BedrockAgentCoreControlPlaneFrontingLayer / Client / create_gateway

create_gateway

BedrockAgentCoreControlPlaneFrontingLayer.Client.create_gateway(**kwargs)

Creates a gateway for Amazon Bedrock Agent. A gateway serves as an integration point between your agent and external services.

To create a gateway, you must specify a name, protocol type, and IAM role. The role grants the gateway permission to access Amazon Web Services services and resources.

See also: AWS API Documentation

Request Syntax

response = client.create_gateway(
    name='string',
    description='string',
    clientToken='string',
    roleArn='string',
    protocolType='MCP',
    protocolConfiguration={
        'mcp': {
            'supportedVersions': [
                'string',
            ],
            'instructions': 'string',
            'searchType': 'SEMANTIC'
        }
    },
    authorizerType='CUSTOM_JWT',
    authorizerConfiguration={
        'customJWTAuthorizer': {
            'discoveryUrl': 'string',
            'allowedAudience': [
                'string',
            ],
            'allowedClients': [
                'string',
            ]
        }
    },
    kmsKeyArn='string',
    exceptionLevel='DEBUG'
)
Parameters:

  • name (string) –

    [REQUIRED]

    The name of the gateway. The name must be unique within your account.

  • description (string) – The description of the gateway.

  • clientToken (string) –

    A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.

    This field is autopopulated if not provided.

  • roleArn (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of the IAM role that provides permissions for the gateway to access Amazon Web Services services.

  • protocolType (string) –

    [REQUIRED]

    The protocol type for the gateway. Currently supports MCP (Model Context Protocol).

  • protocolConfiguration (dict) –

    The configuration settings for the protocol specified in the protocolType parameter.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: mcp.

    • mcp (dict) –

      The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.

      • supportedVersions (list) –

        The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.

        • (string) –

      • instructions (string) –

        The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.

      • searchType (string) –

        The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.

  • authorizerType (string) –

    [REQUIRED]

    The type of authorizer to use for the gateway.

  • authorizerConfiguration (dict) –

    [REQUIRED]

    The authorizer configuration for the Gateway.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: customJWTAuthorizer.

    • customJWTAuthorizer (dict) –

      The inbound JWT-based authorization, specifying how incoming requests should be authenticated.

      • discoveryUrl (string) – [REQUIRED]

        This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

      • allowedAudience (list) –

        Represents individual audience values that are validated in the incoming JWT token validation process.

        • (string) –

      • allowedClients (list) –

        Represents individual client IDs that are validated in the incoming JWT token validation process.

        • (string) –

  • kmsKeyArn (string) – The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.

  • exceptionLevel (string) – The verbosity of exception messages. Use DEBUG mode to see granular exception messages from a Gateway. If this parameter is not set, exception messages are by default sanitized for presentation to end users.

Return type:

dict

Returns:

Response Syntax

{
    'gatewayArn': 'string',
    'gatewayId': 'string',
    'gatewayUrl': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED',
    'statusReasons': [
        'string',
    ],
    'name': 'string',
    'description': 'string',
    'roleArn': 'string',
    'protocolType': 'MCP',
    'protocolConfiguration': {
        'mcp': {
            'supportedVersions': [
                'string',
            ],
            'instructions': 'string',
            'searchType': 'SEMANTIC'
        }
    },
    'authorizerType': 'CUSTOM_JWT',
    'authorizerConfiguration': {
        'customJWTAuthorizer': {
            'discoveryUrl': 'string',
            'allowedAudience': [
                'string',
            ],
            'allowedClients': [
                'string',
            ]
        }
    },
    'kmsKeyArn': 'string',
    'workloadIdentityDetails': {
        'workloadIdentityArn': 'string'
    },
    'exceptionLevel': 'DEBUG'
}

Response Structure

  • (dict) –

    • gatewayArn (string) –

      The Amazon Resource Name (ARN) of the created gateway.

    • gatewayId (string) –

      The unique identifier of the created gateway.

    • gatewayUrl (string) –

      The URL endpoint for the created gateway.

    • createdAt (datetime) –

      The timestamp when the gateway was created.

    • updatedAt (datetime) –

      The timestamp when the gateway was last updated.

    • status (string) –

      The current status of the gateway.

    • statusReasons (list) –

      The reasons for the current status of the gateway.

      • (string) –

    • name (string) –

      The name of the gateway.

    • description (string) –

      The description of the gateway.

    • roleArn (string) –

      The Amazon Resource Name (ARN) of the IAM role associated with the gateway.

    • protocolType (string) –

      The protocol type of the gateway.

    • protocolConfiguration (dict) –

      The configuration settings for the protocol used by the gateway.

      Note

      This is a Tagged Union structure. Only one of the following top level keys will be set: mcp. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

      • mcp (dict) –

        The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.

        • supportedVersions (list) –

          The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.

          • (string) –

        • instructions (string) –

          The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.

        • searchType (string) –

          The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.

    • authorizerType (string) –

      The type of authorizer used by the gateway.

    • authorizerConfiguration (dict) –

      The authorizer configuration for the created Gateway.

      Note

      This is a Tagged Union structure. Only one of the following top level keys will be set: customJWTAuthorizer. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

      • customJWTAuthorizer (dict) –

        The inbound JWT-based authorization, specifying how incoming requests should be authenticated.

        • discoveryUrl (string) –

          This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

        • allowedAudience (list) –

          Represents individual audience values that are validated in the incoming JWT token validation process.

          • (string) –

        • allowedClients (list) –

          Represents individual client IDs that are validated in the incoming JWT token validation process.

          • (string) –

    • kmsKeyArn (string) –

      The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.

    • workloadIdentityDetails (dict) –

      The workload identity details for the created Gateway.

      • workloadIdentityArn (string) –

        The ARN associated with the workload identity.

    • exceptionLevel (string) –

      The verbosity of exception messages. Use DEBUG mode to see granular exception messages from a Gateway. If this parameter is not set, exception messages are by default sanitized for presentation to end users.

Exceptions