aws-sdk-bedrockagentcorecontrol 1.53.0 → 1.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -325,6 +325,32 @@ module Aws::BedrockAgentCoreControl
325
325
  include Aws::Structure
326
326
  end
327
327
 
328
+ # The configuration that restricts which workloads in the request's
329
+ # identity chain are allowed to invoke the target, identified by their
330
+ # hosting environments and workload identities. At launch, this is
331
+ # supported only for AgentCore Runtime targets, and the allowed
332
+ # workloads are AgentCore Gateways.
333
+ #
334
+ # @!attribute [rw] hosting_environments
335
+ # The list of hosting environments whose workloads are allowed to
336
+ # invoke the target. At launch, the only supported hosting environment
337
+ # is AgentCore Gateway.
338
+ # @return [Array<Types::HostingEnvironment>]
339
+ #
340
+ # @!attribute [rw] workload_identities
341
+ # The list of workload identities that are allowed to invoke the
342
+ # target.
343
+ # @return [Array<String>]
344
+ #
345
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/AllowedWorkloadConfiguration AWS API Documentation
346
+ #
347
+ class AllowedWorkloadConfiguration < Struct.new(
348
+ :hosting_environments,
349
+ :workload_identities)
350
+ SENSITIVE = []
351
+ include Aws::Structure
352
+ end
353
+
328
354
  # The configuration for an Amazon API Gateway target.
329
355
  #
330
356
  # @!attribute [rw] rest_api_id
@@ -556,16 +582,17 @@ module Aws::BedrockAgentCoreControl
556
582
  # @return [String]
557
583
  #
558
584
  # @!attribute [rw] client_secret_config
559
- # A reference to the AWS Secrets Manager secret that stores the client
560
- # secret. This includes the secret ID and the JSON key used to extract
561
- # the client secret value from the secret. Required when
562
- # `clientSecretSource` is set to `EXTERNAL`.
585
+ # A reference to the Amazon Web Services Secrets Manager secret that
586
+ # stores the client secret. This includes the secret ID and the JSON
587
+ # key used to extract the client secret value from the secret.
588
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
563
589
  # @return [Types::SecretReference]
564
590
  #
565
591
  # @!attribute [rw] client_secret_source
566
592
  # The source type of the client secret for the Atlassian OAuth2
567
593
  # provider. Use `MANAGED` if the secret is managed by the service, or
568
- # `EXTERNAL` if you manage the secret yourself in AWS Secrets Manager.
594
+ # `EXTERNAL` if you manage the secret yourself in Amazon Web Services
595
+ # Secrets Manager.
569
596
  # @return [String]
570
597
  #
571
598
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/AtlassianOauth2ProviderConfigInput AWS API Documentation
@@ -1215,14 +1242,15 @@ module Aws::BedrockAgentCoreControl
1215
1242
  # @!attribute [rw] api_key_secret_source
1216
1243
  # The source type of the API key secret for the Coinbase Developer
1217
1244
  # Platform. Use `MANAGED` if the secret is managed by the service, or
1218
- # `EXTERNAL` if you manage the secret yourself in AWS Secrets Manager.
1245
+ # `EXTERNAL` if you manage the secret yourself in Amazon Web Services
1246
+ # Secrets Manager.
1219
1247
  # @return [String]
1220
1248
  #
1221
1249
  # @!attribute [rw] api_key_secret_config
1222
- # A reference to the AWS Secrets Manager secret that stores the API
1223
- # key secret. This includes the secret ID and the JSON key used to
1224
- # extract the API key secret value from the secret. Required when
1225
- # `apiKeySecretSource` is set to `EXTERNAL`.
1250
+ # A reference to the Amazon Web Services Secrets Manager secret that
1251
+ # stores the API key secret. This includes the secret ID and the JSON
1252
+ # key used to extract the API key secret value from the secret.
1253
+ # Required when `apiKeySecretSource` is set to `EXTERNAL`.
1226
1254
  # @return [Types::SecretReference]
1227
1255
  #
1228
1256
  # @!attribute [rw] wallet_secret
@@ -1232,14 +1260,15 @@ module Aws::BedrockAgentCoreControl
1232
1260
  # @!attribute [rw] wallet_secret_source
1233
1261
  # The source type of the wallet secret for the Coinbase Developer
1234
1262
  # Platform. Use `MANAGED` if the secret is managed by the service, or
1235
- # `EXTERNAL` if you manage the secret yourself in AWS Secrets Manager.
1263
+ # `EXTERNAL` if you manage the secret yourself in Amazon Web Services
1264
+ # Secrets Manager.
1236
1265
  # @return [String]
1237
1266
  #
1238
1267
  # @!attribute [rw] wallet_secret_config
1239
- # A reference to the AWS Secrets Manager secret that stores the wallet
1240
- # secret. This includes the secret ID and the JSON key used to extract
1241
- # the wallet secret value from the secret. Required when
1242
- # `walletSecretSource` is set to `EXTERNAL`.
1268
+ # A reference to the Amazon Web Services Secrets Manager secret that
1269
+ # stores the wallet secret. This includes the secret ID and the JSON
1270
+ # key used to extract the wallet secret value from the secret.
1271
+ # Required when `walletSecretSource` is set to `EXTERNAL`.
1243
1272
  # @return [Types::SecretReference]
1244
1273
  #
1245
1274
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CoinbaseCdpConfigurationInput AWS API Documentation
@@ -1263,33 +1292,35 @@ module Aws::BedrockAgentCoreControl
1263
1292
  # @return [String]
1264
1293
  #
1265
1294
  # @!attribute [rw] api_key_secret_arn
1266
- # Contains information about a secret in AWS Secrets Manager.
1295
+ # Contains information about a secret in Amazon Web Services Secrets
1296
+ # Manager.
1267
1297
  # @return [Types::Secret]
1268
1298
  #
1269
1299
  # @!attribute [rw] api_key_secret_json_key
1270
- # The JSON key used to extract the API key secret value from the AWS
1271
- # Secrets Manager secret.
1300
+ # The JSON key used to extract the API key secret value from the
1301
+ # Amazon Web Services Secrets Manager secret.
1272
1302
  # @return [String]
1273
1303
  #
1274
1304
  # @!attribute [rw] api_key_secret_source
1275
1305
  # The source type of the API key secret. Either `MANAGED` if the
1276
1306
  # secret is managed by the service, or `EXTERNAL` if managed by the
1277
- # user in AWS Secrets Manager.
1307
+ # user in Amazon Web Services Secrets Manager.
1278
1308
  # @return [String]
1279
1309
  #
1280
1310
  # @!attribute [rw] wallet_secret_arn
1281
- # Contains information about a secret in AWS Secrets Manager.
1311
+ # Contains information about a secret in Amazon Web Services Secrets
1312
+ # Manager.
1282
1313
  # @return [Types::Secret]
1283
1314
  #
1284
1315
  # @!attribute [rw] wallet_secret_json_key
1285
- # The JSON key used to extract the wallet secret value from the AWS
1286
- # Secrets Manager secret.
1316
+ # The JSON key used to extract the wallet secret value from the Amazon
1317
+ # Web Services Secrets Manager secret.
1287
1318
  # @return [String]
1288
1319
  #
1289
1320
  # @!attribute [rw] wallet_secret_source
1290
1321
  # The source type of the wallet secret. Either `MANAGED` if the secret
1291
1322
  # is managed by the service, or `EXTERNAL` if managed by the user in
1292
- # AWS Secrets Manager.
1323
+ # Amazon Web Services Secrets Manager.
1293
1324
  # @return [String]
1294
1325
  #
1295
1326
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CoinbaseCdpConfigurationOutput AWS API Documentation
@@ -1500,6 +1531,106 @@ module Aws::BedrockAgentCoreControl
1500
1531
  include Aws::Structure
1501
1532
  end
1502
1533
 
1534
+ # Configuration for a single tool within a connector.
1535
+ #
1536
+ # @!attribute [rw] name
1537
+ # The tool or operation name (for example, `retrieve` or `webSearch`).
1538
+ # @return [String]
1539
+ #
1540
+ # @!attribute [rw] description
1541
+ # An agent-facing description override for this tool.
1542
+ # @return [String]
1543
+ #
1544
+ # @!attribute [rw] parameter_values
1545
+ # Parameters to set as fixed or default values when provisioning this
1546
+ # tool.
1547
+ # @return [Hash,Array,String,Numeric,Boolean]
1548
+ #
1549
+ # @!attribute [rw] parameter_overrides
1550
+ # Parameters to expose to the agent at runtime, with optional
1551
+ # description overrides.
1552
+ # @return [Array<Types::ConnectorParameterOverride>]
1553
+ #
1554
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ConnectorConfiguration AWS API Documentation
1555
+ #
1556
+ class ConnectorConfiguration < Struct.new(
1557
+ :name,
1558
+ :description,
1559
+ :parameter_values,
1560
+ :parameter_overrides)
1561
+ SENSITIVE = []
1562
+ include Aws::Structure
1563
+ end
1564
+
1565
+ # Specifies a parameter override for a connector tool, allowing you to
1566
+ # control parameter visibility and descriptions.
1567
+ #
1568
+ # @!attribute [rw] path
1569
+ # A JSON Pointer path identifying the parameter (for example,
1570
+ # `/numberOfResults` or `/filter`).
1571
+ # @return [String]
1572
+ #
1573
+ # @!attribute [rw] description
1574
+ # An agent-facing description override for this parameter.
1575
+ # @return [String]
1576
+ #
1577
+ # @!attribute [rw] visible
1578
+ # Whether this parameter is visible to the agent. If not specified,
1579
+ # uses the service default.
1580
+ # @return [Boolean]
1581
+ #
1582
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ConnectorParameterOverride AWS API Documentation
1583
+ #
1584
+ class ConnectorParameterOverride < Struct.new(
1585
+ :path,
1586
+ :description,
1587
+ :visible)
1588
+ SENSITIVE = []
1589
+ include Aws::Structure
1590
+ end
1591
+
1592
+ # The source identifying the connector integration.
1593
+ #
1594
+ # @!attribute [rw] connector_id
1595
+ # The identifier for the connector integration (for example,
1596
+ # `bedrock-knowledge-bases`).
1597
+ # @return [String]
1598
+ #
1599
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ConnectorSource AWS API Documentation
1600
+ #
1601
+ class ConnectorSource < Struct.new(
1602
+ :connector_id)
1603
+ SENSITIVE = []
1604
+ include Aws::Structure
1605
+ end
1606
+
1607
+ # Configuration for a connector integration target. Connectors provide
1608
+ # pre-built integrations with Amazon Web Services services and
1609
+ # third-party tools.
1610
+ #
1611
+ # @!attribute [rw] source
1612
+ # The source configuration identifying which connector to use.
1613
+ # @return [Types::ConnectorSource]
1614
+ #
1615
+ # @!attribute [rw] enabled
1616
+ # A list of tool names to enable from this connector. If absent, all
1617
+ # tools provided by the connector are enabled.
1618
+ # @return [Array<String>]
1619
+ #
1620
+ # @!attribute [rw] configurations
1621
+ # A list of per-tool configurations for the connector.
1622
+ # @return [Array<Types::ConnectorConfiguration>]
1623
+ #
1624
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ConnectorTargetConfiguration AWS API Documentation
1625
+ #
1626
+ class ConnectorTargetConfiguration < Struct.new(
1627
+ :source,
1628
+ :enabled,
1629
+ :configurations)
1630
+ SENSITIVE = []
1631
+ include Aws::Structure
1632
+ end
1633
+
1503
1634
  # Contains consolidation configuration information for a memory
1504
1635
  # strategy.
1505
1636
  #
@@ -1799,16 +1930,16 @@ module Aws::BedrockAgentCoreControl
1799
1930
  # @return [String]
1800
1931
  #
1801
1932
  # @!attribute [rw] api_key_secret_config
1802
- # A reference to the AWS Secrets Manager secret that stores the API
1803
- # key. This includes the secret ID and the JSON key used to extract
1804
- # the API key value from the secret. Required when
1933
+ # A reference to the Amazon Web Services Secrets Manager secret that
1934
+ # stores the API key. This includes the secret ID and the JSON key
1935
+ # used to extract the API key value from the secret. Required when
1805
1936
  # `apiKeySecretSource` is set to `EXTERNAL`.
1806
1937
  # @return [Types::SecretReference]
1807
1938
  #
1808
1939
  # @!attribute [rw] api_key_secret_source
1809
1940
  # The source type of the API key secret. Use `MANAGED` if the secret
1810
1941
  # is managed by the service, or `EXTERNAL` if you manage the secret
1811
- # yourself in AWS Secrets Manager.
1942
+ # yourself in Amazon Web Services Secrets Manager.
1812
1943
  # @return [String]
1813
1944
  #
1814
1945
  # @!attribute [rw] tags
@@ -1834,14 +1965,14 @@ module Aws::BedrockAgentCoreControl
1834
1965
  # @return [Types::Secret]
1835
1966
  #
1836
1967
  # @!attribute [rw] api_key_secret_json_key
1837
- # The JSON key used to extract the API key value from the AWS Secrets
1838
- # Manager secret.
1968
+ # The JSON key used to extract the API key value from the Amazon Web
1969
+ # Services Secrets Manager secret.
1839
1970
  # @return [String]
1840
1971
  #
1841
1972
  # @!attribute [rw] api_key_secret_source
1842
1973
  # The source type of the API key secret. Either `MANAGED` if the
1843
1974
  # secret is managed by the service, or `EXTERNAL` if managed by the
1844
- # user in AWS Secrets Manager.
1975
+ # user in Amazon Web Services Secrets Manager.
1845
1976
  # @return [String]
1846
1977
  #
1847
1978
  # @!attribute [rw] name
@@ -2559,7 +2690,7 @@ module Aws::BedrockAgentCoreControl
2559
2690
  :policy_engine_configuration,
2560
2691
  :exception_level,
2561
2692
  :tags)
2562
- SENSITIVE = [:name, :description]
2693
+ SENSITIVE = [:description]
2563
2694
  include Aws::Structure
2564
2695
  end
2565
2696
 
@@ -2625,6 +2756,12 @@ module Aws::BedrockAgentCoreControl
2625
2756
  # associated with the gateway.
2626
2757
  # @return [String]
2627
2758
  #
2759
+ # @!attribute [rw] custom_transform_configuration
2760
+ # The custom transformation configuration for the gateway. This
2761
+ # configuration defines how the gateway transforms requests and
2762
+ # responses.
2763
+ # @return [Types::CustomTransformConfiguration]
2764
+ #
2628
2765
  # @!attribute [rw] interceptor_configurations
2629
2766
  # The list of interceptor configurations for the created gateway.
2630
2767
  # @return [Array<Types::GatewayInterceptorConfiguration>]
@@ -2648,6 +2785,15 @@ module Aws::BedrockAgentCoreControl
2648
2785
  # the end user.
2649
2786
  # @return [String]
2650
2787
  #
2788
+ # @!attribute [rw] web_acl_arn
2789
+ # The Amazon Resource Name (ARN) of the Amazon Web Services WAF web
2790
+ # ACL associated with the gateway.
2791
+ # @return [String]
2792
+ #
2793
+ # @!attribute [rw] waf_configuration
2794
+ # The Amazon Web Services WAF configuration for the gateway.
2795
+ # @return [Types::WafConfiguration]
2796
+ #
2651
2797
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreateGatewayResponse AWS API Documentation
2652
2798
  #
2653
2799
  class CreateGatewayResponse < Struct.new(
@@ -2666,11 +2812,14 @@ module Aws::BedrockAgentCoreControl
2666
2812
  :authorizer_type,
2667
2813
  :authorizer_configuration,
2668
2814
  :kms_key_arn,
2815
+ :custom_transform_configuration,
2669
2816
  :interceptor_configurations,
2670
2817
  :policy_engine_configuration,
2671
2818
  :workload_identity_details,
2672
- :exception_level)
2673
- SENSITIVE = [:name, :description]
2819
+ :exception_level,
2820
+ :web_acl_arn,
2821
+ :waf_configuration)
2822
+ SENSITIVE = [:description]
2674
2823
  include Aws::Structure
2675
2824
  end
2676
2825
 
@@ -2936,6 +3085,61 @@ module Aws::BedrockAgentCoreControl
2936
3085
  include Aws::Structure
2937
3086
  end
2938
3087
 
3088
+ # @!attribute [rw] harness_id
3089
+ # The ID of the harness to create an endpoint for.
3090
+ # @return [String]
3091
+ #
3092
+ # @!attribute [rw] endpoint_name
3093
+ # The name of the endpoint. Must start with a letter and contain only
3094
+ # alphanumeric characters and underscores.
3095
+ # @return [String]
3096
+ #
3097
+ # @!attribute [rw] target_version
3098
+ # The harness version that the endpoint points to and serves
3099
+ # invocations from.
3100
+ # @return [String]
3101
+ #
3102
+ # @!attribute [rw] description
3103
+ # A description of the endpoint.
3104
+ # @return [String]
3105
+ #
3106
+ # @!attribute [rw] client_token
3107
+ # A unique, case-sensitive identifier to ensure idempotency of the
3108
+ # request.
3109
+ #
3110
+ # **A suitable default value is auto-generated.** You should normally
3111
+ # not need to pass this option.
3112
+ # @return [String]
3113
+ #
3114
+ # @!attribute [rw] tags
3115
+ # Tags to apply to the endpoint resource.
3116
+ # @return [Hash<String,String>]
3117
+ #
3118
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreateHarnessEndpointRequest AWS API Documentation
3119
+ #
3120
+ class CreateHarnessEndpointRequest < Struct.new(
3121
+ :harness_id,
3122
+ :endpoint_name,
3123
+ :target_version,
3124
+ :description,
3125
+ :client_token,
3126
+ :tags)
3127
+ SENSITIVE = []
3128
+ include Aws::Structure
3129
+ end
3130
+
3131
+ # @!attribute [rw] endpoint
3132
+ # The endpoint that was created.
3133
+ # @return [Types::HarnessEndpoint]
3134
+ #
3135
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CreateHarnessEndpointResponse AWS API Documentation
3136
+ #
3137
+ class CreateHarnessEndpointResponse < Struct.new(
3138
+ :endpoint)
3139
+ SENSITIVE = []
3140
+ include Aws::Structure
3141
+ end
3142
+
2939
3143
  # @!attribute [rw] harness_name
2940
3144
  # The name of the harness. Must start with a letter and contain only
2941
3145
  # alphanumeric characters and underscores.
@@ -3184,19 +3388,19 @@ module Aws::BedrockAgentCoreControl
3184
3388
  end
3185
3389
 
3186
3390
  # @!attribute [rw] client_secret_arn
3187
- # The Amazon Resource Name (ARN) of the client secret in AWS Secrets
3188
- # Manager.
3391
+ # The Amazon Resource Name (ARN) of the client secret in Amazon Web
3392
+ # Services Secrets Manager.
3189
3393
  # @return [Types::Secret]
3190
3394
  #
3191
3395
  # @!attribute [rw] client_secret_json_key
3192
- # The JSON key used to extract the client secret value from the AWS
3193
- # Secrets Manager secret.
3396
+ # The JSON key used to extract the client secret value from the Amazon
3397
+ # Web Services Secrets Manager secret.
3194
3398
  # @return [String]
3195
3399
  #
3196
3400
  # @!attribute [rw] client_secret_source
3197
3401
  # The source type of the client secret. Either `MANAGED` if the secret
3198
3402
  # is managed by the service, or `EXTERNAL` if managed by the user in
3199
- # AWS Secrets Manager.
3403
+ # Amazon Web Services Secrets Manager.
3200
3404
  # @return [String]
3201
3405
  #
3202
3406
  # @!attribute [rw] name
@@ -3806,6 +4010,13 @@ module Aws::BedrockAgentCoreControl
3806
4010
  # accept the analyzer findings.
3807
4011
  # @return [String]
3808
4012
  #
4013
+ # @!attribute [rw] enforcement_mode
4014
+ # The enforcement mode for the policy. Run this policy in `LOG_ONLY`
4015
+ # mode to collect data on how it affects your application. Once you
4016
+ # are satisfied with the data gathered, switch the policy to `ACTIVE`.
4017
+ # Defaults to `ACTIVE`.
4018
+ # @return [String]
4019
+ #
3809
4020
  # @!attribute [rw] policy_engine_id
3810
4021
  # The identifier of the policy engine which contains this policy.
3811
4022
  # Policy engines group related policies and provide the execution
@@ -3830,6 +4041,7 @@ module Aws::BedrockAgentCoreControl
3830
4041
  :definition,
3831
4042
  :description,
3832
4043
  :validation_mode,
4044
+ :enforcement_mode,
3833
4045
  :policy_engine_id,
3834
4046
  :client_token)
3835
4047
  SENSITIVE = [:description]
@@ -3876,6 +4088,10 @@ module Aws::BedrockAgentCoreControl
3876
4088
  # policy is ready for use.
3877
4089
  # @return [String]
3878
4090
  #
4091
+ # @!attribute [rw] enforcement_mode
4092
+ # The enforcement mode of the created policy.
4093
+ # @return [String]
4094
+ #
3879
4095
  # @!attribute [rw] definition
3880
4096
  # The Cedar policy statement that was created. This is the validated
3881
4097
  # policy definition that will be used for agent behavior control and
@@ -3904,6 +4120,7 @@ module Aws::BedrockAgentCoreControl
3904
4120
  :updated_at,
3905
4121
  :policy_arn,
3906
4122
  :status,
4123
+ :enforcement_mode,
3907
4124
  :definition,
3908
4125
  :description,
3909
4126
  :status_reasons)
@@ -4498,6 +4715,18 @@ module Aws::BedrockAgentCoreControl
4498
4715
  # An array of scopes that are allowed to access the token.
4499
4716
  # @return [Array<String>]
4500
4717
  #
4718
+ # @!attribute [rw] advertised_scope_mapping
4719
+ # A map that associates each scope in `allowedScopes` with a
4720
+ # corresponding advertised scope value. The advertised scope appears
4721
+ # in OAuth protected resource metadata and `WWW-Authenticate` response
4722
+ # headers. Use this parameter when the scope that clients request from
4723
+ # your identity provider differs from the scope in the validated
4724
+ # token. Each key is a scope from `allowedScopes` that the service
4725
+ # uses for token validation. Each value is the corresponding scope
4726
+ # that the service advertises to clients. Scopes without a mapping
4727
+ # entry appear unchanged to clients.
4728
+ # @return [Hash<String,String>]
4729
+ #
4501
4730
  # @!attribute [rw] custom_claims
4502
4731
  # An array of objects that define a custom claim validation name,
4503
4732
  # value, and operation
@@ -4513,6 +4742,14 @@ module Aws::BedrockAgentCoreControl
4513
4742
  # configuration.
4514
4743
  # @return [Array<Types::PrivateEndpointOverride>]
4515
4744
  #
4745
+ # @!attribute [rw] allowed_workload_configuration
4746
+ # The configuration that restricts which workloads in the request's
4747
+ # identity chain are allowed to invoke the target, identified by their
4748
+ # hosting environments and workload identities. At launch, this is
4749
+ # supported only for AgentCore Runtime targets, and the allowed
4750
+ # workloads are AgentCore Gateways.
4751
+ # @return [Types::AllowedWorkloadConfiguration]
4752
+ #
4516
4753
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CustomJWTAuthorizerConfiguration AWS API Documentation
4517
4754
  #
4518
4755
  class CustomJWTAuthorizerConfiguration < Struct.new(
@@ -4520,9 +4757,11 @@ module Aws::BedrockAgentCoreControl
4520
4757
  :allowed_audience,
4521
4758
  :allowed_clients,
4522
4759
  :allowed_scopes,
4760
+ :advertised_scope_mapping,
4523
4761
  :custom_claims,
4524
4762
  :private_endpoint,
4525
- :private_endpoint_overrides)
4763
+ :private_endpoint_overrides,
4764
+ :allowed_workload_configuration)
4526
4765
  SENSITIVE = []
4527
4766
  include Aws::Structure
4528
4767
  end
@@ -4582,16 +4821,16 @@ module Aws::BedrockAgentCoreControl
4582
4821
  # @return [String]
4583
4822
  #
4584
4823
  # @!attribute [rw] client_secret_config
4585
- # A reference to the AWS Secrets Manager secret that stores the client
4586
- # secret. This includes the secret ID and the JSON key used to extract
4587
- # the client secret value from the secret. Required when
4588
- # `clientSecretSource` is set to `EXTERNAL`.
4824
+ # A reference to the Amazon Web Services Secrets Manager secret that
4825
+ # stores the client secret. This includes the secret ID and the JSON
4826
+ # key used to extract the client secret value from the secret.
4827
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
4589
4828
  # @return [Types::SecretReference]
4590
4829
  #
4591
4830
  # @!attribute [rw] client_secret_source
4592
4831
  # The source type of the client secret. Use `MANAGED` if the secret is
4593
4832
  # managed by the service, or `EXTERNAL` if you manage the secret
4594
- # yourself in AWS Secrets Manager.
4833
+ # yourself in Amazon Web Services Secrets Manager.
4595
4834
  # @return [String]
4596
4835
  #
4597
4836
  # @!attribute [rw] on_behalf_of_token_exchange_config
@@ -4718,6 +4957,24 @@ module Aws::BedrockAgentCoreControl
4718
4957
  class Unknown < CustomReflectionConfigurationInput; end
4719
4958
  end
4720
4959
 
4960
+ # The configuration for custom transformations applied to requests and
4961
+ # responses through the gateway. This structure defines how the gateway
4962
+ # transforms data.
4963
+ #
4964
+ # @!attribute [rw] lambda
4965
+ # The Lambda configuration for custom transformations. This
4966
+ # configuration defines how the gateway uses a Lambda function to
4967
+ # transform data.
4968
+ # @return [Types::LambdaTransformConfiguration]
4969
+ #
4970
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CustomTransformConfiguration AWS API Documentation
4971
+ #
4972
+ class CustomTransformConfiguration < Struct.new(
4973
+ :lambda)
4974
+ SENSITIVE = []
4975
+ include Aws::Structure
4976
+ end
4977
+
4721
4978
  # The configuration that specifies where to read agent traces for online
4722
4979
  # evaluation.
4723
4980
  #
@@ -5403,6 +5660,44 @@ module Aws::BedrockAgentCoreControl
5403
5660
  include Aws::Structure
5404
5661
  end
5405
5662
 
5663
+ # @!attribute [rw] harness_id
5664
+ # The ID of the harness that the endpoint belongs to.
5665
+ # @return [String]
5666
+ #
5667
+ # @!attribute [rw] endpoint_name
5668
+ # The name of the endpoint to delete.
5669
+ # @return [String]
5670
+ #
5671
+ # @!attribute [rw] client_token
5672
+ # A unique, case-sensitive identifier to ensure idempotency of the
5673
+ # request.
5674
+ #
5675
+ # **A suitable default value is auto-generated.** You should normally
5676
+ # not need to pass this option.
5677
+ # @return [String]
5678
+ #
5679
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeleteHarnessEndpointRequest AWS API Documentation
5680
+ #
5681
+ class DeleteHarnessEndpointRequest < Struct.new(
5682
+ :harness_id,
5683
+ :endpoint_name,
5684
+ :client_token)
5685
+ SENSITIVE = []
5686
+ include Aws::Structure
5687
+ end
5688
+
5689
+ # @!attribute [rw] endpoint
5690
+ # The endpoint that was deleted.
5691
+ # @return [Types::HarnessEndpoint]
5692
+ #
5693
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeleteHarnessEndpointResponse AWS API Documentation
5694
+ #
5695
+ class DeleteHarnessEndpointResponse < Struct.new(
5696
+ :endpoint)
5697
+ SENSITIVE = []
5698
+ include Aws::Structure
5699
+ end
5700
+
5406
5701
  # @!attribute [rw] harness_id
5407
5702
  # The ID of the harness to delete.
5408
5703
  # @return [String]
@@ -5415,11 +5710,18 @@ module Aws::BedrockAgentCoreControl
5415
5710
  # not need to pass this option.
5416
5711
  # @return [String]
5417
5712
  #
5713
+ # @!attribute [rw] delete_managed_memory
5714
+ # Whether to delete the managed memory on harness deletion. Default:
5715
+ # true. If false, the memory is disassociated and becomes a regular
5716
+ # customer-owned resource.
5717
+ # @return [Boolean]
5718
+ #
5418
5719
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/DeleteHarnessRequest AWS API Documentation
5419
5720
  #
5420
5721
  class DeleteHarnessRequest < Struct.new(
5421
5722
  :harness_id,
5422
- :client_token)
5723
+ :client_token,
5724
+ :delete_managed_memory)
5423
5725
  SENSITIVE = []
5424
5726
  include Aws::Structure
5425
5727
  end
@@ -5795,6 +6097,10 @@ module Aws::BedrockAgentCoreControl
5795
6097
  # process.
5796
6098
  # @return [String]
5797
6099
  #
6100
+ # @!attribute [rw] enforcement_mode
6101
+ # The enforcement mode of the deleted policy.
6102
+ # @return [String]
6103
+ #
5798
6104
  # @!attribute [rw] definition
5799
6105
  # Represents the definition structure for policies within the
5800
6106
  # AgentCore Policy system. This structure encapsulates different
@@ -5822,6 +6128,7 @@ module Aws::BedrockAgentCoreControl
5822
6128
  :updated_at,
5823
6129
  :policy_arn,
5824
6130
  :status,
6131
+ :enforcement_mode,
5825
6132
  :definition,
5826
6133
  :description,
5827
6134
  :status_reasons)
@@ -6827,7 +7134,7 @@ module Aws::BedrockAgentCoreControl
6827
7134
  :updated_at,
6828
7135
  :authorizer_type,
6829
7136
  :protocol_type)
6830
- SENSITIVE = [:name, :description]
7137
+ SENSITIVE = [:description]
6831
7138
  include Aws::Structure
6832
7139
  end
6833
7140
 
@@ -7151,19 +7458,19 @@ module Aws::BedrockAgentCoreControl
7151
7458
  end
7152
7459
 
7153
7460
  # @!attribute [rw] api_key_secret_arn
7154
- # The Amazon Resource Name (ARN) of the API key secret in AWS Secrets
7155
- # Manager.
7461
+ # The Amazon Resource Name (ARN) of the API key secret in Amazon Web
7462
+ # Services Secrets Manager.
7156
7463
  # @return [Types::Secret]
7157
7464
  #
7158
7465
  # @!attribute [rw] api_key_secret_json_key
7159
- # The JSON key used to extract the API key value from the AWS Secrets
7160
- # Manager secret.
7466
+ # The JSON key used to extract the API key value from the Amazon Web
7467
+ # Services Secrets Manager secret.
7161
7468
  # @return [String]
7162
7469
  #
7163
7470
  # @!attribute [rw] api_key_secret_source
7164
7471
  # The source type of the API key secret. Either `MANAGED` if the
7165
7472
  # secret is managed by the service, or `EXTERNAL` if managed by the
7166
- # user in AWS Secrets Manager.
7473
+ # user in Amazon Web Services Secrets Manager.
7167
7474
  # @return [String]
7168
7475
  #
7169
7476
  # @!attribute [rw] name
@@ -7869,6 +8176,12 @@ module Aws::BedrockAgentCoreControl
7869
8176
  # gateway.
7870
8177
  # @return [String]
7871
8178
  #
8179
+ # @!attribute [rw] custom_transform_configuration
8180
+ # The custom transformation configuration for the gateway. This
8181
+ # configuration defines how the gateway transforms requests and
8182
+ # responses.
8183
+ # @return [Types::CustomTransformConfiguration]
8184
+ #
7872
8185
  # @!attribute [rw] interceptor_configurations
7873
8186
  # The interceptors configured on the gateway.
7874
8187
  # @return [Array<Types::GatewayInterceptorConfiguration>]
@@ -7892,6 +8205,15 @@ module Aws::BedrockAgentCoreControl
7892
8205
  # the end user.
7893
8206
  # @return [String]
7894
8207
  #
8208
+ # @!attribute [rw] web_acl_arn
8209
+ # The Amazon Resource Name (ARN) of the Amazon Web Services WAF web
8210
+ # ACL associated with the gateway.
8211
+ # @return [String]
8212
+ #
8213
+ # @!attribute [rw] waf_configuration
8214
+ # The Amazon Web Services WAF configuration for the gateway.
8215
+ # @return [Types::WafConfiguration]
8216
+ #
7895
8217
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetGatewayResponse AWS API Documentation
7896
8218
  #
7897
8219
  class GetGatewayResponse < Struct.new(
@@ -7910,11 +8232,14 @@ module Aws::BedrockAgentCoreControl
7910
8232
  :authorizer_type,
7911
8233
  :authorizer_configuration,
7912
8234
  :kms_key_arn,
8235
+ :custom_transform_configuration,
7913
8236
  :interceptor_configurations,
7914
8237
  :policy_engine_configuration,
7915
8238
  :workload_identity_details,
7916
- :exception_level)
7917
- SENSITIVE = [:name, :description]
8239
+ :exception_level,
8240
+ :web_acl_arn,
8241
+ :waf_configuration)
8242
+ SENSITIVE = [:description]
7918
8243
  include Aws::Structure
7919
8244
  end
7920
8245
 
@@ -8106,14 +8431,49 @@ module Aws::BedrockAgentCoreControl
8106
8431
  include Aws::Structure
8107
8432
  end
8108
8433
 
8434
+ # @!attribute [rw] harness_id
8435
+ # The ID of the harness that the endpoint belongs to.
8436
+ # @return [String]
8437
+ #
8438
+ # @!attribute [rw] endpoint_name
8439
+ # The name of the endpoint to retrieve.
8440
+ # @return [String]
8441
+ #
8442
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetHarnessEndpointRequest AWS API Documentation
8443
+ #
8444
+ class GetHarnessEndpointRequest < Struct.new(
8445
+ :harness_id,
8446
+ :endpoint_name)
8447
+ SENSITIVE = []
8448
+ include Aws::Structure
8449
+ end
8450
+
8451
+ # @!attribute [rw] endpoint
8452
+ # The endpoint resource.
8453
+ # @return [Types::HarnessEndpoint]
8454
+ #
8455
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetHarnessEndpointResponse AWS API Documentation
8456
+ #
8457
+ class GetHarnessEndpointResponse < Struct.new(
8458
+ :endpoint)
8459
+ SENSITIVE = []
8460
+ include Aws::Structure
8461
+ end
8462
+
8109
8463
  # @!attribute [rw] harness_id
8110
8464
  # The ID of the harness to retrieve.
8111
8465
  # @return [String]
8112
8466
  #
8467
+ # @!attribute [rw] harness_version
8468
+ # Specific version of the harness to retrieve. If omitted, returns the
8469
+ # current Harness configuration, including its status.
8470
+ # @return [String]
8471
+ #
8113
8472
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetHarnessRequest AWS API Documentation
8114
8473
  #
8115
8474
  class GetHarnessRequest < Struct.new(
8116
- :harness_id)
8475
+ :harness_id,
8476
+ :harness_version)
8117
8477
  SENSITIVE = []
8118
8478
  include Aws::Structure
8119
8479
  end
@@ -8172,19 +8532,19 @@ module Aws::BedrockAgentCoreControl
8172
8532
  end
8173
8533
 
8174
8534
  # @!attribute [rw] client_secret_arn
8175
- # The Amazon Resource Name (ARN) of the client secret in AWS Secrets
8176
- # Manager.
8535
+ # The Amazon Resource Name (ARN) of the client secret in Amazon Web
8536
+ # Services Secrets Manager.
8177
8537
  # @return [Types::Secret]
8178
8538
  #
8179
8539
  # @!attribute [rw] client_secret_json_key
8180
- # The JSON key used to extract the client secret value from the AWS
8181
- # Secrets Manager secret.
8540
+ # The JSON key used to extract the client secret value from the Amazon
8541
+ # Web Services Secrets Manager secret.
8182
8542
  # @return [String]
8183
8543
  #
8184
8544
  # @!attribute [rw] client_secret_source
8185
8545
  # The source type of the client secret. Either `MANAGED` if the secret
8186
8546
  # is managed by the service, or `EXTERNAL` if managed by the user in
8187
- # AWS Secrets Manager.
8547
+ # Amazon Web Services Secrets Manager.
8188
8548
  # @return [String]
8189
8549
  #
8190
8550
  # @!attribute [rw] name
@@ -8925,6 +9285,10 @@ module Aws::BedrockAgentCoreControl
8925
9285
  # The current status of the policy.
8926
9286
  # @return [String]
8927
9287
  #
9288
+ # @!attribute [rw] enforcement_mode
9289
+ # The current enforcement mode of the policy.
9290
+ # @return [String]
9291
+ #
8928
9292
  # @!attribute [rw] definition
8929
9293
  # The Cedar policy statement that defines the access control rules.
8930
9294
  # This contains the actual policy logic used for agent behavior
@@ -8952,6 +9316,7 @@ module Aws::BedrockAgentCoreControl
8952
9316
  :updated_at,
8953
9317
  :policy_arn,
8954
9318
  :status,
9319
+ :enforcement_mode,
8955
9320
  :definition,
8956
9321
  :description,
8957
9322
  :status_reasons)
@@ -9007,6 +9372,10 @@ module Aws::BedrockAgentCoreControl
9007
9372
  # The current status of the policy.
9008
9373
  # @return [String]
9009
9374
  #
9375
+ # @!attribute [rw] enforcement_mode
9376
+ # The current enforcement mode of the policy.
9377
+ # @return [String]
9378
+ #
9010
9379
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicySummaryResponse AWS API Documentation
9011
9380
  #
9012
9381
  class GetPolicySummaryResponse < Struct.new(
@@ -9016,7 +9385,8 @@ module Aws::BedrockAgentCoreControl
9016
9385
  :created_at,
9017
9386
  :updated_at,
9018
9387
  :policy_arn,
9019
- :status)
9388
+ :status,
9389
+ :enforcement_mode)
9020
9390
  SENSITIVE = []
9021
9391
  include Aws::Structure
9022
9392
  end
@@ -9330,16 +9700,16 @@ module Aws::BedrockAgentCoreControl
9330
9700
  # @return [String]
9331
9701
  #
9332
9702
  # @!attribute [rw] client_secret_config
9333
- # A reference to the AWS Secrets Manager secret that stores the client
9334
- # secret. This includes the secret ID and the JSON key used to extract
9335
- # the client secret value from the secret. Required when
9336
- # `clientSecretSource` is set to `EXTERNAL`.
9703
+ # A reference to the Amazon Web Services Secrets Manager secret that
9704
+ # stores the client secret. This includes the secret ID and the JSON
9705
+ # key used to extract the client secret value from the secret.
9706
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
9337
9707
  # @return [Types::SecretReference]
9338
9708
  #
9339
9709
  # @!attribute [rw] client_secret_source
9340
9710
  # The source type of the client secret. Use `MANAGED` if the secret is
9341
9711
  # managed by the service, or `EXTERNAL` if you manage the secret
9342
- # yourself in AWS Secrets Manager.
9712
+ # yourself in Amazon Web Services Secrets Manager.
9343
9713
  # @return [String]
9344
9714
  #
9345
9715
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GithubOauth2ProviderConfigInput AWS API Documentation
@@ -9383,16 +9753,16 @@ module Aws::BedrockAgentCoreControl
9383
9753
  # @return [String]
9384
9754
  #
9385
9755
  # @!attribute [rw] client_secret_config
9386
- # A reference to the AWS Secrets Manager secret that stores the client
9387
- # secret. This includes the secret ID and the JSON key used to extract
9388
- # the client secret value from the secret. Required when
9389
- # `clientSecretSource` is set to `EXTERNAL`.
9756
+ # A reference to the Amazon Web Services Secrets Manager secret that
9757
+ # stores the client secret. This includes the secret ID and the JSON
9758
+ # key used to extract the client secret value from the secret.
9759
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
9390
9760
  # @return [Types::SecretReference]
9391
9761
  #
9392
9762
  # @!attribute [rw] client_secret_source
9393
9763
  # The source type of the client secret. Use `MANAGED` if the secret is
9394
9764
  # managed by the service, or `EXTERNAL` if you manage the secret
9395
- # yourself in AWS Secrets Manager.
9765
+ # yourself in Amazon Web Services Secrets Manager.
9396
9766
  # @return [String]
9397
9767
  #
9398
9768
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GoogleOauth2ProviderConfigInput AWS API Documentation
@@ -9425,34 +9795,39 @@ module Aws::BedrockAgentCoreControl
9425
9795
  include Aws::Structure
9426
9796
  end
9427
9797
 
9428
- # Representation of a Harness.
9798
+ # Representation of a harness.
9429
9799
  #
9430
9800
  # @!attribute [rw] harness_id
9431
- # The ID of the Harness.
9801
+ # The ID of the harness.
9432
9802
  # @return [String]
9433
9803
  #
9434
9804
  # @!attribute [rw] harness_name
9435
- # The name of the Harness.
9805
+ # The name of the harness.
9436
9806
  # @return [String]
9437
9807
  #
9438
9808
  # @!attribute [rw] arn
9439
- # The ARN of the Harness.
9809
+ # The ARN of the harness.
9440
9810
  # @return [String]
9441
9811
  #
9442
9812
  # @!attribute [rw] status
9443
- # The status of the Harness.
9813
+ # The status of the harness.
9814
+ # @return [String]
9815
+ #
9816
+ # @!attribute [rw] harness_version
9817
+ # The version of the harness. Incremented on every successful
9818
+ # UpdateHarness.
9444
9819
  # @return [String]
9445
9820
  #
9446
9821
  # @!attribute [rw] execution_role_arn
9447
- # IAM role the Harness assumes when running.
9822
+ # IAM role the harness assumes when running.
9448
9823
  # @return [String]
9449
9824
  #
9450
9825
  # @!attribute [rw] created_at
9451
- # The createdAt time of the Harness.
9826
+ # The createdAt time of the harness.
9452
9827
  # @return [Time]
9453
9828
  #
9454
9829
  # @!attribute [rw] updated_at
9455
- # The updatedAt time of the Harness.
9830
+ # The updatedAt time of the harness.
9456
9831
  # @return [Time]
9457
9832
  #
9458
9833
  # @!attribute [rw] model
@@ -9460,19 +9835,19 @@ module Aws::BedrockAgentCoreControl
9460
9835
  # @return [Types::HarnessModelConfiguration]
9461
9836
  #
9462
9837
  # @!attribute [rw] system_prompt
9463
- # The system prompt of the Harness.
9838
+ # The system prompt of the harness.
9464
9839
  # @return [Array<Types::HarnessSystemContentBlock>]
9465
9840
  #
9466
9841
  # @!attribute [rw] tools
9467
- # The tools of the Harness.
9842
+ # The tools of the harness.
9468
9843
  # @return [Array<Types::HarnessTool>]
9469
9844
  #
9470
9845
  # @!attribute [rw] skills
9471
- # The skills of the Harness.
9846
+ # The skills of the harness.
9472
9847
  # @return [Array<Types::HarnessSkill>]
9473
9848
  #
9474
9849
  # @!attribute [rw] allowed_tools
9475
- # The allowed tools of the Harness. All tools are allowed by default.
9850
+ # The allowed tools of the harness. All tools are allowed by default.
9476
9851
  # @return [Array<String>]
9477
9852
  #
9478
9853
  # @!attribute [rw] truncation
@@ -9490,7 +9865,7 @@ module Aws::BedrockAgentCoreControl
9490
9865
  #
9491
9866
  # @!attribute [rw] environment_variables
9492
9867
  # Environment variables exposed in the environment in which the
9493
- # Harness operates.
9868
+ # harness operates.
9494
9869
  # @return [Hash<String,String>]
9495
9870
  #
9496
9871
  # @!attribute [rw] authorizer_configuration
@@ -9528,6 +9903,7 @@ module Aws::BedrockAgentCoreControl
9528
9903
  :harness_name,
9529
9904
  :arn,
9530
9905
  :status,
9906
+ :harness_version,
9531
9907
  :execution_role_arn,
9532
9908
  :created_at,
9533
9909
  :updated_at,
@@ -9764,42 +10140,119 @@ module Aws::BedrockAgentCoreControl
9764
10140
  include Aws::Structure
9765
10141
  end
9766
10142
 
9767
- # The environment artifact for a harness, such as a container image
9768
- # containing custom dependencies.
9769
- #
9770
- # @note HarnessEnvironmentArtifact is a union - when making an API calls you must set exactly one of the members.
9771
- #
9772
- # @note HarnessEnvironmentArtifact is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of HarnessEnvironmentArtifact corresponding to the set member.
10143
+ # Explicitly opt out of memory.
9773
10144
  #
9774
- # @!attribute [rw] container_configuration
9775
- # Representation of a container configuration.
9776
- # @return [Types::ContainerConfiguration]
10145
+ # @api private
9777
10146
  #
9778
- # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessEnvironmentArtifact AWS API Documentation
10147
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessDisabledMemoryConfiguration AWS API Documentation
9779
10148
  #
9780
- class HarnessEnvironmentArtifact < Struct.new(
9781
- :container_configuration,
9782
- :unknown)
9783
- SENSITIVE = []
9784
- include Aws::Structure
9785
- include Aws::Structure::Union
9786
-
9787
- class ContainerConfiguration < HarnessEnvironmentArtifact; end
9788
- class Unknown < HarnessEnvironmentArtifact; end
9789
- end
10149
+ class HarnessDisabledMemoryConfiguration < Aws::EmptyStructure; end
9790
10150
 
9791
- # The environment provider for a harness.
10151
+ # Representation of a harness endpoint. An endpoint is a named, stable
10152
+ # reference to a specific version of a harness that callers invoke,
10153
+ # allowing the underlying version to be updated without changing how the
10154
+ # agent is invoked.
9792
10155
  #
9793
- # @note HarnessEnvironmentProvider is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of HarnessEnvironmentProvider corresponding to the set member.
10156
+ # @!attribute [rw] harness_id
10157
+ # The ID of the harness that the endpoint belongs to.
10158
+ # @return [String]
9794
10159
  #
9795
- # @!attribute [rw] agent_core_runtime_environment
9796
- # The AgentCore Runtime environment configuration.
9797
- # @return [Types::HarnessAgentCoreRuntimeEnvironment]
10160
+ # @!attribute [rw] harness_name
10161
+ # The name of the harness that the endpoint belongs to.
10162
+ # @return [String]
9798
10163
  #
9799
- # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessEnvironmentProvider AWS API Documentation
10164
+ # @!attribute [rw] endpoint_name
10165
+ # The name of the endpoint.
10166
+ # @return [String]
9800
10167
  #
9801
- class HarnessEnvironmentProvider < Struct.new(
9802
- :agent_core_runtime_environment,
10168
+ # @!attribute [rw] arn
10169
+ # The ARN of the endpoint.
10170
+ # @return [String]
10171
+ #
10172
+ # @!attribute [rw] status
10173
+ # The status of the endpoint.
10174
+ # @return [String]
10175
+ #
10176
+ # @!attribute [rw] created_at
10177
+ # The timestamp when the endpoint was created.
10178
+ # @return [Time]
10179
+ #
10180
+ # @!attribute [rw] updated_at
10181
+ # The timestamp when the endpoint was last updated.
10182
+ # @return [Time]
10183
+ #
10184
+ # @!attribute [rw] live_version
10185
+ # The harness version that the endpoint is currently serving.
10186
+ # @return [String]
10187
+ #
10188
+ # @!attribute [rw] target_version
10189
+ # The harness version that the endpoint points to. While an update is
10190
+ # in progress, this can differ from the live version until the
10191
+ # endpoint finishes transitioning.
10192
+ # @return [String]
10193
+ #
10194
+ # @!attribute [rw] description
10195
+ # The description of the endpoint.
10196
+ # @return [String]
10197
+ #
10198
+ # @!attribute [rw] failure_reason
10199
+ # The reason the endpoint's last create or update operation failed.
10200
+ # @return [String]
10201
+ #
10202
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessEndpoint AWS API Documentation
10203
+ #
10204
+ class HarnessEndpoint < Struct.new(
10205
+ :harness_id,
10206
+ :harness_name,
10207
+ :endpoint_name,
10208
+ :arn,
10209
+ :status,
10210
+ :created_at,
10211
+ :updated_at,
10212
+ :live_version,
10213
+ :target_version,
10214
+ :description,
10215
+ :failure_reason)
10216
+ SENSITIVE = []
10217
+ include Aws::Structure
10218
+ end
10219
+
10220
+ # The environment artifact for a harness, such as a container image
10221
+ # containing custom dependencies.
10222
+ #
10223
+ # @note HarnessEnvironmentArtifact is a union - when making an API calls you must set exactly one of the members.
10224
+ #
10225
+ # @note HarnessEnvironmentArtifact is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of HarnessEnvironmentArtifact corresponding to the set member.
10226
+ #
10227
+ # @!attribute [rw] container_configuration
10228
+ # Representation of a container configuration.
10229
+ # @return [Types::ContainerConfiguration]
10230
+ #
10231
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessEnvironmentArtifact AWS API Documentation
10232
+ #
10233
+ class HarnessEnvironmentArtifact < Struct.new(
10234
+ :container_configuration,
10235
+ :unknown)
10236
+ SENSITIVE = []
10237
+ include Aws::Structure
10238
+ include Aws::Structure::Union
10239
+
10240
+ class ContainerConfiguration < HarnessEnvironmentArtifact; end
10241
+ class Unknown < HarnessEnvironmentArtifact; end
10242
+ end
10243
+
10244
+ # The environment provider for a harness.
10245
+ #
10246
+ # @note HarnessEnvironmentProvider is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of HarnessEnvironmentProvider corresponding to the set member.
10247
+ #
10248
+ # @!attribute [rw] agent_core_runtime_environment
10249
+ # The AgentCore Runtime environment configuration.
10250
+ # @return [Types::HarnessAgentCoreRuntimeEnvironment]
10251
+ #
10252
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessEnvironmentProvider AWS API Documentation
10253
+ #
10254
+ class HarnessEnvironmentProvider < Struct.new(
10255
+ :agent_core_runtime_environment,
9803
10256
  :unknown)
9804
10257
  SENSITIVE = []
9805
10258
  include Aws::Structure
@@ -9974,6 +10427,37 @@ module Aws::BedrockAgentCoreControl
9974
10427
  include Aws::Structure
9975
10428
  end
9976
10429
 
10430
+ # Configuration for managed memory creation.
10431
+ #
10432
+ # @!attribute [rw] arn
10433
+ # The ARN of the managed AgentCore Memory resource. Read-only on Get,
10434
+ # ignored on Create/Update input.
10435
+ # @return [String]
10436
+ #
10437
+ # @!attribute [rw] strategies
10438
+ # Strategy types to enable. Defaults to \[SEMANTIC, SUMMARIZATION\].
10439
+ # @return [Array<String>]
10440
+ #
10441
+ # @!attribute [rw] event_expiry_duration
10442
+ # Event retention in days. Defaults to 30.
10443
+ # @return [Integer]
10444
+ #
10445
+ # @!attribute [rw] encryption_key_arn
10446
+ # Customer-managed KMS key. Defaults to AWS-owned key. Not updatable
10447
+ # after creation.
10448
+ # @return [String]
10449
+ #
10450
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessManagedMemoryConfiguration AWS API Documentation
10451
+ #
10452
+ class HarnessManagedMemoryConfiguration < Struct.new(
10453
+ :arn,
10454
+ :strategies,
10455
+ :event_expiry_duration,
10456
+ :encryption_key_arn)
10457
+ SENSITIVE = []
10458
+ include Aws::Structure
10459
+ end
10460
+
9977
10461
  # The memory configuration for a harness.
9978
10462
  #
9979
10463
  # @note HarnessMemoryConfiguration is a union - when making an API calls you must set exactly one of the members.
@@ -9984,16 +10468,29 @@ module Aws::BedrockAgentCoreControl
9984
10468
  # The AgentCore Memory configuration.
9985
10469
  # @return [Types::HarnessAgentCoreMemoryConfiguration]
9986
10470
  #
10471
+ # @!attribute [rw] managed_memory_configuration
10472
+ # Harness creates and manages a memory resource in the customer's
10473
+ # account.
10474
+ # @return [Types::HarnessManagedMemoryConfiguration]
10475
+ #
10476
+ # @!attribute [rw] disabled
10477
+ # Explicitly opt out of memory.
10478
+ # @return [Types::HarnessDisabledMemoryConfiguration]
10479
+ #
9987
10480
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessMemoryConfiguration AWS API Documentation
9988
10481
  #
9989
10482
  class HarnessMemoryConfiguration < Struct.new(
9990
10483
  :agent_core_memory_configuration,
10484
+ :managed_memory_configuration,
10485
+ :disabled,
9991
10486
  :unknown)
9992
10487
  SENSITIVE = []
9993
10488
  include Aws::Structure
9994
10489
  include Aws::Structure::Union
9995
10490
 
9996
10491
  class AgentCoreMemoryConfiguration < HarnessMemoryConfiguration; end
10492
+ class ManagedMemoryConfiguration < HarnessMemoryConfiguration; end
10493
+ class Disabled < HarnessMemoryConfiguration; end
9997
10494
  class Unknown < HarnessMemoryConfiguration; end
9998
10495
  end
9999
10496
 
@@ -10123,12 +10620,17 @@ module Aws::BedrockAgentCoreControl
10123
10620
  # A git repository containing the skill.
10124
10621
  # @return [Types::HarnessSkillGitSource]
10125
10622
  #
10623
+ # @!attribute [rw] aws_skills
10624
+ # AWS Skills baked into the harness's underlying Runtime.
10625
+ # @return [Types::HarnessSkillAwsSkillsSource]
10626
+ #
10126
10627
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessSkill AWS API Documentation
10127
10628
  #
10128
10629
  class HarnessSkill < Struct.new(
10129
10630
  :path,
10130
10631
  :s3,
10131
10632
  :git,
10633
+ :aws_skills,
10132
10634
  :unknown)
10133
10635
  SENSITIVE = []
10134
10636
  include Aws::Structure
@@ -10137,9 +10639,25 @@ module Aws::BedrockAgentCoreControl
10137
10639
  class Path < HarnessSkill; end
10138
10640
  class S3 < HarnessSkill; end
10139
10641
  class Git < HarnessSkill; end
10642
+ class AwsSkills < HarnessSkill; end
10140
10643
  class Unknown < HarnessSkill; end
10141
10644
  end
10142
10645
 
10646
+ # Passed to show that AWS Skills should be included.
10647
+ #
10648
+ # @!attribute [rw] paths
10649
+ # Optionally filter allowed skills with glob syntax, e.g.,
10650
+ # \['core-skills/*'\].
10651
+ # @return [Array<String>]
10652
+ #
10653
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessSkillAwsSkillsSource AWS API Documentation
10654
+ #
10655
+ class HarnessSkillAwsSkillsSource < Struct.new(
10656
+ :paths)
10657
+ SENSITIVE = []
10658
+ include Aws::Structure
10659
+ end
10660
+
10143
10661
  # Authentication configuration for accessing a private git repository.
10144
10662
  #
10145
10663
  # @!attribute [rw] credential_arn
@@ -10264,6 +10782,10 @@ module Aws::BedrockAgentCoreControl
10264
10782
  # The timestamp when the harness was last updated.
10265
10783
  # @return [Time]
10266
10784
  #
10785
+ # @!attribute [rw] harness_version
10786
+ # The latest version of the harness.
10787
+ # @return [String]
10788
+ #
10267
10789
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessSummary AWS API Documentation
10268
10790
  #
10269
10791
  class HarnessSummary < Struct.new(
@@ -10272,7 +10794,8 @@ module Aws::BedrockAgentCoreControl
10272
10794
  :arn,
10273
10795
  :status,
10274
10796
  :created_at,
10275
- :updated_at)
10797
+ :updated_at,
10798
+ :harness_version)
10276
10799
  SENSITIVE = []
10277
10800
  include Aws::Structure
10278
10801
  end
@@ -10421,6 +10944,87 @@ module Aws::BedrockAgentCoreControl
10421
10944
  class Unknown < HarnessTruncationStrategyConfiguration; end
10422
10945
  end
10423
10946
 
10947
+ # Summary information about a single version of a harness.
10948
+ #
10949
+ # @!attribute [rw] harness_id
10950
+ # The ID of the harness.
10951
+ # @return [String]
10952
+ #
10953
+ # @!attribute [rw] harness_name
10954
+ # The name of the harness.
10955
+ # @return [String]
10956
+ #
10957
+ # @!attribute [rw] arn
10958
+ # The ARN of the harness.
10959
+ # @return [String]
10960
+ #
10961
+ # @!attribute [rw] harness_version
10962
+ # The version of the harness that this summary describes.
10963
+ # @return [String]
10964
+ #
10965
+ # @!attribute [rw] status
10966
+ # The status of this harness version.
10967
+ # @return [String]
10968
+ #
10969
+ # @!attribute [rw] created_at
10970
+ # The timestamp when this harness version was created.
10971
+ # @return [Time]
10972
+ #
10973
+ # @!attribute [rw] updated_at
10974
+ # The timestamp when this harness version was last updated.
10975
+ # @return [Time]
10976
+ #
10977
+ # @!attribute [rw] failure_reason
10978
+ # Reason why the create or update operation for this harness version
10979
+ # failed.
10980
+ # @return [String]
10981
+ #
10982
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessVersionSummary AWS API Documentation
10983
+ #
10984
+ class HarnessVersionSummary < Struct.new(
10985
+ :harness_id,
10986
+ :harness_name,
10987
+ :arn,
10988
+ :harness_version,
10989
+ :status,
10990
+ :created_at,
10991
+ :updated_at,
10992
+ :failure_reason)
10993
+ SENSITIVE = []
10994
+ include Aws::Structure
10995
+ end
10996
+
10997
+ # A hosting environment whose workloads are allowed to invoke the
10998
+ # target. At launch, the only supported hosting environment is AgentCore
10999
+ # Gateway.
11000
+ #
11001
+ # @!attribute [rw] arn
11002
+ # The Amazon Resource Name (ARN) of the hosting environment.
11003
+ # @return [String]
11004
+ #
11005
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HostingEnvironment AWS API Documentation
11006
+ #
11007
+ class HostingEnvironment < Struct.new(
11008
+ :arn)
11009
+ SENSITIVE = []
11010
+ include Aws::Structure
11011
+ end
11012
+
11013
+ # The API schema configuration for an HTTP target. This schema defines
11014
+ # the API structure that the target exposes.
11015
+ #
11016
+ # @!attribute [rw] source
11017
+ # Configuration for API schema.
11018
+ # @return [Types::ApiSchemaConfiguration]
11019
+ #
11020
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HttpApiSchemaConfiguration AWS API Documentation
11021
+ #
11022
+ class HttpApiSchemaConfiguration < Struct.new(
11023
+ :source)
11024
+ SENSITIVE = []
11025
+ include Aws::Structure
11026
+ end
11027
+
10424
11028
  # The HTTP target configuration for a gateway target. Contains the
10425
11029
  # configuration for HTTP-based target endpoints.
10426
11030
  #
@@ -10433,16 +11037,23 @@ module Aws::BedrockAgentCoreControl
10433
11037
  # communication with an agent runtime.
10434
11038
  # @return [Types::RuntimeTargetConfiguration]
10435
11039
  #
11040
+ # @!attribute [rw] passthrough
11041
+ # The passthrough configuration for the HTTP target. A passthrough
11042
+ # target forwards requests directly to an external HTTP endpoint.
11043
+ # @return [Types::PassthroughTargetConfiguration]
11044
+ #
10436
11045
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HttpTargetConfiguration AWS API Documentation
10437
11046
  #
10438
11047
  class HttpTargetConfiguration < Struct.new(
10439
11048
  :agentcore_runtime,
11049
+ :passthrough,
10440
11050
  :unknown)
10441
11051
  SENSITIVE = []
10442
11052
  include Aws::Structure
10443
11053
  include Aws::Structure::Union
10444
11054
 
10445
11055
  class AgentcoreRuntime < HttpTargetConfiguration; end
11056
+ class Passthrough < HttpTargetConfiguration; end
10446
11057
  class Unknown < HttpTargetConfiguration; end
10447
11058
  end
10448
11059
 
@@ -10508,16 +11119,16 @@ module Aws::BedrockAgentCoreControl
10508
11119
  # @return [String]
10509
11120
  #
10510
11121
  # @!attribute [rw] client_secret_config
10511
- # A reference to the AWS Secrets Manager secret that stores the client
10512
- # secret. This includes the secret ID and the JSON key used to extract
10513
- # the client secret value from the secret. Required when
10514
- # `clientSecretSource` is set to `EXTERNAL`.
11122
+ # A reference to the Amazon Web Services Secrets Manager secret that
11123
+ # stores the client secret. This includes the secret ID and the JSON
11124
+ # key used to extract the client secret value from the secret.
11125
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
10515
11126
  # @return [Types::SecretReference]
10516
11127
  #
10517
11128
  # @!attribute [rw] client_secret_source
10518
11129
  # The source type of the client secret. Use `MANAGED` if the secret is
10519
11130
  # managed by the service, or `EXTERNAL` if you manage the secret
10520
- # yourself in AWS Secrets Manager.
11131
+ # yourself in Amazon Web Services Secrets Manager.
10521
11132
  # @return [String]
10522
11133
  #
10523
11134
  # @!attribute [rw] issuer
@@ -10625,6 +11236,132 @@ module Aws::BedrockAgentCoreControl
10625
11236
  include Aws::Structure
10626
11237
  end
10627
11238
 
11239
+ # The source identifying the inference connector.
11240
+ #
11241
+ # @!attribute [rw] connector_id
11242
+ # The identifier for the inference connector (for example,
11243
+ # `bedrock-mantle`, `openai`, or `anthropic`).
11244
+ # @return [String]
11245
+ #
11246
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/InferenceConnectorSource AWS API Documentation
11247
+ #
11248
+ class InferenceConnectorSource < Struct.new(
11249
+ :connector_id)
11250
+ SENSITIVE = []
11251
+ include Aws::Structure
11252
+ end
11253
+
11254
+ # The configuration for a connector-based inference target. This
11255
+ # configuration uses a built-in connector that provides predefined rules
11256
+ # for a large language model (LLM) provider.
11257
+ #
11258
+ # @!attribute [rw] source
11259
+ # The source configuration identifying which inference connector to
11260
+ # use.
11261
+ # @return [Types::InferenceConnectorSource]
11262
+ #
11263
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/InferenceConnectorTargetConfiguration AWS API Documentation
11264
+ #
11265
+ class InferenceConnectorTargetConfiguration < Struct.new(
11266
+ :source)
11267
+ SENSITIVE = []
11268
+ include Aws::Structure
11269
+ end
11270
+
11271
+ # The configuration for a specific inference operation, including its
11272
+ # request path and the models that the operation supports.
11273
+ #
11274
+ # @!attribute [rw] path
11275
+ # The request path for this operation (for example, `/v1/messages` or
11276
+ # `/v1/responses`).
11277
+ # @return [String]
11278
+ #
11279
+ # @!attribute [rw] provider_path
11280
+ # The provider path to forward requests to, if it differs from the
11281
+ # request path. For example, `/anthropic/v1/messages` when the
11282
+ # provider expects a different path than the client-facing
11283
+ # `/v1/messages`.
11284
+ # @return [String]
11285
+ #
11286
+ # @!attribute [rw] models
11287
+ # The list of models supported for this operation.
11288
+ # @return [Array<Types::ModelEntry>]
11289
+ #
11290
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/InferenceOperationConfiguration AWS API Documentation
11291
+ #
11292
+ class InferenceOperationConfiguration < Struct.new(
11293
+ :path,
11294
+ :provider_path,
11295
+ :models)
11296
+ SENSITIVE = []
11297
+ include Aws::Structure
11298
+ end
11299
+
11300
+ # The configuration for a provider-based inference target. This
11301
+ # configuration explicitly defines the endpoint, model mapping, and
11302
+ # operations used to route requests to a large language model (LLM)
11303
+ # provider.
11304
+ #
11305
+ # @!attribute [rw] endpoint
11306
+ # The HTTPS endpoint of the inference provider that the gateway
11307
+ # forwards requests to.
11308
+ # @return [String]
11309
+ #
11310
+ # @!attribute [rw] model_mapping
11311
+ # The configuration that translates client-facing model IDs to the
11312
+ # model IDs expected by the provider.
11313
+ # @return [Types::ModelMapping]
11314
+ #
11315
+ # @!attribute [rw] operations
11316
+ # A list of per-operation configurations that map request paths to the
11317
+ # models supported for each operation.
11318
+ # @return [Array<Types::InferenceOperationConfiguration>]
11319
+ #
11320
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/InferenceProviderTargetConfiguration AWS API Documentation
11321
+ #
11322
+ class InferenceProviderTargetConfiguration < Struct.new(
11323
+ :endpoint,
11324
+ :model_mapping,
11325
+ :operations)
11326
+ SENSITIVE = []
11327
+ include Aws::Structure
11328
+ end
11329
+
11330
+ # The configuration for an inference target. An inference target routes
11331
+ # requests to a large language model (LLM) provider, either through a
11332
+ # built-in connector or an explicitly configured provider.
11333
+ #
11334
+ # @note InferenceTargetConfiguration is a union - when making an API calls you must set exactly one of the members.
11335
+ #
11336
+ # @note InferenceTargetConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of InferenceTargetConfiguration corresponding to the set member.
11337
+ #
11338
+ # @!attribute [rw] connector
11339
+ # The connector-based inference configuration. Use this option to
11340
+ # route requests to an LLM provider through a built-in connector that
11341
+ # includes predefined provider rules.
11342
+ # @return [Types::InferenceConnectorTargetConfiguration]
11343
+ #
11344
+ # @!attribute [rw] provider
11345
+ # The provider-based inference configuration. Use this option to
11346
+ # explicitly configure the endpoint, model mapping, and operations for
11347
+ # an LLM provider.
11348
+ # @return [Types::InferenceProviderTargetConfiguration]
11349
+ #
11350
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/InferenceTargetConfiguration AWS API Documentation
11351
+ #
11352
+ class InferenceTargetConfiguration < Struct.new(
11353
+ :connector,
11354
+ :provider,
11355
+ :unknown)
11356
+ SENSITIVE = []
11357
+ include Aws::Structure
11358
+ include Aws::Structure::Union
11359
+
11360
+ class Connector < InferenceTargetConfiguration; end
11361
+ class Provider < InferenceTargetConfiguration; end
11362
+ class Unknown < InferenceTargetConfiguration; end
11363
+ end
11364
+
10628
11365
  # Inline examples provided directly in the request body.
10629
11366
  #
10630
11367
  # @!attribute [rw] examples
@@ -10639,12 +11376,13 @@ module Aws::BedrockAgentCoreControl
10639
11376
  include Aws::Structure
10640
11377
  end
10641
11378
 
10642
- # A reference to an insight analysis to run against sessions.
11379
+ # A reference to an insight analysis to run against sessions during
11380
+ # evaluation. Insights provide deeper analysis beyond individual
11381
+ # evaluator scores, including failure detection, user intent clustering,
11382
+ # and execution summarization.
10643
11383
  #
10644
11384
  # @!attribute [rw] insight_id
10645
- # Canonical insight identifiers using the Builtin.Insight.* naming
10646
- # convention. Used by BatchEvaluate, InternalEvaluate, and
10647
- # ServiceEngineEvaluate flows.
11385
+ # The unique identifier of the insight to run.
10648
11386
  # @return [String]
10649
11387
  #
10650
11388
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/Insight AWS API Documentation
@@ -10685,10 +11423,56 @@ module Aws::BedrockAgentCoreControl
10685
11423
  # interceptor. When set to true, request headers will be passed.
10686
11424
  # @return [Boolean]
10687
11425
  #
11426
+ # @!attribute [rw] payload_filter
11427
+ # The filter that determines which parts of the request or response
11428
+ # payload are passed as input to the interceptor.
11429
+ # @return [Types::InterceptorPayloadFilter]
11430
+ #
10688
11431
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/InterceptorInputConfiguration AWS API Documentation
10689
11432
  #
10690
11433
  class InterceptorInputConfiguration < Struct.new(
10691
- :pass_request_headers)
11434
+ :pass_request_headers,
11435
+ :payload_filter)
11436
+ SENSITIVE = []
11437
+ include Aws::Structure
11438
+ end
11439
+
11440
+ # A selector that identifies a payload field to exclude from the
11441
+ # interceptor input.
11442
+ #
11443
+ # @note InterceptorPayloadExclusionSelector is a union - when making an API calls you must set exactly one of the members.
11444
+ #
11445
+ # @note InterceptorPayloadExclusionSelector is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of InterceptorPayloadExclusionSelector corresponding to the set member.
11446
+ #
11447
+ # @!attribute [rw] field
11448
+ # The field to exclude from the interceptor input.
11449
+ # @return [String]
11450
+ #
11451
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/InterceptorPayloadExclusionSelector AWS API Documentation
11452
+ #
11453
+ class InterceptorPayloadExclusionSelector < Struct.new(
11454
+ :field,
11455
+ :unknown)
11456
+ SENSITIVE = []
11457
+ include Aws::Structure
11458
+ include Aws::Structure::Union
11459
+
11460
+ class Field < InterceptorPayloadExclusionSelector; end
11461
+ class Unknown < InterceptorPayloadExclusionSelector; end
11462
+ end
11463
+
11464
+ # The filter that controls which fields of the request or response
11465
+ # payload are included in the input to the interceptor.
11466
+ #
11467
+ # @!attribute [rw] exclude
11468
+ # The list of selectors that identify payload fields to exclude from
11469
+ # the interceptor input.
11470
+ # @return [Array<Types::InterceptorPayloadExclusionSelector>]
11471
+ #
11472
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/InterceptorPayloadFilter AWS API Documentation
11473
+ #
11474
+ class InterceptorPayloadFilter < Struct.new(
11475
+ :exclude)
10692
11476
  SENSITIVE = []
10693
11477
  include Aws::Structure
10694
11478
  end
@@ -10820,6 +11604,23 @@ module Aws::BedrockAgentCoreControl
10820
11604
  include Aws::Structure
10821
11605
  end
10822
11606
 
11607
+ # The Lambda configuration for custom transformations. This structure
11608
+ # defines the Lambda function that the gateway invokes to transform
11609
+ # data.
11610
+ #
11611
+ # @!attribute [rw] arn
11612
+ # The Amazon Resource Name (ARN) of the Lambda function. This function
11613
+ # is invoked by the gateway to transform data.
11614
+ # @return [String]
11615
+ #
11616
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/LambdaTransformConfiguration AWS API Documentation
11617
+ #
11618
+ class LambdaTransformConfiguration < Struct.new(
11619
+ :arn)
11620
+ SENSITIVE = []
11621
+ include Aws::Structure
11622
+ end
11623
+
10823
11624
  # LifecycleConfiguration lets you manage the lifecycle of runtime
10824
11625
  # sessions and resources in AgentCore Runtime. This configuration helps
10825
11626
  # optimize resource utilization by automatically cleaning up idle
@@ -10863,16 +11664,16 @@ module Aws::BedrockAgentCoreControl
10863
11664
  # @return [String]
10864
11665
  #
10865
11666
  # @!attribute [rw] client_secret_config
10866
- # A reference to the AWS Secrets Manager secret that stores the client
10867
- # secret. This includes the secret ID and the JSON key used to extract
10868
- # the client secret value from the secret. Required when
10869
- # `clientSecretSource` is set to `EXTERNAL`.
11667
+ # A reference to the Amazon Web Services Secrets Manager secret that
11668
+ # stores the client secret. This includes the secret ID and the JSON
11669
+ # key used to extract the client secret value from the secret.
11670
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
10870
11671
  # @return [Types::SecretReference]
10871
11672
  #
10872
11673
  # @!attribute [rw] client_secret_source
10873
11674
  # The source type of the client secret. Use `MANAGED` if the secret is
10874
11675
  # managed by the service, or `EXTERNAL` if you manage the secret
10875
- # yourself in AWS Secrets Manager.
11676
+ # yourself in Amazon Web Services Secrets Manager.
10876
11677
  # @return [String]
10877
11678
  #
10878
11679
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/LinkedinOauth2ProviderConfigInput AWS API Documentation
@@ -11582,6 +12383,84 @@ module Aws::BedrockAgentCoreControl
11582
12383
  include Aws::Structure
11583
12384
  end
11584
12385
 
12386
+ # @!attribute [rw] harness_id
12387
+ # The ID of the harness whose endpoints are listed.
12388
+ # @return [String]
12389
+ #
12390
+ # @!attribute [rw] max_results
12391
+ # The maximum number of results to return in a single call.
12392
+ # @return [Integer]
12393
+ #
12394
+ # @!attribute [rw] next_token
12395
+ # The token for the next set of results.
12396
+ # @return [String]
12397
+ #
12398
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListHarnessEndpointsRequest AWS API Documentation
12399
+ #
12400
+ class ListHarnessEndpointsRequest < Struct.new(
12401
+ :harness_id,
12402
+ :max_results,
12403
+ :next_token)
12404
+ SENSITIVE = []
12405
+ include Aws::Structure
12406
+ end
12407
+
12408
+ # @!attribute [rw] endpoints
12409
+ # The list of harness endpoints.
12410
+ # @return [Array<Types::HarnessEndpoint>]
12411
+ #
12412
+ # @!attribute [rw] next_token
12413
+ # The token for the next set of results.
12414
+ # @return [String]
12415
+ #
12416
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListHarnessEndpointsResponse AWS API Documentation
12417
+ #
12418
+ class ListHarnessEndpointsResponse < Struct.new(
12419
+ :endpoints,
12420
+ :next_token)
12421
+ SENSITIVE = []
12422
+ include Aws::Structure
12423
+ end
12424
+
12425
+ # @!attribute [rw] harness_id
12426
+ # The ID of the harness whose versions are listed.
12427
+ # @return [String]
12428
+ #
12429
+ # @!attribute [rw] max_results
12430
+ # The maximum number of results to return in a single call.
12431
+ # @return [Integer]
12432
+ #
12433
+ # @!attribute [rw] next_token
12434
+ # The token for the next set of results.
12435
+ # @return [String]
12436
+ #
12437
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListHarnessVersionsRequest AWS API Documentation
12438
+ #
12439
+ class ListHarnessVersionsRequest < Struct.new(
12440
+ :harness_id,
12441
+ :max_results,
12442
+ :next_token)
12443
+ SENSITIVE = []
12444
+ include Aws::Structure
12445
+ end
12446
+
12447
+ # @!attribute [rw] harness_versions
12448
+ # The list of harness version summaries.
12449
+ # @return [Array<Types::HarnessVersionSummary>]
12450
+ #
12451
+ # @!attribute [rw] next_token
12452
+ # The token for the next set of results.
12453
+ # @return [String]
12454
+ #
12455
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ListHarnessVersionsResponse AWS API Documentation
12456
+ #
12457
+ class ListHarnessVersionsResponse < Struct.new(
12458
+ :harness_versions,
12459
+ :next_token)
12460
+ SENSITIVE = []
12461
+ include Aws::Structure
12462
+ end
12463
+
11585
12464
  # @!attribute [rw] max_results
11586
12465
  # The maximum number of results to return in a single call.
11587
12466
  # @return [Integer]
@@ -12526,7 +13405,7 @@ module Aws::BedrockAgentCoreControl
12526
13405
  :search_type,
12527
13406
  :session_configuration,
12528
13407
  :streaming_configuration)
12529
- SENSITIVE = []
13408
+ SENSITIVE = [:instructions]
12530
13409
  include Aws::Structure
12531
13410
  end
12532
13411
 
@@ -12775,6 +13654,12 @@ module Aws::BedrockAgentCoreControl
12775
13654
  # The configuration for an Amazon API Gateway target.
12776
13655
  # @return [Types::ApiGatewayTargetConfiguration]
12777
13656
  #
13657
+ # @!attribute [rw] connector
13658
+ # The connector integration configuration for the Model Context
13659
+ # Protocol target. This configuration defines how the gateway uses a
13660
+ # pre-built connector to communicate with the target.
13661
+ # @return [Types::ConnectorTargetConfiguration]
13662
+ #
12778
13663
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/McpTargetConfiguration AWS API Documentation
12779
13664
  #
12780
13665
  class McpTargetConfiguration < Struct.new(
@@ -12783,6 +13668,7 @@ module Aws::BedrockAgentCoreControl
12783
13668
  :lambda,
12784
13669
  :mcp_server,
12785
13670
  :api_gateway,
13671
+ :connector,
12786
13672
  :unknown)
12787
13673
  SENSITIVE = []
12788
13674
  include Aws::Structure
@@ -12793,6 +13679,7 @@ module Aws::BedrockAgentCoreControl
12793
13679
  class Lambda < McpTargetConfiguration; end
12794
13680
  class McpServer < McpTargetConfiguration; end
12795
13681
  class ApiGateway < McpTargetConfiguration; end
13682
+ class Connector < McpTargetConfiguration; end
12796
13683
  class Unknown < McpTargetConfiguration; end
12797
13684
  end
12798
13685
 
@@ -12887,6 +13774,12 @@ module Aws::BedrockAgentCoreControl
12887
13774
  # resources.
12888
13775
  # @return [Types::StreamDeliveryResources]
12889
13776
  #
13777
+ # @!attribute [rw] managed_by_resource_arn
13778
+ # ARN of the resource managing this memory (e.g. a harness). When set,
13779
+ # strategy modifications and deletion are only allowed through the
13780
+ # managing resource.
13781
+ # @return [String]
13782
+ #
12890
13783
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/Memory AWS API Documentation
12891
13784
  #
12892
13785
  class Memory < Struct.new(
@@ -12903,7 +13796,8 @@ module Aws::BedrockAgentCoreControl
12903
13796
  :updated_at,
12904
13797
  :strategies,
12905
13798
  :indexed_keys,
12906
- :stream_delivery_resources)
13799
+ :stream_delivery_resources,
13800
+ :managed_by_resource_arn)
12907
13801
  SENSITIVE = [:description]
12908
13802
  include Aws::Structure
12909
13803
  end
@@ -13054,6 +13948,11 @@ module Aws::BedrockAgentCoreControl
13054
13948
  # The timestamp when the memory was last updated.
13055
13949
  # @return [Time]
13056
13950
  #
13951
+ # @!attribute [rw] managed_by_resource_arn
13952
+ # ARN of the resource managing this memory (e.g. a harness). Null if
13953
+ # not managed.
13954
+ # @return [String]
13955
+ #
13057
13956
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/MemorySummary AWS API Documentation
13058
13957
  #
13059
13958
  class MemorySummary < Struct.new(
@@ -13061,7 +13960,8 @@ module Aws::BedrockAgentCoreControl
13061
13960
  :id,
13062
13961
  :status,
13063
13962
  :created_at,
13064
- :updated_at)
13963
+ :updated_at,
13964
+ :managed_by_resource_arn)
13065
13965
  SENSITIVE = []
13066
13966
  include Aws::Structure
13067
13967
  end
@@ -13165,16 +14065,16 @@ module Aws::BedrockAgentCoreControl
13165
14065
  # @return [String]
13166
14066
  #
13167
14067
  # @!attribute [rw] client_secret_config
13168
- # A reference to the AWS Secrets Manager secret that stores the client
13169
- # secret. This includes the secret ID and the JSON key used to extract
13170
- # the client secret value from the secret. Required when
13171
- # `clientSecretSource` is set to `EXTERNAL`.
14068
+ # A reference to the Amazon Web Services Secrets Manager secret that
14069
+ # stores the client secret. This includes the secret ID and the JSON
14070
+ # key used to extract the client secret value from the secret.
14071
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
13172
14072
  # @return [Types::SecretReference]
13173
14073
  #
13174
14074
  # @!attribute [rw] client_secret_source
13175
14075
  # The source type of the client secret. Use `MANAGED` if the secret is
13176
14076
  # managed by the service, or `EXTERNAL` if you manage the secret
13177
- # yourself in AWS Secrets Manager.
14077
+ # yourself in Amazon Web Services Secrets Manager.
13178
14078
  # @return [String]
13179
14079
  #
13180
14080
  # @!attribute [rw] tenant_id
@@ -13214,6 +14114,37 @@ module Aws::BedrockAgentCoreControl
13214
14114
  include Aws::Structure
13215
14115
  end
13216
14116
 
14117
+ # A model entry that specifies a model supported for an inference
14118
+ # operation.
14119
+ #
14120
+ # @!attribute [rw] model
14121
+ # The model ID or glob pattern that identifies the model (for example,
14122
+ # `anthropic.claude-opus-*` or `openai.gpt-oss-*`).
14123
+ # @return [String]
14124
+ #
14125
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ModelEntry AWS API Documentation
14126
+ #
14127
+ class ModelEntry < Struct.new(
14128
+ :model)
14129
+ SENSITIVE = []
14130
+ include Aws::Structure
14131
+ end
14132
+
14133
+ # The configuration that translates model IDs between client-facing
14134
+ # names and provider model IDs.
14135
+ #
14136
+ # @!attribute [rw] provider_prefix
14137
+ # The provider prefix configuration used for model ID translation.
14138
+ # @return [Types::ProviderPrefix]
14139
+ #
14140
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ModelMapping AWS API Documentation
14141
+ #
14142
+ class ModelMapping < Struct.new(
14143
+ :provider_prefix)
14144
+ SENSITIVE = []
14145
+ include Aws::Structure
14146
+ end
14147
+
13217
14148
  # Contains information for modifying a consolidation configuration.
13218
14149
  #
13219
14150
  # @note ModifyConsolidationConfiguration is a union - when making an API calls you must set exactly one of the members.
@@ -13903,6 +14834,50 @@ module Aws::BedrockAgentCoreControl
13903
14834
  include Aws::Structure
13904
14835
  end
13905
14836
 
14837
+ # The configuration for an HTTP passthrough target. A passthrough target
14838
+ # forwards requests directly to an external HTTP endpoint.
14839
+ #
14840
+ # @!attribute [rw] endpoint
14841
+ # The HTTPS endpoint that the gateway forwards requests to for this
14842
+ # passthrough target.
14843
+ # @return [String]
14844
+ #
14845
+ # @!attribute [rw] protocol_type
14846
+ # The application protocol that the passthrough target implements.
14847
+ # This value is required for passthrough targets:
14848
+ #
14849
+ # * `MCP` - The Model Context Protocol.
14850
+ #
14851
+ # * `A2A` - The Agent-to-Agent protocol.
14852
+ #
14853
+ # * `INFERENCE` - The protocol for routing requests to a large
14854
+ # language model (LLM) provider.
14855
+ #
14856
+ # * `CUSTOM` - A custom application protocol.
14857
+ # @return [String]
14858
+ #
14859
+ # @!attribute [rw] schema
14860
+ # The API schema configuration that defines the structure of the
14861
+ # passthrough target's API.
14862
+ # @return [Types::HttpApiSchemaConfiguration]
14863
+ #
14864
+ # @!attribute [rw] stickiness_configuration
14865
+ # The session stickiness configuration for the passthrough target.
14866
+ # This configuration routes requests within the same session to the
14867
+ # same target.
14868
+ # @return [Types::StickinessConfiguration]
14869
+ #
14870
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PassthroughTargetConfiguration AWS API Documentation
14871
+ #
14872
+ class PassthroughTargetConfiguration < Struct.new(
14873
+ :endpoint,
14874
+ :protocol_type,
14875
+ :schema,
14876
+ :stickiness_configuration)
14877
+ SENSITIVE = []
14878
+ include Aws::Structure
14879
+ end
14880
+
13906
14881
  # Contains summary information about a payment connector.
13907
14882
  #
13908
14883
  # @!attribute [rw] payment_connector_id
@@ -14160,6 +15135,10 @@ module Aws::BedrockAgentCoreControl
14160
15135
  # The current status of the policy.
14161
15136
  # @return [String]
14162
15137
  #
15138
+ # @!attribute [rw] enforcement_mode
15139
+ # The current enforcement mode of the policy.
15140
+ # @return [String]
15141
+ #
14163
15142
  # @!attribute [rw] definition
14164
15143
  # The Cedar policy statement that defines the access control rules.
14165
15144
  # This contains the actual policy logic used for agent behavior
@@ -14188,6 +15167,7 @@ module Aws::BedrockAgentCoreControl
14188
15167
  :updated_at,
14189
15168
  :policy_arn,
14190
15169
  :status,
15170
+ :enforcement_mode,
14191
15171
  :definition,
14192
15172
  :description,
14193
15173
  :status_reasons)
@@ -14227,11 +15207,17 @@ module Aws::BedrockAgentCoreControl
14227
15207
  # select the most appropriate policy option.
14228
15208
  # @return [Types::PolicyGenerationDetails]
14229
15209
  #
15210
+ # @!attribute [rw] policy
15211
+ # An AgentCore policy statement that defines the access control rules.
15212
+ # The statement can be a Cedar policy or a guardrails definition.
15213
+ # @return [Types::PolicyStatement]
15214
+ #
14230
15215
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicyDefinition AWS API Documentation
14231
15216
  #
14232
15217
  class PolicyDefinition < Struct.new(
14233
15218
  :cedar,
14234
15219
  :policy_generation,
15220
+ :policy,
14235
15221
  :unknown)
14236
15222
  SENSITIVE = []
14237
15223
  include Aws::Structure
@@ -14239,6 +15225,7 @@ module Aws::BedrockAgentCoreControl
14239
15225
 
14240
15226
  class Cedar < PolicyDefinition; end
14241
15227
  class PolicyGeneration < PolicyDefinition; end
15228
+ class Policy < PolicyDefinition; end
14242
15229
  class Unknown < PolicyDefinition; end
14243
15230
  end
14244
15231
 
@@ -14579,6 +15566,22 @@ module Aws::BedrockAgentCoreControl
14579
15566
  include Aws::Structure
14580
15567
  end
14581
15568
 
15569
+ # An AgentCore policy statement, which supports plain Cedar policies as
15570
+ # well as guardrails definitions.
15571
+ #
15572
+ # @!attribute [rw] statement
15573
+ # The body of the AgentCore policy statement. Contains the policy
15574
+ # logic, which can be a Cedar policy or a guardrails definition.
15575
+ # @return [String]
15576
+ #
15577
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicyStatement AWS API Documentation
15578
+ #
15579
+ class PolicyStatement < Struct.new(
15580
+ :statement)
15581
+ SENSITIVE = []
15582
+ include Aws::Structure
15583
+ end
15584
+
14582
15585
  # Represents a metadata-only summary of a policy resource. This
14583
15586
  # structure contains resource identifiers, status, and timestamps
14584
15587
  # without customer-encrypted fields such as definition, description, or
@@ -14613,6 +15616,10 @@ module Aws::BedrockAgentCoreControl
14613
15616
  # The current status of the policy.
14614
15617
  # @return [String]
14615
15618
  #
15619
+ # @!attribute [rw] enforcement_mode
15620
+ # The current enforcement mode of the policy.
15621
+ # @return [String]
15622
+ #
14616
15623
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/PolicySummary AWS API Documentation
14617
15624
  #
14618
15625
  class PolicySummary < Struct.new(
@@ -14622,7 +15629,8 @@ module Aws::BedrockAgentCoreControl
14622
15629
  :created_at,
14623
15630
  :updated_at,
14624
15631
  :policy_arn,
14625
- :status)
15632
+ :status,
15633
+ :enforcement_mode)
14626
15634
  SENSITIVE = []
14627
15635
  include Aws::Structure
14628
15636
  end
@@ -14696,6 +15704,30 @@ module Aws::BedrockAgentCoreControl
14696
15704
  include Aws::Structure
14697
15705
  end
14698
15706
 
15707
+ # The configuration that controls how a provider prefix is applied to
15708
+ # model IDs during translation.
15709
+ #
15710
+ # @!attribute [rw] strip
15711
+ # Whether clients can omit the provider prefix from model IDs. If
15712
+ # `true`, the gateway accepts model IDs without the prefix and
15713
+ # restores the full prefixed form before forwarding to the provider.
15714
+ # The default is `false`.
15715
+ # @return [Boolean]
15716
+ #
15717
+ # @!attribute [rw] separator
15718
+ # The single character that separates the provider prefix from the
15719
+ # model name (for example, `.`). The default is `.`.
15720
+ # @return [String]
15721
+ #
15722
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ProviderPrefix AWS API Documentation
15723
+ #
15724
+ class ProviderPrefix < Struct.new(
15725
+ :strip,
15726
+ :separator)
15727
+ SENSITIVE = []
15728
+ include Aws::Structure
15729
+ end
15730
+
14699
15731
  # @!attribute [rw] resource_arn
14700
15732
  # The Amazon Resource Name (ARN) of the resource for which to create
14701
15733
  # or update the resource policy.
@@ -15243,11 +16275,17 @@ module Aws::BedrockAgentCoreControl
15243
16275
  # endpoint version. If not specified, the default endpoint is used.
15244
16276
  # @return [String]
15245
16277
  #
16278
+ # @!attribute [rw] schema
16279
+ # The API schema configuration that defines the structure of the
16280
+ # runtime target's API.
16281
+ # @return [Types::HttpApiSchemaConfiguration]
16282
+ #
15246
16283
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/RuntimeTargetConfiguration AWS API Documentation
15247
16284
  #
15248
16285
  class RuntimeTargetConfiguration < Struct.new(
15249
16286
  :arn,
15250
- :qualifier)
16287
+ :qualifier,
16288
+ :schema)
15251
16289
  SENSITIVE = []
15252
16290
  include Aws::Structure
15253
16291
  end
@@ -15352,16 +16390,16 @@ module Aws::BedrockAgentCoreControl
15352
16390
  # @return [String]
15353
16391
  #
15354
16392
  # @!attribute [rw] client_secret_config
15355
- # A reference to the AWS Secrets Manager secret that stores the client
15356
- # secret. This includes the secret ID and the JSON key used to extract
15357
- # the client secret value from the secret. Required when
15358
- # `clientSecretSource` is set to `EXTERNAL`.
16393
+ # A reference to the Amazon Web Services Secrets Manager secret that
16394
+ # stores the client secret. This includes the secret ID and the JSON
16395
+ # key used to extract the client secret value from the secret.
16396
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
15359
16397
  # @return [Types::SecretReference]
15360
16398
  #
15361
16399
  # @!attribute [rw] client_secret_source
15362
16400
  # The source type of the client secret. Use `MANAGED` if the secret is
15363
16401
  # managed by the service, or `EXTERNAL` if you manage the secret
15364
- # yourself in AWS Secrets Manager.
16402
+ # yourself in Amazon Web Services Secrets Manager.
15365
16403
  # @return [String]
15366
16404
  #
15367
16405
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/SalesforceOauth2ProviderConfigInput AWS API Documentation
@@ -15450,10 +16488,12 @@ module Aws::BedrockAgentCoreControl
15450
16488
  include Aws::Structure
15451
16489
  end
15452
16490
 
15453
- # Contains information about a secret in AWS Secrets Manager.
16491
+ # Contains information about a secret in Amazon Web Services Secrets
16492
+ # Manager.
15454
16493
  #
15455
16494
  # @!attribute [rw] secret_arn
15456
- # The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
16495
+ # The Amazon Resource Name (ARN) of the secret in Amazon Web Services
16496
+ # Secrets Manager.
15457
16497
  # @return [String]
15458
16498
  #
15459
16499
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/Secret AWS API Documentation
@@ -15464,16 +16504,17 @@ module Aws::BedrockAgentCoreControl
15464
16504
  include Aws::Structure
15465
16505
  end
15466
16506
 
15467
- # Contains a reference to a secret stored in AWS Secrets Manager.
16507
+ # Contains a reference to a secret stored in Amazon Web Services Secrets
16508
+ # Manager.
15468
16509
  #
15469
16510
  # @!attribute [rw] secret_id
15470
- # The ID of the AWS Secrets Manager secret that stores the secret
15471
- # value.
16511
+ # The ID of the Amazon Web Services Secrets Manager secret that stores
16512
+ # the secret value.
15472
16513
  # @return [String]
15473
16514
  #
15474
16515
  # @!attribute [rw] json_key
15475
- # The JSON key used to extract the secret value from the AWS Secrets
15476
- # Manager secret.
16516
+ # The JSON key used to extract the secret value from the Amazon Web
16517
+ # Services Secrets Manager secret.
15477
16518
  # @return [String]
15478
16519
  #
15479
16520
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/SecretReference AWS API Documentation
@@ -15894,16 +16935,16 @@ module Aws::BedrockAgentCoreControl
15894
16935
  # @return [String]
15895
16936
  #
15896
16937
  # @!attribute [rw] client_secret_config
15897
- # A reference to the AWS Secrets Manager secret that stores the client
15898
- # secret. This includes the secret ID and the JSON key used to extract
15899
- # the client secret value from the secret. Required when
15900
- # `clientSecretSource` is set to `EXTERNAL`.
16938
+ # A reference to the Amazon Web Services Secrets Manager secret that
16939
+ # stores the client secret. This includes the secret ID and the JSON
16940
+ # key used to extract the client secret value from the secret.
16941
+ # Required when `clientSecretSource` is set to `EXTERNAL`.
15901
16942
  # @return [Types::SecretReference]
15902
16943
  #
15903
16944
  # @!attribute [rw] client_secret_source
15904
16945
  # The source type of the client secret. Use `MANAGED` if the secret is
15905
16946
  # managed by the service, or `EXTERNAL` if you manage the secret
15906
- # yourself in AWS Secrets Manager.
16947
+ # yourself in Amazon Web Services Secrets Manager.
15907
16948
  # @return [String]
15908
16949
  #
15909
16950
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/SlackOauth2ProviderConfigInput AWS API Documentation
@@ -16076,6 +17117,31 @@ module Aws::BedrockAgentCoreControl
16076
17117
  include Aws::Structure
16077
17118
  end
16078
17119
 
17120
+ # The configuration for session-sticky routing to a target. Session
17121
+ # stickiness routes requests that share a session identifier to the same
17122
+ # target.
17123
+ #
17124
+ # @!attribute [rw] identifier
17125
+ # The expression that identifies where to extract the session
17126
+ # identifier from the request (for example,
17127
+ # `$context.header.x-session-id`).
17128
+ # @return [String]
17129
+ #
17130
+ # @!attribute [rw] timeout
17131
+ # The session stickiness timeout, in seconds. After this duration of
17132
+ # inactivity, the session affinity expires. Valid values range from 1
17133
+ # to 86400.
17134
+ # @return [Integer]
17135
+ #
17136
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/StickinessConfiguration AWS API Documentation
17137
+ #
17138
+ class StickinessConfiguration < Struct.new(
17139
+ :identifier,
17140
+ :timeout)
17141
+ SENSITIVE = []
17142
+ include Aws::Structure
17143
+ end
17144
+
16079
17145
  # Contains configuration information for a memory strategy.
16080
17146
  #
16081
17147
  # @!attribute [rw] type
@@ -16210,13 +17276,13 @@ module Aws::BedrockAgentCoreControl
16210
17276
  # @!attribute [rw] app_secret_source
16211
17277
  # The source type of the app secret. Use `MANAGED` if the secret is
16212
17278
  # managed by the service, or `EXTERNAL` if you manage the secret
16213
- # yourself in AWS Secrets Manager.
17279
+ # yourself in Amazon Web Services Secrets Manager.
16214
17280
  # @return [String]
16215
17281
  #
16216
17282
  # @!attribute [rw] app_secret_config
16217
- # A reference to the AWS Secrets Manager secret that stores the app
16218
- # secret. This includes the secret ID and the JSON key used to extract
16219
- # the app secret value from the secret. Required when
17283
+ # A reference to the Amazon Web Services Secrets Manager secret that
17284
+ # stores the app secret. This includes the secret ID and the JSON key
17285
+ # used to extract the app secret value from the secret. Required when
16220
17286
  # `appSecretSource` is set to `EXTERNAL`.
16221
17287
  # @return [Types::SecretReference]
16222
17288
  #
@@ -16227,15 +17293,15 @@ module Aws::BedrockAgentCoreControl
16227
17293
  # @!attribute [rw] authorization_private_key_source
16228
17294
  # The source type of the authorization private key. Use `MANAGED` if
16229
17295
  # the secret is managed by the service, or `EXTERNAL` if you manage
16230
- # the secret yourself in AWS Secrets Manager.
17296
+ # the secret yourself in Amazon Web Services Secrets Manager.
16231
17297
  # @return [String]
16232
17298
  #
16233
17299
  # @!attribute [rw] authorization_private_key_config
16234
- # A reference to the AWS Secrets Manager secret that stores the
16235
- # authorization private key. This includes the secret ID and the JSON
16236
- # key used to extract the authorization private key value from the
16237
- # secret. Required when `authorizationPrivateKeySource` is set to
16238
- # `EXTERNAL`.
17300
+ # A reference to the Amazon Web Services Secrets Manager secret that
17301
+ # stores the authorization private key. This includes the secret ID
17302
+ # and the JSON key used to extract the authorization private key value
17303
+ # from the secret. Required when `authorizationPrivateKeySource` is
17304
+ # set to `EXTERNAL`.
16239
17305
  # @return [Types::SecretReference]
16240
17306
  #
16241
17307
  # @!attribute [rw] authorization_id
@@ -16264,33 +17330,35 @@ module Aws::BedrockAgentCoreControl
16264
17330
  # @return [String]
16265
17331
  #
16266
17332
  # @!attribute [rw] app_secret_arn
16267
- # Contains information about a secret in AWS Secrets Manager.
17333
+ # Contains information about a secret in Amazon Web Services Secrets
17334
+ # Manager.
16268
17335
  # @return [Types::Secret]
16269
17336
  #
16270
17337
  # @!attribute [rw] app_secret_json_key
16271
- # The JSON key used to extract the app secret value from the AWS
16272
- # Secrets Manager secret.
17338
+ # The JSON key used to extract the app secret value from the Amazon
17339
+ # Web Services Secrets Manager secret.
16273
17340
  # @return [String]
16274
17341
  #
16275
17342
  # @!attribute [rw] app_secret_source
16276
17343
  # The source type of the app secret. Either `MANAGED` if the secret is
16277
- # managed by the service, or `EXTERNAL` if managed by the user in AWS
16278
- # Secrets Manager.
17344
+ # managed by the service, or `EXTERNAL` if managed by the user in
17345
+ # Amazon Web Services Secrets Manager.
16279
17346
  # @return [String]
16280
17347
  #
16281
17348
  # @!attribute [rw] authorization_private_key_arn
16282
- # Contains information about a secret in AWS Secrets Manager.
17349
+ # Contains information about a secret in Amazon Web Services Secrets
17350
+ # Manager.
16283
17351
  # @return [Types::Secret]
16284
17352
  #
16285
17353
  # @!attribute [rw] authorization_private_key_json_key
16286
17354
  # The JSON key used to extract the authorization private key value
16287
- # from the AWS Secrets Manager secret.
17355
+ # from the Amazon Web Services Secrets Manager secret.
16288
17356
  # @return [String]
16289
17357
  #
16290
17358
  # @!attribute [rw] authorization_private_key_source
16291
17359
  # The source type of the authorization private key. Either `MANAGED`
16292
17360
  # if the secret is managed by the service, or `EXTERNAL` if managed by
16293
- # the user in AWS Secrets Manager.
17361
+ # the user in Amazon Web Services Secrets Manager.
16294
17362
  # @return [String]
16295
17363
  #
16296
17364
  # @!attribute [rw] authorization_id
@@ -16552,11 +17620,17 @@ module Aws::BedrockAgentCoreControl
16552
17620
  # an HTTP-based endpoint such as an AgentCore Runtime.
16553
17621
  # @return [Types::HttpTargetConfiguration]
16554
17622
  #
17623
+ # @!attribute [rw] inference
17624
+ # The inference configuration for the target. This configuration
17625
+ # routes requests to a large language model (LLM) provider.
17626
+ # @return [Types::InferenceTargetConfiguration]
17627
+ #
16555
17628
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/TargetConfiguration AWS API Documentation
16556
17629
  #
16557
17630
  class TargetConfiguration < Struct.new(
16558
17631
  :mcp,
16559
17632
  :http,
17633
+ :inference,
16560
17634
  :unknown)
16561
17635
  SENSITIVE = []
16562
17636
  include Aws::Structure
@@ -16564,6 +17638,7 @@ module Aws::BedrockAgentCoreControl
16564
17638
 
16565
17639
  class Mcp < TargetConfiguration; end
16566
17640
  class Http < TargetConfiguration; end
17641
+ class Inference < TargetConfiguration; end
16567
17642
  class Unknown < TargetConfiguration; end
16568
17643
  end
16569
17644
 
@@ -16599,6 +17674,26 @@ module Aws::BedrockAgentCoreControl
16599
17674
  # values take precedence. Defaults to 1000 when not set.
16600
17675
  # @return [Integer]
16601
17676
  #
17677
+ # @!attribute [rw] last_synchronized_at
17678
+ # The timestamp when the target was last synchronized.
17679
+ # @return [Time]
17680
+ #
17681
+ # @!attribute [rw] authorization_data
17682
+ # Contains the authorization data that is returned when a gateway
17683
+ # target is configured with a credential provider with authorization
17684
+ # code grant type and requires user federation.
17685
+ # @return [Types::AuthorizationData]
17686
+ #
17687
+ # @!attribute [rw] target_type
17688
+ # The type of the target.
17689
+ # @return [String]
17690
+ #
17691
+ # @!attribute [rw] listing_mode
17692
+ # The listing mode for the target. MCP resources for `DEFAULT` targets
17693
+ # are cached at the control plane for faster access. MCP resources for
17694
+ # `DYNAMIC` targets are retrieved dynamically when listing tools.
17695
+ # @return [String]
17696
+ #
16602
17697
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/TargetSummary AWS API Documentation
16603
17698
  #
16604
17699
  class TargetSummary < Struct.new(
@@ -16608,7 +17703,11 @@ module Aws::BedrockAgentCoreControl
16608
17703
  :description,
16609
17704
  :created_at,
16610
17705
  :updated_at,
16611
- :resource_priority)
17706
+ :resource_priority,
17707
+ :last_synchronized_at,
17708
+ :authorization_data,
17709
+ :target_type,
17710
+ :listing_mode)
16612
17711
  SENSITIVE = [:name, :description]
16613
17712
  include Aws::Structure
16614
17713
  end
@@ -16806,7 +17905,7 @@ module Aws::BedrockAgentCoreControl
16806
17905
  :s3,
16807
17906
  :inline_payload,
16808
17907
  :unknown)
16809
- SENSITIVE = []
17908
+ SENSITIVE = [:inline_payload]
16810
17909
  include Aws::Structure
16811
17910
  include Aws::Structure::Union
16812
17911
 
@@ -17196,16 +18295,16 @@ module Aws::BedrockAgentCoreControl
17196
18295
  # @return [String]
17197
18296
  #
17198
18297
  # @!attribute [rw] api_key_secret_config
17199
- # A reference to the AWS Secrets Manager secret that stores the API
17200
- # key. This includes the secret ID and the JSON key used to extract
17201
- # the API key value from the secret. Required when
18298
+ # A reference to the Amazon Web Services Secrets Manager secret that
18299
+ # stores the API key. This includes the secret ID and the JSON key
18300
+ # used to extract the API key value from the secret. Required when
17202
18301
  # `apiKeySecretSource` is set to `EXTERNAL`.
17203
18302
  # @return [Types::SecretReference]
17204
18303
  #
17205
18304
  # @!attribute [rw] api_key_secret_source
17206
18305
  # The source type of the API key secret. Use `MANAGED` if the secret
17207
18306
  # is managed by the service, or `EXTERNAL` if you manage the secret
17208
- # yourself in AWS Secrets Manager.
18307
+ # yourself in Amazon Web Services Secrets Manager.
17209
18308
  # @return [String]
17210
18309
  #
17211
18310
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdateApiKeyCredentialProviderRequest AWS API Documentation
@@ -17220,19 +18319,19 @@ module Aws::BedrockAgentCoreControl
17220
18319
  end
17221
18320
 
17222
18321
  # @!attribute [rw] api_key_secret_arn
17223
- # The Amazon Resource Name (ARN) of the API key secret in AWS Secrets
17224
- # Manager.
18322
+ # The Amazon Resource Name (ARN) of the API key secret in Amazon Web
18323
+ # Services Secrets Manager.
17225
18324
  # @return [Types::Secret]
17226
18325
  #
17227
18326
  # @!attribute [rw] api_key_secret_json_key
17228
- # The JSON key used to extract the API key value from the AWS Secrets
17229
- # Manager secret.
18327
+ # The JSON key used to extract the API key value from the Amazon Web
18328
+ # Services Secrets Manager secret.
17230
18329
  # @return [String]
17231
18330
  #
17232
18331
  # @!attribute [rw] api_key_secret_source
17233
18332
  # The source type of the API key secret. Either `MANAGED` if the
17234
18333
  # secret is managed by the service, or `EXTERNAL` if managed by the
17235
- # user in AWS Secrets Manager.
18334
+ # user in Amazon Web Services Secrets Manager.
17236
18335
  # @return [String]
17237
18336
  #
17238
18337
  # @!attribute [rw] name
@@ -17623,6 +18722,12 @@ module Aws::BedrockAgentCoreControl
17623
18722
  # The updated ARN of the KMS key used to encrypt the gateway.
17624
18723
  # @return [String]
17625
18724
  #
18725
+ # @!attribute [rw] custom_transform_configuration
18726
+ # The updated custom transformation configuration for the gateway.
18727
+ # This configuration defines how the gateway transforms requests and
18728
+ # responses.
18729
+ # @return [Types::CustomTransformConfiguration]
18730
+ #
17626
18731
  # @!attribute [rw] interceptor_configurations
17627
18732
  # The updated interceptor configurations for the gateway.
17628
18733
  # @return [Array<Types::GatewayInterceptorConfiguration>]
@@ -17646,6 +18751,10 @@ module Aws::BedrockAgentCoreControl
17646
18751
  # the end user.
17647
18752
  # @return [String]
17648
18753
  #
18754
+ # @!attribute [rw] waf_configuration
18755
+ # The updated Amazon Web Services WAF configuration for the gateway.
18756
+ # @return [Types::WafConfiguration]
18757
+ #
17649
18758
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdateGatewayRequest AWS API Documentation
17650
18759
  #
17651
18760
  class UpdateGatewayRequest < Struct.new(
@@ -17658,10 +18767,12 @@ module Aws::BedrockAgentCoreControl
17658
18767
  :authorizer_type,
17659
18768
  :authorizer_configuration,
17660
18769
  :kms_key_arn,
18770
+ :custom_transform_configuration,
17661
18771
  :interceptor_configurations,
17662
18772
  :policy_engine_configuration,
17663
- :exception_level)
17664
- SENSITIVE = [:name, :description]
18773
+ :exception_level,
18774
+ :waf_configuration)
18775
+ SENSITIVE = [:description]
17665
18776
  include Aws::Structure
17666
18777
  end
17667
18778
 
@@ -17726,6 +18837,12 @@ module Aws::BedrockAgentCoreControl
17726
18837
  # The updated ARN of the KMS key used to encrypt the gateway.
17727
18838
  # @return [String]
17728
18839
  #
18840
+ # @!attribute [rw] custom_transform_configuration
18841
+ # The custom transformation configuration for the gateway. This
18842
+ # configuration defines how the gateway transforms requests and
18843
+ # responses.
18844
+ # @return [Types::CustomTransformConfiguration]
18845
+ #
17729
18846
  # @!attribute [rw] interceptor_configurations
17730
18847
  # The updated interceptor configurations for the gateway.
17731
18848
  # @return [Array<Types::GatewayInterceptorConfiguration>]
@@ -17749,6 +18866,15 @@ module Aws::BedrockAgentCoreControl
17749
18866
  # the end user.
17750
18867
  # @return [String]
17751
18868
  #
18869
+ # @!attribute [rw] web_acl_arn
18870
+ # The Amazon Resource Name (ARN) of the Amazon Web Services WAF web
18871
+ # ACL associated with the gateway.
18872
+ # @return [String]
18873
+ #
18874
+ # @!attribute [rw] waf_configuration
18875
+ # The Amazon Web Services WAF configuration for the gateway.
18876
+ # @return [Types::WafConfiguration]
18877
+ #
17752
18878
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdateGatewayResponse AWS API Documentation
17753
18879
  #
17754
18880
  class UpdateGatewayResponse < Struct.new(
@@ -17767,11 +18893,14 @@ module Aws::BedrockAgentCoreControl
17767
18893
  :authorizer_type,
17768
18894
  :authorizer_configuration,
17769
18895
  :kms_key_arn,
18896
+ :custom_transform_configuration,
17770
18897
  :interceptor_configurations,
17771
18898
  :policy_engine_configuration,
17772
18899
  :workload_identity_details,
17773
- :exception_level)
17774
- SENSITIVE = [:name, :description]
18900
+ :exception_level,
18901
+ :web_acl_arn,
18902
+ :waf_configuration)
18903
+ SENSITIVE = [:description]
17775
18904
  include Aws::Structure
17776
18905
  end
17777
18906
 
@@ -18017,6 +19146,56 @@ module Aws::BedrockAgentCoreControl
18017
19146
  include Aws::Structure
18018
19147
  end
18019
19148
 
19149
+ # @!attribute [rw] harness_id
19150
+ # The ID of the harness that the endpoint belongs to.
19151
+ # @return [String]
19152
+ #
19153
+ # @!attribute [rw] endpoint_name
19154
+ # The name of the endpoint to update.
19155
+ # @return [String]
19156
+ #
19157
+ # @!attribute [rw] target_version
19158
+ # The harness version that the endpoint points to. If not specified,
19159
+ # the existing value is retained.
19160
+ # @return [String]
19161
+ #
19162
+ # @!attribute [rw] description
19163
+ # A description of the endpoint. If not specified, the existing value
19164
+ # is retained.
19165
+ # @return [String]
19166
+ #
19167
+ # @!attribute [rw] client_token
19168
+ # A unique, case-sensitive identifier to ensure idempotency of the
19169
+ # request.
19170
+ #
19171
+ # **A suitable default value is auto-generated.** You should normally
19172
+ # not need to pass this option.
19173
+ # @return [String]
19174
+ #
19175
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdateHarnessEndpointRequest AWS API Documentation
19176
+ #
19177
+ class UpdateHarnessEndpointRequest < Struct.new(
19178
+ :harness_id,
19179
+ :endpoint_name,
19180
+ :target_version,
19181
+ :description,
19182
+ :client_token)
19183
+ SENSITIVE = []
19184
+ include Aws::Structure
19185
+ end
19186
+
19187
+ # @!attribute [rw] endpoint
19188
+ # The updated endpoint.
19189
+ # @return [Types::HarnessEndpoint]
19190
+ #
19191
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdateHarnessEndpointResponse AWS API Documentation
19192
+ #
19193
+ class UpdateHarnessEndpointResponse < Struct.new(
19194
+ :endpoint)
19195
+ SENSITIVE = []
19196
+ include Aws::Structure
19197
+ end
19198
+
18020
19199
  # @!attribute [rw] harness_id
18021
19200
  # The ID of the harness to update.
18022
19201
  # @return [String]
@@ -18239,19 +19418,19 @@ module Aws::BedrockAgentCoreControl
18239
19418
  end
18240
19419
 
18241
19420
  # @!attribute [rw] client_secret_arn
18242
- # The Amazon Resource Name (ARN) of the client secret in AWS Secrets
18243
- # Manager.
19421
+ # The Amazon Resource Name (ARN) of the client secret in Amazon Web
19422
+ # Services Secrets Manager.
18244
19423
  # @return [Types::Secret]
18245
19424
  #
18246
19425
  # @!attribute [rw] client_secret_json_key
18247
- # The JSON key used to extract the client secret value from the AWS
18248
- # Secrets Manager secret.
19426
+ # The JSON key used to extract the client secret value from the Amazon
19427
+ # Web Services Secrets Manager secret.
18249
19428
  # @return [String]
18250
19429
  #
18251
19430
  # @!attribute [rw] client_secret_source
18252
19431
  # The source type of the client secret. Either `MANAGED` if the secret
18253
19432
  # is managed by the service, or `EXTERNAL` if managed by the user in
18254
- # AWS Secrets Manager.
19433
+ # Amazon Web Services Secrets Manager.
18255
19434
  # @return [String]
18256
19435
  #
18257
19436
  # @!attribute [rw] name
@@ -18783,6 +19962,14 @@ module Aws::BedrockAgentCoreControl
18783
19962
  # especially when modifying policy logic or conditions.
18784
19963
  # @return [String]
18785
19964
  #
19965
+ # @!attribute [rw] enforcement_mode
19966
+ # The enforcement mode for the policy. Run this policy in `LOG_ONLY`
19967
+ # mode to collect data on how it affects your application. Once you
19968
+ # are satisfied with the data gathered, switch the policy to `ACTIVE`.
19969
+ # If you omit this field, the policy's existing enforcement mode is
19970
+ # unchanged.
19971
+ # @return [String]
19972
+ #
18786
19973
  # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdatePolicyRequest AWS API Documentation
18787
19974
  #
18788
19975
  class UpdatePolicyRequest < Struct.new(
@@ -18790,7 +19977,8 @@ module Aws::BedrockAgentCoreControl
18790
19977
  :policy_id,
18791
19978
  :description,
18792
19979
  :definition,
18793
- :validation_mode)
19980
+ :validation_mode,
19981
+ :enforcement_mode)
18794
19982
  SENSITIVE = []
18795
19983
  include Aws::Structure
18796
19984
  end
@@ -18823,6 +20011,10 @@ module Aws::BedrockAgentCoreControl
18823
20011
  # The current status of the updated policy.
18824
20012
  # @return [String]
18825
20013
  #
20014
+ # @!attribute [rw] enforcement_mode
20015
+ # The current enforcement mode of the updated policy.
20016
+ # @return [String]
20017
+ #
18826
20018
  # @!attribute [rw] definition
18827
20019
  # The updated Cedar policy statement.
18828
20020
  # @return [Types::PolicyDefinition]
@@ -18845,6 +20037,7 @@ module Aws::BedrockAgentCoreControl
18845
20037
  :updated_at,
18846
20038
  :policy_arn,
18847
20039
  :status,
20040
+ :enforcement_mode,
18848
20041
  :definition,
18849
20042
  :description,
18850
20043
  :status_reasons)
@@ -19922,6 +21115,30 @@ module Aws::BedrockAgentCoreControl
19922
21115
  include Aws::Structure
19923
21116
  end
19924
21117
 
21118
+ # The Amazon Web Services WAF configuration for the gateway. This
21119
+ # configuration controls how the gateway behaves when the associated web
21120
+ # ACL cannot be evaluated.
21121
+ #
21122
+ # @!attribute [rw] failure_mode
21123
+ # The failure mode that determines how the gateway handles requests
21124
+ # when Amazon Web Services WAF is unreachable or times out. Valid
21125
+ # values include:
21126
+ #
21127
+ # * `FAIL_CLOSE` - The gateway blocks requests when Amazon Web
21128
+ # Services WAF cannot be evaluated.
21129
+ #
21130
+ # * `FAIL_OPEN` - The gateway allows requests when Amazon Web Services
21131
+ # WAF cannot be evaluated.
21132
+ # @return [String]
21133
+ #
21134
+ # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/WafConfiguration AWS API Documentation
21135
+ #
21136
+ class WafConfiguration < Struct.new(
21137
+ :failure_mode)
21138
+ SENSITIVE = []
21139
+ include Aws::Structure
21140
+ end
21141
+
19925
21142
  # A weighted configuration bundle override that splits traffic between
19926
21143
  # multiple bundle versions.
19927
21144
  #