@aws-sdk/client-bedrock-agentcore-control 3.1021.0 → 3.1023.0

package/dist-types/models/models_1.d.ts

@@ -1,5 +1,256 @@
 import type { FindingType, PolicyEngineStatus, PolicyGenerationStatus, PolicyStatus, PolicyValidationMode, SchemaType, TargetStatus } from "./enums";
-import type { ApiGatewayTargetConfiguration, ApiSchemaConfiguration, CredentialProviderConfiguration, KmsConfiguration, McpServerTargetConfiguration, MetadataConfiguration, S3Configuration } from "./models_0";
+import type { ApiGatewayTargetConfiguration, ApiSchemaConfiguration, AuthorizationData, CredentialProviderConfiguration, KmsConfiguration, ManagedResourceDetails, McpServerTargetConfiguration, MetadataConfiguration, PrivateEndpoint, S3Configuration } from "./models_0";
+/**
+ * @public
+ */
+export interface CreatePolicyEngineResponse {
+    /**
+     * <p>The unique identifier for the created policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and is used for all subsequent policy engine operations.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the created policy engine. This matches the name provided in the request and serves as the human-readable identifier.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>A human-readable description of the policy engine's purpose.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The timestamp when the policy engine was created. This is automatically set by the service and used for auditing and lifecycle management.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last updated. For newly created policy engines, this matches the <code>createdAt</code> timestamp.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the created policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the policy engine. A status of <code>ACTIVE</code> indicates the policy engine is ready for use.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine creation process.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DeletePolicyEngineRequest {
+    /**
+     * <p>The unique identifier of the policy engine to be deleted. This must be a valid policy engine ID that exists within the account.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DeletePolicyEngineResponse {
+    /**
+     * <p>The unique identifier of the policy engine being deleted. This confirms which policy engine the deletion operation targets.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the deleted policy engine.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The human-readable description of the deleted policy engine.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The timestamp when the deleted policy engine was originally created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the deleted policy engine was last modified before deletion. This tracks the final state of the policy engine before it was removed from the system.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the deleted policy engine. This globally unique identifier confirms which policy engine resource was successfully removed.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The status of the policy engine deletion operation. This provides status about any issues that occurred during the deletion process.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicyEngineRequest {
+    /**
+     * <p>The unique identifier of the policy engine to be retrieved. This must be a valid policy engine ID that exists within the account.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicyEngineResponse {
+    /**
+     * <p>The unique identifier of the retrieved policy engine. This matches the policy engine ID provided in the request and serves as the system identifier.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the policy engine. This is the human-readable identifier that was specified when the policy engine was created.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The human-readable description of the policy engine's purpose and scope. This helps administrators understand the policy engine's role in governance.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The timestamp when the policy engine was originally created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the policy engine.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicyEnginesRequest {
+    /**
+     * <p>A pagination token returned from a previous <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html">ListPolicyEngines</a> call. Use this token to retrieve the next page of results when the response is paginated.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+    /**
+     * <p>The maximum number of policy engines to return in a single response. If not specified, the default is 10 policy engines per page, with a maximum of 100 per page.</p>
+     * @public
+     */
+    maxResults?: number | undefined;
+}
+/**
+ * <p>Represents a policy engine resource within the AgentCore Policy system. Policy engines serve as containers for grouping related policies and provide the execution context for policy evaluation and management. Each policy engine can be associated with one Gateway (one engine per Gateway), where it intercepts all agent tool calls and evaluates them against the contained policies before allowing tools to execute. The policy engine maintains the Cedar schema generated from the Gateway's tool manifest, ensuring that policies are validated against the actual tools and parameters available. Policy engines support two enforcement modes that can be configured when associating with a Gateway: log-only mode for testing (evaluates decisions without blocking) and enforce mode for production (actively allows or denies based on policy evaluation).</p>
+ * @public
+ */
+export interface PolicyEngine {
+    /**
+     * <p>The unique identifier for the policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy engine operations.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned immutable name for the policy engine. This human-readable identifier must be unique within the account and cannot exceed 48 characters.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>A human-readable description of the policy engine's purpose and scope. Limited to 4,096 characters, this helps administrators understand the policy engine's role in the overall governance strategy.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The timestamp when the policy engine was originally created. This is automatically set by the service and used for auditing and lifecycle management.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration or metadata.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the policy engine.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine lifecycle.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicyEnginesResponse {
+    /**
+     * <p>An array of policy engine objects that exist in the account. Each policy engine object contains the engine metadata, status, and key identifiers for further operations.</p>
+     * @public
+     */
+    policyEngines: PolicyEngine[] | undefined;
+    /**
+     * <p>A pagination token that can be used in subsequent <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html">ListPolicyEngines</a> calls to retrieve additional results. This token is only present when there are more results available. </p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
 /**
  * Wrapper for updating an optional Description field with PATCH semantics.
  * When present in an update request, the description is replaced with optionalValue.
@@ -1525,6 +1776,11 @@ export interface CreateGatewayTargetRequest {
      * @public
      */
     metadataConfiguration?: MetadataConfiguration | undefined;
+    /**
+     * <p>The private endpoint configuration for the gateway target. Use this to connect the gateway to private resources in your VPC.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
 }
 /**
  * @public
@@ -1590,6 +1846,21 @@ export interface CreateGatewayTargetResponse {
      * @public
      */
     metadataConfiguration?: MetadataConfiguration | undefined;
+    /**
+     * <p>The private endpoint configuration for the gateway target.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
+    /**
+     * <p>The managed resources created by the gateway for private endpoint connectivity.</p>
+     * @public
+     */
+    privateEndpointManagedResources?: ManagedResourceDetails[] | undefined;
+    /**
+     * <p>OAuth2 authorization data for the created gateway target. This data is returned when the target requires user authorization through an authorization code grant type.</p>
+     * @public
+     */
+    authorizationData?: AuthorizationData | undefined;
 }
 /**
  * <p>The gateway target.</p>
@@ -1656,6 +1927,21 @@ export interface GatewayTarget {
      * @public
      */
     metadataConfiguration?: MetadataConfiguration | undefined;
+    /**
+     * <p>The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
+    /**
+     * <p>A list of managed resources created by the gateway for private endpoint connectivity. These resources are created in your account when you use a managed VPC Lattice resource configuration.</p>
+     * @public
+     */
+    privateEndpointManagedResources?: ManagedResourceDetails[] | undefined;
+    /**
+     * <p>OAuth2 authorization data for the gateway target. This data is returned when a target is configured with a credential provider with authorization code grant type and requires user federation.</p>
+     * @public
+     */
+    authorizationData?: AuthorizationData | undefined;
 }
 /**
  * @public
@@ -1721,6 +2007,21 @@ export interface GetGatewayTargetResponse {
      * @public
      */
     metadataConfiguration?: MetadataConfiguration | undefined;
+    /**
+     * <p>The private endpoint configuration for the gateway target.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
+    /**
+     * <p>The managed resources created by the gateway for private endpoint connectivity.</p>
+     * @public
+     */
+    privateEndpointManagedResources?: ManagedResourceDetails[] | undefined;
+    /**
+     * <p>OAuth2 authorization data for the gateway target. This data is returned when the target requires user authorization through an authorization code grant type.</p>
+     * @public
+     */
+    authorizationData?: AuthorizationData | undefined;
 }
 /**
  * @public
@@ -1761,6 +2062,11 @@ export interface UpdateGatewayTargetRequest {
      * @public
      */
     metadataConfiguration?: MetadataConfiguration | undefined;
+    /**
+     * <p>The private endpoint configuration for the gateway target. Use this to connect the gateway to private resources in your VPC.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
 }
 /**
  * @public
@@ -1826,6 +2132,21 @@ export interface UpdateGatewayTargetResponse {
      * @public
      */
     metadataConfiguration?: MetadataConfiguration | undefined;
+    /**
+     * <p>The private endpoint configuration for the gateway target.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
+    /**
+     * <p>The managed resources created by the gateway for private endpoint connectivity.</p>
+     * @public
+     */
+    privateEndpointManagedResources?: ManagedResourceDetails[] | undefined;
+    /**
+     * <p>OAuth2 authorization data for the updated gateway target. This data is returned when the target requires user authorization through an authorization code grant type.</p>
+     * @public
+     */
+    authorizationData?: AuthorizationData | undefined;
 }
 /**
  * @public

package/dist-types/schemas/schemas_0.d.ts

@@ -175,6 +175,7 @@ export declare var GithubOauth2ProviderConfigInput$: StaticStructureSchema;
 export declare var GithubOauth2ProviderConfigOutput$: StaticStructureSchema;
 export declare var GoogleOauth2ProviderConfigInput$: StaticStructureSchema;
 export declare var GoogleOauth2ProviderConfigOutput$: StaticStructureSchema;
+export declare var IamCredentialProvider$: StaticStructureSchema;
 export declare var IncludedOauth2ProviderConfigInput$: StaticStructureSchema;
 export declare var IncludedOauth2ProviderConfigOutput$: StaticStructureSchema;
 export declare var InferenceConfiguration$: StaticStructureSchema;
@@ -227,6 +228,8 @@ export declare var ListTagsForResourceResponse$: StaticStructureSchema;
 export declare var ListWorkloadIdentitiesRequest$: StaticStructureSchema;
 export declare var ListWorkloadIdentitiesResponse$: StaticStructureSchema;
 export declare var LlmAsAJudgeEvaluatorConfig$: StaticStructureSchema;
+export declare var ManagedLatticeResource$: StaticStructureSchema;
+export declare var ManagedResourceDetails$: StaticStructureSchema;
 export declare var MCPGatewayConfiguration$: StaticStructureSchema;
 export declare var McpLambdaTargetConfiguration$: StaticStructureSchema;
 export declare var McpServerTargetConfiguration$: StaticStructureSchema;
@@ -245,6 +248,7 @@ export declare var ModifySelfManagedConfiguration$: StaticStructureSchema;
 export declare var ModifyStrategyConfiguration$: StaticStructureSchema;
 export declare var NetworkConfiguration$: StaticStructureSchema;
 export declare var NumericalScaleDefinition$: StaticStructureSchema;
+export declare var OAuth2AuthorizationData$: StaticStructureSchema;
 export declare var Oauth2AuthorizationServerMetadata$: StaticStructureSchema;
 export declare var Oauth2CredentialProviderItem$: StaticStructureSchema;
 export declare var OAuthCredentialProvider$: StaticStructureSchema;
@@ -340,6 +344,7 @@ export declare var WorkloadIdentityDetails$: StaticStructureSchema;
 export declare var WorkloadIdentityType$: StaticStructureSchema;
 export declare var AgentRuntimeArtifact$: StaticUnionSchema;
 export declare var ApiSchemaConfiguration$: StaticUnionSchema;
+export declare var AuthorizationData$: StaticUnionSchema;
 export declare var AuthorizerConfiguration$: StaticUnionSchema;
 export declare var CertificateLocation$: StaticUnionSchema;
 export declare var ClaimMatchValueType$: StaticUnionSchema;
@@ -365,6 +370,7 @@ export declare var FilterValue$: StaticUnionSchema;
 export declare var GatewayProtocolConfiguration$: StaticUnionSchema;
 export declare var InterceptorConfiguration$: StaticUnionSchema;
 export declare var McpTargetConfiguration$: StaticUnionSchema;
+export declare var McpToolSchemaConfiguration$: StaticUnionSchema;
 export declare var MemoryStrategyInput$: StaticUnionSchema;
 export declare var ModifyConsolidationConfiguration$: StaticUnionSchema;
 export declare var ModifyExtractionConfiguration$: StaticUnionSchema;
@@ -373,11 +379,13 @@ export declare var Oauth2Discovery$: StaticUnionSchema;
 export declare var Oauth2ProviderConfigInput$: StaticUnionSchema;
 export declare var Oauth2ProviderConfigOutput$: StaticUnionSchema;
 export declare var PolicyDefinition$: StaticUnionSchema;
+export declare var PrivateEndpoint$: StaticUnionSchema;
 export declare var RatingScale$: StaticUnionSchema;
 export declare var ReflectionConfiguration$: StaticUnionSchema;
 export declare var RequestHeaderConfiguration$: StaticUnionSchema;
 export declare var Resource$: StaticUnionSchema;
 export declare var ResourceLocation$: StaticUnionSchema;
+export declare var SelfManagedLatticeResource$: StaticUnionSchema;
 export declare var StreamDeliveryResource$: StaticUnionSchema;
 export declare var TargetConfiguration$: StaticUnionSchema;
 export declare var ToolSchema$: StaticUnionSchema;

package/dist-types/ts3.4/commands/CreatePolicyEngineCommand.d.ts

@@ -5,10 +5,8 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../BedrockAgentCoreControlClient";
-import {
-  CreatePolicyEngineRequest,
-  CreatePolicyEngineResponse,
-} from "../models/models_0";
+import { CreatePolicyEngineRequest } from "../models/models_0";
+import { CreatePolicyEngineResponse } from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface CreatePolicyEngineCommandInput

package/dist-types/ts3.4/commands/DeletePolicyEngineCommand.d.ts

@@ -8,7 +8,7 @@ import {
 import {
   DeletePolicyEngineRequest,
   DeletePolicyEngineResponse,
-} from "../models/models_0";
+} from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface DeletePolicyEngineCommandInput

package/dist-types/ts3.4/commands/GetPolicyEngineCommand.d.ts

@@ -8,7 +8,7 @@ import {
 import {
   GetPolicyEngineRequest,
   GetPolicyEngineResponse,
-} from "../models/models_0";
+} from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface GetPolicyEngineCommandInput extends GetPolicyEngineRequest {}

package/dist-types/ts3.4/commands/ListPolicyEnginesCommand.d.ts

@@ -8,7 +8,7 @@ import {
 import {
   ListPolicyEnginesRequest,
   ListPolicyEnginesResponse,
-} from "../models/models_0";
+} from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface ListPolicyEnginesCommandInput

package/dist-types/ts3.4/models/enums.d.ts

@@ -197,6 +197,12 @@ export declare const CredentialProviderType: {
 };
 export type CredentialProviderType =
   (typeof CredentialProviderType)[keyof typeof CredentialProviderType];
+export declare const EndpointIpAddressType: {
+  readonly IPV4: "IPV4";
+  readonly IPV6: "IPV6";
+};
+export type EndpointIpAddressType =
+  (typeof EndpointIpAddressType)[keyof typeof EndpointIpAddressType];
 export declare const RestApiMethod: {
   readonly DELETE: "DELETE";
   readonly GET: "GET";
@@ -217,12 +223,15 @@ export declare const SchemaType: {
 };
 export type SchemaType = (typeof SchemaType)[keyof typeof SchemaType];
 export declare const TargetStatus: {
+  readonly CREATE_PENDING_AUTH: "CREATE_PENDING_AUTH";
   readonly CREATING: "CREATING";
   readonly DELETING: "DELETING";
   readonly FAILED: "FAILED";
   readonly READY: "READY";
+  readonly SYNCHRONIZE_PENDING_AUTH: "SYNCHRONIZE_PENDING_AUTH";
   readonly SYNCHRONIZE_UNSUCCESSFUL: "SYNCHRONIZE_UNSUCCESSFUL";
   readonly SYNCHRONIZING: "SYNCHRONIZING";
+  readonly UPDATE_PENDING_AUTH: "UPDATE_PENDING_AUTH";
   readonly UPDATE_UNSUCCESSFUL: "UPDATE_UNSUCCESSFUL";
   readonly UPDATING: "UPDATING";
 };