status reasons. Because this
+    # operation does not require access to the customer's KMS key, it is
+    # suitable for resource discovery, inventory, and integration scenarios
+    # where only metadata is needed.
+    #
+    # @option params [required, String] :policy_engine_id
+    #   The unique identifier of the policy engine to retrieve the summary
+    #   for. This must be a valid policy engine ID that exists within the
+    #   account.
+    #
+    # @return [Types::GetPolicyEngineSummaryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPolicyEngineSummaryResponse#policy_engine_id #policy_engine_id} => String
+    #   * {Types::GetPolicyEngineSummaryResponse#name #name} => String
+    #   * {Types::GetPolicyEngineSummaryResponse#created_at #created_at} => Time
+    #   * {Types::GetPolicyEngineSummaryResponse#updated_at #updated_at} => Time
+    #   * {Types::GetPolicyEngineSummaryResponse#policy_engine_arn #policy_engine_arn} => String
+    #   * {Types::GetPolicyEngineSummaryResponse#status #status} => String
+    #   * {Types::GetPolicyEngineSummaryResponse#encryption_key_arn #encryption_key_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_policy_engine_summary({
+    #     policy_engine_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policy_engine_id #=> String
+    #   resp.name #=> String
+    #   resp.created_at #=> Time
+    #   resp.updated_at #=> Time
+    #   resp.policy_engine_arn #=> String
+    #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.encryption_key_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngineSummary AWS API Documentation
     #
-    # @overload get_policy_engine(params = {})
+    # @overload get_policy_engine_summary(params = {})
     # @param [Hash] params ({})
-    def get_policy_engine(params = {}, options = {})
-      req = build_request(:get_policy_engine, params)
+    def get_policy_engine_summary(params = {}, options = {})
+      req = build_request(:get_policy_engine_summary, params)
       req.send_request(options)
     end
 
@@ -6286,8 +6986,8 @@ module Aws::BedrockAgentCoreControl
     #   * {Types::GetPolicyGenerationResponse#created_at #created_at} => Time
     #   * {Types::GetPolicyGenerationResponse#updated_at #updated_at} => Time
     #   * {Types::GetPolicyGenerationResponse#status #status} => String
-    #   * {Types::GetPolicyGenerationResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #   * {Types::GetPolicyGenerationResponse#findings #findings} => String
+    #   * {Types::GetPolicyGenerationResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -6306,9 +7006,9 @@ module Aws::BedrockAgentCoreControl
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.status #=> String, one of "GENERATING", "GENERATED", "GENERATE_FAILED", "DELETE_FAILED"
+    #   resp.findings #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
-    #   resp.findings #=> String
     #
     #
     # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -6324,6 +7024,115 @@ module Aws::BedrockAgentCoreControl
       req.send_request(options)
     end
 
+    # Retrieves a metadata-only summary of a specific policy generation
+    # request without decrypting customer content. This lightweight read
+    # operation returns resource identifiers, status, timestamps, and
+    # findings, but does not include status reasons. Because this operation
+    # does not require access to the customer's KMS key, it is suitable for
+    # resource discovery, inventory, and integration scenarios where only
+    # metadata is needed.
+    #
+    # @option params [required, String] :policy_generation_id
+    #   The unique identifier of the policy generation request to retrieve the
+    #   summary for.
+    #
+    # @option params [required, String] :policy_engine_id
+    #   The identifier of the policy engine associated with the policy
+    #   generation request.
+    #
+    # @return [Types::GetPolicyGenerationSummaryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPolicyGenerationSummaryResponse#policy_engine_id #policy_engine_id} => String
+    #   * {Types::GetPolicyGenerationSummaryResponse#policy_generation_id #policy_generation_id} => String
+    #   * {Types::GetPolicyGenerationSummaryResponse#name #name} => String
+    #   * {Types::GetPolicyGenerationSummaryResponse#policy_generation_arn #policy_generation_arn} => String
+    #   * {Types::GetPolicyGenerationSummaryResponse#resource #resource} => Types::Resource
+    #   * {Types::GetPolicyGenerationSummaryResponse#created_at #created_at} => Time
+    #   * {Types::GetPolicyGenerationSummaryResponse#updated_at #updated_at} => Time
+    #   * {Types::GetPolicyGenerationSummaryResponse#status #status} => String
+    #   * {Types::GetPolicyGenerationSummaryResponse#findings #findings} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_policy_generation_summary({
+    #     policy_generation_id: "ResourceId", # required
+    #     policy_engine_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policy_engine_id #=> String
+    #   resp.policy_generation_id #=> String
+    #   resp.name #=> String
+    #   resp.policy_generation_arn #=> String
+    #   resp.resource.arn #=> String
+    #   resp.created_at #=> Time
+    #   resp.updated_at #=> Time
+    #   resp.status #=> String, one of "GENERATING", "GENERATED", "GENERATE_FAILED", "DELETE_FAILED"
+    #   resp.findings #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyGenerationSummary AWS API Documentation
+    #
+    # @overload get_policy_generation_summary(params = {})
+    # @param [Hash] params ({})
+    def get_policy_generation_summary(params = {}, options = {})
+      req = build_request(:get_policy_generation_summary, params)
+      req.send_request(options)
+    end
+
+    # Retrieves a metadata-only summary of a specific policy without
+    # decrypting customer content. This lightweight read operation returns
+    # resource identifiers, status, and timestamps, but does not include the
+    # policy definition, description, or status reasons. Because this
+    # operation does not require access to the customer's KMS key, it is
+    # suitable for resource discovery, inventory, and integration scenarios
+    # where only metadata is needed.
+    #
+    # @option params [required, String] :policy_engine_id
+    #   The identifier of the policy engine that manages the policy to
+    #   retrieve the summary for.
+    #
+    # @option params [required, String] :policy_id
+    #   The unique identifier of the policy to retrieve the summary for. This
+    #   must be a valid policy ID that exists within the specified policy
+    #   engine.
+    #
+    # @return [Types::GetPolicySummaryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPolicySummaryResponse#policy_id #policy_id} => String
+    #   * {Types::GetPolicySummaryResponse#name #name} => String
+    #   * {Types::GetPolicySummaryResponse#policy_engine_id #policy_engine_id} => String
+    #   * {Types::GetPolicySummaryResponse#created_at #created_at} => Time
+    #   * {Types::GetPolicySummaryResponse#updated_at #updated_at} => Time
+    #   * {Types::GetPolicySummaryResponse#policy_arn #policy_arn} => String
+    #   * {Types::GetPolicySummaryResponse#status #status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_policy_summary({
+    #     policy_engine_id: "ResourceId", # required
+    #     policy_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policy_id #=> String
+    #   resp.name #=> String
+    #   resp.policy_engine_id #=> String
+    #   resp.created_at #=> Time
+    #   resp.updated_at #=> Time
+    #   resp.policy_arn #=> String
+    #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicySummary AWS API Documentation
+    #
+    # @overload get_policy_summary(params = {})
+    # @param [Hash] params ({})
+    def get_policy_summary(params = {}, options = {})
+      req = build_request(:get_policy_summary, params)
+      req.send_request(options)
+    end
+
     # Retrieves information about a specific registry.
     #
     # @option params [required, String] :registry_id
@@ -7438,6 +8247,149 @@ module Aws::BedrockAgentCoreControl
       req.send_request(options)
     end
 
+    # Lists all payment connectors for a specified payment manager.
+    #
+    # @option params [required, String] :payment_manager_id
+    #   The unique identifier of the payment manager whose connectors to list.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return in the response. If the total
+    #   number of results is greater than this value, use the token returned
+    #   in the response in the `nextToken` field when making another request
+    #   to return the next batch of results.
+    #
+    # @option params [String] :next_token
+    #   If the total number of results is greater than the `maxResults` value
+    #   provided in the request, enter the token returned in the `nextToken`
+    #   field in the response in this field to return the next batch of
+    #   results.
+    #
+    # @return [Types::ListPaymentConnectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListPaymentConnectorsResponse#payment_connectors #payment_connectors} => Array&lt;Types::PaymentConnectorSummary&gt;
+    #   * {Types::ListPaymentConnectorsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_payment_connectors({
+    #     payment_manager_id: "PaymentManagerId", # required
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.payment_connectors #=> Array
+    #   resp.payment_connectors[0].payment_connector_id #=> String
+    #   resp.payment_connectors[0].name #=> String
+    #   resp.payment_connectors[0].type #=> String, one of "CoinbaseCDP", "StripePrivy"
+    #   resp.payment_connectors[0].status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.payment_connectors[0].last_updated_at #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentConnectors AWS API Documentation
+    #
+    # @overload list_payment_connectors(params = {})
+    # @param [Hash] params ({})
+    def list_payment_connectors(params = {}, options = {})
+      req = build_request(:list_payment_connectors, params)
+      req.send_request(options)
+    end
+
+    # Lists all payment credential providers in the account.
+    #
+    # @option params [String] :next_token
+    #   Pagination token.
+    #
+    # @option params [Integer] :max_results
+    #   Maximum number of results to return.
+    #
+    # @return [Types::ListPaymentCredentialProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListPaymentCredentialProvidersResponse#credential_providers #credential_providers} => Array&lt;Types::PaymentCredentialProviderItem&gt;
+    #   * {Types::ListPaymentCredentialProvidersResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_payment_credential_providers({
+    #     next_token: "String",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.credential_providers #=> Array
+    #   resp.credential_providers[0].name #=> String
+    #   resp.credential_providers[0].credential_provider_vendor #=> String, one of "CoinbaseCDP", "StripePrivy"
+    #   resp.credential_providers[0].credential_provider_arn #=> String
+    #   resp.credential_providers[0].created_time #=> Time
+    #   resp.credential_providers[0].last_updated_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentCredentialProviders AWS API Documentation
+    #
+    # @overload list_payment_credential_providers(params = {})
+    # @param [Hash] params ({})
+    def list_payment_credential_providers(params = {}, options = {})
+      req = build_request(:list_payment_credential_providers, params)
+      req.send_request(options)
+    end
+
+    # Lists all payment managers in the account.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return in the response. If the total
+    #   number of results is greater than this value, use the token returned
+    #   in the response in the `nextToken` field when making another request
+    #   to return the next batch of results.
+    #
+    # @option params [String] :next_token
+    #   If the total number of results is greater than the `maxResults` value
+    #   provided in the request, enter the token returned in the `nextToken`
+    #   field in the response in this field to return the next batch of
+    #   results.
+    #
+    # @return [Types::ListPaymentManagersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListPaymentManagersResponse#payment_managers #payment_managers} => Array&lt;Types::PaymentManagerSummary&gt;
+    #   * {Types::ListPaymentManagersResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_payment_managers({
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.payment_managers #=> Array
+    #   resp.payment_managers[0].payment_manager_arn #=> String
+    #   resp.payment_managers[0].payment_manager_id #=> String
+    #   resp.payment_managers[0].name #=> String
+    #   resp.payment_managers[0].description #=> String
+    #   resp.payment_managers[0].authorizer_type #=> String, one of "CUSTOM_JWT", "AWS_IAM"
+    #   resp.payment_managers[0].role_arn #=> String
+    #   resp.payment_managers[0].status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.payment_managers[0].created_at #=> Time
+    #   resp.payment_managers[0].last_updated_at #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentManagers AWS API Documentation
+    #
+    # @overload list_payment_managers(params = {})
+    # @param [Hash] params ({})
+    def list_payment_managers(params = {}, options = {})
+      req = build_request(:list_payment_managers, params)
+      req.send_request(options)
+    end
+
     # Retrieves a list of policies within the AgentCore Policy engine. This
     # operation supports pagination and filtering to help administrators
     # manage and discover policies across policy engines. Results can be
@@ -7488,14 +8440,14 @@ module Aws::BedrockAgentCoreControl
     #   resp.policies[0].policy_id #=> String
     #   resp.policies[0].name #=> String
     #   resp.policies[0].policy_engine_id #=> String
-    #   resp.policies[0].definition.cedar.statement #=> String
-    #   resp.policies[0].definition.policy_generation.policy_generation_id #=> String
-    #   resp.policies[0].definition.policy_generation.policy_generation_asset_id #=> String
-    #   resp.policies[0].description #=> String
     #   resp.policies[0].created_at #=> Time
     #   resp.policies[0].updated_at #=> Time
     #   resp.policies[0].policy_arn #=> String
     #   resp.policies[0].status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.policies[0].definition.cedar.statement #=> String
+    #   resp.policies[0].definition.policy_generation.policy_generation_id #=> String
+    #   resp.policies[0].definition.policy_generation.policy_generation_asset_id #=> String
+    #   resp.policies[0].description #=> String
     #   resp.policies[0].status_reasons #=> Array
     #   resp.policies[0].status_reasons[0] #=> String
     #   resp.next_token #=> String
@@ -7509,6 +8461,62 @@ module Aws::BedrockAgentCoreControl
       req.send_request(options)
     end
 
+    # Retrieves a paginated list of metadata-only policy engine summaries
+    # without decrypting customer content. This lightweight read operation
+    # returns resource identifiers, status, and timestamps for each policy
+    # engine, but does not include descriptions or status reasons. Because
+    # this operation does not require access to the customer's KMS key, it
+    # is suitable for resource discovery, inventory, and integration
+    # scenarios where only metadata is needed.
+    #
+    # @option params [String] :next_token
+    #   A pagination token returned from a previous
+    #   [ListPolicyEngineSummaries][1] call. Use this token to retrieve the
+    #   next page of results when the response is paginated.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of policy engine summaries to return in a single
+    #   response.
+    #
+    # @return [Types::ListPolicyEngineSummariesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListPolicyEngineSummariesResponse#policy_engines #policy_engines} => Array&lt;Types::PolicyEngineSummary&gt;
+    #   * {Types::ListPolicyEngineSummariesResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_policy_engine_summaries({
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policy_engines #=> Array
+    #   resp.policy_engines[0].policy_engine_id #=> String
+    #   resp.policy_engines[0].name #=> String
+    #   resp.policy_engines[0].created_at #=> Time
+    #   resp.policy_engines[0].updated_at #=> Time
+    #   resp.policy_engines[0].policy_engine_arn #=> String
+    #   resp.policy_engines[0].status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.policy_engines[0].encryption_key_arn #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyEngineSummaries AWS API Documentation
+    #
+    # @overload list_policy_engine_summaries(params = {})
+    # @param [Hash] params ({})
+    def list_policy_engine_summaries(params = {}, options = {})
+      req = build_request(:list_policy_engine_summaries, params)
+      req.send_request(options)
+    end
+
     # Retrieves a list of policy engines within the AgentCore Policy system.
     # This operation supports pagination to help administrators discover and
     # manage policy engines across their account. Each policy engine serves
@@ -7547,14 +8555,14 @@ module Aws::BedrockAgentCoreControl
     #   resp.policy_engines #=> Array
     #   resp.policy_engines[0].policy_engine_id #=> String
     #   resp.policy_engines[0].name #=> String
-    #   resp.policy_engines[0].description #=> String
     #   resp.policy_engines[0].created_at #=> Time
     #   resp.policy_engines[0].updated_at #=> Time
     #   resp.policy_engines[0].policy_engine_arn #=> String
     #   resp.policy_engines[0].status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.policy_engines[0].encryption_key_arn #=> String
+    #   resp.policy_engines[0].description #=> String
     #   resp.policy_engines[0].status_reasons #=> Array
     #   resp.policy_engines[0].status_reasons[0] #=> String
-    #   resp.policy_engines[0].encryption_key_arn #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyEngines AWS API Documentation
@@ -7633,12 +8641,75 @@ module Aws::BedrockAgentCoreControl
     #   resp.policy_generation_assets[0].findings[0].description #=> String
     #   resp.next_token #=> String
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyGenerationAssets AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyGenerationAssets AWS API Documentation
+    #
+    # @overload list_policy_generation_assets(params = {})
+    # @param [Hash] params ({})
+    def list_policy_generation_assets(params = {}, options = {})
+      req = build_request(:list_policy_generation_assets, params)
+      req.send_request(options)
+    end
+
+    # Retrieves a paginated list of metadata-only policy generation
+    # summaries within a policy engine without decrypting customer content.
+    # This lightweight read operation returns resource identifiers, status,
+    # timestamps, and findings for each policy generation, but does not
+    # include status reasons. Because this operation does not require access
+    # to the customer's KMS key, it is suitable for resource discovery,
+    # inventory, and integration scenarios where only metadata is needed.
+    #
+    # @option params [String] :next_token
+    #   A pagination token returned from a previous
+    #   [ListPolicyGenerationSummaries][1] call. Use this token to retrieve
+    #   the next page of results when the response is paginated.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of policy generation summaries to return in a
+    #   single response.
+    #
+    # @option params [required, String] :policy_engine_id
+    #   The identifier of the policy engine whose policy generation summaries
+    #   to retrieve.
+    #
+    # @return [Types::ListPolicyGenerationSummariesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListPolicyGenerationSummariesResponse#policy_generations #policy_generations} => Array&lt;Types::PolicyGenerationSummary&gt;
+    #   * {Types::ListPolicyGenerationSummariesResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_policy_generation_summaries({
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #     policy_engine_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policy_generations #=> Array
+    #   resp.policy_generations[0].policy_engine_id #=> String
+    #   resp.policy_generations[0].policy_generation_id #=> String
+    #   resp.policy_generations[0].name #=> String
+    #   resp.policy_generations[0].policy_generation_arn #=> String
+    #   resp.policy_generations[0].resource.arn #=> String
+    #   resp.policy_generations[0].created_at #=> Time
+    #   resp.policy_generations[0].updated_at #=> Time
+    #   resp.policy_generations[0].status #=> String, one of "GENERATING", "GENERATED", "GENERATE_FAILED", "DELETE_FAILED"
+    #   resp.policy_generations[0].findings #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyGenerationSummaries AWS API Documentation
     #
-    # @overload list_policy_generation_assets(params = {})
+    # @overload list_policy_generation_summaries(params = {})
     # @param [Hash] params ({})
-    def list_policy_generation_assets(params = {}, options = {})
-      req = build_request(:list_policy_generation_assets, params)
+    def list_policy_generation_summaries(params = {}, options = {})
+      req = build_request(:list_policy_generation_summaries, params)
       req.send_request(options)
     end
 
@@ -7684,9 +8755,9 @@ module Aws::BedrockAgentCoreControl
     #   resp.policy_generations[0].created_at #=> Time
     #   resp.policy_generations[0].updated_at #=> Time
     #   resp.policy_generations[0].status #=> String, one of "GENERATING", "GENERATED", "GENERATE_FAILED", "DELETE_FAILED"
+    #   resp.policy_generations[0].findings #=> String
     #   resp.policy_generations[0].status_reasons #=> Array
     #   resp.policy_generations[0].status_reasons[0] #=> String
-    #   resp.policy_generations[0].findings #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyGenerations AWS API Documentation
@@ -7698,8 +8769,77 @@ module Aws::BedrockAgentCoreControl
       req.send_request(options)
     end
 
+    # Retrieves a paginated list of metadata-only policy summaries within a
+    # policy engine without decrypting customer content. This lightweight
+    # read operation returns resource identifiers, status, and timestamps
+    # for each policy, but does not include policy definitions,
+    # descriptions, or status reasons. Because this operation does not
+    # require access to the customer's KMS key, it is suitable for resource
+    # discovery, inventory, and integration scenarios where only metadata is
+    # needed.
+    #
+    # @option params [String] :next_token
+    #   A pagination token returned from a previous [ListPolicySummaries][1]
+    #   call. Use this token to retrieve the next page of results when the
+    #   response is paginated.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of policy summaries to return in a single response.
+    #
+    # @option params [required, String] :policy_engine_id
+    #   The identifier of the policy engine whose policy summaries to
+    #   retrieve.
+    #
+    # @option params [String] :target_resource_scope
+    #   Optional filter to list policy summaries that apply to a specific
+    #   resource scope or resource type. This helps narrow down results to
+    #   those relevant for particular Amazon Web Services resources, agent
+    #   tools, or operational contexts within the policy engine ecosystem.
+    #
+    # @return [Types::ListPolicySummariesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListPolicySummariesResponse#policies #policies} => Array&lt;Types::PolicySummary&gt;
+    #   * {Types::ListPolicySummariesResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_policy_summaries({
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #     policy_engine_id: "ResourceId", # required
+    #     target_resource_scope: "BedrockAgentcoreResourceArn",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policies #=> Array
+    #   resp.policies[0].policy_id #=> String
+    #   resp.policies[0].name #=> String
+    #   resp.policies[0].policy_engine_id #=> String
+    #   resp.policies[0].created_at #=> Time
+    #   resp.policies[0].updated_at #=> Time
+    #   resp.policies[0].policy_arn #=> String
+    #   resp.policies[0].status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicySummaries AWS API Documentation
+    #
+    # @overload list_policy_summaries(params = {})
+    # @param [Hash] params ({})
+    def list_policy_summaries(params = {}, options = {})
+      req = build_request(:list_policy_summaries, params)
+      req.send_request(options)
+    end
+
     # Lists all registries in the account. You can optionally filter results
-    # by status using the `status` parameter.
+    # by status using the `status` parameter, or by authorizer type using
+    # the `authorizerType` parameter.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return in the response. If the total
@@ -7718,6 +8858,11 @@ module Aws::BedrockAgentCoreControl
     #   `CREATING`, `READY`, `UPDATING`, `CREATE_FAILED`, `UPDATE_FAILED`,
     #   `DELETING`, and `DELETE_FAILED`.
     #
+    # @option params [String] :authorizer_type
+    #   Filter registries by their authorizer type. Possible values are
+    #   `CUSTOM_JWT` and `AWS_IAM`. For more information about authorizer
+    #   types, see the `RegistryAuthorizerType` enum.
+    #
     # @return [Types::ListRegistriesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListRegistriesResponse#registries #registries} => Array&lt;Types::RegistrySummary&gt;
@@ -7731,6 +8876,7 @@ module Aws::BedrockAgentCoreControl
     #     max_results: 1,
     #     next_token: "NextToken",
     #     status: "CREATING", # accepts CREATING, READY, UPDATING, CREATE_FAILED, UPDATE_FAILED, DELETING, DELETE_FAILED
+    #     authorizer_type: "CUSTOM_JWT", # accepts CUSTOM_JWT, AWS_IAM
     #   })
     #
     # @example Response structure
@@ -8041,8 +9187,8 @@ module Aws::BedrockAgentCoreControl
     #   * {Types::StartPolicyGenerationResponse#created_at #created_at} => Time
     #   * {Types::StartPolicyGenerationResponse#updated_at #updated_at} => Time
     #   * {Types::StartPolicyGenerationResponse#status #status} => String
-    #   * {Types::StartPolicyGenerationResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #   * {Types::StartPolicyGenerationResponse#findings #findings} => String
+    #   * {Types::StartPolicyGenerationResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -8068,9 +9214,9 @@ module Aws::BedrockAgentCoreControl
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.status #=> String, one of "GENERATING", "GENERATED", "GENERATE_FAILED", "DELETE_FAILED"
+    #   resp.findings #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
-    #   resp.findings #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/StartPolicyGeneration AWS API Documentation
     #
@@ -8414,6 +9560,7 @@ module Aws::BedrockAgentCoreControl
     #       network_mode_config: {
     #         security_groups: ["SecurityGroupId"], # required
     #         subnets: ["SubnetId"], # required
+    #         require_service_s3_endpoint: false,
     #       },
     #     },
     #     description: "Description",
@@ -9651,6 +10798,7 @@ module Aws::BedrockAgentCoreControl
     #           network_mode_config: {
     #             security_groups: ["SecurityGroupId"], # required
     #             subnets: ["SubnetId"], # required
+    #             require_service_s3_endpoint: false,
     #           },
     #         },
     #         filesystem_configurations: [
@@ -9911,6 +11059,7 @@ module Aws::BedrockAgentCoreControl
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.security_groups[0] #=> String
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.subnets #=> Array
     #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.subnets[0] #=> String
+    #   resp.harness.environment.agent_core_runtime_environment.network_configuration.network_mode_config.require_service_s3_endpoint #=> Boolean
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations #=> Array
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations[0].session_storage.mount_path #=> String
     #   resp.harness.environment.agent_core_runtime_environment.filesystem_configurations[0].s3_files_access_point.access_point_arn #=> String
@@ -10980,6 +12129,286 @@ module Aws::BedrockAgentCoreControl
       req.send_request(options)
     end
 
+    # Updates an existing payment connector. This operation uses PATCH
+    # semantics, so you only need to specify the fields you want to change.
+    #
+    # @option params [required, String] :payment_manager_id
+    #   The unique identifier of the parent payment manager.
+    #
+    # @option params [required, String] :payment_connector_id
+    #   The unique identifier of the payment connector to update.
+    #
+    # @option params [String] :description
+    #   The updated description of the payment connector.
+    #
+    # @option params [String] :type
+    #   The updated type of the payment connector.
+    #
+    # @option params [Array<Types::CredentialsProviderConfiguration>] :credential_provider_configurations
+    #   The updated credential provider configurations for the payment
+    #   connector.
+    #
+    # @option params [String] :client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a previous
+    #   request, the service ignores the request, but doesn't return an
+    #   error. For more information, see [Ensuring idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #
+    # @return [Types::UpdatePaymentConnectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdatePaymentConnectorResponse#payment_connector_id #payment_connector_id} => String
+    #   * {Types::UpdatePaymentConnectorResponse#payment_manager_id #payment_manager_id} => String
+    #   * {Types::UpdatePaymentConnectorResponse#name #name} => String
+    #   * {Types::UpdatePaymentConnectorResponse#type #type} => String
+    #   * {Types::UpdatePaymentConnectorResponse#credential_provider_configurations #credential_provider_configurations} => Array&lt;Types::CredentialsProviderConfiguration&gt;
+    #   * {Types::UpdatePaymentConnectorResponse#last_updated_at #last_updated_at} => Time
+    #   * {Types::UpdatePaymentConnectorResponse#status #status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_payment_connector({
+    #     payment_manager_id: "PaymentManagerId", # required
+    #     payment_connector_id: "PaymentConnectorId", # required
+    #     description: "PaymentsDescription",
+    #     type: "CoinbaseCDP", # accepts CoinbaseCDP, StripePrivy
+    #     credential_provider_configurations: [
+    #       {
+    #         coinbase_cdp: {
+    #           credential_provider_arn: "PaymentCredentialProviderArn", # required
+    #         },
+    #         stripe_privy: {
+    #           credential_provider_arn: "PaymentCredentialProviderArn", # required
+    #         },
+    #       },
+    #     ],
+    #     client_token: "ClientToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.payment_connector_id #=> String
+    #   resp.payment_manager_id #=> String
+    #   resp.name #=> String
+    #   resp.type #=> String, one of "CoinbaseCDP", "StripePrivy"
+    #   resp.credential_provider_configurations #=> Array
+    #   resp.credential_provider_configurations[0].coinbase_cdp.credential_provider_arn #=> String
+    #   resp.credential_provider_configurations[0].stripe_privy.credential_provider_arn #=> String
+    #   resp.last_updated_at #=> Time
+    #   resp.status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentConnector AWS API Documentation
+    #
+    # @overload update_payment_connector(params = {})
+    # @param [Hash] params ({})
+    def update_payment_connector(params = {}, options = {})
+      req = build_request(:update_payment_connector, params)
+      req.send_request(options)
+    end
+
+    # Updates an existing payment credential provider with new
+    # authentication credentials.
+    #
+    # @option params [required, String] :name
+    #   The name of the payment credential provider to update.
+    #
+    # @option params [required, String] :credential_provider_vendor
+    #   The vendor type for the payment credential provider (e.g.,
+    #   CoinbaseCDP, StripePrivy).
+    #
+    # @option params [required, Types::PaymentProviderConfigurationInput] :provider_configuration_input
+    #   Configuration specific to the vendor, including API credentials.
+    #
+    # @return [Types::UpdatePaymentCredentialProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdatePaymentCredentialProviderResponse#name #name} => String
+    #   * {Types::UpdatePaymentCredentialProviderResponse#credential_provider_vendor #credential_provider_vendor} => String
+    #   * {Types::UpdatePaymentCredentialProviderResponse#credential_provider_arn #credential_provider_arn} => String
+    #   * {Types::UpdatePaymentCredentialProviderResponse#provider_configuration_output #provider_configuration_output} => Types::PaymentProviderConfigurationOutput
+    #   * {Types::UpdatePaymentCredentialProviderResponse#created_time #created_time} => Time
+    #   * {Types::UpdatePaymentCredentialProviderResponse#last_updated_time #last_updated_time} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_payment_credential_provider({
+    #     name: "CredentialProviderName", # required
+    #     credential_provider_vendor: "CoinbaseCDP", # required, accepts CoinbaseCDP, StripePrivy
+    #     provider_configuration_input: { # required
+    #       coinbase_cdp_configuration: {
+    #         api_key_id: "CoinbaseCdpApiKeyIdType", # required
+    #         api_key_secret: "CoinbaseCdpApiKeySecretType", # required
+    #         wallet_secret: "CoinbaseCdpWalletSecretType", # required
+    #       },
+    #       stripe_privy_configuration: {
+    #         app_id: "StripePrivyAppIdType", # required
+    #         app_secret: "StripePrivyAppSecretType", # required
+    #         authorization_private_key: "StripePrivyAuthorizationPrivateKeyType", # required
+    #         authorization_id: "StripePrivyAuthorizationIdType", # required
+    #       },
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.name #=> String
+    #   resp.credential_provider_vendor #=> String, one of "CoinbaseCDP", "StripePrivy"
+    #   resp.credential_provider_arn #=> String
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.api_key_id #=> String
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.api_key_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.coinbase_cdp_configuration.wallet_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.app_id #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.app_secret_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.authorization_private_key_arn.secret_arn #=> String
+    #   resp.provider_configuration_output.stripe_privy_configuration.authorization_id #=> String
+    #   resp.created_time #=> Time
+    #   resp.last_updated_time #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentCredentialProvider AWS API Documentation
+    #
+    # @overload update_payment_credential_provider(params = {})
+    # @param [Hash] params ({})
+    def update_payment_credential_provider(params = {}, options = {})
+      req = build_request(:update_payment_credential_provider, params)
+      req.send_request(options)
+    end
+
+    # Updates an existing payment manager. This operation uses PATCH
+    # semantics, so you only need to specify the fields you want to change.
+    #
+    # @option params [required, String] :payment_manager_id
+    #   The unique identifier of the payment manager to update.
+    #
+    # @option params [String] :description
+    #   The updated description of the payment manager.
+    #
+    # @option params [String] :authorizer_type
+    #   The updated authorizer type for the payment manager.
+    #
+    # @option params [Types::AuthorizerConfiguration] :authorizer_configuration
+    #   The updated authorizer configuration for the payment manager.
+    #
+    # @option params [String] :role_arn
+    #   The updated Amazon Resource Name (ARN) of the IAM role for the payment
+    #   manager.
+    #
+    # @option params [String] :client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a previous
+    #   request, the service ignores the request, but doesn't return an
+    #   error. For more information, see [Ensuring idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #
+    # @return [Types::UpdatePaymentManagerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdatePaymentManagerResponse#payment_manager_arn #payment_manager_arn} => String
+    #   * {Types::UpdatePaymentManagerResponse#payment_manager_id #payment_manager_id} => String
+    #   * {Types::UpdatePaymentManagerResponse#name #name} => String
+    #   * {Types::UpdatePaymentManagerResponse#authorizer_type #authorizer_type} => String
+    #   * {Types::UpdatePaymentManagerResponse#role_arn #role_arn} => String
+    #   * {Types::UpdatePaymentManagerResponse#workload_identity_details #workload_identity_details} => Types::WorkloadIdentityDetails
+    #   * {Types::UpdatePaymentManagerResponse#last_updated_at #last_updated_at} => Time
+    #   * {Types::UpdatePaymentManagerResponse#status #status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_payment_manager({
+    #     payment_manager_id: "PaymentManagerId", # required
+    #     description: "PaymentsDescription",
+    #     authorizer_type: "CUSTOM_JWT", # accepts CUSTOM_JWT, AWS_IAM
+    #     authorizer_configuration: {
+    #       custom_jwt_authorizer: {
+    #         discovery_url: "DiscoveryUrl", # required
+    #         allowed_audience: ["AllowedAudience"],
+    #         allowed_clients: ["AllowedClient"],
+    #         allowed_scopes: ["AllowedScopeType"],
+    #         custom_claims: [
+    #           {
+    #             inbound_token_claim_name: "InboundTokenClaimNameType", # required
+    #             inbound_token_claim_value_type: "STRING", # required, accepts STRING, STRING_ARRAY
+    #             authorizing_claim_match_value: { # required
+    #               claim_match_value: { # required
+    #                 match_value_string: "MatchValueString",
+    #                 match_value_string_list: ["MatchValueString"],
+    #               },
+    #               claim_match_operator: "EQUALS", # required, accepts EQUALS, CONTAINS, CONTAINS_ANY
+    #             },
+    #           },
+    #         ],
+    #         private_endpoint: {
+    #           self_managed_lattice_resource: {
+    #             resource_configuration_identifier: "ResourceConfigurationIdentifier",
+    #           },
+    #           managed_vpc_resource: {
+    #             vpc_identifier: "VpcIdentifier", # required
+    #             subnet_ids: ["SubnetId"], # required
+    #             endpoint_ip_address_type: "IPV4", # required, accepts IPV4, IPV6
+    #             security_group_ids: ["SecurityGroupIdentifier"],
+    #             tags: {
+    #               "TagKey" => "TagValue",
+    #             },
+    #             routing_domain: "RoutingDomain",
+    #           },
+    #         },
+    #         private_endpoint_overrides: [
+    #           {
+    #             domain: "PrivateEndpointOverrideDomain", # required
+    #             private_endpoint: { # required
+    #               self_managed_lattice_resource: {
+    #                 resource_configuration_identifier: "ResourceConfigurationIdentifier",
+    #               },
+    #               managed_vpc_resource: {
+    #                 vpc_identifier: "VpcIdentifier", # required
+    #                 subnet_ids: ["SubnetId"], # required
+    #                 endpoint_ip_address_type: "IPV4", # required, accepts IPV4, IPV6
+    #                 security_group_ids: ["SecurityGroupIdentifier"],
+    #                 tags: {
+    #                   "TagKey" => "TagValue",
+    #                 },
+    #                 routing_domain: "RoutingDomain",
+    #               },
+    #             },
+    #           },
+    #         ],
+    #       },
+    #     },
+    #     role_arn: "RoleArn",
+    #     client_token: "ClientToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.payment_manager_arn #=> String
+    #   resp.payment_manager_id #=> String
+    #   resp.name #=> String
+    #   resp.authorizer_type #=> String, one of "CUSTOM_JWT", "AWS_IAM"
+    #   resp.role_arn #=> String
+    #   resp.workload_identity_details.workload_identity_arn #=> String
+    #   resp.last_updated_at #=> Time
+    #   resp.status #=> String, one of "CREATING", "UPDATING", "DELETING", "READY", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentManager AWS API Documentation
+    #
+    # @overload update_payment_manager(params = {})
+    # @param [Hash] params ({})
+    def update_payment_manager(params = {}, options = {})
+      req = build_request(:update_payment_manager, params)
+      req.send_request(options)
+    end
+
     # Updates an existing policy within the AgentCore Policy system. This
     # operation allows modification of the policy description and definition
     # while maintaining the policy's identity. The updated policy is
@@ -11021,12 +12450,12 @@ module Aws::BedrockAgentCoreControl
     #   * {Types::UpdatePolicyResponse#policy_id #policy_id} => String
     #   * {Types::UpdatePolicyResponse#name #name} => String
     #   * {Types::UpdatePolicyResponse#policy_engine_id #policy_engine_id} => String
-    #   * {Types::UpdatePolicyResponse#definition #definition} => Types::PolicyDefinition
-    #   * {Types::UpdatePolicyResponse#description #description} => String
     #   * {Types::UpdatePolicyResponse#created_at #created_at} => Time
     #   * {Types::UpdatePolicyResponse#updated_at #updated_at} => Time
     #   * {Types::UpdatePolicyResponse#policy_arn #policy_arn} => String
     #   * {Types::UpdatePolicyResponse#status #status} => String
+    #   * {Types::UpdatePolicyResponse#definition #definition} => Types::PolicyDefinition
+    #   * {Types::UpdatePolicyResponse#description #description} => String
     #   * {Types::UpdatePolicyResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
@@ -11054,14 +12483,14 @@ module Aws::BedrockAgentCoreControl
     #   resp.policy_id #=> String
     #   resp.name #=> String
     #   resp.policy_engine_id #=> String
-    #   resp.definition.cedar.statement #=> String
-    #   resp.definition.policy_generation.policy_generation_id #=> String
-    #   resp.definition.policy_generation.policy_generation_asset_id #=> String
-    #   resp.description #=> String
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.policy_arn #=> String
     #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.definition.cedar.statement #=> String
+    #   resp.definition.policy_generation.policy_generation_id #=> String
+    #   resp.definition.policy_generation.policy_generation_asset_id #=> String
+    #   resp.description #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
     #
@@ -11090,13 +12519,13 @@ module Aws::BedrockAgentCoreControl
     #
     #   * {Types::UpdatePolicyEngineResponse#policy_engine_id #policy_engine_id} => String
     #   * {Types::UpdatePolicyEngineResponse#name #name} => String
-    #   * {Types::UpdatePolicyEngineResponse#description #description} => String
     #   * {Types::UpdatePolicyEngineResponse#created_at #created_at} => Time
     #   * {Types::UpdatePolicyEngineResponse#updated_at #updated_at} => Time
     #   * {Types::UpdatePolicyEngineResponse#policy_engine_arn #policy_engine_arn} => String
     #   * {Types::UpdatePolicyEngineResponse#status #status} => String
-    #   * {Types::UpdatePolicyEngineResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #   * {Types::UpdatePolicyEngineResponse#encryption_key_arn #encryption_key_arn} => String
+    #   * {Types::UpdatePolicyEngineResponse#description #description} => String
+    #   * {Types::UpdatePolicyEngineResponse#status_reasons #status_reasons} => Array&lt;String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -11111,14 +12540,14 @@ module Aws::BedrockAgentCoreControl
     #
     #   resp.policy_engine_id #=> String
     #   resp.name #=> String
-    #   resp.description #=> String
     #   resp.created_at #=> Time
     #   resp.updated_at #=> Time
     #   resp.policy_engine_arn #=> String
     #   resp.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "UPDATE_FAILED", "DELETE_FAILED"
+    #   resp.encryption_key_arn #=> String
+    #   resp.description #=> String
     #   resp.status_reasons #=> Array
     #   resp.status_reasons[0] #=> String
-    #   resp.encryption_key_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePolicyEngine AWS API Documentation
     #
@@ -11616,7 +13045,7 @@ module Aws::BedrockAgentCoreControl
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-bedrockagentcorecontrol'
-      context[:gem_version] = '1.44.0'
+      context[:gem_version] = '1.46.0'
       Seahorse::Client::Request.new(handlers, context)
     end