Creates an Amazon Bedrock AgentCore Runtime.

Creates an AgentCore Runtime endpoint.

Creates a new API key credential provider.

Creates a custom browser.

Creates a browser profile in Amazon Bedrock AgentCore.

A browser profile stores persistent browser data such as cookies, local storage, session storage, and browsing history that can be saved from browser sessions and reused in subsequent sessions.

Creates a custom code interpreter.

Creates a new configuration bundle resource.

A configuration bundle stores versioned component configurations for agent evaluation workflows.

Creates a custom evaluator for agent quality assessment.

Custom evaluators can use either LLM-as-a-Judge configurations with user-defined prompts, rating scales, and model settings, or code-based configurations with customer-managed Lambda functions to evaluate agent performance at tool call, trace, or session levels.

Creates a gateway for Amazon Bedrock Agent.

A gateway serves as an integration point between your agent and external services.

If you specify CUSTOM_JWT as the authorizerType, you must provide an authorizerConfiguration.

Creates a rule for a gateway.

Rules define conditions and actions that control how requests are routed and processed through the gateway, including principal-based access control and path-based routing.

Creates a target for a gateway.

A target defines an endpoint that the gateway can connect to.

Operation to create a Harness.

Creates a new Amazon Bedrock AgentCore Memory resource.

Creates a new OAuth2 credential provider.

Creates an online evaluation configuration for continuous monitoring of agent performance.

Online evaluation automatically samples live traffic from CloudWatch logs at specified rates and applies evaluators to assess agent quality in production.

Creates a new payment connector for a payment manager.

A payment connector integrates with a supported payment provider to enable payment processing capabilities.

Creates a new payment credential provider for storing authentication credentials used by payment connectors to communicate with external payment providers.

Creates a new payment manager in your Amazon Web Services account.

A payment manager serves as the top-level resource for managing payment processing capabilities, including payment connectors that integrate with supported payment providers.

If you specify CUSTOM_JWT as the authorizerType, you must provide an authorizerConfiguration.

Creates a policy within the AgentCore Policy system.

Policies provide real-time, deterministic control over agentic interactions with AgentCore Gateway. Using the Cedar policy language, you can define fine-grained policies that specify which interactions with Gateway tools are permitted based on input parameters and OAuth claims, ensuring agents operate within defined boundaries and business rules. The policy is validated during creation against the Cedar schema generated from the Gateway's tools' input schemas, which defines the available tools, their parameters, and expected data types. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.

Creates a new policy engine within the AgentCore Policy system.

A policy engine is a collection of policies that evaluates and authorizes agent tool calls. When associated with Gateways (each Gateway can be associated with at most one policy engine, but multiple Gateways can be associated with the same engine), the policy engine intercepts all agent requests and determines whether to allow or deny each action based on the defined policies. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.

Creates a new registry in your Amazon Web Services account.

A registry serves as a centralized catalog for organizing and managing registry records, including MCP servers, A2A agents, agent skills, and custom resource types.

If you specify CUSTOM_JWT as the authorizerType, you must provide an authorizerConfiguration.

Creates a new registry record within the specified registry.

A registry record represents an individual AI resource's metadata in the registry. This could be an MCP server (and associated tools), A2A agent, agent skill, or a custom resource with a custom schema.

The record is processed asynchronously and returns HTTP 202 Accepted.

Creates a new workload identity.

Deletes an Amazon Bedrock AgentCore Runtime.

Deletes an AAgentCore Runtime endpoint.

Deletes an API key credential provider.

Deletes a custom browser.

Deletes a browser profile.

Deletes a custom code interpreter.

Deletes a configuration bundle and all of its versions.

Deletes a custom evaluator.

Builtin evaluators cannot be deleted. The evaluator must not be referenced by any active online evaluation configurations.

Deletes a gateway.

Deletes a gateway rule.

Deletes a gateway target.

You cannot delete a target that is in a pending authorization state (CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before deleting the target.

Operation to delete a Harness.

Deletes an Amazon Bedrock AgentCore Memory resource.

Deletes an OAuth2 credential provider.

Deletes an online evaluation configuration and stops any ongoing evaluation processes associated with it.

Deletes a payment connector.

Deletes a payment credential provider and its associated stored credentials.

Deletes a payment manager.

All payment connectors associated with the payment manager must be deleted before the payment manager can be deleted. This operation initiates the deletion process asynchronously.

Deletes an existing policy from the AgentCore Policy system.

Once deleted, the policy can no longer be used for agent behavior control and all references to it become invalid. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.

Deletes an existing policy engine from the AgentCore Policy system.

The policy engine must not have any associated policies before deletion. Once deleted, the policy engine and all its configurations become unavailable for policy management and evaluation. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.

Deletes a registry.

The registry must contain zero records before it can be deleted. This operation initiates the deletion process asynchronously.

Deletes a registry record.

The record's status transitions to DELETING and the record is removed asynchronously.

Deletes the resource-based policy for a specified resource.

This feature is currently available only for AgentCore Runtime and Gateway.

Deletes a workload identity.

Gets an Amazon Bedrock AgentCore Runtime.

Gets information about an Amazon Secure AgentEndpoint.

Retrieves information about an API key credential provider.

Gets information about a custom browser.

Gets information about a browser profile.

Gets information about a custom code interpreter.

Gets the latest version of a configuration bundle.

By default, returns the latest version on the mainline branch. Use GetConfigurationBundleVersion to retrieve a specific historical version.

Gets a specific version of a configuration bundle by its version identifier.

Retrieves detailed information about an evaluator, including its configuration, status, and metadata.

Works with both built-in and custom evaluators.

Retrieves information about a specific Gateway.

Retrieves detailed information about a specific gateway rule.

Retrieves information about a specific gateway target.

Operation to get a single Harness.

Retrieve an existing Amazon Bedrock AgentCore Memory resource.

Retrieves information about an OAuth2 credential provider.

Retrieves detailed information about an online evaluation configuration, including its rules, data sources, evaluators, and execution status.

Retrieves information about a specific payment connector.

Retrieves information about a specific payment credential provider.

Retrieves information about a specific payment manager.

Retrieves detailed information about a specific policy within the AgentCore Policy system.

This operation returns the complete policy definition, metadata, and current status, allowing administrators to review and manage policy configurations.

Retrieves detailed information about a specific policy engine within the AgentCore Policy system.

This operation returns the complete policy engine configuration, metadata, and current status, allowing administrators to review and manage policy engine settings.

Retrieves information about a policy generation request within the AgentCore Policy system.

Policy generation converts natural language descriptions into Cedar policy statements using AI-powered translation, enabling non-technical users to create policies.

Retrieves information about a specific registry.

Retrieves information about a specific registry record.

Retrieves the resource-based policy for a specified resource.

This feature is currently available only for AgentCore Runtime and Gateway.

Retrieves information about a token vault.

Retrieves information about a workload identity.

Lists all endpoints for a specific Amazon Secure Agent.

Lists all versions of a specific Amazon Secure Agent.

Lists all Amazon Secure Agents in your account.

Lists all API key credential providers in your account.

Lists all browser profiles in your account.

Lists all custom browsers in your account.

Lists all custom code interpreters in your account.

Lists all versions of a configuration bundle, with optional filtering by branch name or creation source.

Lists all configuration bundles in the account.

Lists all available evaluators, including both builtin evaluators provided by the service and custom evaluators created by the user.

Lists all rules for a gateway.

Lists all targets for a specific gateway.

Lists all gateways in the account.

Operation to list Harnesses.

Lists the available Amazon Bedrock AgentCore Memory resources in the current Amazon Web Services Region.

Lists all OAuth2 credential providers in your account.

Lists all online evaluation configurations in the account, providing summary information about each configuration's status and settings.

Lists all payment connectors for a specified payment manager.

Lists all payment credential providers in the account.

Lists all payment managers in the account.

Retrieves a list of policies within the AgentCore Policy engine.

This operation supports pagination and filtering to help administrators manage and discover policies across policy engines. Results can be filtered by policy engine or resource associations.

Retrieves a list of policy engines within the AgentCore Policy system.

This operation supports pagination to help administrators discover and manage policy engines across their account. Each policy engine serves as a container for related policies.

Retrieves a list of generated policy assets from a policy generation request within the AgentCore Policy system.

This operation returns the actual Cedar policies and related artifacts produced by the AI-powered policy generation process, allowing users to review and select from multiple generated policy options.

Retrieves a list of policy generation requests within the AgentCore Policy system.

This operation supports pagination and filtering to help track and manage AI-powered policy generation operations.

Lists all registries in the account.

You can optionally filter results by status using the status parameter.

Lists registry records within a registry.

You can optionally filter results using the name, status, and descriptorType parameters. When multiple filters are specified, they are combined using AND logic.

Lists the tags associated with the specified resource.

This feature is currently available only for AgentCore Runtime, Browser, Browser Profile, Code Interpreter tool, and Gateway.

Lists all workload identities in your account.

Creates or updates a resource-based policy for a resource with the specified resourceArn.

This feature is currently available only for AgentCore Runtime and Gateway.

Sets the customer master key (CMK) for a token vault.

Initiates the AI-powered generation of Cedar policies from natural language descriptions within the AgentCore Policy system.

This feature enables both technical and non-technical users to create policies by describing their authorization requirements in plain English, which is then automatically translated into formal Cedar policy statements. The generation process analyzes the natural language input along with the Gateway's tool context to produce validated policy options. Generated policy assets are automatically deleted after 7 days, so you should review and create policies from the generated assets within this timeframe. Once created, policies are permanent and not subject to this expiration. Generated policies should be reviewed and tested in log-only mode before deploying to production. Use this when you want to describe policy intent naturally rather than learning Cedar syntax, though generated policies may require refinement for complex scenarios.

Submits a registry record for approval.

This transitions the record from DRAFT status to PENDING_APPROVAL status. If the registry has auto-approval enabled, the record is automatically approved.

Synchronizes the gateway targets by fetching the latest tool definitions from the target endpoints.

You cannot synchronize a target that is in a pending authorization state (CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before synchronizing.

You cannot synchronize a target that has a static tool schema (mcpToolSchema) configured. Remove the static schema through an UpdateGatewayTarget call to enable dynamic tool synchronization.

Associates the specified tags to a resource with the specified resourceArn.

If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are also deleted.

This feature is currently available only for AgentCore Runtime, Browser, Browser Profile, Code Interpreter tool, and Gateway.

Removes the specified tags from the specified resource.

This feature is currently available only for AgentCore Runtime, Browser, Browser Profile, Code Interpreter tool, and Gateway.

Updates an existing Amazon Secure Agent.

Updates an existing Amazon Bedrock AgentCore Runtime endpoint.

Updates an existing API key credential provider.

Updates a configuration bundle by creating a new version with the specified changes.

Each update creates a new version in the version history.

Updates a custom evaluator's configuration, description, or evaluation level.

Built-in evaluators cannot be updated. The evaluator must not be locked for modification.

Updates an existing gateway.

Updates a gateway rule's priority, conditions, actions, or description.

Updates an existing gateway target.

You cannot update a target that is in a pending authorization state (CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before updating the target.

Operation to update a Harness.

Update an Amazon Bedrock AgentCore Memory resource memory.

Updates an existing OAuth2 credential provider.

Updates an online evaluation configuration's settings, including rules, data sources, evaluators, and execution status.

Changes take effect immediately for ongoing evaluations.

Updates an existing payment connector.

This operation uses PATCH semantics, so you only need to specify the fields you want to change.

Updates an existing payment credential provider with new authentication credentials.

Updates an existing payment manager.

This operation uses PATCH semantics, so you only need to specify the fields you want to change.

Updates an existing policy within the AgentCore Policy system.

This operation allows modification of the policy description and definition while maintaining the policy's identity. The updated policy is validated against the Cedar schema before being applied. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.

Updates an existing policy engine within the AgentCore Policy system.

This operation allows modification of the policy engine description while maintaining its identity. This is an asynchronous operation. Use the GetPolicyEngine operation to poll the status field to track completion.

Updates an existing registry.

This operation uses PATCH semantics, so you only need to specify the fields you want to change.

Updates an existing registry record.

This operation uses PATCH semantics, so you only need to specify the fields you want to change. The update is processed asynchronously and returns HTTP 202 Accepted.

Updates the status of a registry record.

Use this operation to approve, reject, or deprecate a registry record.

Updates an existing workload identity.