aws-sdk-bedrockagentcorecontrol 1.44.0 → 1.46.0

data/lib/aws-sdk-bedrockagentcorecontrol/types.rb

@@ -639,7 +639,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] vpc_config
-    #   VpcConfig for the Agent.
+    #   The VPC configuration for the browser. This configuration is
+    #   required when the network mode is set to `VPC`.
     #   @return [Types::VpcConfig]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/BrowserNetworkConfiguration AWS API Documentation
@@ -1039,7 +1040,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] vpc_config
-    #   VpcConfig for the Agent.
+    #   The VPC configuration for the code interpreter. This configuration
+    #   is required when the network mode is set to `VPC`.
     #   @return [Types::VpcConfig]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CodeInterpreterNetworkConfiguration AWS API Documentation
@@ -1096,6 +1098,55 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # Coinbase CDP configuration — credentials provided by Coinbase
+    # Developer Platform.
+    #
+    # @!attribute [rw] api_key_id
+    #   The API key identifier provided by Coinbase Developer Platform.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_secret
+    #   The API key secret provided by Coinbase Developer Platform.
+    #   @return [String]
+    #
+    # @!attribute [rw] wallet_secret
+    #   The wallet secret provided by Coinbase Developer Platform.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CoinbaseCdpConfigurationInput AWS API Documentation
+    #
+    class CoinbaseCdpConfigurationInput < Struct.new(
+      :api_key_id,
+      :api_key_secret,
+      :wallet_secret)
+      SENSITIVE = [:api_key_secret, :wallet_secret]
+      include Aws::Structure
+    end
+
+    # Coinbase CDP configuration output with secret ARNs.
+    #
+    # @!attribute [rw] api_key_id
+    #   The API key identifier provided by Coinbase Developer Platform.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_secret_arn
+    #   Contains information about a secret in AWS Secrets Manager.
+    #   @return [Types::Secret]
+    #
+    # @!attribute [rw] wallet_secret_arn
+    #   Contains information about a secret in AWS Secrets Manager.
+    #   @return [Types::Secret]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CoinbaseCdpConfigurationOutput AWS API Documentation
+    #
+    class CoinbaseCdpConfigurationOutput < Struct.new(
+      :api_key_id,
+      :api_key_secret_arn,
+      :wallet_secret_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The configuration for a component within a configuration bundle. The
     # component type is inferred from the component identifier ARN.
     #
@@ -2958,6 +3009,282 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the payment manager to create the connector
+    #   for.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of payment connector, which determines the payment provider
+    #   integration.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_configurations
+    #   The credential provider configurations for the payment connector.
+    #   These configurations specify how the connector authenticates with
+    #   the payment provider.
+    #   @return [Array<Types::CredentialsProviderConfiguration>]
+    #
+    # @!attribute [rw] client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a
+    #   previous request, the service ignores the request, but doesn't
+    #   return an error. For more information, see [Ensuring
+    #   idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentConnectorRequest AWS API Documentation
+    #
+    class CreatePaymentConnectorRequest < Struct.new(
+      :payment_manager_id,
+      :name,
+      :description,
+      :type,
+      :credential_provider_configurations,
+      :client_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_connector_id
+    #   The unique identifier of the created payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the parent payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the created payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of the created payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_configurations
+    #   The credential provider configurations for the created payment
+    #   connector.
+    #   @return [Array<Types::CredentialsProviderConfiguration>]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the payment connector was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The current status of the payment connector. Possible values include
+    #   `CREATING`, `READY`, `UPDATING`, `DELETING`, `CREATE_FAILED`,
+    #   `UPDATE_FAILED`, and `DELETE_FAILED`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentConnectorResponse AWS API Documentation
+    #
+    class CreatePaymentConnectorResponse < Struct.new(
+      :payment_connector_id,
+      :payment_manager_id,
+      :name,
+      :type,
+      :credential_provider_configurations,
+      :created_at,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   Unique name for the payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_vendor
+    #   The vendor type for the payment credential provider (e.g.,
+    #   CoinbaseCDP, StripePrivy).
+    #   @return [String]
+    #
+    # @!attribute [rw] provider_configuration_input
+    #   Configuration specific to the vendor, including API credentials.
+    #   @return [Types::PaymentProviderConfigurationInput]
+    #
+    # @!attribute [rw] tags
+    #   Optional tags for resource organization.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentCredentialProviderRequest AWS API Documentation
+    #
+    class CreatePaymentCredentialProviderRequest < Struct.new(
+      :name,
+      :credential_provider_vendor,
+      :provider_configuration_input,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the created payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_vendor
+    #   The vendor type for the created payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_arn
+    #   The Amazon Resource Name (ARN) of the created payment credential
+    #   provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] provider_configuration_output
+    #   Output configuration (contains secret ARNs, excludes actual secret
+    #   values).
+    #   @return [Types::PaymentProviderConfigurationOutput]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentCredentialProviderResponse AWS API Documentation
+    #
+    class CreatePaymentCredentialProviderResponse < Struct.new(
+      :name,
+      :credential_provider_vendor,
+      :credential_provider_arn,
+      :provider_configuration_output)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_type
+    #   The type of authorizer to use for the payment manager.
+    #
+    #   * `CUSTOM_JWT` - Authorize with a bearer token.
+    #
+    #   * `AWS_IAM` - Authorize with your Amazon Web Services IAM
+    #     credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_configuration
+    #   The authorizer configuration for the payment manager.
+    #   @return [Types::AuthorizerConfiguration]
+    #
+    # @!attribute [rw] role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role that the payment
+    #   manager assumes to access resources on your behalf.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a
+    #   previous request, the service ignores the request, but doesn't
+    #   return an error. For more information, see [Ensuring
+    #   idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   A map of tag keys and values to assign to the payment manager.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentManagerRequest AWS API Documentation
+    #
+    class CreatePaymentManagerRequest < Struct.new(
+      :name,
+      :description,
+      :authorizer_type,
+      :authorizer_configuration,
+      :role_arn,
+      :client_token,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_manager_arn
+    #   The Amazon Resource Name (ARN) of the created payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the created payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the created payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_type
+    #   The type of authorizer for the created payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_configuration
+    #   Represents inbound authorization configuration options used to
+    #   authenticate incoming requests.
+    #   @return [Types::AuthorizerConfiguration]
+    #
+    # @!attribute [rw] role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role associated with the
+    #   created payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] workload_identity_details
+    #   The information about the workload identity.
+    #   @return [Types::WorkloadIdentityDetails]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the payment manager was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The current status of the payment manager. Possible values include
+    #   `CREATING`, `READY`, `UPDATING`, `DELETING`, `CREATE_FAILED`,
+    #   `UPDATE_FAILED`, and `DELETE_FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The tags associated with the created payment manager.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePaymentManagerResponse AWS API Documentation
+    #
+    class CreatePaymentManagerResponse < Struct.new(
+      :payment_manager_arn,
+      :payment_manager_id,
+      :name,
+      :authorizer_type,
+      :authorizer_configuration,
+      :role_arn,
+      :workload_identity_details,
+      :created_at,
+      :status,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] name
     #   The customer-assigned immutable name for the policy engine. This
     #   name identifies the policy engine and cannot be changed after
@@ -3020,10 +3347,6 @@ module Aws::BedrockAgentCoreControl
     #   human-readable identifier.
     #   @return [String]
     #
-    # @!attribute [rw] description
-    #   A human-readable description of the policy engine's purpose.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The timestamp when the policy engine was created. This is
     #   automatically set by the service and used for auditing and lifecycle
@@ -3046,29 +3369,33 @@ module Aws::BedrockAgentCoreControl
     #   indicates the policy engine is ready for use.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_key_arn
+    #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
+    #   policy engine data.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A human-readable description of the policy engine's purpose.
+    #   @return [String]
+    #
     # @!attribute [rw] status_reasons
     #   Additional information about the policy engine status. This provides
     #   details about any failures or the current state of the policy engine
     #   creation process.
     #   @return [Array<String>]
     #
-    # @!attribute [rw] encryption_key_arn
-    #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
-    #   policy engine data.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreatePolicyEngineResponse AWS API Documentation
     #
     class CreatePolicyEngineResponse < Struct.new(
       :policy_engine_id,
       :name,
-      :description,
       :created_at,
       :updated_at,
       :policy_engine_arn,
       :status,
-      :status_reasons,
-      :encryption_key_arn)
+      :encryption_key_arn,
+      :description,
+      :status_reasons)
       SENSITIVE = [:description]
       include Aws::Structure
     end
@@ -3159,18 +3486,6 @@ module Aws::BedrockAgentCoreControl
     #   evaluation routing.
     #   @return [String]
     #
-    # @!attribute [rw] definition
-    #   The Cedar policy statement that was created. This is the validated
-    #   policy definition that will be used for agent behavior control and
-    #   access decisions.
-    #   @return [Types::PolicyDefinition]
-    #
-    # @!attribute [rw] description
-    #   The human-readable description of the policy's purpose and
-    #   functionality. This helps administrators understand and manage the
-    #   policy.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The timestamp when the policy was created. This is automatically set
     #   by the service and used for auditing and lifecycle management.
@@ -3192,6 +3507,18 @@ module Aws::BedrockAgentCoreControl
     #   policy is ready for use.
     #   @return [String]
     #
+    # @!attribute [rw] definition
+    #   The Cedar policy statement that was created. This is the validated
+    #   policy definition that will be used for agent behavior control and
+    #   access decisions.
+    #   @return [Types::PolicyDefinition]
+    #
+    # @!attribute [rw] description
+    #   The human-readable description of the policy's purpose and
+    #   functionality. This helps administrators understand and manage the
+    #   policy.
+    #   @return [String]
+    #
     # @!attribute [rw] status_reasons
     #   Additional information about the policy status. This provides
     #   details about any failures or the current state of the policy
@@ -3204,12 +3531,12 @@ module Aws::BedrockAgentCoreControl
       :policy_id,
       :name,
       :policy_engine_id,
-      :definition,
-      :description,
       :created_at,
       :updated_at,
       :policy_arn,
       :status,
+      :definition,
+      :description,
       :status_reasons)
       SENSITIVE = [:description]
       include Aws::Structure
@@ -3503,6 +3830,39 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # The credential provider configuration for a payment connector.
+    # Specifies the payment provider type and its associated credential
+    # provider.
+    #
+    # @note CredentialsProviderConfiguration is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @note CredentialsProviderConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of CredentialsProviderConfiguration corresponding to the set member.
+    #
+    # @!attribute [rw] coinbase_cdp
+    #   The credential provider configuration for a Coinbase CDP payment
+    #   connector.
+    #   @return [Types::PaymentCredentialProviderConfiguration]
+    #
+    # @!attribute [rw] stripe_privy
+    #   The credential provider configuration for a Stripe Privy payment
+    #   connector.
+    #   @return [Types::PaymentCredentialProviderConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CredentialsProviderConfiguration AWS API Documentation
+    #
+    class CredentialsProviderConfiguration < Struct.new(
+      :coinbase_cdp,
+      :stripe_privy,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class CoinbaseCdp < CredentialsProviderConfiguration; end
+      class StripePrivy < CredentialsProviderConfiguration; end
+      class Unknown < CredentialsProviderConfiguration; end
+    end
+
     # Defines the name of a custom claim field and rules for finding matches
     # to authenticate its value.
     #
@@ -3780,9 +4140,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [Types::PrivateEndpoint]
     #
     # @!attribute [rw] private_endpoint_overrides
-    #   A list of private endpoint overrides for the JWT authorizer. Each
-    #   override maps a specific domain to a private endpoint, enabling
-    #   secure connectivity through VPC Lattice resource configurations.
+    #   The private endpoint overrides for the custom JWT authorizer
+    #   configuration.
     #   @return [Array<Types::PrivateEndpointOverride>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CustomJWTAuthorizerConfiguration AWS API Documentation
@@ -3810,7 +4169,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The namespaces associated with the custom memory strategy.
+    #   This is a legacy parameter, use `namespaceTemplates`. The namespaces
+    #   associated with the custom memory strategy.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -3859,10 +4219,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [Types::PrivateEndpoint]
     #
     # @!attribute [rw] private_endpoint_overrides
-    #   The list of private endpoint overrides for the custom OAuth2
-    #   provider. Each override maps a specific domain to a private
-    #   endpoint, enabling secure connectivity through VPC Lattice resource
-    #   configurations.
+    #   The private endpoint overrides for the custom OAuth2 provider
+    #   configuration.
     #   @return [Array<Types::PrivateEndpointOverride>]
     #
     # @!attribute [rw] on_behalf_of_token_exchange_config
@@ -3907,10 +4265,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [Types::PrivateEndpoint]
     #
     # @!attribute [rw] private_endpoint_overrides
-    #   The list of private endpoint overrides for the custom OAuth2
-    #   provider. Each override maps a specific domain to a private
-    #   endpoint, enabling secure connectivity through VPC Lattice resource
-    #   configurations.
+    #   The private endpoint overrides for the custom OAuth2 provider
+    #   configuration.
     #   @return [Array<Types::PrivateEndpointOverride>]
     #
     # @!attribute [rw] on_behalf_of_token_exchange_config
@@ -4576,6 +4932,125 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the parent payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_connector_id
+    #   The unique identifier of the payment connector to delete.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a
+    #   previous request, the service ignores the request, but doesn't
+    #   return an error. For more information, see [Ensuring
+    #   idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentConnectorRequest AWS API Documentation
+    #
+    class DeletePaymentConnectorRequest < Struct.new(
+      :payment_manager_id,
+      :payment_connector_id,
+      :client_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] status
+    #   The current status of the payment connector, set to `DELETING` when
+    #   deletion is initiated. Possible values include `CREATING`, `READY`,
+    #   `UPDATING`, `DELETING`, `CREATE_FAILED`, `UPDATE_FAILED`, and
+    #   `DELETE_FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_connector_id
+    #   The unique identifier of the deleted payment connector.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentConnectorResponse AWS API Documentation
+    #
+    class DeletePaymentConnectorResponse < Struct.new(
+      :status,
+      :payment_connector_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the payment credential provider to delete.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentCredentialProviderRequest AWS API Documentation
+    #
+    class DeletePaymentCredentialProviderRequest < Struct.new(
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentCredentialProviderResponse AWS API Documentation
+    #
+    class DeletePaymentCredentialProviderResponse < Aws::EmptyStructure; end
+
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the payment manager to delete.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a
+    #   previous request, the service ignores the request, but doesn't
+    #   return an error. For more information, see [Ensuring
+    #   idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentManagerRequest AWS API Documentation
+    #
+    class DeletePaymentManagerRequest < Struct.new(
+      :payment_manager_id,
+      :client_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] status
+    #   The current status of the payment manager, set to `DELETING` when
+    #   deletion is initiated. Possible values include `CREATING`, `READY`,
+    #   `UPDATING`, `DELETING`, `CREATE_FAILED`, `UPDATE_FAILED`, and
+    #   `DELETE_FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the deleted payment manager.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePaymentManagerResponse AWS API Documentation
+    #
+    class DeletePaymentManagerResponse < Struct.new(
+      :status,
+      :payment_manager_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] policy_engine_id
     #   The unique identifier of the policy engine to be deleted. This must
     #   be a valid policy engine ID that exists within the account.
@@ -4598,10 +5073,6 @@ module Aws::BedrockAgentCoreControl
     #   The customer-assigned name of the deleted policy engine.
     #   @return [String]
     #
-    # @!attribute [rw] description
-    #   The human-readable description of the deleted policy engine.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The timestamp when the deleted policy engine was originally created.
     #   @return [Time]
@@ -4623,29 +5094,33 @@ module Aws::BedrockAgentCoreControl
     #   status about any issues that occurred during the deletion process.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_key_arn
+    #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
+    #   policy engine data.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The human-readable description of the deleted policy engine.
+    #   @return [String]
+    #
     # @!attribute [rw] status_reasons
     #   Additional information about the deletion status. This provides
     #   details about the deletion process or any issues that may have
     #   occurred.
     #   @return [Array<String>]
     #
-    # @!attribute [rw] encryption_key_arn
-    #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
-    #   policy engine data.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeletePolicyEngineResponse AWS API Documentation
     #
     class DeletePolicyEngineResponse < Struct.new(
       :policy_engine_id,
       :name,
-      :description,
       :created_at,
       :updated_at,
       :policy_engine_arn,
       :status,
-      :status_reasons,
-      :encryption_key_arn)
+      :encryption_key_arn,
+      :description,
+      :status_reasons)
       SENSITIVE = [:description]
       include Aws::Structure
     end
@@ -4687,17 +5162,6 @@ module Aws::BedrockAgentCoreControl
     #   operation.
     #   @return [String]
     #
-    # @!attribute [rw] definition
-    #   Represents the definition structure for policies within the
-    #   AgentCore Policy system. This structure encapsulates different
-    #   policy formats and languages that can be used to define access
-    #   control rules.
-    #   @return [Types::PolicyDefinition]
-    #
-    # @!attribute [rw] description
-    #   The human-readable description of the deleted policy.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The timestamp when the deleted policy was originally created.
     #   @return [Time]
@@ -4720,6 +5184,17 @@ module Aws::BedrockAgentCoreControl
     #   process.
     #   @return [String]
     #
+    # @!attribute [rw] definition
+    #   Represents the definition structure for policies within the
+    #   AgentCore Policy system. This structure encapsulates different
+    #   policy formats and languages that can be used to define access
+    #   control rules.
+    #   @return [Types::PolicyDefinition]
+    #
+    # @!attribute [rw] description
+    #   The human-readable description of the deleted policy.
+    #   @return [String]
+    #
     # @!attribute [rw] status_reasons
     #   Additional information about the deletion status. This provides
     #   details about the deletion process or any issues that may have
@@ -4732,12 +5207,12 @@ module Aws::BedrockAgentCoreControl
       :policy_id,
       :name,
       :policy_engine_id,
-      :definition,
-      :description,
       :created_at,
       :updated_at,
       :policy_arn,
       :status,
+      :definition,
+      :description,
       :status_reasons)
       SENSITIVE = [:description]
       include Aws::Structure
@@ -4953,7 +5428,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The namespaces for which to create episodes.
+    #   This is a legacy parameter, use `namespaceTemplates`. The namespaces
+    #   for which to create episodes.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -5067,8 +5543,9 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The namespaces to use for episodic reflection. Can be less nested
-    #   than the episodic namespaces.
+    #   This is a legacy parameter, use `namespaceTemplates`. The namespaces
+    #   to use for episodic reflection. Can be less nested than the episodic
+    #   namespaces.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -5097,8 +5574,9 @@ module Aws::BedrockAgentCoreControl
     # strategy.
     #
     # @!attribute [rw] namespaces
-    #   The namespaces for which to create reflections. Can be less nested
-    #   than the episodic namespaces.
+    #   This is a legacy parameter, use `namespaceTemplates`. The namespaces
+    #   for which to create reflections. Can be less nested than the
+    #   episodic namespaces.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -5123,8 +5601,9 @@ module Aws::BedrockAgentCoreControl
     # An episodic reflection configuration input.
     #
     # @!attribute [rw] namespaces
-    #   The namespaces over which to create reflections. Can be less nested
-    #   than episode namespaces.
+    #   This is a legacy parameter, use `namespaceTemplates`. The namespaces
+    #   over which to create reflections. Can be less nested than episode
+    #   namespaces.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -5160,8 +5639,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The namespaces over which reflections were created. Can be less
-    #   nested than the episodic namespaces.
+    #   This is a legacy parameter. The namespaces over which reflections
+    #   were created. Can be less nested than the episodic namespaces.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -6984,7 +7463,7 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] failure_reason
-    #   The reason for the failure if the OAuth2 credential provider is in a
+    #   The reason for failure if the OAuth2 credential provider is in a
     #   failed state.
     #   @return [String]
     #
@@ -7103,171 +7582,511 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
-    # @!attribute [rw] policy_engine_id
-    #   The unique identifier of the policy engine to be retrieved. This
-    #   must be a valid policy engine ID that exists within the account.
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the parent payment manager.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngineRequest AWS API Documentation
+    # @!attribute [rw] payment_connector_id
+    #   The unique identifier of the payment connector to retrieve.
+    #   @return [String]
     #
-    class GetPolicyEngineRequest < Struct.new(
-      :policy_engine_id)
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentConnectorRequest AWS API Documentation
+    #
+    class GetPaymentConnectorRequest < Struct.new(
+      :payment_manager_id,
+      :payment_connector_id)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] policy_engine_id
-    #   The unique identifier of the retrieved policy engine. This matches
-    #   the policy engine ID provided in the request and serves as the
-    #   system identifier.
+    # @!attribute [rw] payment_connector_id
+    #   The unique identifier of the payment connector.
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The customer-assigned name of the policy engine. This is the
-    #   human-readable identifier that was specified when the policy engine
-    #   was created.
+    #   The name of the payment connector.
     #   @return [String]
     #
     # @!attribute [rw] description
-    #   The human-readable description of the policy engine's purpose and
-    #   scope. This helps administrators understand the policy engine's
-    #   role in governance.
+    #   The description of the payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of the payment connector, which determines the payment
+    #   provider integration.
     #   @return [String]
     #
+    # @!attribute [rw] credential_provider_configurations
+    #   The credential provider configurations for the payment connector.
+    #   @return [Array<Types::CredentialsProviderConfiguration>]
+    #
     # @!attribute [rw] created_at
-    #   The timestamp when the policy engine was originally created.
+    #   The timestamp when the payment connector was created.
     #   @return [Time]
     #
-    # @!attribute [rw] updated_at
-    #   The timestamp when the policy engine was last modified. This tracks
-    #   the most recent changes to the policy engine configuration.
+    # @!attribute [rw] last_updated_at
+    #   The timestamp when the payment connector was last updated.
     #   @return [Time]
     #
-    # @!attribute [rw] policy_engine_arn
-    #   The Amazon Resource Name (ARN) of the policy engine. This globally
-    #   unique identifier can be used for cross-service references and IAM
-    #   policy statements.
-    #   @return [String]
-    #
     # @!attribute [rw] status
-    #   The current status of the policy engine.
-    #   @return [String]
-    #
-    # @!attribute [rw] status_reasons
-    #   Additional information about the policy engine status. This provides
-    #   details about any failures or the current state of the policy
-    #   engine.
-    #   @return [Array<String>]
-    #
-    # @!attribute [rw] encryption_key_arn
-    #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
-    #   policy engine data.
+    #   The current status of the payment connector. Possible values include
+    #   `CREATING`, `READY`, `UPDATING`, `DELETING`, `CREATE_FAILED`,
+    #   `UPDATE_FAILED`, and `DELETE_FAILED`.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngineResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentConnectorResponse AWS API Documentation
     #
-    class GetPolicyEngineResponse < Struct.new(
-      :policy_engine_id,
+    class GetPaymentConnectorResponse < Struct.new(
+      :payment_connector_id,
       :name,
       :description,
+      :type,
+      :credential_provider_configurations,
       :created_at,
-      :updated_at,
-      :policy_engine_arn,
-      :status,
-      :status_reasons,
-      :encryption_key_arn)
-      SENSITIVE = [:description]
+      :last_updated_at,
+      :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] policy_generation_id
-    #   The unique identifier of the policy generation request to be
-    #   retrieved. This must be a valid generation ID from a previous
-    #   [StartPolicyGeneration][1] call.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_StartPolicyGeneration.html
-    #   @return [String]
-    #
-    # @!attribute [rw] policy_engine_id
-    #   The identifier of the policy engine associated with the policy
-    #   generation request. This provides the context for the generation
-    #   operation and schema validation.
+    # @!attribute [rw] name
+    #   The name of the payment credential provider to retrieve.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyGenerationRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentCredentialProviderRequest AWS API Documentation
     #
-    class GetPolicyGenerationRequest < Struct.new(
-      :policy_generation_id,
-      :policy_engine_id)
+    class GetPaymentCredentialProviderRequest < Struct.new(
+      :name)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] policy_engine_id
-    #   The identifier of the policy engine associated with this policy
-    #   generation. This confirms the policy engine context for the
-    #   generation operation.
+    # @!attribute [rw] name
+    #   The name of the payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_arn
+    #   The Amazon Resource Name (ARN) of the payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_vendor
+    #   The vendor type for the payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] provider_configuration_output
+    #   Output configuration (contains secret ARNs, excludes actual secret
+    #   values).
+    #   @return [Types::PaymentProviderConfigurationOutput]
+    #
+    # @!attribute [rw] created_time
+    #   The timestamp when the payment credential provider was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_updated_time
+    #   The timestamp when the payment credential provider was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] tags
+    #   The tags associated with the payment credential provider.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentCredentialProviderResponse AWS API Documentation
+    #
+    class GetPaymentCredentialProviderResponse < Struct.new(
+      :name,
+      :credential_provider_arn,
+      :credential_provider_vendor,
+      :provider_configuration_output,
+      :created_time,
+      :last_updated_time,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the payment manager to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentManagerRequest AWS API Documentation
+    #
+    class GetPaymentManagerRequest < Struct.new(
+      :payment_manager_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_manager_arn
+    #   The Amazon Resource Name (ARN) of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The description of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_type
+    #   The type of authorizer used by the payment manager.
+    #
+    #   * `CUSTOM_JWT` - Authorize with a bearer token.
+    #
+    #   * `AWS_IAM` - Authorize with your Amazon Web Services IAM
+    #     credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_configuration
+    #   Represents inbound authorization configuration options used to
+    #   authenticate incoming requests.
+    #   @return [Types::AuthorizerConfiguration]
+    #
+    # @!attribute [rw] role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role associated with the
+    #   payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] workload_identity_details
+    #   The information about the workload identity.
+    #   @return [Types::WorkloadIdentityDetails]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the payment manager was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_updated_at
+    #   The timestamp when the payment manager was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The current status of the payment manager. Possible values include
+    #   `CREATING`, `READY`, `UPDATING`, `DELETING`, `CREATE_FAILED`,
+    #   `UPDATE_FAILED`, and `DELETE_FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The tags associated with the payment manager.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPaymentManagerResponse AWS API Documentation
+    #
+    class GetPaymentManagerResponse < Struct.new(
+      :payment_manager_arn,
+      :payment_manager_id,
+      :name,
+      :description,
+      :authorizer_type,
+      :authorizer_configuration,
+      :role_arn,
+      :workload_identity_details,
+      :created_at,
+      :last_updated_at,
+      :status,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_engine_id
+    #   The unique identifier of the policy engine to be retrieved. This
+    #   must be a valid policy engine ID that exists within the account.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngineRequest AWS API Documentation
+    #
+    class GetPolicyEngineRequest < Struct.new(
+      :policy_engine_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_engine_id
+    #   The unique identifier of the retrieved policy engine. This matches
+    #   the policy engine ID provided in the request and serves as the
+    #   system identifier.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The customer-assigned name of the policy engine. This is the
+    #   human-readable identifier that was specified when the policy engine
+    #   was created.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the policy engine was originally created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when the policy engine was last modified. This tracks
+    #   the most recent changes to the policy engine configuration.
+    #   @return [Time]
+    #
+    # @!attribute [rw] policy_engine_arn
+    #   The Amazon Resource Name (ARN) of the policy engine. This globally
+    #   unique identifier can be used for cross-service references and IAM
+    #   policy statements.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_key_arn
+    #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
+    #   policy engine data.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The human-readable description of the policy engine's purpose and
+    #   scope. This helps administrators understand the policy engine's
+    #   role in governance.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_reasons
+    #   Additional information about the policy engine status. This provides
+    #   details about any failures or the current state of the policy
+    #   engine.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngineResponse AWS API Documentation
+    #
+    class GetPolicyEngineResponse < Struct.new(
+      :policy_engine_id,
+      :name,
+      :created_at,
+      :updated_at,
+      :policy_engine_arn,
+      :status,
+      :encryption_key_arn,
+      :description,
+      :status_reasons)
+      SENSITIVE = [:description]
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_engine_id
+    #   The unique identifier of the policy engine to retrieve the summary
+    #   for. This must be a valid policy engine ID that exists within the
+    #   account.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngineSummaryRequest AWS API Documentation
+    #
+    class GetPolicyEngineSummaryRequest < Struct.new(
+      :policy_engine_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_engine_id
+    #   The unique identifier of the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The customer-assigned name of the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the policy engine was originally created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when the policy engine was last modified.
+    #   @return [Time]
+    #
+    # @!attribute [rw] policy_engine_arn
+    #   The Amazon Resource Name (ARN) of the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_key_arn
+    #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
+    #   policy engine data.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyEngineSummaryResponse AWS API Documentation
+    #
+    class GetPolicyEngineSummaryResponse < Struct.new(
+      :policy_engine_id,
+      :name,
+      :created_at,
+      :updated_at,
+      :policy_engine_arn,
+      :status,
+      :encryption_key_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_generation_id
+    #   The unique identifier of the policy generation request to be
+    #   retrieved. This must be a valid generation ID from a previous
+    #   [StartPolicyGeneration][1] call.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_StartPolicyGeneration.html
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine associated with the policy
+    #   generation request. This provides the context for the generation
+    #   operation and schema validation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyGenerationRequest AWS API Documentation
+    #
+    class GetPolicyGenerationRequest < Struct.new(
+      :policy_generation_id,
+      :policy_engine_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine associated with this policy
+    #   generation. This confirms the policy engine context for the
+    #   generation operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_generation_id
+    #   The unique identifier of the policy generation request. This matches
+    #   the generation ID provided in the request and serves as the tracking
+    #   identifier.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The customer-assigned name for the policy generation request. This
+    #   helps identify and track generation operations across multiple
+    #   requests.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_generation_arn
+    #   The Amazon Resource Name (ARN) of the policy generation. This
+    #   globally unique identifier can be used for tracking, auditing, and
+    #   cross-service references.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource
+    #   The resource information associated with the policy generation. This
+    #   provides context about the target resources for which the policies
+    #   are being generated.
+    #   @return [Types::Resource]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the policy generation request was created. This
+    #   is used for tracking and auditing generation operations and their
+    #   lifecycle.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when the policy generation was last updated. This
+    #   tracks the progress of the generation process and any status
+    #   changes.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The current status of the policy generation. This indicates whether
+    #   the generation is in progress, completed successfully, or failed
+    #   during processing.
+    #   @return [String]
+    #
+    # @!attribute [rw] findings
+    #   The findings and results from the policy generation process. This
+    #   includes any issues, recommendations, validation results, or
+    #   insights from the generated policies.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_reasons
+    #   Additional information about the generation status. This provides
+    #   details about any failures, warnings, or the current state of the
+    #   generation process.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyGenerationResponse AWS API Documentation
+    #
+    class GetPolicyGenerationResponse < Struct.new(
+      :policy_engine_id,
+      :policy_generation_id,
+      :name,
+      :policy_generation_arn,
+      :resource,
+      :created_at,
+      :updated_at,
+      :status,
+      :findings,
+      :status_reasons)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_generation_id
+    #   The unique identifier of the policy generation request to retrieve
+    #   the summary for.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine associated with the policy
+    #   generation request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyGenerationSummaryRequest AWS API Documentation
+    #
+    class GetPolicyGenerationSummaryRequest < Struct.new(
+      :policy_generation_id,
+      :policy_engine_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine associated with this policy
+    #   generation.
     #   @return [String]
     #
     # @!attribute [rw] policy_generation_id
-    #   The unique identifier of the policy generation request. This matches
-    #   the generation ID provided in the request and serves as the tracking
-    #   identifier.
+    #   The unique identifier of the policy generation request.
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The customer-assigned name for the policy generation request. This
-    #   helps identify and track generation operations across multiple
-    #   requests.
+    #   The customer-assigned name for the policy generation request.
     #   @return [String]
     #
     # @!attribute [rw] policy_generation_arn
-    #   The Amazon Resource Name (ARN) of the policy generation. This
-    #   globally unique identifier can be used for tracking, auditing, and
-    #   cross-service references.
+    #   The Amazon Resource Name (ARN) of the policy generation request.
     #   @return [String]
     #
     # @!attribute [rw] resource
-    #   The resource information associated with the policy generation. This
-    #   provides context about the target resources for which the policies
-    #   are being generated.
+    #   The resource information associated with the policy generation.
     #   @return [Types::Resource]
     #
     # @!attribute [rw] created_at
-    #   The timestamp when the policy generation request was created. This
-    #   is used for tracking and auditing generation operations and their
-    #   lifecycle.
+    #   The timestamp when the policy generation request was created.
     #   @return [Time]
     #
     # @!attribute [rw] updated_at
-    #   The timestamp when the policy generation was last updated. This
-    #   tracks the progress of the generation process and any status
-    #   changes.
+    #   The timestamp when the policy generation was last updated.
     #   @return [Time]
     #
     # @!attribute [rw] status
-    #   The current status of the policy generation. This indicates whether
-    #   the generation is in progress, completed successfully, or failed
-    #   during processing.
+    #   The current status of the policy generation request.
     #   @return [String]
     #
-    # @!attribute [rw] status_reasons
-    #   Additional information about the generation status. This provides
-    #   details about any failures, warnings, or the current state of the
-    #   generation process.
-    #   @return [Array<String>]
-    #
     # @!attribute [rw] findings
-    #   The findings and results from the policy generation process. This
-    #   includes any issues, recommendations, validation results, or
-    #   insights from the generated policies.
+    #   The findings from the policy generation process, if available.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyGenerationResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicyGenerationSummaryResponse AWS API Documentation
     #
-    class GetPolicyGenerationResponse < Struct.new(
+    class GetPolicyGenerationSummaryResponse < Struct.new(
       :policy_engine_id,
       :policy_generation_id,
       :name,
@@ -7276,7 +8095,6 @@ module Aws::BedrockAgentCoreControl
       :created_at,
       :updated_at,
       :status,
-      :status_reasons,
       :findings)
       SENSITIVE = []
       include Aws::Structure
@@ -7317,18 +8135,6 @@ module Aws::BedrockAgentCoreControl
     #   confirms the policy engine context for the retrieved policy.
     #   @return [String]
     #
-    # @!attribute [rw] definition
-    #   The Cedar policy statement that defines the access control rules.
-    #   This contains the actual policy logic used for agent behavior
-    #   control and access decisions.
-    #   @return [Types::PolicyDefinition]
-    #
-    # @!attribute [rw] description
-    #   The human-readable description of the policy's purpose and
-    #   functionality. This helps administrators understand and manage the
-    #   policy.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The timestamp when the policy was originally created.
     #   @return [Time]
@@ -7348,6 +8154,18 @@ module Aws::BedrockAgentCoreControl
     #   The current status of the policy.
     #   @return [String]
     #
+    # @!attribute [rw] definition
+    #   The Cedar policy statement that defines the access control rules.
+    #   This contains the actual policy logic used for agent behavior
+    #   control and access decisions.
+    #   @return [Types::PolicyDefinition]
+    #
+    # @!attribute [rw] description
+    #   The human-readable description of the policy's purpose and
+    #   functionality. This helps administrators understand and manage the
+    #   policy.
+    #   @return [String]
+    #
     # @!attribute [rw] status_reasons
     #   Additional information about the policy status. This provides
     #   details about any failures or the current state of the policy.
@@ -7359,17 +8177,79 @@ module Aws::BedrockAgentCoreControl
       :policy_id,
       :name,
       :policy_engine_id,
-      :definition,
-      :description,
       :created_at,
       :updated_at,
       :policy_arn,
       :status,
+      :definition,
+      :description,
       :status_reasons)
       SENSITIVE = [:description]
       include Aws::Structure
     end
 
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine that manages the policy to
+    #   retrieve the summary for.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_id
+    #   The unique identifier of the policy to retrieve the summary for.
+    #   This must be a valid policy ID that exists within the specified
+    #   policy engine.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicySummaryRequest AWS API Documentation
+    #
+    class GetPolicySummaryRequest < Struct.new(
+      :policy_engine_id,
+      :policy_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_id
+    #   The unique identifier of the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The customer-assigned name of the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine that manages this policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the policy was originally created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when the policy was last modified.
+    #   @return [Time]
+    #
+    # @!attribute [rw] policy_arn
+    #   The Amazon Resource Name (ARN) of the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicySummaryResponse AWS API Documentation
+    #
+    class GetPolicySummaryResponse < Struct.new(
+      :policy_id,
+      :name,
+      :policy_engine_id,
+      :created_at,
+      :updated_at,
+      :policy_arn,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] registry_id
     #   The identifier of the registry containing the record. You can
     #   specify either the Amazon Resource Name (ARN) or the ID of the
@@ -9698,6 +10578,134 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the payment manager whose connectors to
+    #   list.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return in the response. If the
+    #   total number of results is greater than this value, use the token
+    #   returned in the response in the `nextToken` field when making
+    #   another request to return the next batch of results.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   If the total number of results is greater than the `maxResults`
+    #   value provided in the request, enter the token returned in the
+    #   `nextToken` field in the response in this field to return the next
+    #   batch of results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentConnectorsRequest AWS API Documentation
+    #
+    class ListPaymentConnectorsRequest < Struct.new(
+      :payment_manager_id,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_connectors
+    #   The list of payment connector summaries. For details about the
+    #   fields in each summary, see the `PaymentConnectorSummary` data type.
+    #   @return [Array<Types::PaymentConnectorSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   If the total number of results is greater than the `maxResults`
+    #   value provided in the request, use this token when making another
+    #   request in the `nextToken` field to return the next batch of
+    #   results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentConnectorsResponse AWS API Documentation
+    #
+    class ListPaymentConnectorsResponse < Struct.new(
+      :payment_connectors,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   Pagination token.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   Maximum number of results to return.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentCredentialProvidersRequest AWS API Documentation
+    #
+    class ListPaymentCredentialProvidersRequest < Struct.new(
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] credential_providers
+    #   The list of payment credential providers.
+    #   @return [Array<Types::PaymentCredentialProviderItem>]
+    #
+    # @!attribute [rw] next_token
+    #   Pagination token for the next page of results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentCredentialProvidersResponse AWS API Documentation
+    #
+    class ListPaymentCredentialProvidersResponse < Struct.new(
+      :credential_providers,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return in the response. If the
+    #   total number of results is greater than this value, use the token
+    #   returned in the response in the `nextToken` field when making
+    #   another request to return the next batch of results.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   If the total number of results is greater than the `maxResults`
+    #   value provided in the request, enter the token returned in the
+    #   `nextToken` field in the response in this field to return the next
+    #   batch of results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentManagersRequest AWS API Documentation
+    #
+    class ListPaymentManagersRequest < Struct.new(
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_managers
+    #   The list of payment manager summaries. For details about the fields
+    #   in each summary, see the `PaymentManagerSummary` data type.
+    #   @return [Array<Types::PaymentManagerSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   If the total number of results is greater than the `maxResults`
+    #   value provided in the request, use this token when making another
+    #   request in the `nextToken` field to return the next batch of
+    #   results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPaymentManagersResponse AWS API Documentation
+    #
+    class ListPaymentManagersResponse < Struct.new(
+      :payment_managers,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] next_token
     #   A pagination token returned from a previous [ListPolicies][1] call.
     #   Use this token to retrieve the next page of results when the
@@ -9725,33 +10733,82 @@ module Aws::BedrockAgentCoreControl
     #   tools, or operational contexts within the policy engine ecosystem.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPoliciesRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPoliciesRequest AWS API Documentation
+    #
+    class ListPoliciesRequest < Struct.new(
+      :next_token,
+      :max_results,
+      :policy_engine_id,
+      :target_resource_scope)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policies
+    #   An array of policy objects that match the specified criteria. Each
+    #   policy object contains the policy metadata, status, and key
+    #   identifiers for further operations.
+    #   @return [Array<Types::Policy>]
+    #
+    # @!attribute [rw] next_token
+    #   A pagination token that can be used in subsequent ListPolicies calls
+    #   to retrieve additional results. This token is only present when
+    #   there are more results available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPoliciesResponse AWS API Documentation
+    #
+    class ListPoliciesResponse < Struct.new(
+      :policies,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   A pagination token returned from a previous
+    #   [ListPolicyEngineSummaries][1] call. Use this token to retrieve the
+    #   next page of results when the response is paginated.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of policy engine summaries to return in a single
+    #   response.
+    #   @return [Integer]
     #
-    class ListPoliciesRequest < Struct.new(
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyEngineSummariesRequest AWS API Documentation
+    #
+    class ListPolicyEngineSummariesRequest < Struct.new(
       :next_token,
-      :max_results,
-      :policy_engine_id,
-      :target_resource_scope)
+      :max_results)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] policies
-    #   An array of policy objects that match the specified criteria. Each
-    #   policy object contains the policy metadata, status, and key
-    #   identifiers for further operations.
-    #   @return [Array<Types::Policy>]
+    # @!attribute [rw] policy_engines
+    #   An array of policy engine summary objects that exist in the account.
+    #   Each summary contains resource identifiers, status, and timestamps
+    #   without customer-encrypted content.
+    #   @return [Array<Types::PolicyEngineSummary>]
     #
     # @!attribute [rw] next_token
-    #   A pagination token that can be used in subsequent ListPolicies calls
-    #   to retrieve additional results. This token is only present when
-    #   there are more results available.
+    #   A pagination token that can be used in subsequent
+    #   [ListPolicyEngineSummaries][1] calls to retrieve additional results.
+    #   This token is only present when there are more results available.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPoliciesResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyEngineSummariesResponse AWS API Documentation
     #
-    class ListPoliciesResponse < Struct.new(
-      :policies,
+    class ListPolicyEngineSummariesResponse < Struct.new(
+      :policy_engines,
       :next_token)
       SENSITIVE = []
       include Aws::Structure
@@ -9882,6 +10939,62 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # @!attribute [rw] next_token
+    #   A pagination token returned from a previous
+    #   [ListPolicyGenerationSummaries][1] call. Use this token to retrieve
+    #   the next page of results when the response is paginated.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of policy generation summaries to return in a
+    #   single response.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine whose policy generation
+    #   summaries to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyGenerationSummariesRequest AWS API Documentation
+    #
+    class ListPolicyGenerationSummariesRequest < Struct.new(
+      :next_token,
+      :max_results,
+      :policy_engine_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_generations
+    #   An array of policy generation summary objects that match the
+    #   specified criteria. Each summary contains resource identifiers,
+    #   status, timestamps, and findings without customer-encrypted content.
+    #   @return [Array<Types::PolicyGenerationSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   A pagination token that can be used in subsequent
+    #   [ListPolicyGenerationSummaries][1] calls to retrieve additional
+    #   results. This token is only present when there are more results
+    #   available.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicyGenerationSummariesResponse AWS API Documentation
+    #
+    class ListPolicyGenerationSummariesResponse < Struct.new(
+      :policy_generations,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] next_token
     #   A pagination token for retrieving additional policy generations when
     #   results are paginated.
@@ -9926,6 +11039,69 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # @!attribute [rw] next_token
+    #   A pagination token returned from a previous [ListPolicySummaries][1]
+    #   call. Use this token to retrieve the next page of results when the
+    #   response is paginated.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of policy summaries to return in a single
+    #   response.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine whose policy summaries to
+    #   retrieve.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_resource_scope
+    #   Optional filter to list policy summaries that apply to a specific
+    #   resource scope or resource type. This helps narrow down results to
+    #   those relevant for particular Amazon Web Services resources, agent
+    #   tools, or operational contexts within the policy engine ecosystem.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicySummariesRequest AWS API Documentation
+    #
+    class ListPolicySummariesRequest < Struct.new(
+      :next_token,
+      :max_results,
+      :policy_engine_id,
+      :target_resource_scope)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policies
+    #   An array of policy summary objects that match the specified
+    #   criteria. Each summary contains resource identifiers, status, and
+    #   timestamps without customer-encrypted content.
+    #   @return [Array<Types::PolicySummary>]
+    #
+    # @!attribute [rw] next_token
+    #   A pagination token that can be used in subsequent
+    #   [ListPolicySummaries][1] calls to retrieve additional results. This
+    #   token is only present when there are more results available.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListPolicySummariesResponse AWS API Documentation
+    #
+    class ListPolicySummariesResponse < Struct.new(
+      :policies,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] max_results
     #   The maximum number of results to return in the response. If the
     #   total number of results is greater than this value, use the token
@@ -9946,12 +11122,19 @@ module Aws::BedrockAgentCoreControl
     #   `DELETING`, and `DELETE_FAILED`.
     #   @return [String]
     #
+    # @!attribute [rw] authorizer_type
+    #   Filter registries by their authorizer type. Possible values are
+    #   `CUSTOM_JWT` and `AWS_IAM`. For more information about authorizer
+    #   types, see the `RegistryAuthorizerType` enum.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListRegistriesRequest AWS API Documentation
     #
     class ListRegistriesRequest < Struct.new(
       :max_results,
       :next_token,
-      :status)
+      :status,
+      :authorizer_type)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10290,8 +11473,7 @@ module Aws::BedrockAgentCoreControl
     end
 
     # Union for principal matching. Currently supports IAM principal ARN
-    # glob matching. Extensible for future principal types (e.g., OAuth
-    # client ID).
+    # glob matching.
     #
     # @note MatchPrincipalEntry is a union - when making an API calls you must set exactly one of the members.
     #
@@ -10616,7 +11798,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The namespaces associated with the memory strategy.
+    #   This is a legacy parameter. The namespaces associated with the
+    #   memory strategy.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -10959,7 +12142,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The updated namespaces for the memory strategy.
+    #   This is a legacy parameter, use `namespaceTemplates`. The updated
+    #   namespaces for the memory strategy.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -11182,6 +12366,10 @@ module Aws::BedrockAgentCoreControl
     #
     #   * `AUTHORIZATION_CODE` - Authorization with a token that is specific
     #     to an individual end user.
+    #
+    #   * `TOKEN_EXCHANGE` - Authorization using on-behalf-of token
+    #     exchange. An inbound user token is exchanged for a downstream
+    #     access token scoped to the target audience.
     #   @return [String]
     #
     # @!attribute [rw] default_return_url
@@ -11478,63 +12666,268 @@ module Aws::BedrockAgentCoreControl
     #   The name of the online evaluation configuration.
     #   @return [String]
     #
-    # @!attribute [rw] description
-    #   The description of the online evaluation configuration.
+    # @!attribute [rw] description
+    #   The description of the online evaluation configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status of the online evaluation configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] execution_status
+    #   The execution status indicating whether the online evaluation is
+    #   currently running.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the online evaluation configuration was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when the online evaluation configuration was last
+    #   updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] failure_reason
+    #   The reason for failure if the online evaluation configuration
+    #   execution failed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/OnlineEvaluationConfigSummary AWS API Documentation
+    #
+    class OnlineEvaluationConfigSummary < Struct.new(
+      :online_evaluation_config_arn,
+      :online_evaluation_config_id,
+      :online_evaluation_config_name,
+      :description,
+      :status,
+      :execution_status,
+      :created_at,
+      :updated_at,
+      :failure_reason)
+      SENSITIVE = [:description]
+      include Aws::Structure
+    end
+
+    # The configuration that specifies where evaluation results should be
+    # written for monitoring and analysis.
+    #
+    # @!attribute [rw] cloud_watch_config
+    #   The CloudWatch configuration for writing evaluation results to
+    #   CloudWatch logs with embedded metric format.
+    #   @return [Types::CloudWatchOutputConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/OutputConfig AWS API Documentation
+    #
+    class OutputConfig < Struct.new(
+      :cloud_watch_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains summary information about a payment connector.
+    #
+    # @!attribute [rw] payment_connector_id
+    #   The unique identifier of the payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of the payment connector, which determines the payment
+    #   provider integration.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the payment connector. Possible values include
+    #   `CREATING`, `READY`, `UPDATING`, `DELETING`, `CREATE_FAILED`,
+    #   `UPDATE_FAILED`, and `DELETE_FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_updated_at
+    #   The timestamp when the payment connector was last updated.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PaymentConnectorSummary AWS API Documentation
+    #
+    class PaymentConnectorSummary < Struct.new(
+      :payment_connector_id,
+      :name,
+      :type,
+      :status,
+      :last_updated_at)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Configuration for a payment credential provider that stores
+    # authentication credentials for a payment provider.
+    #
+    # @!attribute [rw] credential_provider_arn
+    #   The Amazon Resource Name (ARN) of the credential provider that
+    #   stores the authentication credentials for the payment provider.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PaymentCredentialProviderConfiguration AWS API Documentation
+    #
+    class PaymentCredentialProviderConfiguration < Struct.new(
+      :credential_provider_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains summary information about a payment credential provider.
+    #
+    # @!attribute [rw] name
+    #   The name of the payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_vendor
+    #   The vendor type for the payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_arn
+    #   The Amazon Resource Name (ARN) of the payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_time
+    #   The timestamp when the payment credential provider was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_updated_time
+    #   The timestamp when the payment credential provider was last updated.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PaymentCredentialProviderItem AWS API Documentation
+    #
+    class PaymentCredentialProviderItem < Struct.new(
+      :name,
+      :credential_provider_vendor,
+      :credential_provider_arn,
+      :created_time,
+      :last_updated_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains summary information about a payment manager.
+    #
+    # @!attribute [rw] payment_manager_arn
+    #   The Amazon Resource Name (ARN) of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The description of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_type
+    #   The type of authorizer used by the payment manager.
+    #
+    #   * `CUSTOM_JWT` - Authorize with a bearer token.
+    #
+    #   * `AWS_IAM` - Authorize with your Amazon Web Services IAM
+    #     credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role associated with the
+    #   payment manager.
     #   @return [String]
     #
     # @!attribute [rw] status
-    #   The status of the online evaluation configuration.
-    #   @return [String]
-    #
-    # @!attribute [rw] execution_status
-    #   The execution status indicating whether the online evaluation is
-    #   currently running.
+    #   The current status of the payment manager. Possible values include
+    #   `CREATING`, `READY`, `UPDATING`, `DELETING`, `CREATE_FAILED`,
+    #   `UPDATE_FAILED`, and `DELETE_FAILED`.
     #   @return [String]
     #
     # @!attribute [rw] created_at
-    #   The timestamp when the online evaluation configuration was created.
+    #   The timestamp when the payment manager was created.
     #   @return [Time]
     #
-    # @!attribute [rw] updated_at
-    #   The timestamp when the online evaluation configuration was last
-    #   updated.
+    # @!attribute [rw] last_updated_at
+    #   The timestamp when the payment manager was last updated.
     #   @return [Time]
     #
-    # @!attribute [rw] failure_reason
-    #   The reason for failure if the online evaluation configuration
-    #   execution failed.
-    #   @return [String]
-    #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/OnlineEvaluationConfigSummary AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PaymentManagerSummary AWS API Documentation
     #
-    class OnlineEvaluationConfigSummary < Struct.new(
-      :online_evaluation_config_arn,
-      :online_evaluation_config_id,
-      :online_evaluation_config_name,
+    class PaymentManagerSummary < Struct.new(
+      :payment_manager_arn,
+      :payment_manager_id,
+      :name,
       :description,
+      :authorizer_type,
+      :role_arn,
       :status,
-      :execution_status,
       :created_at,
-      :updated_at,
-      :failure_reason)
-      SENSITIVE = [:description]
+      :last_updated_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # The configuration that specifies where evaluation results should be
-    # written for monitoring and analysis.
+    # Provider configuration input — contains secrets for creation and
+    # update. Varies by vendor type.
     #
-    # @!attribute [rw] cloud_watch_config
-    #   The CloudWatch configuration for writing evaluation results to
-    #   CloudWatch logs with embedded metric format.
-    #   @return [Types::CloudWatchOutputConfig]
+    # @note PaymentProviderConfigurationInput is a union - when making an API calls you must set exactly one of the members.
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/OutputConfig AWS API Documentation
+    # @!attribute [rw] coinbase_cdp_configuration
+    #   The Coinbase CDP configuration.
+    #   @return [Types::CoinbaseCdpConfigurationInput]
     #
-    class OutputConfig < Struct.new(
-      :cloud_watch_config)
+    # @!attribute [rw] stripe_privy_configuration
+    #   The Stripe Privy configuration.
+    #   @return [Types::StripePrivyConfigurationInput]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PaymentProviderConfigurationInput AWS API Documentation
+    #
+    class PaymentProviderConfigurationInput < Struct.new(
+      :coinbase_cdp_configuration,
+      :stripe_privy_configuration,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class CoinbaseCdpConfiguration < PaymentProviderConfigurationInput; end
+      class StripePrivyConfiguration < PaymentProviderConfigurationInput; end
+      class Unknown < PaymentProviderConfigurationInput; end
+    end
+
+    # Provider configuration output — no raw secrets, only ARNs. Varies by
+    # vendor type.
+    #
+    # @note PaymentProviderConfigurationOutput is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PaymentProviderConfigurationOutput corresponding to the set member.
+    #
+    # @!attribute [rw] coinbase_cdp_configuration
+    #   The Coinbase CDP configuration.
+    #   @return [Types::CoinbaseCdpConfigurationOutput]
+    #
+    # @!attribute [rw] stripe_privy_configuration
+    #   The Stripe Privy configuration.
+    #   @return [Types::StripePrivyConfigurationOutput]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PaymentProviderConfigurationOutput AWS API Documentation
+    #
+    class PaymentProviderConfigurationOutput < Struct.new(
+      :coinbase_cdp_configuration,
+      :stripe_privy_configuration,
+      :unknown)
       SENSITIVE = []
       include Aws::Structure
+      include Aws::Structure::Union
+
+      class CoinbaseCdpConfiguration < PaymentProviderConfigurationOutput; end
+      class StripePrivyConfiguration < PaymentProviderConfigurationOutput; end
+      class Unknown < PaymentProviderConfigurationOutput; end
     end
 
     # Represents a complete policy resource within the AgentCore Policy
@@ -11568,18 +12961,6 @@ module Aws::BedrockAgentCoreControl
     #   management.
     #   @return [String]
     #
-    # @!attribute [rw] definition
-    #   The Cedar policy statement that defines the access control rules.
-    #   This contains the actual policy logic used for agent behavior
-    #   control and access decisions.
-    #   @return [Types::PolicyDefinition]
-    #
-    # @!attribute [rw] description
-    #   A human-readable description of the policy's purpose and
-    #   functionality. Limited to 4,096 characters, this helps
-    #   administrators understand and manage the policy.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The timestamp when the policy was originally created. This is
     #   automatically set by the service and used for auditing and lifecycle
@@ -11601,6 +12982,18 @@ module Aws::BedrockAgentCoreControl
     #   The current status of the policy.
     #   @return [String]
     #
+    # @!attribute [rw] definition
+    #   The Cedar policy statement that defines the access control rules.
+    #   This contains the actual policy logic used for agent behavior
+    #   control and access decisions.
+    #   @return [Types::PolicyDefinition]
+    #
+    # @!attribute [rw] description
+    #   A human-readable description of the policy's purpose and
+    #   functionality. Limited to 4,096 characters, this helps
+    #   administrators understand and manage the policy.
+    #   @return [String]
+    #
     # @!attribute [rw] status_reasons
     #   Additional information about the policy status. This provides
     #   details about any failures or the current state of the policy
@@ -11613,12 +13006,12 @@ module Aws::BedrockAgentCoreControl
       :policy_id,
       :name,
       :policy_engine_id,
-      :definition,
-      :description,
       :created_at,
       :updated_at,
       :policy_arn,
       :status,
+      :definition,
+      :description,
       :status_reasons)
       SENSITIVE = [:description]
       include Aws::Structure
@@ -11697,13 +13090,6 @@ module Aws::BedrockAgentCoreControl
     #   cannot exceed 48 characters.
     #   @return [String]
     #
-    # @!attribute [rw] description
-    #   A human-readable description of the policy engine's purpose and
-    #   scope. Limited to 4,096 characters, this helps administrators
-    #   understand the policy engine's role in the overall governance
-    #   strategy.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The timestamp when the policy engine was originally created. This is
     #   automatically set by the service and used for auditing and lifecycle
@@ -11726,30 +13112,86 @@ module Aws::BedrockAgentCoreControl
     #   The current status of the policy engine.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_key_arn
+    #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
+    #   policy engine data.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A human-readable description of the policy engine's purpose and
+    #   scope. Limited to 4,096 characters, this helps administrators
+    #   understand the policy engine's role in the overall governance
+    #   strategy.
+    #   @return [String]
+    #
     # @!attribute [rw] status_reasons
     #   Additional information about the policy engine status. This provides
     #   details about any failures or the current state of the policy engine
     #   lifecycle.
     #   @return [Array<String>]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicyEngine AWS API Documentation
+    #
+    class PolicyEngine < Struct.new(
+      :policy_engine_id,
+      :name,
+      :created_at,
+      :updated_at,
+      :policy_engine_arn,
+      :status,
+      :encryption_key_arn,
+      :description,
+      :status_reasons)
+      SENSITIVE = [:description]
+      include Aws::Structure
+    end
+
+    # Represents a metadata-only summary of a policy engine resource. This
+    # structure contains resource identifiers, status, and timestamps
+    # without customer-encrypted fields such as description or status
+    # reasons. Policy engine summaries are returned by operations that do
+    # not require access to the customer's KMS key.
+    #
+    # @!attribute [rw] policy_engine_id
+    #   The unique identifier for the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The customer-assigned name of the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the policy engine was originally created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when the policy engine was last modified.
+    #   @return [Time]
+    #
+    # @!attribute [rw] policy_engine_arn
+    #   The Amazon Resource Name (ARN) of the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the policy engine.
+    #   @return [String]
+    #
     # @!attribute [rw] encryption_key_arn
     #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
     #   policy engine data.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicyEngine AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicyEngineSummary AWS API Documentation
     #
-    class PolicyEngine < Struct.new(
+    class PolicyEngineSummary < Struct.new(
       :policy_engine_id,
       :name,
-      :description,
       :created_at,
       :updated_at,
       :policy_engine_arn,
       :status,
-      :status_reasons,
       :encryption_key_arn)
-      SENSITIVE = [:description]
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11799,14 +13241,14 @@ module Aws::BedrockAgentCoreControl
     #   The current status of this policy generation request.
     #   @return [String]
     #
-    # @!attribute [rw] status_reasons
-    #   Additional information about the generation status.
-    #   @return [Array<String>]
-    #
     # @!attribute [rw] findings
     #   Findings and insights from this policy generation process.
     #   @return [String]
     #
+    # @!attribute [rw] status_reasons
+    #   Additional information about the generation status.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicyGeneration AWS API Documentation
     #
     class PolicyGeneration < Struct.new(
@@ -11818,8 +13260,8 @@ module Aws::BedrockAgentCoreControl
       :created_at,
       :updated_at,
       :status,
-      :status_reasons,
-      :findings)
+      :findings,
+      :status_reasons)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -11900,6 +13342,113 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # Represents a metadata-only summary of a policy generation resource.
+    # This structure contains resource identifiers, status, timestamps, and
+    # findings without customer-encrypted fields such as status reasons.
+    # Policy generation summaries are returned by operations that do not
+    # require access to the customer's KMS key.
+    #
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine associated with this generation
+    #   request.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_generation_id
+    #   The unique identifier for this policy generation request.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The customer-assigned name for this policy generation request.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_generation_arn
+    #   The ARN of this policy generation request.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource
+    #   The resource information associated with this policy generation.
+    #   @return [Types::Resource]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when this policy generation request was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when this policy generation was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The current status of this policy generation request.
+    #   @return [String]
+    #
+    # @!attribute [rw] findings
+    #   Findings and insights from this policy generation process.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicyGenerationSummary AWS API Documentation
+    #
+    class PolicyGenerationSummary < Struct.new(
+      :policy_engine_id,
+      :policy_generation_id,
+      :name,
+      :policy_generation_arn,
+      :resource,
+      :created_at,
+      :updated_at,
+      :status,
+      :findings)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Represents a metadata-only summary of a policy resource. This
+    # structure contains resource identifiers, status, and timestamps
+    # without customer-encrypted fields such as definition, description, or
+    # status reasons. Policy summaries are returned by operations that do
+    # not require access to the customer's KMS key.
+    #
+    # @!attribute [rw] policy_id
+    #   The unique identifier for the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The customer-assigned name of the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_engine_id
+    #   The identifier of the policy engine that manages this policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp when the policy was originally created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] updated_at
+    #   The timestamp when the policy was last modified.
+    #   @return [Time]
+    #
+    # @!attribute [rw] policy_arn
+    #   The Amazon Resource Name (ARN) of the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicySummary AWS API Documentation
+    #
+    class PolicySummary < Struct.new(
+      :policy_id,
+      :name,
+      :policy_engine_id,
+      :created_at,
+      :updated_at,
+      :policy_arn,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The private endpoint configuration for a gateway target. Defines how
     # the gateway connects to private resources in your VPC.
     #
@@ -12845,7 +14394,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The namespaces associated with the semantic memory strategy.
+    #   This is a legacy parameter, use `namespaceTemplates`. The namespaces
+    #   associated with the semantic memory strategy.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -13224,14 +14774,14 @@ module Aws::BedrockAgentCoreControl
     #   The initial status of the policy generation request.
     #   @return [String]
     #
-    # @!attribute [rw] status_reasons
-    #   Additional information about the generation status.
-    #   @return [Array<String>]
-    #
     # @!attribute [rw] findings
     #   Initial findings from the policy generation process.
     #   @return [String]
     #
+    # @!attribute [rw] status_reasons
+    #   Additional information about the generation status.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/StartPolicyGenerationResponse AWS API Documentation
     #
     class StartPolicyGenerationResponse < Struct.new(
@@ -13243,8 +14793,8 @@ module Aws::BedrockAgentCoreControl
       :created_at,
       :updated_at,
       :status,
-      :status_reasons,
-      :findings)
+      :findings,
+      :status_reasons)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -13403,6 +14953,64 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # Stripe Privy configuration — credentials provided by Stripe and Privy.
+    #
+    # @!attribute [rw] app_id
+    #   The app ID provided by Privy.
+    #   @return [String]
+    #
+    # @!attribute [rw] app_secret
+    #   The app secret provided by Privy.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorization_private_key
+    #   The authorization private key for the Stripe Privy integration.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorization_id
+    #   The authorization ID for the Stripe Privy integration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/StripePrivyConfigurationInput AWS API Documentation
+    #
+    class StripePrivyConfigurationInput < Struct.new(
+      :app_id,
+      :app_secret,
+      :authorization_private_key,
+      :authorization_id)
+      SENSITIVE = [:app_secret, :authorization_private_key]
+      include Aws::Structure
+    end
+
+    # Stripe Privy configuration output with secret ARNs.
+    #
+    # @!attribute [rw] app_id
+    #   The app ID provided by Privy.
+    #   @return [String]
+    #
+    # @!attribute [rw] app_secret_arn
+    #   Contains information about a secret in AWS Secrets Manager.
+    #   @return [Types::Secret]
+    #
+    # @!attribute [rw] authorization_private_key_arn
+    #   Contains information about a secret in AWS Secrets Manager.
+    #   @return [Types::Secret]
+    #
+    # @!attribute [rw] authorization_id
+    #   The authorization ID for the Stripe Privy integration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/StripePrivyConfigurationOutput AWS API Documentation
+    #
+    class StripePrivyConfigurationOutput < Struct.new(
+      :app_id,
+      :app_secret_arn,
+      :authorization_private_key_arn,
+      :authorization_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] registry_id
     #   The identifier of the registry containing the record. You can
     #   specify either the Amazon Resource Name (ARN) or the ID of the
@@ -13487,7 +15095,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The namespaces associated with the summary memory strategy.
+    #   This is a legacy parameter, use `namespaceTemplates`. The namespaces
+    #   associated with the summary memory strategy.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -15205,7 +16814,7 @@ module Aws::BedrockAgentCoreControl
     #   @return [Time]
     #
     # @!attribute [rw] status
-    #   The current status of the OAuth2 credential provider.
+    #   The current status of the updated OAuth2 credential provider.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdateOauth2CredentialProviderResponse AWS API Documentation
@@ -15330,6 +16939,263 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the parent payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_connector_id
+    #   The unique identifier of the payment connector to update.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The updated description of the payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The updated type of the payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_configurations
+    #   The updated credential provider configurations for the payment
+    #   connector.
+    #   @return [Array<Types::CredentialsProviderConfiguration>]
+    #
+    # @!attribute [rw] client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a
+    #   previous request, the service ignores the request, but doesn't
+    #   return an error. For more information, see [Ensuring
+    #   idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentConnectorRequest AWS API Documentation
+    #
+    class UpdatePaymentConnectorRequest < Struct.new(
+      :payment_manager_id,
+      :payment_connector_id,
+      :description,
+      :type,
+      :credential_provider_configurations,
+      :client_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_connector_id
+    #   The unique identifier of the updated payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the parent payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the updated payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of the updated payment connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_configurations
+    #   The credential provider configurations for the updated payment
+    #   connector.
+    #   @return [Array<Types::CredentialsProviderConfiguration>]
+    #
+    # @!attribute [rw] last_updated_at
+    #   The timestamp when the payment connector was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The current status of the updated payment connector. Possible values
+    #   include `CREATING`, `READY`, `UPDATING`, `DELETING`,
+    #   `CREATE_FAILED`, `UPDATE_FAILED`, and `DELETE_FAILED`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentConnectorResponse AWS API Documentation
+    #
+    class UpdatePaymentConnectorResponse < Struct.new(
+      :payment_connector_id,
+      :payment_manager_id,
+      :name,
+      :type,
+      :credential_provider_configurations,
+      :last_updated_at,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the payment credential provider to update.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_vendor
+    #   The vendor type for the payment credential provider (e.g.,
+    #   CoinbaseCDP, StripePrivy).
+    #   @return [String]
+    #
+    # @!attribute [rw] provider_configuration_input
+    #   Configuration specific to the vendor, including API credentials.
+    #   @return [Types::PaymentProviderConfigurationInput]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentCredentialProviderRequest AWS API Documentation
+    #
+    class UpdatePaymentCredentialProviderRequest < Struct.new(
+      :name,
+      :credential_provider_vendor,
+      :provider_configuration_input)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the updated payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_vendor
+    #   The vendor type for the updated payment credential provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] credential_provider_arn
+    #   The Amazon Resource Name (ARN) of the updated payment credential
+    #   provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] provider_configuration_output
+    #   Output configuration (contains secret ARNs, excludes actual secret
+    #   values).
+    #   @return [Types::PaymentProviderConfigurationOutput]
+    #
+    # @!attribute [rw] created_time
+    #   The timestamp when the payment credential provider was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_updated_time
+    #   The timestamp when the payment credential provider was last updated.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentCredentialProviderResponse AWS API Documentation
+    #
+    class UpdatePaymentCredentialProviderResponse < Struct.new(
+      :name,
+      :credential_provider_vendor,
+      :credential_provider_arn,
+      :provider_configuration_output,
+      :created_time,
+      :last_updated_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the payment manager to update.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The updated description of the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_type
+    #   The updated authorizer type for the payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_configuration
+    #   The updated authorizer configuration for the payment manager.
+    #   @return [Types::AuthorizerConfiguration]
+    #
+    # @!attribute [rw] role_arn
+    #   The updated Amazon Resource Name (ARN) of the IAM role for the
+    #   payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_token
+    #   A unique, case-sensitive identifier to ensure that the API request
+    #   completes no more than one time. If you don't specify this field, a
+    #   value is randomly generated for you. If this token matches a
+    #   previous request, the service ignores the request, but doesn't
+    #   return an error. For more information, see [Ensuring
+    #   idempotency][1].
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentManagerRequest AWS API Documentation
+    #
+    class UpdatePaymentManagerRequest < Struct.new(
+      :payment_manager_id,
+      :description,
+      :authorizer_type,
+      :authorizer_configuration,
+      :role_arn,
+      :client_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] payment_manager_arn
+    #   The Amazon Resource Name (ARN) of the updated payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] payment_manager_id
+    #   The unique identifier of the updated payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the updated payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorizer_type
+    #   The type of authorizer for the updated payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role associated with the
+    #   updated payment manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] workload_identity_details
+    #   The information about the workload identity.
+    #   @return [Types::WorkloadIdentityDetails]
+    #
+    # @!attribute [rw] last_updated_at
+    #   The timestamp when the payment manager was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The current status of the updated payment manager. Possible values
+    #   include `CREATING`, `READY`, `UPDATING`, `DELETING`,
+    #   `CREATE_FAILED`, `UPDATE_FAILED`, and `DELETE_FAILED`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePaymentManagerResponse AWS API Documentation
+    #
+    class UpdatePaymentManagerResponse < Struct.new(
+      :payment_manager_arn,
+      :payment_manager_id,
+      :name,
+      :authorizer_type,
+      :role_arn,
+      :workload_identity_details,
+      :last_updated_at,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] policy_engine_id
     #   The unique identifier of the policy engine to be updated.
     #   @return [String]
@@ -15355,10 +17221,6 @@ module Aws::BedrockAgentCoreControl
     #   The name of the updated policy engine.
     #   @return [String]
     #
-    # @!attribute [rw] description
-    #   The updated description of the policy engine.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The original creation timestamp of the policy engine.
     #   @return [Time]
@@ -15375,27 +17237,31 @@ module Aws::BedrockAgentCoreControl
     #   The current status of the updated policy engine.
     #   @return [String]
     #
-    # @!attribute [rw] status_reasons
-    #   Additional information about the update status.
-    #   @return [Array<String>]
-    #
     # @!attribute [rw] encryption_key_arn
     #   The Amazon Resource Name (ARN) of the KMS key used to encrypt the
     #   policy engine data.
     #   @return [String]
     #
+    # @!attribute [rw] description
+    #   The updated description of the policy engine.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_reasons
+    #   Additional information about the update status.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePolicyEngineResponse AWS API Documentation
     #
     class UpdatePolicyEngineResponse < Struct.new(
       :policy_engine_id,
       :name,
-      :description,
       :created_at,
       :updated_at,
       :policy_engine_arn,
       :status,
-      :status_reasons,
-      :encryption_key_arn)
+      :encryption_key_arn,
+      :description,
+      :status_reasons)
       SENSITIVE = [:description]
       include Aws::Structure
     end
@@ -15458,14 +17324,6 @@ module Aws::BedrockAgentCoreControl
     #   The identifier of the policy engine managing the updated policy.
     #   @return [String]
     #
-    # @!attribute [rw] definition
-    #   The updated Cedar policy statement.
-    #   @return [Types::PolicyDefinition]
-    #
-    # @!attribute [rw] description
-    #   The updated description of the policy.
-    #   @return [String]
-    #
     # @!attribute [rw] created_at
     #   The original creation timestamp of the policy.
     #   @return [Time]
@@ -15482,6 +17340,14 @@ module Aws::BedrockAgentCoreControl
     #   The current status of the updated policy.
     #   @return [String]
     #
+    # @!attribute [rw] definition
+    #   The updated Cedar policy statement.
+    #   @return [Types::PolicyDefinition]
+    #
+    # @!attribute [rw] description
+    #   The updated description of the policy.
+    #   @return [String]
+    #
     # @!attribute [rw] status_reasons
     #   Additional information about the update status.
     #   @return [Array<String>]
@@ -15492,12 +17358,12 @@ module Aws::BedrockAgentCoreControl
       :policy_id,
       :name,
       :policy_engine_id,
-      :definition,
-      :description,
       :created_at,
       :updated_at,
       :policy_arn,
       :status,
+      :definition,
+      :description,
       :status_reasons)
       SENSITIVE = [:description]
       include Aws::Structure
@@ -16276,7 +18142,8 @@ module Aws::BedrockAgentCoreControl
     #   @return [String]
     #
     # @!attribute [rw] namespaces
-    #   The namespaces associated with the user preference memory strategy.
+    #   This is a legacy parameter, use `namespaceTemplates`. The namespaces
+    #   associated with the user preference memory strategy.
     #   @return [Array<String>]
     #
     # @!attribute [rw] namespace_templates
@@ -16527,11 +18394,47 @@ module Aws::BedrockAgentCoreControl
     #   The subnets associated with the VPC configuration.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] require_service_s3_endpoint
+    #   <note markdown="1"> This field applies only to Agent Runtimes. It is
+    #   not applicable to
+    #   Browsers or Code Interpreters.
+    #
+    #    </note>
+    #
+    #    Controls whether a service-managed Amazon S3 gateway endpoint is
+    #   provisioned in the VPC network topology for the agent runtime. This
+    #   gateway is used by Amazon Bedrock AgentCore Runtime to download code
+    #   and container images during agent startup.
+    #
+    #    Starting May 5, 2026, Amazon Bedrock AgentCore Runtime is gradually
+    #   rolling out a change to how network isolation is configured for VPC
+    #   mode agents. Agent runtimes created on or after this rollout will no
+    #   longer include the service-managed Amazon S3 gateway. Instead, all
+    #   network access, including to Amazon S3, is governed exclusively by
+    #   your VPC configuration. This field cannot be set on agent runtimes
+    #   created after the rollout. Passing this field in an
+    #   `UpdateAgentRuntime` request for these agent runtimes returns a
+    #   `ValidationException`.
+    #
+    #    Agent runtimes created before the rollout are not affected and
+    #   continue to operate with the service-managed Amazon S3 gateway. To
+    #   enforce full VPC network isolation on these existing agent runtimes,
+    #   set this field to `false` via the `UpdateAgentRuntime` API. Before
+    #   opting out, ensure your VPC provides the Amazon S3 access required
+    #   for agent startup. If this field is not specified or is set to
+    #   `true`, the service-managed Amazon S3 gateway remains provisioned.
+    #
+    #    This field is only supported in the `UpdateAgentRuntime` API for
+    #   pre-rollout agent runtimes. Passing this field in a
+    #   `CreateAgentRuntime` request returns a `ValidationException`.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/VpcConfig AWS API Documentation
     #
     class VpcConfig < Struct.new(
       :security_groups,
-      :subnets)
+      :subnets,
+      :require_service_s3_endpoint)
       SENSITIVE = []
       include Aws::Structure
     end