update

Author: mazyu36

packages/@aws-cdk/aws-bedrock-agentcore-alpha/lib/gateway/gateway.ts

@@ -1,4 +1,4 @@
-import { Stack, Token } from 'aws-cdk-lib';
+import { Names, Stack, Token } from 'aws-cdk-lib';
 import * as bedrockagentcore from 'aws-cdk-lib/aws-bedrockagentcore';
 import * as cognito from 'aws-cdk-lib/aws-cognito';
 import * as iam from 'aws-cdk-lib/aws-iam';
@@ -685,15 +685,12 @@ export class Gateway extends GatewayBase {
    * @internal
    */
   private createDefaultCognitoAuthorizerConfig(): IGatewayAuthorizerConfig {
-    // Create User Pool for M2M authentication
     const userPool = new cognito.UserPool(this, 'UserPool', {
-      userPoolName: `${this.name}-gw-userpool`,
       signInCaseSensitive: false,
     });
 
     const resourceServer = userPool.addResourceServer('ResourceServer', {
-      identifier: `${this.name}-gateway-resource-server`,
-      userPoolResourceServerName: `${this.name}-GatewayResourceServer`,
+      identifier: Names.uniqueResourceName(this, { maxLength: 256, separator: '-' }),
       scopes: [
         {
           scopeName: 'read',
@@ -707,7 +704,6 @@ export class Gateway extends GatewayBase {
     });
 
     const userPoolClient = userPool.addClient('DefaultClient', {
-      userPoolClientName: `${this.name}-gw-client`,
       generateSecret: true,
       oAuth: {
         flows: {
@@ -727,9 +723,12 @@ export class Gateway extends GatewayBase {
     });
 
     // Create Cognito Domain for OAuth2 token endpoint
-    // Use gateway name as domain prefix (already validated to be alphanumeric with hyphens/underscores)
-    // Replace underscores with hyphens and convert to lowercase for Cognito domain requirements
-    const domainPrefix = `${this.name}-gw`.replace(/_/g, '-').toLowerCase();
+    // Use uniqueResourceName to generate a unique domain prefix toLowerCase() is required because the hash portion is uppercase
+    const domainPrefix = Names.uniqueResourceName(this, {
+      maxLength: 63, // Cognito domain prefix max length
+      separator: '-',
+    }).toLowerCase();
+
     const userPoolDomain = userPool.addDomain('Domain', {
       cognitoDomain: {
         domainPrefix: domainPrefix,

packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/gateway/gateway.test.ts

@@ -2307,3 +2307,39 @@ describe('MCP Server Target Configuration Tests', () => {
     expect(target.credentialProviderConfigurations).toHaveLength(1);
   });
 });
+
+describe('Gateway M2M Authentication Tests', () => {
+  let stack: cdk.Stack;
+
+  beforeEach(() => {
+    const app = new cdk.App();
+    stack = new cdk.Stack(app, 'TestStack', {
+      env: { account: '123456789012', region: 'us-east-1' },
+    });
+  });
+
+  test('Should create default Cognito authorizer with M2M support', () => {
+    new Gateway(stack, 'TestGateway', {
+      gatewayName: 'test-gateway',
+    });
+
+    const template = Template.fromStack(stack);
+    
+    template.hasResourceProperties('AWS::Cognito::UserPoolClient', {
+      AllowedOAuthFlows: ['client_credentials'],
+      AllowedOAuthFlowsUserPoolClient: true,
+      GenerateSecret: true,
+    });
+
+    // Resource Server identifier is auto-generated using Names.uniqueResourceName()
+    template.hasResourceProperties('AWS::Cognito::UserPoolResourceServer', {
+      Scopes: [
+        { ScopeName: 'read', ScopeDescription: 'Read access to gateway tools' },
+        { ScopeName: 'write', ScopeDescription: 'Write access to gateway tools' },
+      ],
+    });
+
+    // Domain name is auto-generated using Names.uniqueResourceName()
+    template.resourceCountIs('AWS::Cognito::UserPoolDomain', 1);
+  });
+});

…tCoreRuntimeGatewayIntegTest.assets.json …reRuntimeGatewayM2MIntegTest.assets.jsonpackages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/gateway/integ.gateway-with-runtime.js.snapshot/BedrockAgentCoreRuntimeGatewayIntegTest.assets.json renamed to packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/gateway/integ.gateway-with-runtime-m2m.js.snapshot/BedrockAgentCoreRuntimeGatewayM2MIntegTest.assets.json packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/gateway/integ.gateway-with-runtime.js.snapshot/BedrockAgentCoreRuntimeGatewayIntegTest.assets.json renamed to packages/@aws-cdk/aws-bedrock-agentcore-alpha/test/agentcore/gateway/integ.gateway-with-runtime-m2m.js.snapshot/BedrockAgentCoreRuntimeGatewayM2MIntegTest.assets.json

@@ -117,7 +117,6 @@
     "EmailVerificationMessage": "The verification code to your new account is {####}",
     "EmailVerificationSubject": "Verify your new account",
     "SmsVerificationMessage": "The verification code to your new account is {####}",
-    "UserPoolName": "integ-test-runtime-gateway-gw-userpool",
     "UsernameConfiguration": {
      "CaseSensitive": false
     },
@@ -134,8 +133,8 @@
   "TestGatewayUserPoolResourceServer7A34B6B2": {
    "Type": "AWS::Cognito::UserPoolResourceServer",
    "Properties": {
-    "Identifier": "integ-test-runtime-gateway-gateway-resource-server",
-    "Name": "integ-test-runtime-gateway-GatewayResourceServer",
+    "Identifier": "BedrockAgentCoreRuntimeGatewayM2MIntegTest-TestGateway-4F82402F",
+    "Name": "BedrockAgentCoreRuntimeGatewayM2MIntegTest-TestGateway-4F82402F",
     "Scopes": [
      {
       "ScopeDescription": "Read access to gateway tools",
@@ -182,7 +181,6 @@
       ]
      }
     ],
-    "ClientName": "integ-test-runtime-gateway-gw-client",
     "GenerateSecret": true,
     "SupportedIdentityProviders": [
      "COGNITO"
@@ -286,7 +284,7 @@
   "TestGatewayUserPoolDomainB64B616E": {
    "Type": "AWS::Cognito::UserPoolDomain",
    "Properties": {
-    "Domain": "integ-test-runtime-gateway-gw",
+    "Domain": "bedrockagentcoreruntimegatewaym2mintegtest-testgateway-4f82402f",
     "UserPoolId": {
      "Ref": "TestGatewayUserPool545AA49A"
     }
@@ -321,7 +319,6 @@
      }
     },
     "AuthorizerType": "CUSTOM_JWT",
-    "Description": "Gateway for Runtime integration test with M2M auth",
     "Name": "integ-test-runtime-gateway",
     "ProtocolConfiguration": {
      "Mcp": {
@@ -420,8 +417,6 @@
     "Code": {
      "ZipFile": "\n    exports.handler = async (event, context) => {\n      return {\n        statusCode: 200,\n        body: JSON.stringify({\n          message: 'Hello from Gateway Lambda!',\n          timestamp: new Date().toISOString()\n        }),\n      };\n    };\n  "
     },
-    "Description": "Simple test function for Gateway M2M authentication test",
-    "FunctionName": "integ-test-simple-tool",
     "Handler": "index.handler",
     "Role": {
      "Fn::GetAtt": [
@@ -763,7 +758,6 @@
      }
     },
     "AgentRuntimeName": "integ_test_runtime_with_gateway",
-    "Description": "Runtime using Gateway tools",
     "EnvironmentVariables": {
      "GATEWAY_URL": {
       "Fn::GetAtt": [
@@ -842,7 +836,7 @@
     ]
    },
    "Export": {
-    "Name": "BedrockAgentCoreRuntimeGatewayIntegTest:ExportsOutputFnGetAttTestRuntime65042BB5AgentRuntimeArnE8B3C8DA"
+    "Name": "BedrockAgentCoreRuntimeGatewayM2MIntegTest:ExportsOutputFnGetAttTestRuntime65042BB5AgentRuntimeArnE8B3C8DA"
    }
   }
  },