AWS::BedrockAgentCore::Runtime CustomJWTAuthorizerConfiguration - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::BedrockAgentCore::Runtime CustomJWTAuthorizerConfiguration

Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "AllowedAudience" : [ String, ... ],
  "AllowedClients" : [ String, ... ],
  "AllowedScopes" : [ String, ... ],
  "CustomClaims" : [ CustomClaimValidationType, ... ],
  "DiscoveryUrl" : String
}

Properties

AllowedAudience

Represents individual audience values that are validated in the incoming JWT token validation process.

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption

AllowedClients

Represents individual client IDs that are validated in the incoming JWT token validation process.

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption

AllowedScopes

An array of scopes that are allowed to access the token.

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption

CustomClaims

An array of objects that define a custom claim validation name, value, and operation

Required: No

Type: Array of CustomClaimValidationType

Minimum: 1

Update requires: No interruption

DiscoveryUrl

This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

Required: Yes

Type: String

Pattern: ^.+/\.well-known/openid-configuration$

Update requires: No interruption