Class GatewayPolicyEngineConfiguration
- All Implemented Interfaces:
Serializable,SdkPojo,ToCopyableBuilder<GatewayPolicyEngineConfiguration.Builder,GatewayPolicyEngineConfiguration>
The configuration for a policy engine associated with a gateway. A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with a gateway, the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies.
- See Also:
-
Nested Class Summary
Nested Classes -
Method Summary
Modifier and TypeMethodDescriptionfinal Stringarn()The ARN of the policy engine.builder()final booleanfinal booleanequalsBySdkFields(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz) final inthashCode()final GatewayPolicyEngineModemode()The enforcement mode for the policy engine.final StringThe enforcement mode for the policy engine.static Class<? extends GatewayPolicyEngineConfiguration.Builder> Take this object and create a builder that contains all of the current property values of this object.final StringtoString()Returns a string representation of this object.Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
arn
The ARN of the policy engine. The policy engine contains Cedar policies that define fine-grained authorization rules specifying who can perform what actions on which resources as agents interact through the gateway.
- Returns:
- The ARN of the policy engine. The policy engine contains Cedar policies that define fine-grained authorization rules specifying who can perform what actions on which resources as agents interact through the gateway.
-
mode
The enforcement mode for the policy engine. Valid values include:
-
LOG_ONLY- The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement. -
ENFORCE- The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies inLOG_ONLYmode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
If the service returns an enum value that is not available in the current SDK version,
modewill returnGatewayPolicyEngineMode.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available frommodeAsString().- Returns:
- The enforcement mode for the policy engine. Valid values include:
-
LOG_ONLY- The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement. -
ENFORCE- The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies inLOG_ONLYmode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
-
- See Also:
-
-
modeAsString
The enforcement mode for the policy engine. Valid values include:
-
LOG_ONLY- The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement. -
ENFORCE- The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies inLOG_ONLYmode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
If the service returns an enum value that is not available in the current SDK version,
modewill returnGatewayPolicyEngineMode.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available frommodeAsString().- Returns:
- The enforcement mode for the policy engine. Valid values include:
-
LOG_ONLY- The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement. -
ENFORCE- The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies inLOG_ONLYmode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
-
- See Also:
-
-
toBuilder
Description copied from interface:ToCopyableBuilderTake this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilderin interfaceToCopyableBuilder<GatewayPolicyEngineConfiguration.Builder,GatewayPolicyEngineConfiguration> - Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
-
equals
-
equalsBySdkFields
Description copied from interface:SdkPojoIndicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojoclass, and is generated based on a service model.If an
SdkPojoclass does not have any inherited fields,equalsBySdkFieldsandequalsare essentially the same.- Specified by:
equalsBySdkFieldsin interfaceSdkPojo- Parameters:
obj- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
-
getValueForField
-
sdkFields
-
sdkFieldNameToField
- Specified by:
sdkFieldNameToFieldin interfaceSdkPojo- Returns:
- The mapping between the field name and its corresponding field.
-