AWS API Changes

2025/09/30 - Amazon Bedrock Agent Core Control Plane Fronting Layer - 1 updated api methods

Changes Tagging support for AgentCore Gateway

CreateGateway (updated)

Link ¶
Changes (request)

{'tags': {'string': 'string'}}

Creates a gateway for Amazon Bedrock Agent. A gateway serves as an integration point between your agent and external services.

To create a gateway, you must specify a name, protocol type, and IAM role. The role grants the gateway permission to access Amazon Web Services services and resources.

See also: AWS API Documentation

Request Syntax

client.create_gateway(
    name='string',
    description='string',
    clientToken='string',
    roleArn='string',
    protocolType='MCP',
    protocolConfiguration={
        'mcp': {
            'supportedVersions': [
                'string',
            ],
            'instructions': 'string',
            'searchType': 'SEMANTIC'
        }
    },
    authorizerType='CUSTOM_JWT',
    authorizerConfiguration={
        'customJWTAuthorizer': {
            'discoveryUrl': 'string',
            'allowedAudience': [
                'string',
            ],
            'allowedClients': [
                'string',
            ]
        }
    },
    kmsKeyArn='string',
    exceptionLevel='DEBUG',
    tags={
        'string': 'string'
    }
)

type name:

string

param name:

[REQUIRED]

The name of the gateway. The name must be unique within your account.

type description:

string

param description:

The description of the gateway.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, the service ignores the request, but does not return an error. For more information, see Ensuring idempotency.

This field is autopopulated if not provided.

type roleArn:

string

param roleArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the gateway to access Amazon Web Services services.

type protocolType:

string

param protocolType:

[REQUIRED]

The protocol type for the gateway.

type protocolConfiguration:

dict

param protocolConfiguration:

The configuration settings for the protocol specified in the protocolType parameter.

mcp (dict) --

The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.
- supportedVersions (list) --
  
  The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.
  - (string) --
- instructions (string) --
  
  The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.
- searchType (string) --
  
  The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.

type authorizerType:

string

param authorizerType:

[REQUIRED]

The type of authorizer to use for the gateway.

type authorizerConfiguration:

dict

param authorizerConfiguration:

[REQUIRED]

The authorizer configuration for the gateway.

customJWTAuthorizer (dict) --

The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
- discoveryUrl (string) -- [REQUIRED]
  
  This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
- allowedAudience (list) --
  
  Represents individual audience values that are validated in the incoming JWT token validation process.
  - (string) --
- allowedClients (list) --
  
  Represents individual client IDs that are validated in the incoming JWT token validation process.
  - (string) --

type kmsKeyArn:

string

param kmsKeyArn:

The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.

type exceptionLevel:

string

param exceptionLevel:

The level of detail in error messages returned when invoking the gateway.

If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.

type tags:

dict

param tags:

A map of key-value pairs to associate with the gateway as metadata tags.

(string) --
- (string) --

rtype:

dict

returns:

Response Syntax

{
    'gatewayArn': 'string',
    'gatewayId': 'string',
    'gatewayUrl': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED',
    'statusReasons': [
        'string',
    ],
    'name': 'string',
    'description': 'string',
    'roleArn': 'string',
    'protocolType': 'MCP',
    'protocolConfiguration': {
        'mcp': {
            'supportedVersions': [
                'string',
            ],
            'instructions': 'string',
            'searchType': 'SEMANTIC'
        }
    },
    'authorizerType': 'CUSTOM_JWT',
    'authorizerConfiguration': {
        'customJWTAuthorizer': {
            'discoveryUrl': 'string',
            'allowedAudience': [
                'string',
            ],
            'allowedClients': [
                'string',
            ]
        }
    },
    'kmsKeyArn': 'string',
    'workloadIdentityDetails': {
        'workloadIdentityArn': 'string'
    },
    'exceptionLevel': 'DEBUG'
}

Response Structure

(dict) --
- gatewayArn (string) --
  
  The Amazon Resource Name (ARN) of the created gateway.
- gatewayId (string) --
  
  The unique identifier of the created gateway.
- gatewayUrl (string) --
  
  The URL endpoint for the created gateway.
- createdAt (datetime) --
  
  The timestamp when the gateway was created.
- updatedAt (datetime) --
  
  The timestamp when the gateway was last updated.
- status (string) --
  
  The current status of the gateway.
- statusReasons (list) --
  
  The reasons for the current status of the gateway.
  - (string) --
- name (string) --
  
  The name of the gateway.
- description (string) --
  
  The description of the gateway.
- roleArn (string) --
  
  The Amazon Resource Name (ARN) of the IAM role associated with the gateway.
- protocolType (string) --
  
  The protocol type of the gateway.
- protocolConfiguration (dict) --
  
  The configuration settings for the protocol used by the gateway.
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys will be set: mcp. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
```
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
```
  - mcp (dict) --
    
    The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.
    - supportedVersions (list) --
      
      The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.
      - (string) --
    - instructions (string) --
      
      The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.
    - searchType (string) --
      
      The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.
- authorizerType (string) --
  
  The type of authorizer used by the gateway.
- authorizerConfiguration (dict) --
  
  The authorizer configuration for the created gateway.
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys will be set: customJWTAuthorizer. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
```
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
```
  - customJWTAuthorizer (dict) --
    
    The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
    - discoveryUrl (string) --
      
      This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
    - allowedAudience (list) --
      
      Represents individual audience values that are validated in the incoming JWT token validation process.
      - (string) --
    - allowedClients (list) --
      
      Represents individual client IDs that are validated in the incoming JWT token validation process.
      - (string) --
- kmsKeyArn (string) --
  
  The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
- workloadIdentityDetails (dict) --
  
  The workload identity details for the created gateway.
  - workloadIdentityArn (string) --
    
    The ARN associated with the workload identity.
- exceptionLevel (string) --
  
  The level of detail in error messages returned when invoking the gateway.
  - If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
  - If the value is omitted, a generic error message is returned to the end user.