feat(client-bedrock-agentcore-control): Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets.

Author: awstools

clients/client-bedrock-agentcore-control/src/commands/CreateGatewayTargetCommand.ts

@@ -149,6 +149,17 @@ export interface CreateGatewayTargetCommandOutput extends CreateGatewayTargetRes
  *       },
  *     },
  *   ],
+ *   metadataConfiguration: { // MetadataConfiguration
+ *     allowedRequestHeaders: [ // AllowedRequestHeaders
+ *       "STRING_VALUE",
+ *     ],
+ *     allowedQueryParameters: [ // AllowedQueryParameters
+ *       "STRING_VALUE",
+ *     ],
+ *     allowedResponseHeaders: [ // AllowedResponseHeaders
+ *       "STRING_VALUE",
+ *     ],
+ *   },
  * };
  * const command = new CreateGatewayTargetCommand(input);
  * const response = await client.send(command);
@@ -268,6 +279,17 @@ export interface CreateGatewayTargetCommandOutput extends CreateGatewayTargetRes
  * //     },
  * //   ],
  * //   lastSynchronizedAt: new Date("TIMESTAMP"),
+ * //   metadataConfiguration: { // MetadataConfiguration
+ * //     allowedRequestHeaders: [ // AllowedRequestHeaders
+ * //       "STRING_VALUE",
+ * //     ],
+ * //     allowedQueryParameters: [ // AllowedQueryParameters
+ * //       "STRING_VALUE",
+ * //     ],
+ * //     allowedResponseHeaders: [ // AllowedResponseHeaders
+ * //       "STRING_VALUE",
+ * //     ],
+ * //   },
  * // };
  *
  * ```

clients/client-bedrock-agentcore-control/src/commands/GetGatewayTargetCommand.ts

@@ -163,6 +163,17 @@ export interface GetGatewayTargetCommandOutput extends GetGatewayTargetResponse,
  * //     },
  * //   ],
  * //   lastSynchronizedAt: new Date("TIMESTAMP"),
+ * //   metadataConfiguration: { // MetadataConfiguration
+ * //     allowedRequestHeaders: [ // AllowedRequestHeaders
+ * //       "STRING_VALUE",
+ * //     ],
+ * //     allowedQueryParameters: [ // AllowedQueryParameters
+ * //       "STRING_VALUE",
+ * //     ],
+ * //     allowedResponseHeaders: [ // AllowedResponseHeaders
+ * //       "STRING_VALUE",
+ * //     ],
+ * //   },
  * // };
  *
  * ```

clients/client-bedrock-agentcore-control/src/commands/ListPoliciesCommand.ts

@@ -9,8 +9,7 @@ import type {
   ServiceOutputTypes,
 } from "../BedrockAgentCoreControlClient";
 import { commonParams } from "../endpoint/EndpointParameters";
-import type { ListPoliciesRequest } from "../models/models_0";
-import type { ListPoliciesResponse } from "../models/models_1";
+import type { ListPoliciesRequest, ListPoliciesResponse } from "../models/models_1";
 import { ListPolicies$ } from "../schemas/schemas_0";
 
 /**

clients/client-bedrock-agentcore-control/src/commands/SynchronizeGatewayTargetsCommand.ts

@@ -167,6 +167,17 @@ export interface SynchronizeGatewayTargetsCommandOutput extends SynchronizeGatew
  * //         },
  * //       ],
  * //       lastSynchronizedAt: new Date("TIMESTAMP"),
+ * //       metadataConfiguration: { // MetadataConfiguration
+ * //         allowedRequestHeaders: [ // AllowedRequestHeaders
+ * //           "STRING_VALUE",
+ * //         ],
+ * //         allowedQueryParameters: [ // AllowedQueryParameters
+ * //           "STRING_VALUE",
+ * //         ],
+ * //         allowedResponseHeaders: [ // AllowedResponseHeaders
+ * //           "STRING_VALUE",
+ * //         ],
+ * //       },
  * //     },
  * //   ],
  * // };

clients/client-bedrock-agentcore-control/src/commands/UpdateGatewayTargetCommand.ts

@@ -149,6 +149,17 @@ export interface UpdateGatewayTargetCommandOutput extends UpdateGatewayTargetRes
  *       },
  *     },
  *   ],
+ *   metadataConfiguration: { // MetadataConfiguration
+ *     allowedRequestHeaders: [ // AllowedRequestHeaders
+ *       "STRING_VALUE",
+ *     ],
+ *     allowedQueryParameters: [ // AllowedQueryParameters
+ *       "STRING_VALUE",
+ *     ],
+ *     allowedResponseHeaders: [ // AllowedResponseHeaders
+ *       "STRING_VALUE",
+ *     ],
+ *   },
  * };
  * const command = new UpdateGatewayTargetCommand(input);
  * const response = await client.send(command);
@@ -268,6 +279,17 @@ export interface UpdateGatewayTargetCommandOutput extends UpdateGatewayTargetRes
  * //     },
  * //   ],
  * //   lastSynchronizedAt: new Date("TIMESTAMP"),
+ * //   metadataConfiguration: { // MetadataConfiguration
+ * //     allowedRequestHeaders: [ // AllowedRequestHeaders
+ * //       "STRING_VALUE",
+ * //     ],
+ * //     allowedQueryParameters: [ // AllowedQueryParameters
+ * //       "STRING_VALUE",
+ * //     ],
+ * //     allowedResponseHeaders: [ // AllowedResponseHeaders
+ * //       "STRING_VALUE",
+ * //     ],
+ * //   },
  * // };
  *
  * ```

clients/client-bedrock-agentcore-control/src/models/models_0.ts

@@ -3871,6 +3871,30 @@ export interface CredentialProviderConfiguration {
   credentialProvider?: CredentialProvider | undefined;
 }
 
+/**
+ * <p>Configuration for HTTP header and query parameter propagation between the gateway and target servers.</p>
+ * @public
+ */
+export interface MetadataConfiguration {
+  /**
+   * <p>A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.</p>
+   * @public
+   */
+  allowedRequestHeaders?: string[] | undefined;
+
+  /**
+   * <p>A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.</p>
+   * @public
+   */
+  allowedQueryParameters?: string[] | undefined;
+
+  /**
+   * <p>A list of HTTP headers that are allowed to be propagated from the target response back to the client.</p>
+   * @public
+   */
+  allowedResponseHeaders?: string[] | undefined;
+}
+
 /**
  * <p>Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.</p>
  * @public
@@ -9506,32 +9530,3 @@ export interface GetPolicyResponse {
    */
   statusReasons: string[] | undefined;
 }
-
-/**
- * @public
- */
-export interface ListPoliciesRequest {
-  /**
-   * <p>A pagination token returned from a previous <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicies.html">ListPolicies</a> call. Use this token to retrieve the next page of results when the response is paginated.</p>
-   * @public
-   */
-  nextToken?: string | undefined;
-
-  /**
-   * <p>The maximum number of policies to return in a single response. If not specified, the default is 10 policies per page, with a maximum of 100 per page.</p>
-   * @public
-   */
-  maxResults?: number | undefined;
-
-  /**
-   * <p>The identifier of the policy engine whose policies to retrieve.</p>
-   * @public
-   */
-  policyEngineId: string | undefined;
-
-  /**
-   * <p>Optional filter to list policies that apply to a specific resource scope or resource type. This helps narrow down policy results to those relevant for particular Amazon Web Services resources, agent tools, or operational contexts within the policy engine ecosystem.</p>
-   * @public
-   */
-  targetResourceScope?: string | undefined;
-}

clients/client-bedrock-agentcore-control/src/models/models_1.ts

@@ -3,6 +3,7 @@ import { PolicyStatus, PolicyValidationMode, SchemaType, TargetStatus } from "./
 
 import {
   type KmsConfiguration,
+  type MetadataConfiguration,
   type PolicyDefinition,
   ApiGatewayTargetConfiguration,
   ApiSchemaConfiguration,
@@ -11,6 +12,35 @@ import {
   S3Configuration,
 } from "./models_0";
 
+/**
+ * @public
+ */
+export interface ListPoliciesRequest {
+  /**
+   * <p>A pagination token returned from a previous <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicies.html">ListPolicies</a> call. Use this token to retrieve the next page of results when the response is paginated.</p>
+   * @public
+   */
+  nextToken?: string | undefined;
+
+  /**
+   * <p>The maximum number of policies to return in a single response. If not specified, the default is 10 policies per page, with a maximum of 100 per page.</p>
+   * @public
+   */
+  maxResults?: number | undefined;
+
+  /**
+   * <p>The identifier of the policy engine whose policies to retrieve.</p>
+   * @public
+   */
+  policyEngineId: string | undefined;
+
+  /**
+   * <p>Optional filter to list policies that apply to a specific resource scope or resource type. This helps narrow down policy results to those relevant for particular Amazon Web Services resources, agent tools, or operational contexts within the policy engine ecosystem.</p>
+   * @public
+   */
+  targetResourceScope?: string | undefined;
+}
+
 /**
  * <p>Represents a complete policy resource within the AgentCore Policy system. Policies are ARN-able resources that contain Cedar policy statements and associated metadata for controlling agent behavior and access decisions. Each policy belongs to a policy engine and defines fine-grained authorization rules that are evaluated in real-time as agents interact with tools through Gateway. Policies use the Cedar policy language to specify who (principals based on OAuth claims like username, role, or scope) can perform what actions (tool calls) on which resources (Gateways), with optional conditions for attribute-based access control. Multiple policies can apply to a single request, with Cedar's forbid-wins semantics ensuring that security restrictions are never accidentally overridden.</p>
  * @public
@@ -835,6 +865,12 @@ export interface CreateGatewayTargetRequest {
    * @public
    */
   credentialProviderConfigurations?: CredentialProviderConfiguration[] | undefined;
+
+  /**
+   * <p>Optional configuration for HTTP header and query parameter propagation to and from the gateway target.</p>
+   * @public
+   */
+  metadataConfiguration?: MetadataConfiguration | undefined;
 }
 
 /**
@@ -906,6 +942,12 @@ export interface CreateGatewayTargetResponse {
    * @public
    */
   lastSynchronizedAt?: Date | undefined;
+
+  /**
+   * <p>The metadata configuration that was applied to the created gateway target.</p>
+   * @public
+   */
+  metadataConfiguration?: MetadataConfiguration | undefined;
 }
 
 /**
@@ -978,6 +1020,12 @@ export interface GatewayTarget {
    * @public
    */
   lastSynchronizedAt?: Date | undefined;
+
+  /**
+   * <p>The metadata configuration for HTTP header and query parameter propagation to and from this gateway target.</p>
+   * @public
+   */
+  metadataConfiguration?: MetadataConfiguration | undefined;
 }
 
 /**
@@ -1049,6 +1097,12 @@ export interface GetGatewayTargetResponse {
    * @public
    */
   lastSynchronizedAt?: Date | undefined;
+
+  /**
+   * <p>The metadata configuration for HTTP header and query parameter propagation for the retrieved gateway target.</p>
+   * @public
+   */
+  metadataConfiguration?: MetadataConfiguration | undefined;
 }
 
 /**
@@ -1090,6 +1144,12 @@ export interface UpdateGatewayTargetRequest {
    * @public
    */
   credentialProviderConfigurations?: CredentialProviderConfiguration[] | undefined;
+
+  /**
+   * <p>Configuration for HTTP header and query parameter propagation to the gateway target.</p>
+   * @public
+   */
+  metadataConfiguration?: MetadataConfiguration | undefined;
 }
 
 /**
@@ -1161,6 +1221,12 @@ export interface UpdateGatewayTargetResponse {
    * @public
    */
   lastSynchronizedAt?: Date | undefined;
+
+  /**
+   * <p>The metadata configuration that was applied to the gateway target.</p>
+   * @public
+   */
+  metadataConfiguration?: MetadataConfiguration | undefined;
 }
 
 /**