1. Packages
  2. AWS
  3. API Docs
  4. bedrock
  5. AgentcoreAgentRuntime
AWS v7.11.0 published on Wednesday, Nov 5, 2025 by Pulumi
pulumi/pulumi-aws

aws.bedrock.AgentcoreAgentRuntime

Start a Neo task
Explain and create an aws.bedrock.AgentcoreAgentRuntime resource
aws logo
AWS v7.11.0 published on Wednesday, Nov 5, 2025 by Pulumi
pulumi/pulumi-aws

    Manages an AWS Bedrock AgentCore Agent Runtime. Agent Runtime provides a containerized execution environment for AI agents.

    Example Usage

    Basic Usage

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const assumeRole = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        actions: ["sts:AssumeRole"],
        principals: [{
            type: "Service",
            identifiers: ["bedrock-agentcore.amazonaws.com"],
        }],
    }],
});
const ecrPermissions = aws.iam.getPolicyDocument({
    statements: [
        {
            actions: ["ecr:GetAuthorizationToken"],
            effect: "Allow",
            resources: ["*"],
        },
        {
            actions: [
                "ecr:BatchGetImage",
                "ecr:GetDownloadUrlForLayer",
            ],
            effect: "Allow",
            resources: [exampleAwsEcrRepository.arn],
        },
    ],
});
const example = new aws.iam.Role("example", {
    name: "bedrock-agentcore-runtime-role",
    assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const exampleRolePolicy = new aws.iam.RolePolicy("example", {
    role: example.id,
    policy: ecrPermissions.then(ecrPermissions => ecrPermissions.json),
});
const exampleAgentcoreAgentRuntime = new aws.bedrock.AgentcoreAgentRuntime("example", {
    agentRuntimeName: "example-agent-runtime",
    roleArn: example.arn,
    agentRuntimeArtifact: {
        containerConfiguration: {
            containerUri: `${exampleAwsEcrRepository.repositoryUrl}:latest`,
        },
    },
    networkConfiguration: {
        networkMode: "PUBLIC",
    },
});

    import pulumi
import pulumi_aws as aws

assume_role = aws.iam.get_policy_document(statements=[{
    "effect": "Allow",
    "actions": ["sts:AssumeRole"],
    "principals": [{
        "type": "Service",
        "identifiers": ["bedrock-agentcore.amazonaws.com"],
    }],
}])
ecr_permissions = aws.iam.get_policy_document(statements=[
    {
        "actions": ["ecr:GetAuthorizationToken"],
        "effect": "Allow",
        "resources": ["*"],
    },
    {
        "actions": [
            "ecr:BatchGetImage",
            "ecr:GetDownloadUrlForLayer",
        ],
        "effect": "Allow",
        "resources": [example_aws_ecr_repository["arn"]],
    },
])
example = aws.iam.Role("example",
    name="bedrock-agentcore-runtime-role",
    assume_role_policy=assume_role.json)
example_role_policy = aws.iam.RolePolicy("example",
    role=example.id,
    policy=ecr_permissions.json)
example_agentcore_agent_runtime = aws.bedrock.AgentcoreAgentRuntime("example",
    agent_runtime_name="example-agent-runtime",
    role_arn=example.arn,
    agent_runtime_artifact={
        "container_configuration": {
            "container_uri": f"{example_aws_ecr_repository['repositoryUrl']}:latest",
        },
    },
    network_configuration={
        "network_mode": "PUBLIC",
    })

    package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/bedrock"
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"sts:AssumeRole",
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"bedrock-agentcore.amazonaws.com",
},
},
},
},
},
}, nil);
if err != nil {
return err
}
ecrPermissions, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"ecr:GetAuthorizationToken",
},
Effect: pulumi.StringRef("Allow"),
Resources: []string{
"*",
},
},
{
Actions: []string{
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
},
Effect: pulumi.StringRef("Allow"),
Resources: interface{}{
exampleAwsEcrRepository.Arn,
},
},
},
}, nil);
if err != nil {
return err
}
example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
Name: pulumi.String("bedrock-agentcore-runtime-role"),
AssumeRolePolicy: pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicy(ctx, "example", &iam.RolePolicyArgs{
Role: example.ID(),
Policy: pulumi.String(ecrPermissions.Json),
})
if err != nil {
return err
}
_, err = bedrock.NewAgentcoreAgentRuntime(ctx, "example", &bedrock.AgentcoreAgentRuntimeArgs{
AgentRuntimeName: pulumi.String("example-agent-runtime"),
RoleArn: example.Arn,
AgentRuntimeArtifact: &bedrock.AgentcoreAgentRuntimeAgentRuntimeArtifactArgs{
ContainerConfiguration: &bedrock.AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs{
ContainerUri: pulumi.Sprintf("%v:latest", exampleAwsEcrRepository.RepositoryUrl),
},
},
NetworkConfiguration: &bedrock.AgentcoreAgentRuntimeNetworkConfigurationArgs{
NetworkMode: pulumi.String("PUBLIC"),
},
})
if err != nil {
return err
}
return nil
})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "Service",
                        Identifiers = new[]
                        {
                            "bedrock-agentcore.amazonaws.com",
                        },
                    },
                },
            },
        },
    });

    var ecrPermissions = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "ecr:GetAuthorizationToken",
                },
                Effect = "Allow",
                Resources = new[]
                {
                    "*",
                },
            },
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "ecr:BatchGetImage",
                    "ecr:GetDownloadUrlForLayer",
                },
                Effect = "Allow",
                Resources = new[]
                {
                    exampleAwsEcrRepository.Arn,
                },
            },
        },
    });

    var example = new Aws.Iam.Role("example", new()
    {
        Name = "bedrock-agentcore-runtime-role",
        AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var exampleRolePolicy = new Aws.Iam.RolePolicy("example", new()
    {
        Role = example.Id,
        Policy = ecrPermissions.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var exampleAgentcoreAgentRuntime = new Aws.Bedrock.AgentcoreAgentRuntime("example", new()
    {
        AgentRuntimeName = "example-agent-runtime",
        RoleArn = example.Arn,
        AgentRuntimeArtifact = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactArgs
        {
            ContainerConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs
            {
                ContainerUri = $"{exampleAwsEcrRepository.RepositoryUrl}:latest",
            },
        },
        NetworkConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeNetworkConfigurationArgs
        {
            NetworkMode = "PUBLIC",
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.aws.bedrock.AgentcoreAgentRuntime;
import com.pulumi.aws.bedrock.AgentcoreAgentRuntimeArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeNetworkConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions("sts:AssumeRole")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("bedrock-agentcore.amazonaws.com")
                    .build())
                .build())
            .build());

        final var ecrPermissions = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(            
                GetPolicyDocumentStatementArgs.builder()
                    .actions("ecr:GetAuthorizationToken")
                    .effect("Allow")
                    .resources("*")
                    .build(),
                GetPolicyDocumentStatementArgs.builder()
                    .actions(                    
                        "ecr:BatchGetImage",
                        "ecr:GetDownloadUrlForLayer")
                    .effect("Allow")
                    .resources(exampleAwsEcrRepository.arn())
                    .build())
            .build());

        var example = new Role("example", RoleArgs.builder()
            .name("bedrock-agentcore-runtime-role")
            .assumeRolePolicy(assumeRole.json())
            .build());

        var exampleRolePolicy = new RolePolicy("exampleRolePolicy", RolePolicyArgs.builder()
            .role(example.id())
            .policy(ecrPermissions.json())
            .build());

        var exampleAgentcoreAgentRuntime = new AgentcoreAgentRuntime("exampleAgentcoreAgentRuntime", AgentcoreAgentRuntimeArgs.builder()
            .agentRuntimeName("example-agent-runtime")
            .roleArn(example.arn())
            .agentRuntimeArtifact(AgentcoreAgentRuntimeAgentRuntimeArtifactArgs.builder()
                .containerConfiguration(AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs.builder()
                    .containerUri(String.format("%s:latest", exampleAwsEcrRepository.repositoryUrl()))
                    .build())
                .build())
            .networkConfiguration(AgentcoreAgentRuntimeNetworkConfigurationArgs.builder()
                .networkMode("PUBLIC")
                .build())
            .build());

    }
}

    resources:
  example:
    type: aws:iam:Role
    properties:
      name: bedrock-agentcore-runtime-role
      assumeRolePolicy: ${assumeRole.json}
  exampleRolePolicy:
    type: aws:iam:RolePolicy
    name: example
    properties:
      role: ${example.id}
      policy: ${ecrPermissions.json}
  exampleAgentcoreAgentRuntime:
    type: aws:bedrock:AgentcoreAgentRuntime
    name: example
    properties:
      agentRuntimeName: example-agent-runtime
      roleArn: ${example.arn}
      agentRuntimeArtifact:
        containerConfiguration:
          containerUri: ${exampleAwsEcrRepository.repositoryUrl}:latest
      networkConfiguration:
        networkMode: PUBLIC
variables:
  assumeRole:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - effect: Allow
            actions:
              - sts:AssumeRole
            principals:
              - type: Service
                identifiers:
                  - bedrock-agentcore.amazonaws.com
  ecrPermissions:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - actions:
              - ecr:GetAuthorizationToken
            effect: Allow
            resources:
              - '*'
          - actions:
              - ecr:BatchGetImage
              - ecr:GetDownloadUrlForLayer
            effect: Allow
            resources:
              - ${exampleAwsEcrRepository.arn}

    MCP Server With Custom JWT Authorizer

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.bedrock.AgentcoreAgentRuntime("example", {
    agentRuntimeName: "example-agent-runtime",
    description: "Agent runtime with JWT authorization",
    roleArn: exampleAwsIamRole.arn,
    agentRuntimeArtifact: {
        containerConfiguration: {
            containerUri: `${exampleAwsEcrRepository.repositoryUrl}:v1.0`,
        },
    },
    environmentVariables: {
        LOG_LEVEL: "INFO",
        ENV: "production",
    },
    authorizerConfiguration: {
        customJwtAuthorizer: {
            discoveryUrl: "https://accounts.google.com/.well-known/openid-configuration",
            allowedAudiences: [
                "my-app",
                "mobile-app",
            ],
            allowedClients: [
                "client-123",
                "client-456",
            ],
        },
    },
    networkConfiguration: {
        networkMode: "PUBLIC",
    },
    protocolConfiguration: {
        serverProtocol: "MCP",
    },
});

    import pulumi
import pulumi_aws as aws

example = aws.bedrock.AgentcoreAgentRuntime("example",
    agent_runtime_name="example-agent-runtime",
    description="Agent runtime with JWT authorization",
    role_arn=example_aws_iam_role["arn"],
    agent_runtime_artifact={
        "container_configuration": {
            "container_uri": f"{example_aws_ecr_repository['repositoryUrl']}:v1.0",
        },
    },
    environment_variables={
        "LOG_LEVEL": "INFO",
        "ENV": "production",
    },
    authorizer_configuration={
        "custom_jwt_authorizer": {
            "discovery_url": "https://accounts.google.com/.well-known/openid-configuration",
            "allowed_audiences": [
                "my-app",
                "mobile-app",
            ],
            "allowed_clients": [
                "client-123",
                "client-456",
            ],
        },
    },
    network_configuration={
        "network_mode": "PUBLIC",
    },
    protocol_configuration={
        "server_protocol": "MCP",
    })

    package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/bedrock"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := bedrock.NewAgentcoreAgentRuntime(ctx, "example", &bedrock.AgentcoreAgentRuntimeArgs{
			AgentRuntimeName: pulumi.String("example-agent-runtime"),
			Description:      pulumi.String("Agent runtime with JWT authorization"),
			RoleArn:          pulumi.Any(exampleAwsIamRole.Arn),
			AgentRuntimeArtifact: &bedrock.AgentcoreAgentRuntimeAgentRuntimeArtifactArgs{
				ContainerConfiguration: &bedrock.AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs{
					ContainerUri: pulumi.Sprintf("%v:v1.0", exampleAwsEcrRepository.RepositoryUrl),
				},
			},
			EnvironmentVariables: pulumi.StringMap{
				"LOG_LEVEL": pulumi.String("INFO"),
				"ENV":       pulumi.String("production"),
			},
			AuthorizerConfiguration: &bedrock.AgentcoreAgentRuntimeAuthorizerConfigurationArgs{
				CustomJwtAuthorizer: &bedrock.AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizerArgs{
					DiscoveryUrl: pulumi.String("https://accounts.google.com/.well-known/openid-configuration"),
					AllowedAudiences: pulumi.StringArray{
						pulumi.String("my-app"),
						pulumi.String("mobile-app"),
					},
					AllowedClients: pulumi.StringArray{
						pulumi.String("client-123"),
						pulumi.String("client-456"),
					},
				},
			},
			NetworkConfiguration: &bedrock.AgentcoreAgentRuntimeNetworkConfigurationArgs{
				NetworkMode: pulumi.String("PUBLIC"),
			},
			ProtocolConfiguration: &bedrock.AgentcoreAgentRuntimeProtocolConfigurationArgs{
				ServerProtocol: pulumi.String("MCP"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Bedrock.AgentcoreAgentRuntime("example", new()
    {
        AgentRuntimeName = "example-agent-runtime",
        Description = "Agent runtime with JWT authorization",
        RoleArn = exampleAwsIamRole.Arn,
        AgentRuntimeArtifact = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactArgs
        {
            ContainerConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs
            {
                ContainerUri = $"{exampleAwsEcrRepository.RepositoryUrl}:v1.0",
            },
        },
        EnvironmentVariables = 
        {
            { "LOG_LEVEL", "INFO" },
            { "ENV", "production" },
        },
        AuthorizerConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAuthorizerConfigurationArgs
        {
            CustomJwtAuthorizer = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizerArgs
            {
                DiscoveryUrl = "https://accounts.google.com/.well-known/openid-configuration",
                AllowedAudiences = new[]
                {
                    "my-app",
                    "mobile-app",
                },
                AllowedClients = new[]
                {
                    "client-123",
                    "client-456",
                },
            },
        },
        NetworkConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeNetworkConfigurationArgs
        {
            NetworkMode = "PUBLIC",
        },
        ProtocolConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeProtocolConfigurationArgs
        {
            ServerProtocol = "MCP",
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.bedrock.AgentcoreAgentRuntime;
import com.pulumi.aws.bedrock.AgentcoreAgentRuntimeArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeAuthorizerConfigurationArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizerArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeNetworkConfigurationArgs;
import com.pulumi.aws.bedrock.inputs.AgentcoreAgentRuntimeProtocolConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new AgentcoreAgentRuntime("example", AgentcoreAgentRuntimeArgs.builder()
            .agentRuntimeName("example-agent-runtime")
            .description("Agent runtime with JWT authorization")
            .roleArn(exampleAwsIamRole.arn())
            .agentRuntimeArtifact(AgentcoreAgentRuntimeAgentRuntimeArtifactArgs.builder()
                .containerConfiguration(AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs.builder()
                    .containerUri(String.format("%s:v1.0", exampleAwsEcrRepository.repositoryUrl()))
                    .build())
                .build())
            .environmentVariables(Map.ofEntries(
                Map.entry("LOG_LEVEL", "INFO"),
                Map.entry("ENV", "production")
            ))
            .authorizerConfiguration(AgentcoreAgentRuntimeAuthorizerConfigurationArgs.builder()
                .customJwtAuthorizer(AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizerArgs.builder()
                    .discoveryUrl("https://accounts.google.com/.well-known/openid-configuration")
                    .allowedAudiences(                    
                        "my-app",
                        "mobile-app")
                    .allowedClients(                    
                        "client-123",
                        "client-456")
                    .build())
                .build())
            .networkConfiguration(AgentcoreAgentRuntimeNetworkConfigurationArgs.builder()
                .networkMode("PUBLIC")
                .build())
            .protocolConfiguration(AgentcoreAgentRuntimeProtocolConfigurationArgs.builder()
                .serverProtocol("MCP")
                .build())
            .build());

    }
}

    resources:
  example:
    type: aws:bedrock:AgentcoreAgentRuntime
    properties:
      agentRuntimeName: example-agent-runtime
      description: Agent runtime with JWT authorization
      roleArn: ${exampleAwsIamRole.arn}
      agentRuntimeArtifact:
        containerConfiguration:
          containerUri: ${exampleAwsEcrRepository.repositoryUrl}:v1.0
      environmentVariables:
        LOG_LEVEL: INFO
        ENV: production
      authorizerConfiguration:
        customJwtAuthorizer:
          discoveryUrl: https://accounts.google.com/.well-known/openid-configuration
          allowedAudiences:
            - my-app
            - mobile-app
          allowedClients:
            - client-123
            - client-456
      networkConfiguration:
        networkMode: PUBLIC
      protocolConfiguration:
        serverProtocol: MCP

    Create AgentcoreAgentRuntime Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AgentcoreAgentRuntime(name: string, args: AgentcoreAgentRuntimeArgs, opts?: CustomResourceOptions);
    @overload
def AgentcoreAgentRuntime(resource_name: str,
                          args: AgentcoreAgentRuntimeArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def AgentcoreAgentRuntime(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          role_arn: Optional[str] = None,
                          agent_runtime_name: Optional[str] = None,
                          network_configuration: Optional[AgentcoreAgentRuntimeNetworkConfigurationArgs] = None,
                          description: Optional[str] = None,
                          environment_variables: Optional[Mapping[str, str]] = None,
                          lifecycle_configurations: Optional[Sequence[AgentcoreAgentRuntimeLifecycleConfigurationArgs]] = None,
                          agent_runtime_artifact: Optional[AgentcoreAgentRuntimeAgentRuntimeArtifactArgs] = None,
                          protocol_configuration: Optional[AgentcoreAgentRuntimeProtocolConfigurationArgs] = None,
                          region: Optional[str] = None,
                          request_header_configuration: Optional[AgentcoreAgentRuntimeRequestHeaderConfigurationArgs] = None,
                          authorizer_configuration: Optional[AgentcoreAgentRuntimeAuthorizerConfigurationArgs] = None,
                          tags: Optional[Mapping[str, str]] = None,
                          timeouts: Optional[AgentcoreAgentRuntimeTimeoutsArgs] = None)
    func NewAgentcoreAgentRuntime(ctx *Context, name string, args AgentcoreAgentRuntimeArgs, opts ...ResourceOption) (*AgentcoreAgentRuntime, error)
    public AgentcoreAgentRuntime(string name, AgentcoreAgentRuntimeArgs args, CustomResourceOptions? opts = null)
    public AgentcoreAgentRuntime(String name, AgentcoreAgentRuntimeArgs args)
public AgentcoreAgentRuntime(String name, AgentcoreAgentRuntimeArgs args, CustomResourceOptions options)

    type: aws:bedrock:AgentcoreAgentRuntime
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args AgentcoreAgentRuntimeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AgentcoreAgentRuntimeArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AgentcoreAgentRuntimeArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AgentcoreAgentRuntimeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AgentcoreAgentRuntimeArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var agentcoreAgentRuntimeResource = new Aws.Bedrock.AgentcoreAgentRuntime("agentcoreAgentRuntimeResource", new()
{
    RoleArn = "string",
    AgentRuntimeName = "string",
    NetworkConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeNetworkConfigurationArgs
    {
        NetworkMode = "string",
        NetworkModeConfig = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfigArgs
        {
            SecurityGroups = new[]
            {
                "string",
            },
            Subnets = new[]
            {
                "string",
            },
        },
    },
    Description = "string",
    EnvironmentVariables = 
    {
        { "string", "string" },
    },
    LifecycleConfigurations = new[]
    {
        new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeLifecycleConfigurationArgs
        {
            IdleRuntimeSessionTimeout = 0,
            MaxLifetime = 0,
        },
    },
    AgentRuntimeArtifact = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactArgs
    {
        ContainerConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs
        {
            ContainerUri = "string",
        },
    },
    ProtocolConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeProtocolConfigurationArgs
    {
        ServerProtocol = "string",
    },
    Region = "string",
    RequestHeaderConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeRequestHeaderConfigurationArgs
    {
        RequestHeaderAllowlists = new[]
        {
            "string",
        },
    },
    AuthorizerConfiguration = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAuthorizerConfigurationArgs
    {
        CustomJwtAuthorizer = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizerArgs
        {
            DiscoveryUrl = "string",
            AllowedAudiences = new[]
            {
                "string",
            },
            AllowedClients = new[]
            {
                "string",
            },
        },
    },
    Tags = 
    {
        { "string", "string" },
    },
    Timeouts = new Aws.Bedrock.Inputs.AgentcoreAgentRuntimeTimeoutsArgs
    {
        Create = "string",
        Delete = "string",
        Update = "string",
    },
});

    example, err := bedrock.NewAgentcoreAgentRuntime(ctx, "agentcoreAgentRuntimeResource", &bedrock.AgentcoreAgentRuntimeArgs{
	RoleArn:          pulumi.String("string"),
	AgentRuntimeName: pulumi.String("string"),
	NetworkConfiguration: &bedrock.AgentcoreAgentRuntimeNetworkConfigurationArgs{
		NetworkMode: pulumi.String("string"),
		NetworkModeConfig: &bedrock.AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfigArgs{
			SecurityGroups: pulumi.StringArray{
				pulumi.String("string"),
			},
			Subnets: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Description: pulumi.String("string"),
	EnvironmentVariables: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	LifecycleConfigurations: bedrock.AgentcoreAgentRuntimeLifecycleConfigurationArray{
		&bedrock.AgentcoreAgentRuntimeLifecycleConfigurationArgs{
			IdleRuntimeSessionTimeout: pulumi.Int(0),
			MaxLifetime:               pulumi.Int(0),
		},
	},
	AgentRuntimeArtifact: &bedrock.AgentcoreAgentRuntimeAgentRuntimeArtifactArgs{
		ContainerConfiguration: &bedrock.AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs{
			ContainerUri: pulumi.String("string"),
		},
	},
	ProtocolConfiguration: &bedrock.AgentcoreAgentRuntimeProtocolConfigurationArgs{
		ServerProtocol: pulumi.String("string"),
	},
	Region: pulumi.String("string"),
	RequestHeaderConfiguration: &bedrock.AgentcoreAgentRuntimeRequestHeaderConfigurationArgs{
		RequestHeaderAllowlists: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	AuthorizerConfiguration: &bedrock.AgentcoreAgentRuntimeAuthorizerConfigurationArgs{
		CustomJwtAuthorizer: &bedrock.AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizerArgs{
			DiscoveryUrl: pulumi.String("string"),
			AllowedAudiences: pulumi.StringArray{
				pulumi.String("string"),
			},
			AllowedClients: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Timeouts: &bedrock.AgentcoreAgentRuntimeTimeoutsArgs{
		Create: pulumi.String("string"),
		Delete: pulumi.String("string"),
		Update: pulumi.String("string"),
	},
})

    var agentcoreAgentRuntimeResource = new AgentcoreAgentRuntime("agentcoreAgentRuntimeResource", AgentcoreAgentRuntimeArgs.builder()
    .roleArn("string")
    .agentRuntimeName("string")
    .networkConfiguration(AgentcoreAgentRuntimeNetworkConfigurationArgs.builder()
        .networkMode("string")
        .networkModeConfig(AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfigArgs.builder()
            .securityGroups("string")
            .subnets("string")
            .build())
        .build())
    .description("string")
    .environmentVariables(Map.of("string", "string"))
    .lifecycleConfigurations(AgentcoreAgentRuntimeLifecycleConfigurationArgs.builder()
        .idleRuntimeSessionTimeout(0)
        .maxLifetime(0)
        .build())
    .agentRuntimeArtifact(AgentcoreAgentRuntimeAgentRuntimeArtifactArgs.builder()
        .containerConfiguration(AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs.builder()
            .containerUri("string")
            .build())
        .build())
    .protocolConfiguration(AgentcoreAgentRuntimeProtocolConfigurationArgs.builder()
        .serverProtocol("string")
        .build())
    .region("string")
    .requestHeaderConfiguration(AgentcoreAgentRuntimeRequestHeaderConfigurationArgs.builder()
        .requestHeaderAllowlists("string")
        .build())
    .authorizerConfiguration(AgentcoreAgentRuntimeAuthorizerConfigurationArgs.builder()
        .customJwtAuthorizer(AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizerArgs.builder()
            .discoveryUrl("string")
            .allowedAudiences("string")
            .allowedClients("string")
            .build())
        .build())
    .tags(Map.of("string", "string"))
    .timeouts(AgentcoreAgentRuntimeTimeoutsArgs.builder()
        .create("string")
        .delete("string")
        .update("string")
        .build())
    .build());

    agentcore_agent_runtime_resource = aws.bedrock.AgentcoreAgentRuntime("agentcoreAgentRuntimeResource",
    role_arn="string",
    agent_runtime_name="string",
    network_configuration={
        "network_mode": "string",
        "network_mode_config": {
            "security_groups": ["string"],
            "subnets": ["string"],
        },
    },
    description="string",
    environment_variables={
        "string": "string",
    },
    lifecycle_configurations=[{
        "idle_runtime_session_timeout": 0,
        "max_lifetime": 0,
    }],
    agent_runtime_artifact={
        "container_configuration": {
            "container_uri": "string",
        },
    },
    protocol_configuration={
        "server_protocol": "string",
    },
    region="string",
    request_header_configuration={
        "request_header_allowlists": ["string"],
    },
    authorizer_configuration={
        "custom_jwt_authorizer": {
            "discovery_url": "string",
            "allowed_audiences": ["string"],
            "allowed_clients": ["string"],
        },
    },
    tags={
        "string": "string",
    },
    timeouts={
        "create": "string",
        "delete": "string",
        "update": "string",
    })

    const agentcoreAgentRuntimeResource = new aws.bedrock.AgentcoreAgentRuntime("agentcoreAgentRuntimeResource", {
    roleArn: "string",
    agentRuntimeName: "string",
    networkConfiguration: {
        networkMode: "string",
        networkModeConfig: {
            securityGroups: ["string"],
            subnets: ["string"],
        },
    },
    description: "string",
    environmentVariables: {
        string: "string",
    },
    lifecycleConfigurations: [{
        idleRuntimeSessionTimeout: 0,
        maxLifetime: 0,
    }],
    agentRuntimeArtifact: {
        containerConfiguration: {
            containerUri: "string",
        },
    },
    protocolConfiguration: {
        serverProtocol: "string",
    },
    region: "string",
    requestHeaderConfiguration: {
        requestHeaderAllowlists: ["string"],
    },
    authorizerConfiguration: {
        customJwtAuthorizer: {
            discoveryUrl: "string",
            allowedAudiences: ["string"],
            allowedClients: ["string"],
        },
    },
    tags: {
        string: "string",
    },
    timeouts: {
        create: "string",
        "delete": "string",
        update: "string",
    },
});

    type: aws:bedrock:AgentcoreAgentRuntime
properties:
    agentRuntimeArtifact:
        containerConfiguration:
            containerUri: string
    agentRuntimeName: string
    authorizerConfiguration:
        customJwtAuthorizer:
            allowedAudiences:
                - string
            allowedClients:
                - string
            discoveryUrl: string
    description: string
    environmentVariables:
        string: string
    lifecycleConfigurations:
        - idleRuntimeSessionTimeout: 0
          maxLifetime: 0
    networkConfiguration:
        networkMode: string
        networkModeConfig:
            securityGroups:
                - string
            subnets:
                - string
    protocolConfiguration:
        serverProtocol: string
    region: string
    requestHeaderConfiguration:
        requestHeaderAllowlists:
            - string
    roleArn: string
    tags:
        string: string
    timeouts:
        create: string
        delete: string
        update: string

    AgentcoreAgentRuntime Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AgentcoreAgentRuntime resource accepts the following input properties:

    AgentRuntimeName string
    Name of the agent runtime.
    RoleArn string
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    AgentRuntimeArtifact AgentcoreAgentRuntimeAgentRuntimeArtifact
    Container artifact configuration. See agent_runtime_artifact below.
    AuthorizerConfiguration AgentcoreAgentRuntimeAuthorizerConfiguration
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    Description string
    Description of the agent runtime.
    EnvironmentVariables Dictionary<string, string>
    Map of environment variables to pass to the container.
    LifecycleConfigurations List<AgentcoreAgentRuntimeLifecycleConfiguration>
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    NetworkConfiguration AgentcoreAgentRuntimeNetworkConfiguration

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    ProtocolConfiguration AgentcoreAgentRuntimeProtocolConfiguration
    Protocol configuration for the agent runtime. See protocol_configuration below.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    RequestHeaderConfiguration AgentcoreAgentRuntimeRequestHeaderConfiguration
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    Tags Dictionary<string, string>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    Timeouts AgentcoreAgentRuntimeTimeouts
    AgentRuntimeName string
    Name of the agent runtime.
    RoleArn string
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    AgentRuntimeArtifact AgentcoreAgentRuntimeAgentRuntimeArtifactArgs
    Container artifact configuration. See agent_runtime_artifact below.
    AuthorizerConfiguration AgentcoreAgentRuntimeAuthorizerConfigurationArgs
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    Description string
    Description of the agent runtime.
    EnvironmentVariables map[string]string
    Map of environment variables to pass to the container.
    LifecycleConfigurations []AgentcoreAgentRuntimeLifecycleConfigurationArgs
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    NetworkConfiguration AgentcoreAgentRuntimeNetworkConfigurationArgs

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    ProtocolConfiguration AgentcoreAgentRuntimeProtocolConfigurationArgs
    Protocol configuration for the agent runtime. See protocol_configuration below.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    RequestHeaderConfiguration AgentcoreAgentRuntimeRequestHeaderConfigurationArgs
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    Tags map[string]string
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    Timeouts AgentcoreAgentRuntimeTimeoutsArgs
    agentRuntimeName String
    Name of the agent runtime.
    roleArn String
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    agentRuntimeArtifact AgentcoreAgentRuntimeAgentRuntimeArtifact
    Container artifact configuration. See agent_runtime_artifact below.
    authorizerConfiguration AgentcoreAgentRuntimeAuthorizerConfiguration
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    description String
    Description of the agent runtime.
    environmentVariables Map<String,String>
    Map of environment variables to pass to the container.
    lifecycleConfigurations List<AgentcoreAgentRuntimeLifecycleConfiguration>
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    networkConfiguration AgentcoreAgentRuntimeNetworkConfiguration

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    protocolConfiguration AgentcoreAgentRuntimeProtocolConfiguration
    Protocol configuration for the agent runtime. See protocol_configuration below.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    requestHeaderConfiguration AgentcoreAgentRuntimeRequestHeaderConfiguration
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    tags Map<String,String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    timeouts AgentcoreAgentRuntimeTimeouts
    agentRuntimeName string
    Name of the agent runtime.
    roleArn string
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    agentRuntimeArtifact AgentcoreAgentRuntimeAgentRuntimeArtifact
    Container artifact configuration. See agent_runtime_artifact below.
    authorizerConfiguration AgentcoreAgentRuntimeAuthorizerConfiguration
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    description string
    Description of the agent runtime.
    environmentVariables {[key: string]: string}
    Map of environment variables to pass to the container.
    lifecycleConfigurations AgentcoreAgentRuntimeLifecycleConfiguration[]
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    networkConfiguration AgentcoreAgentRuntimeNetworkConfiguration

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    protocolConfiguration AgentcoreAgentRuntimeProtocolConfiguration
    Protocol configuration for the agent runtime. See protocol_configuration below.
    region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    requestHeaderConfiguration AgentcoreAgentRuntimeRequestHeaderConfiguration
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    tags {[key: string]: string}
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    timeouts AgentcoreAgentRuntimeTimeouts
    agent_runtime_name str
    Name of the agent runtime.
    role_arn str
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    agent_runtime_artifact AgentcoreAgentRuntimeAgentRuntimeArtifactArgs
    Container artifact configuration. See agent_runtime_artifact below.
    authorizer_configuration AgentcoreAgentRuntimeAuthorizerConfigurationArgs
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    description str
    Description of the agent runtime.
    environment_variables Mapping[str, str]
    Map of environment variables to pass to the container.
    lifecycle_configurations Sequence[AgentcoreAgentRuntimeLifecycleConfigurationArgs]
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    network_configuration AgentcoreAgentRuntimeNetworkConfigurationArgs

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    protocol_configuration AgentcoreAgentRuntimeProtocolConfigurationArgs
    Protocol configuration for the agent runtime. See protocol_configuration below.
    region str
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    request_header_configuration AgentcoreAgentRuntimeRequestHeaderConfigurationArgs
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    tags Mapping[str, str]
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    timeouts AgentcoreAgentRuntimeTimeoutsArgs
    agentRuntimeName String
    Name of the agent runtime.
    roleArn String
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    agentRuntimeArtifact Property Map
    Container artifact configuration. See agent_runtime_artifact below.
    authorizerConfiguration Property Map
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    description String
    Description of the agent runtime.
    environmentVariables Map<String>
    Map of environment variables to pass to the container.
    lifecycleConfigurations List<Property Map>
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    networkConfiguration Property Map

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    protocolConfiguration Property Map
    Protocol configuration for the agent runtime. See protocol_configuration below.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    requestHeaderConfiguration Property Map
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    tags Map<String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    timeouts Property Map

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AgentcoreAgentRuntime resource produces the following output properties:

    AgentRuntimeArn string
    ARN of the Agent Runtime.
    AgentRuntimeId string
    Unique identifier of the Agent Runtime.
    AgentRuntimeVersion string
    Version of the Agent Runtime.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    WorkloadIdentityDetails List<AgentcoreAgentRuntimeWorkloadIdentityDetail>
    Workload identity details for the agent runtime. See workload_identity_details below.
    AgentRuntimeArn string
    ARN of the Agent Runtime.
    AgentRuntimeId string
    Unique identifier of the Agent Runtime.
    AgentRuntimeVersion string
    Version of the Agent Runtime.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    WorkloadIdentityDetails []AgentcoreAgentRuntimeWorkloadIdentityDetail
    Workload identity details for the agent runtime. See workload_identity_details below.
    agentRuntimeArn String
    ARN of the Agent Runtime.
    agentRuntimeId String
    Unique identifier of the Agent Runtime.
    agentRuntimeVersion String
    Version of the Agent Runtime.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    workloadIdentityDetails List<AgentcoreAgentRuntimeWorkloadIdentityDetail>
    Workload identity details for the agent runtime. See workload_identity_details below.
    agentRuntimeArn string
    ARN of the Agent Runtime.
    agentRuntimeId string
    Unique identifier of the Agent Runtime.
    agentRuntimeVersion string
    Version of the Agent Runtime.
    id string
    The provider-assigned unique ID for this managed resource.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    workloadIdentityDetails AgentcoreAgentRuntimeWorkloadIdentityDetail[]
    Workload identity details for the agent runtime. See workload_identity_details below.
    agent_runtime_arn str
    ARN of the Agent Runtime.
    agent_runtime_id str
    Unique identifier of the Agent Runtime.
    agent_runtime_version str
    Version of the Agent Runtime.
    id str
    The provider-assigned unique ID for this managed resource.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    workload_identity_details Sequence[AgentcoreAgentRuntimeWorkloadIdentityDetail]
    Workload identity details for the agent runtime. See workload_identity_details below.
    agentRuntimeArn String
    ARN of the Agent Runtime.
    agentRuntimeId String
    Unique identifier of the Agent Runtime.
    agentRuntimeVersion String
    Version of the Agent Runtime.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    workloadIdentityDetails List<Property Map>
    Workload identity details for the agent runtime. See workload_identity_details below.

    Look up Existing AgentcoreAgentRuntime Resource

    Get an existing AgentcoreAgentRuntime resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AgentcoreAgentRuntimeState, opts?: CustomResourceOptions): AgentcoreAgentRuntime
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        agent_runtime_arn: Optional[str] = None,
        agent_runtime_artifact: Optional[AgentcoreAgentRuntimeAgentRuntimeArtifactArgs] = None,
        agent_runtime_id: Optional[str] = None,
        agent_runtime_name: Optional[str] = None,
        agent_runtime_version: Optional[str] = None,
        authorizer_configuration: Optional[AgentcoreAgentRuntimeAuthorizerConfigurationArgs] = None,
        description: Optional[str] = None,
        environment_variables: Optional[Mapping[str, str]] = None,
        lifecycle_configurations: Optional[Sequence[AgentcoreAgentRuntimeLifecycleConfigurationArgs]] = None,
        network_configuration: Optional[AgentcoreAgentRuntimeNetworkConfigurationArgs] = None,
        protocol_configuration: Optional[AgentcoreAgentRuntimeProtocolConfigurationArgs] = None,
        region: Optional[str] = None,
        request_header_configuration: Optional[AgentcoreAgentRuntimeRequestHeaderConfigurationArgs] = None,
        role_arn: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        timeouts: Optional[AgentcoreAgentRuntimeTimeoutsArgs] = None,
        workload_identity_details: Optional[Sequence[AgentcoreAgentRuntimeWorkloadIdentityDetailArgs]] = None) -> AgentcoreAgentRuntime
    func GetAgentcoreAgentRuntime(ctx *Context, name string, id IDInput, state *AgentcoreAgentRuntimeState, opts ...ResourceOption) (*AgentcoreAgentRuntime, error)
    public static AgentcoreAgentRuntime Get(string name, Input<string> id, AgentcoreAgentRuntimeState? state, CustomResourceOptions? opts = null)
    public static AgentcoreAgentRuntime get(String name, Output<String> id, AgentcoreAgentRuntimeState state, CustomResourceOptions options)
    resources:  _:    type: aws:bedrock:AgentcoreAgentRuntime    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AgentRuntimeArn string
    ARN of the Agent Runtime.
    AgentRuntimeArtifact AgentcoreAgentRuntimeAgentRuntimeArtifact
    Container artifact configuration. See agent_runtime_artifact below.
    AgentRuntimeId string
    Unique identifier of the Agent Runtime.
    AgentRuntimeName string
    Name of the agent runtime.
    AgentRuntimeVersion string
    Version of the Agent Runtime.
    AuthorizerConfiguration AgentcoreAgentRuntimeAuthorizerConfiguration
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    Description string
    Description of the agent runtime.
    EnvironmentVariables Dictionary<string, string>
    Map of environment variables to pass to the container.
    LifecycleConfigurations List<AgentcoreAgentRuntimeLifecycleConfiguration>
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    NetworkConfiguration AgentcoreAgentRuntimeNetworkConfiguration

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    ProtocolConfiguration AgentcoreAgentRuntimeProtocolConfiguration
    Protocol configuration for the agent runtime. See protocol_configuration below.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    RequestHeaderConfiguration AgentcoreAgentRuntimeRequestHeaderConfiguration
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    RoleArn string
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    Tags Dictionary<string, string>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    Timeouts AgentcoreAgentRuntimeTimeouts
    WorkloadIdentityDetails List<AgentcoreAgentRuntimeWorkloadIdentityDetail>
    Workload identity details for the agent runtime. See workload_identity_details below.
    AgentRuntimeArn string
    ARN of the Agent Runtime.
    AgentRuntimeArtifact AgentcoreAgentRuntimeAgentRuntimeArtifactArgs
    Container artifact configuration. See agent_runtime_artifact below.
    AgentRuntimeId string
    Unique identifier of the Agent Runtime.
    AgentRuntimeName string
    Name of the agent runtime.
    AgentRuntimeVersion string
    Version of the Agent Runtime.
    AuthorizerConfiguration AgentcoreAgentRuntimeAuthorizerConfigurationArgs
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    Description string
    Description of the agent runtime.
    EnvironmentVariables map[string]string
    Map of environment variables to pass to the container.
    LifecycleConfigurations []AgentcoreAgentRuntimeLifecycleConfigurationArgs
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    NetworkConfiguration AgentcoreAgentRuntimeNetworkConfigurationArgs

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    ProtocolConfiguration AgentcoreAgentRuntimeProtocolConfigurationArgs
    Protocol configuration for the agent runtime. See protocol_configuration below.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    RequestHeaderConfiguration AgentcoreAgentRuntimeRequestHeaderConfigurationArgs
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    RoleArn string
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    Tags map[string]string
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    Timeouts AgentcoreAgentRuntimeTimeoutsArgs
    WorkloadIdentityDetails []AgentcoreAgentRuntimeWorkloadIdentityDetailArgs
    Workload identity details for the agent runtime. See workload_identity_details below.
    agentRuntimeArn String
    ARN of the Agent Runtime.
    agentRuntimeArtifact AgentcoreAgentRuntimeAgentRuntimeArtifact
    Container artifact configuration. See agent_runtime_artifact below.
    agentRuntimeId String
    Unique identifier of the Agent Runtime.
    agentRuntimeName String
    Name of the agent runtime.
    agentRuntimeVersion String
    Version of the Agent Runtime.
    authorizerConfiguration AgentcoreAgentRuntimeAuthorizerConfiguration
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    description String
    Description of the agent runtime.
    environmentVariables Map<String,String>
    Map of environment variables to pass to the container.
    lifecycleConfigurations List<AgentcoreAgentRuntimeLifecycleConfiguration>
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    networkConfiguration AgentcoreAgentRuntimeNetworkConfiguration

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    protocolConfiguration AgentcoreAgentRuntimeProtocolConfiguration
    Protocol configuration for the agent runtime. See protocol_configuration below.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    requestHeaderConfiguration AgentcoreAgentRuntimeRequestHeaderConfiguration
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    roleArn String
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    tags Map<String,String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    timeouts AgentcoreAgentRuntimeTimeouts
    workloadIdentityDetails List<AgentcoreAgentRuntimeWorkloadIdentityDetail>
    Workload identity details for the agent runtime. See workload_identity_details below.
    agentRuntimeArn string
    ARN of the Agent Runtime.
    agentRuntimeArtifact AgentcoreAgentRuntimeAgentRuntimeArtifact
    Container artifact configuration. See agent_runtime_artifact below.
    agentRuntimeId string
    Unique identifier of the Agent Runtime.
    agentRuntimeName string
    Name of the agent runtime.
    agentRuntimeVersion string
    Version of the Agent Runtime.
    authorizerConfiguration AgentcoreAgentRuntimeAuthorizerConfiguration
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    description string
    Description of the agent runtime.
    environmentVariables {[key: string]: string}
    Map of environment variables to pass to the container.
    lifecycleConfigurations AgentcoreAgentRuntimeLifecycleConfiguration[]
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    networkConfiguration AgentcoreAgentRuntimeNetworkConfiguration

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    protocolConfiguration AgentcoreAgentRuntimeProtocolConfiguration
    Protocol configuration for the agent runtime. See protocol_configuration below.
    region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    requestHeaderConfiguration AgentcoreAgentRuntimeRequestHeaderConfiguration
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    roleArn string
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    tags {[key: string]: string}
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    timeouts AgentcoreAgentRuntimeTimeouts
    workloadIdentityDetails AgentcoreAgentRuntimeWorkloadIdentityDetail[]
    Workload identity details for the agent runtime. See workload_identity_details below.
    agent_runtime_arn str
    ARN of the Agent Runtime.
    agent_runtime_artifact AgentcoreAgentRuntimeAgentRuntimeArtifactArgs
    Container artifact configuration. See agent_runtime_artifact below.
    agent_runtime_id str
    Unique identifier of the Agent Runtime.
    agent_runtime_name str
    Name of the agent runtime.
    agent_runtime_version str
    Version of the Agent Runtime.
    authorizer_configuration AgentcoreAgentRuntimeAuthorizerConfigurationArgs
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    description str
    Description of the agent runtime.
    environment_variables Mapping[str, str]
    Map of environment variables to pass to the container.
    lifecycle_configurations Sequence[AgentcoreAgentRuntimeLifecycleConfigurationArgs]
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    network_configuration AgentcoreAgentRuntimeNetworkConfigurationArgs

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    protocol_configuration AgentcoreAgentRuntimeProtocolConfigurationArgs
    Protocol configuration for the agent runtime. See protocol_configuration below.
    region str
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    request_header_configuration AgentcoreAgentRuntimeRequestHeaderConfigurationArgs
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    role_arn str
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    tags Mapping[str, str]
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    timeouts AgentcoreAgentRuntimeTimeoutsArgs
    workload_identity_details Sequence[AgentcoreAgentRuntimeWorkloadIdentityDetailArgs]
    Workload identity details for the agent runtime. See workload_identity_details below.
    agentRuntimeArn String
    ARN of the Agent Runtime.
    agentRuntimeArtifact Property Map
    Container artifact configuration. See agent_runtime_artifact below.
    agentRuntimeId String
    Unique identifier of the Agent Runtime.
    agentRuntimeName String
    Name of the agent runtime.
    agentRuntimeVersion String
    Version of the Agent Runtime.
    authorizerConfiguration Property Map
    Authorization configuration for authenticating incoming requests. See authorizer_configuration below.
    description String
    Description of the agent runtime.
    environmentVariables Map<String>
    Map of environment variables to pass to the container.
    lifecycleConfigurations List<Property Map>
    Runtime session and resource lifecycle configuration for the agent runtime. See lifecycle_configuration below.
    networkConfiguration Property Map

    Network configuration for the agent runtime. See network_configuration below.

    The following arguments are optional:

    protocolConfiguration Property Map
    Protocol configuration for the agent runtime. See protocol_configuration below.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    requestHeaderConfiguration Property Map
    Configuration for HTTP request headers that will be passed through to the runtime. See request_header_configuration below.
    roleArn String
    ARN of the IAM role that the agent runtime assumes to access AWS services.
    tags Map<String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    timeouts Property Map
    workloadIdentityDetails List<Property Map>
    Workload identity details for the agent runtime. See workload_identity_details below.

    Supporting Types

    AgentcoreAgentRuntimeAgentRuntimeArtifact, AgentcoreAgentRuntimeAgentRuntimeArtifactArgs

    ContainerConfiguration AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfiguration
    Container configuration block. See container_configuration below.
    ContainerConfiguration AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfiguration
    Container configuration block. See container_configuration below.
    containerConfiguration AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfiguration
    Container configuration block. See container_configuration below.
    containerConfiguration AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfiguration
    Container configuration block. See container_configuration below.
    container_configuration AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfiguration
    Container configuration block. See container_configuration below.
    containerConfiguration Property Map
    Container configuration block. See container_configuration below.

    AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfiguration, AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfigurationArgs

    ContainerUri string
    URI of the container image in Amazon ECR.
    ContainerUri string
    URI of the container image in Amazon ECR.
    containerUri String
    URI of the container image in Amazon ECR.
    containerUri string
    URI of the container image in Amazon ECR.
    container_uri str
    URI of the container image in Amazon ECR.
    containerUri String
    URI of the container image in Amazon ECR.

    AgentcoreAgentRuntimeAuthorizerConfiguration, AgentcoreAgentRuntimeAuthorizerConfigurationArgs

    CustomJwtAuthorizer AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizer
    JWT-based authorization configuration block. See custom_jwt_authorizer below.
    CustomJwtAuthorizer AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizer
    JWT-based authorization configuration block. See custom_jwt_authorizer below.
    customJwtAuthorizer AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizer
    JWT-based authorization configuration block. See custom_jwt_authorizer below.
    customJwtAuthorizer AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizer
    JWT-based authorization configuration block. See custom_jwt_authorizer below.
    custom_jwt_authorizer AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizer
    JWT-based authorization configuration block. See custom_jwt_authorizer below.
    customJwtAuthorizer Property Map
    JWT-based authorization configuration block. See custom_jwt_authorizer below.

    AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizer, AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizerArgs

    DiscoveryUrl string
    URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with .well-known/openid-configuration.
    AllowedAudiences List<string>
    Set of allowed audience values for JWT token validation.
    AllowedClients List<string>
    Set of allowed client IDs for JWT token validation.
    DiscoveryUrl string
    URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with .well-known/openid-configuration.
    AllowedAudiences []string
    Set of allowed audience values for JWT token validation.
    AllowedClients []string
    Set of allowed client IDs for JWT token validation.
    discoveryUrl String
    URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with .well-known/openid-configuration.
    allowedAudiences List<String>
    Set of allowed audience values for JWT token validation.
    allowedClients List<String>
    Set of allowed client IDs for JWT token validation.
    discoveryUrl string
    URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with .well-known/openid-configuration.
    allowedAudiences string[]
    Set of allowed audience values for JWT token validation.
    allowedClients string[]
    Set of allowed client IDs for JWT token validation.
    discovery_url str
    URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with .well-known/openid-configuration.
    allowed_audiences Sequence[str]
    Set of allowed audience values for JWT token validation.
    allowed_clients Sequence[str]
    Set of allowed client IDs for JWT token validation.
    discoveryUrl String
    URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with .well-known/openid-configuration.
    allowedAudiences List<String>
    Set of allowed audience values for JWT token validation.
    allowedClients List<String>
    Set of allowed client IDs for JWT token validation.

    AgentcoreAgentRuntimeLifecycleConfiguration, AgentcoreAgentRuntimeLifecycleConfigurationArgs

    IdleRuntimeSessionTimeout int
    Timeout in seconds for idle runtime sessions.
    MaxLifetime int
    Maximum lifetime for the instance in seconds.
    IdleRuntimeSessionTimeout int
    Timeout in seconds for idle runtime sessions.
    MaxLifetime int
    Maximum lifetime for the instance in seconds.
    idleRuntimeSessionTimeout Integer
    Timeout in seconds for idle runtime sessions.
    maxLifetime Integer
    Maximum lifetime for the instance in seconds.
    idleRuntimeSessionTimeout number
    Timeout in seconds for idle runtime sessions.
    maxLifetime number
    Maximum lifetime for the instance in seconds.
    idle_runtime_session_timeout int
    Timeout in seconds for idle runtime sessions.
    max_lifetime int
    Maximum lifetime for the instance in seconds.
    idleRuntimeSessionTimeout Number
    Timeout in seconds for idle runtime sessions.
    maxLifetime Number
    Maximum lifetime for the instance in seconds.

    AgentcoreAgentRuntimeNetworkConfiguration, AgentcoreAgentRuntimeNetworkConfigurationArgs

    NetworkMode string
    Network mode for the agent runtime. Valid values: PUBLIC, VPC.
    NetworkModeConfig AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfig
    Network mode configuration. See network_mode_config below.
    NetworkMode string
    Network mode for the agent runtime. Valid values: PUBLIC, VPC.
    NetworkModeConfig AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfig
    Network mode configuration. See network_mode_config below.
    networkMode String
    Network mode for the agent runtime. Valid values: PUBLIC, VPC.
    networkModeConfig AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfig
    Network mode configuration. See network_mode_config below.
    networkMode string
    Network mode for the agent runtime. Valid values: PUBLIC, VPC.
    networkModeConfig AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfig
    Network mode configuration. See network_mode_config below.
    network_mode str
    Network mode for the agent runtime. Valid values: PUBLIC, VPC.
    network_mode_config AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfig
    Network mode configuration. See network_mode_config below.
    networkMode String
    Network mode for the agent runtime. Valid values: PUBLIC, VPC.
    networkModeConfig Property Map
    Network mode configuration. See network_mode_config below.

    AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfig, AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfigArgs

    SecurityGroups List<string>
    Security groups associated with the VPC configuration.
    Subnets List<string>
    Subnets associated with the VPC configuration.
    SecurityGroups []string
    Security groups associated with the VPC configuration.
    Subnets []string
    Subnets associated with the VPC configuration.
    securityGroups List<String>
    Security groups associated with the VPC configuration.
    subnets List<String>
    Subnets associated with the VPC configuration.
    securityGroups string[]
    Security groups associated with the VPC configuration.
    subnets string[]
    Subnets associated with the VPC configuration.
    security_groups Sequence[str]
    Security groups associated with the VPC configuration.
    subnets Sequence[str]
    Subnets associated with the VPC configuration.
    securityGroups List<String>
    Security groups associated with the VPC configuration.
    subnets List<String>
    Subnets associated with the VPC configuration.

    AgentcoreAgentRuntimeProtocolConfiguration, AgentcoreAgentRuntimeProtocolConfigurationArgs

    ServerProtocol string
    Server protocol for the agent runtime. Valid values: HTTP, MCP, A2A.
    ServerProtocol string
    Server protocol for the agent runtime. Valid values: HTTP, MCP, A2A.
    serverProtocol String
    Server protocol for the agent runtime. Valid values: HTTP, MCP, A2A.
    serverProtocol string
    Server protocol for the agent runtime. Valid values: HTTP, MCP, A2A.
    server_protocol str
    Server protocol for the agent runtime. Valid values: HTTP, MCP, A2A.
    serverProtocol String
    Server protocol for the agent runtime. Valid values: HTTP, MCP, A2A.

    AgentcoreAgentRuntimeRequestHeaderConfiguration, AgentcoreAgentRuntimeRequestHeaderConfigurationArgs

    RequestHeaderAllowlists List<string>
    A list of HTTP request headers that are allowed to be passed through to the runtime.
    RequestHeaderAllowlists []string
    A list of HTTP request headers that are allowed to be passed through to the runtime.
    requestHeaderAllowlists List<String>
    A list of HTTP request headers that are allowed to be passed through to the runtime.
    requestHeaderAllowlists string[]
    A list of HTTP request headers that are allowed to be passed through to the runtime.
    request_header_allowlists Sequence[str]
    A list of HTTP request headers that are allowed to be passed through to the runtime.
    requestHeaderAllowlists List<String>
    A list of HTTP request headers that are allowed to be passed through to the runtime.

    AgentcoreAgentRuntimeTimeouts, AgentcoreAgentRuntimeTimeoutsArgs

    Create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    Delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    Update string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    Create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    Delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    Update string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    create String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    update String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    update string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    create str
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete str
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    update str
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    create String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    update String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

    AgentcoreAgentRuntimeWorkloadIdentityDetail, AgentcoreAgentRuntimeWorkloadIdentityDetailArgs

    WorkloadIdentityArn string
    ARN of the workload identity.
    WorkloadIdentityArn string
    ARN of the workload identity.
    workloadIdentityArn String
    ARN of the workload identity.
    workloadIdentityArn string
    ARN of the workload identity.
    workload_identity_arn str
    ARN of the workload identity.
    workloadIdentityArn String
    ARN of the workload identity.

    Import

    Using pulumi import, import Bedrock AgentCore Agent Runtime using agent_runtime_id. For example:

    $ pulumi import aws:bedrock/agentcoreAgentRuntime:AgentcoreAgentRuntime example agent-runtime-12345

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v7.11.0 published on Wednesday, Nov 5, 2025 by Pulumi
    pulumi/pulumi-aws
      Meet Neo: Your AI Platform Teammate