BedrockAgentCoreControl / Client / get_gateway
get_gateway¶
- BedrockAgentCoreControl.Client.get_gateway(**kwargs)¶
Retrieves information about a specific Gateway.
See also: AWS API Documentation
Request Syntax
response = client.get_gateway( gatewayIdentifier='string' )
- Parameters:
gatewayIdentifier (string) –
[REQUIRED]
The identifier of the gateway to retrieve.
- Return type:
dict
- Returns:
Response Syntax
{ 'gatewayArn': 'string', 'gatewayId': 'string', 'gatewayUrl': 'string', 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1), 'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED', 'statusReasons': [ 'string', ], 'name': 'string', 'description': 'string', 'roleArn': 'string', 'protocolType': 'MCP', 'protocolConfiguration': { 'mcp': { 'supportedVersions': [ 'string', ], 'instructions': 'string', 'searchType': 'SEMANTIC' } }, 'authorizerType': 'CUSTOM_JWT'|'AWS_IAM'|'NONE', 'authorizerConfiguration': { 'customJWTAuthorizer': { 'discoveryUrl': 'string', 'allowedAudience': [ 'string', ], 'allowedClients': [ 'string', ], 'allowedScopes': [ 'string', ], 'customClaims': [ { 'inboundTokenClaimName': 'string', 'inboundTokenClaimValueType': 'STRING'|'STRING_ARRAY', 'authorizingClaimMatchValue': { 'claimMatchValue': { 'matchValueString': 'string', 'matchValueStringList': [ 'string', ] }, 'claimMatchOperator': 'EQUALS'|'CONTAINS'|'CONTAINS_ANY' } }, ] } }, 'kmsKeyArn': 'string', 'interceptorConfigurations': [ { 'interceptor': { 'lambda': { 'arn': 'string' } }, 'interceptionPoints': [ 'REQUEST'|'RESPONSE', ], 'inputConfiguration': { 'passRequestHeaders': True|False } }, ], 'policyEngineConfiguration': { 'arn': 'string', 'mode': 'LOG_ONLY'|'ENFORCE' }, 'workloadIdentityDetails': { 'workloadIdentityArn': 'string' }, 'exceptionLevel': 'DEBUG' }
Response Structure
(dict) –
gatewayArn (string) –
The Amazon Resource Name (ARN) of the gateway.
gatewayId (string) –
The unique identifier of the gateway.
gatewayUrl (string) –
An endpoint for invoking gateway.
createdAt (datetime) –
The timestamp when the gateway was created.
updatedAt (datetime) –
The timestamp when the gateway was last updated.
status (string) –
The current status of the gateway.
statusReasons (list) –
The reasons for the current status of the gateway.
(string) –
name (string) –
The name of the gateway.
description (string) –
The description of the gateway.
roleArn (string) –
The IAM role ARN that provides permissions for the gateway.
protocolType (string) –
Protocol applied to a gateway.
protocolConfiguration (dict) –
The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
mcp. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
mcp (dict) –
The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.
supportedVersions (list) –
The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.
(string) –
instructions (string) –
The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.
searchType (string) –
The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.
authorizerType (string) –
Authorizer type for the gateway.
authorizerConfiguration (dict) –
The authorizer configuration for the gateway.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
customJWTAuthorizer. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
customJWTAuthorizer (dict) –
The inbound JWT-based authorization, specifying how incoming requests should be authenticated.
discoveryUrl (string) –
This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
allowedAudience (list) –
Represents individual audience values that are validated in the incoming JWT token validation process.
(string) –
allowedClients (list) –
Represents individual client IDs that are validated in the incoming JWT token validation process.
(string) –
allowedScopes (list) –
An array of scopes that are allowed to access the token.
(string) –
customClaims (list) –
An array of objects that define a custom claim validation name, value, and operation
(dict) –
Defines the name of a custom claim field and rules for finding matches to authenticate its value.
inboundTokenClaimName (string) –
The name of the custom claim field to check.
inboundTokenClaimValueType (string) –
The data type of the claim value to check for.
Use
STRINGif you want to find an exact match to a string you define.Use
STRING_ARRAYif you want to fnd a match to at least one value in an array you define.
authorizingClaimMatchValue (dict) –
Defines the value or values to match for and the relationship of the match.
claimMatchValue (dict) –
The value or values to match for.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
matchValueString,matchValueStringList. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
matchValueString (string) –
The string value to match for.
matchValueStringList (list) –
An array of strings to check for a match.
(string) –
claimMatchOperator (string) –
Defines the relationship between the claim field value and the value or values you’re matching for.
kmsKeyArn (string) –
The Amazon Resource Name (ARN) of the KMS key used to encrypt the gateway.
interceptorConfigurations (list) –
The interceptors configured on the gateway.
(dict) –
The configuration for an interceptor on a gateway. This structure defines settings for an interceptor that will be invoked during the invocation of the gateway.
interceptor (dict) –
The infrastructure settings of an interceptor configuration. This structure defines how the interceptor can be invoked.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
lambda. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
lambda (dict) –
The details of the lambda function used for the interceptor.
arn (string) –
The arn of the lambda function to be invoked for the interceptor.
interceptionPoints (list) –
The supported points of interception. This field specifies which points during the gateway invocation to invoke the interceptor
(string) –
inputConfiguration (dict) –
The configuration for the input of the interceptor. This field specifies how the input to the interceptor is constructed
passRequestHeaders (boolean) –
Indicates whether to pass request headers as input into the interceptor. When set to true, request headers will be passed.
policyEngineConfiguration (dict) –
The policy engine configuration for the gateway.
arn (string) –
The ARN of the policy engine. The policy engine contains Cedar policies that define fine-grained authorization rules specifying who can perform what actions on which resources as agents interact through the gateway.
mode (string) –
The enforcement mode for the policy engine. Valid values include:
LOG_ONLY- The policy engine evaluates each action against your policies and adds traces on whether tool calls would be allowed or denied, but does not enforce the decision. Use this mode to test and validate policies before enabling enforcement.ENFORCE- The policy engine evaluates actions against your policies and enforces decisions by allowing or denying agent operations. Test and validate policies inLOG_ONLYmode before enabling enforcement to avoid unintended denials or adversely affecting production traffic.
workloadIdentityDetails (dict) –
The workload identity details for the gateway.
workloadIdentityArn (string) –
The ARN associated with the workload identity.
exceptionLevel (string) –
The level of detail in error messages returned when invoking the gateway.
If the value is
DEBUG, granular exception messages are returned to help a user debug the gateway.If the value is omitted, a generic error message is returned to the end user.
Exceptions
BedrockAgentCoreControl.Client.exceptions.ValidationExceptionBedrockAgentCoreControl.Client.exceptions.AccessDeniedExceptionBedrockAgentCoreControl.Client.exceptions.ResourceNotFoundExceptionBedrockAgentCoreControl.Client.exceptions.ThrottlingExceptionBedrockAgentCoreControl.Client.exceptions.InternalServerException