2026/04/02 - Amazon Bedrock AgentCore Control - 6 updated api methods
Changes Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets.
{'targetConfiguration': {'mcp': {'mcpServer': {'mcpToolSchema': {'inlinePayload': 'string',
's3': {'bucketOwnerAccountId': 'string',
'uri': 'string'}}}}}}
Response {'authorizationData': {'oauth2': {'authorizationUrl': 'string',
'userId': 'string'}},
'status': {'CREATE_PENDING_AUTH',
'SYNCHRONIZE_PENDING_AUTH',
'UPDATE_PENDING_AUTH'},
'targetConfiguration': {'mcp': {'mcpServer': {'mcpToolSchema': {'inlinePayload': 'string',
's3': {'bucketOwnerAccountId': 'string',
'uri': 'string'}}}}}}
Creates a target for a gateway. A target defines an endpoint that the gateway can connect to.
See also: AWS API Documentation
Request Syntax
client.create_gateway_target(
gatewayIdentifier='string',
name='string',
description='string',
clientToken='string',
targetConfiguration={
'mcp': {
'openApiSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'smithyModel': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'lambda': {
'lambdaArn': 'string',
'toolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': [
{
'name': 'string',
'description': 'string',
'inputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
},
'outputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
}
},
]
}
},
'mcpServer': {
'endpoint': 'string',
'mcpToolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
}
},
'apiGateway': {
'restApiId': 'string',
'stage': 'string',
'apiGatewayToolConfiguration': {
'toolOverrides': [
{
'name': 'string',
'description': 'string',
'path': 'string',
'method': 'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST'
},
],
'toolFilters': [
{
'filterPath': 'string',
'methods': [
'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST',
]
},
]
}
}
}
},
credentialProviderConfigurations=[
{
'credentialProviderType': 'GATEWAY_IAM_ROLE'|'OAUTH'|'API_KEY',
'credentialProvider': {
'oauthCredentialProvider': {
'providerArn': 'string',
'scopes': [
'string',
],
'customParameters': {
'string': 'string'
},
'grantType': 'CLIENT_CREDENTIALS'|'AUTHORIZATION_CODE',
'defaultReturnUrl': 'string'
},
'apiKeyCredentialProvider': {
'providerArn': 'string',
'credentialParameterName': 'string',
'credentialPrefix': 'string',
'credentialLocation': 'HEADER'|'QUERY_PARAMETER'
},
'iamCredentialProvider': {
'service': 'string',
'region': 'string'
}
}
},
],
metadataConfiguration={
'allowedRequestHeaders': [
'string',
],
'allowedQueryParameters': [
'string',
],
'allowedResponseHeaders': [
'string',
]
},
privateEndpoint={
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedLatticeResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
}
)
string
[REQUIRED]
The identifier of the gateway to create a target for.
string
[REQUIRED]
The name of the gateway target. The name must be unique within the gateway.
string
The description of the gateway target.
string
A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.
This field is autopopulated if not provided.
dict
[REQUIRED]
The configuration settings for the target, including endpoint information and schema definitions.
mcp (dict) --
The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
openApiSchema (dict) --
The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
smithyModel (dict) --
The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
lambda (dict) --
The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
lambdaArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
toolSchema (dict) -- [REQUIRED]
The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (list) --
The inline payload of the tool schema. This payload contains the schema definition directly in the request.
(dict) --
A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
name (string) -- [REQUIRED]
The name of the tool. This name identifies the tool in the Model Context Protocol.
description (string) -- [REQUIRED]
The description of the tool. This description provides information about the purpose and usage of the tool.
inputSchema (dict) -- [REQUIRED]
The input schema for the tool. This schema defines the structure of the input that the tool accepts.
type (string) -- [REQUIRED]
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
outputSchema (dict) --
The output schema for the tool. This schema defines the structure of the output that the tool produces.
type (string) -- [REQUIRED]
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
mcpServer (dict) --
The MCP server specified as the gateway target.
endpoint (string) -- [REQUIRED]
The endpoint for the MCP server target configuration.
mcpToolSchema (dict) --
The tool schema configuration for the MCP server target. Supported only when the credential provider is configured with an authorization code grant type. Dynamic tool discovery/synchronization will be disabled when target is configured with mcpToolSchema.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the MCP tool schema definition.
apiGateway (dict) --
The configuration for an Amazon API Gateway target.
restApiId (string) -- [REQUIRED]
The ID of the API Gateway REST API.
stage (string) -- [REQUIRED]
The ID of the stage of the REST API to add as a target.
apiGatewayToolConfiguration (dict) -- [REQUIRED]
The configuration for defining REST API tool filters and overrides for the gateway target.
toolOverrides (list) --
A list of explicit tool definitions with optional custom names and descriptions.
(dict) --
Settings to override configurations for a tool.
name (string) -- [REQUIRED]
The name of tool. Identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
path (string) -- [REQUIRED]
Resource path in the REST API (e.g., /pets). Must explicitly match an existing path in the REST API.
method (string) -- [REQUIRED]
The HTTP method to expose for the specified path.
toolFilters (list) -- [REQUIRED]
A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
(dict) --
Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
filterPath (string) -- [REQUIRED]
Resource path to match in the REST API. Supports exact paths (for example, /pets) or wildcard paths (for example, /pets/* to match all paths under /pets). Must match existing paths in the REST API.
methods (list) -- [REQUIRED]
The methods to filter for.
(string) --
list
The credential provider configurations for the target. These configurations specify how the gateway authenticates with the target endpoint.
(dict) --
The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
credentialProviderType (string) -- [REQUIRED]
The type of credential provider. This field specifies which authentication method the gateway uses.
credentialProvider (dict) --
The credential provider. This field contains the specific configuration for the credential provider type.
oauthCredentialProvider (dict) --
The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
providerArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
scopes (list) -- [REQUIRED]
The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
(string) --
customParameters (dict) --
The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
(string) --
(string) --
grantType (string) --
Specifies the kind of credentials to use for authorization:
CLIENT_CREDENTIALS - Authorization with a client ID and secret.
AUTHORIZATION_CODE - Authorization with a token that is specific to an individual end user.
defaultReturnUrl (string) --
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
apiKeyCredentialProvider (dict) --
The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
providerArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
credentialParameterName (string) --
The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
credentialPrefix (string) --
The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
credentialLocation (string) --
The location of the API key credential. This field specifies where in the request the API key should be placed.
iamCredentialProvider (dict) --
The IAM credential provider. This provider uses IAM authentication with SigV4 signing to access the target endpoint.
service (string) -- [REQUIRED]
The target Amazon Web Services service name used for SigV4 signing. This value identifies the service that the gateway authenticates with when making requests to the target endpoint.
region (string) --
The Amazon Web Services Region used for SigV4 signing. If not specified, defaults to the gateway's Region.
dict
Optional configuration for HTTP header and query parameter propagation to and from the gateway target.
allowedRequestHeaders (list) --
A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.
(string) --
allowedQueryParameters (list) --
A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.
(string) --
allowedResponseHeaders (list) --
A list of HTTP headers that are allowed to be propagated from the target response back to the client.
(string) --
dict
The private endpoint configuration for the gateway target. Use this to connect the gateway to private resources in your VPC.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedLatticeResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) -- [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) -- [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) -- [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
dict
Response Syntax
{
'gatewayArn': 'string',
'targetId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED'|'SYNCHRONIZING'|'SYNCHRONIZE_UNSUCCESSFUL'|'CREATE_PENDING_AUTH'|'UPDATE_PENDING_AUTH'|'SYNCHRONIZE_PENDING_AUTH',
'statusReasons': [
'string',
],
'name': 'string',
'description': 'string',
'targetConfiguration': {
'mcp': {
'openApiSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'smithyModel': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'lambda': {
'lambdaArn': 'string',
'toolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': [
{
'name': 'string',
'description': 'string',
'inputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
},
'outputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
}
},
]
}
},
'mcpServer': {
'endpoint': 'string',
'mcpToolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
}
},
'apiGateway': {
'restApiId': 'string',
'stage': 'string',
'apiGatewayToolConfiguration': {
'toolOverrides': [
{
'name': 'string',
'description': 'string',
'path': 'string',
'method': 'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST'
},
],
'toolFilters': [
{
'filterPath': 'string',
'methods': [
'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST',
]
},
]
}
}
}
},
'credentialProviderConfigurations': [
{
'credentialProviderType': 'GATEWAY_IAM_ROLE'|'OAUTH'|'API_KEY',
'credentialProvider': {
'oauthCredentialProvider': {
'providerArn': 'string',
'scopes': [
'string',
],
'customParameters': {
'string': 'string'
},
'grantType': 'CLIENT_CREDENTIALS'|'AUTHORIZATION_CODE',
'defaultReturnUrl': 'string'
},
'apiKeyCredentialProvider': {
'providerArn': 'string',
'credentialParameterName': 'string',
'credentialPrefix': 'string',
'credentialLocation': 'HEADER'|'QUERY_PARAMETER'
},
'iamCredentialProvider': {
'service': 'string',
'region': 'string'
}
}
},
],
'lastSynchronizedAt': datetime(2015, 1, 1),
'metadataConfiguration': {
'allowedRequestHeaders': [
'string',
],
'allowedQueryParameters': [
'string',
],
'allowedResponseHeaders': [
'string',
]
},
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedLatticeResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointManagedResources': [
{
'domain': 'string',
'resourceGatewayArn': 'string',
'resourceAssociationArn': 'string'
},
],
'authorizationData': {
'oauth2': {
'authorizationUrl': 'string',
'userId': 'string'
}
}
}
Response Structure
(dict) --
gatewayArn (string) --
The Amazon Resource Name (ARN) of the gateway.
targetId (string) --
The unique identifier of the created target.
createdAt (datetime) --
The timestamp when the target was created.
updatedAt (datetime) --
The timestamp when the target was last updated.
status (string) --
The current status of the target.
statusReasons (list) --
The reasons for the current status of the target.
(string) --
name (string) --
The name of the target.
description (string) --
The description of the target.
targetConfiguration (dict) --
The configuration settings for the target.
mcp (dict) --
The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
openApiSchema (dict) --
The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
smithyModel (dict) --
The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
lambda (dict) --
The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
lambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
toolSchema (dict) --
The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (list) --
The inline payload of the tool schema. This payload contains the schema definition directly in the request.
(dict) --
A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
name (string) --
The name of the tool. This name identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. This description provides information about the purpose and usage of the tool.
inputSchema (dict) --
The input schema for the tool. This schema defines the structure of the input that the tool accepts.
type (string) --
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
outputSchema (dict) --
The output schema for the tool. This schema defines the structure of the output that the tool produces.
type (string) --
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
mcpServer (dict) --
The MCP server specified as the gateway target.
endpoint (string) --
The endpoint for the MCP server target configuration.
mcpToolSchema (dict) --
The tool schema configuration for the MCP server target. Supported only when the credential provider is configured with an authorization code grant type. Dynamic tool discovery/synchronization will be disabled when target is configured with mcpToolSchema.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the MCP tool schema definition.
apiGateway (dict) --
The configuration for an Amazon API Gateway target.
restApiId (string) --
The ID of the API Gateway REST API.
stage (string) --
The ID of the stage of the REST API to add as a target.
apiGatewayToolConfiguration (dict) --
The configuration for defining REST API tool filters and overrides for the gateway target.
toolOverrides (list) --
A list of explicit tool definitions with optional custom names and descriptions.
(dict) --
Settings to override configurations for a tool.
name (string) --
The name of tool. Identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
path (string) --
Resource path in the REST API (e.g., /pets). Must explicitly match an existing path in the REST API.
method (string) --
The HTTP method to expose for the specified path.
toolFilters (list) --
A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
(dict) --
Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
filterPath (string) --
Resource path to match in the REST API. Supports exact paths (for example, /pets) or wildcard paths (for example, /pets/* to match all paths under /pets). Must match existing paths in the REST API.
methods (list) --
The methods to filter for.
(string) --
credentialProviderConfigurations (list) --
The credential provider configurations for the target.
(dict) --
The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
credentialProviderType (string) --
The type of credential provider. This field specifies which authentication method the gateway uses.
credentialProvider (dict) --
The credential provider. This field contains the specific configuration for the credential provider type.
oauthCredentialProvider (dict) --
The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
providerArn (string) --
The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
scopes (list) --
The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
(string) --
customParameters (dict) --
The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
(string) --
(string) --
grantType (string) --
Specifies the kind of credentials to use for authorization:
CLIENT_CREDENTIALS - Authorization with a client ID and secret.
AUTHORIZATION_CODE - Authorization with a token that is specific to an individual end user.
defaultReturnUrl (string) --
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
apiKeyCredentialProvider (dict) --
The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
providerArn (string) --
The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
credentialParameterName (string) --
The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
credentialPrefix (string) --
The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
credentialLocation (string) --
The location of the API key credential. This field specifies where in the request the API key should be placed.
iamCredentialProvider (dict) --
The IAM credential provider. This provider uses IAM authentication with SigV4 signing to access the target endpoint.
service (string) --
The target Amazon Web Services service name used for SigV4 signing. This value identifies the service that the gateway authenticates with when making requests to the target endpoint.
region (string) --
The Amazon Web Services Region used for SigV4 signing. If not specified, defaults to the gateway's Region.
lastSynchronizedAt (datetime) --
The last synchronization of the target.
metadataConfiguration (dict) --
The metadata configuration that was applied to the created gateway target.
allowedRequestHeaders (list) --
A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.
(string) --
allowedQueryParameters (list) --
A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.
(string) --
allowedResponseHeaders (list) --
A list of HTTP headers that are allowed to be propagated from the target response back to the client.
(string) --
privateEndpoint (dict) --
The private endpoint configuration for the gateway target.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedLatticeResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
privateEndpointManagedResources (list) --
The managed resources created by the gateway for private endpoint connectivity.
(dict) --
Details of a resource created and managed by the gateway for private endpoint connectivity.
domain (string) --
The domain associated with this managed resource.
resourceGatewayArn (string) --
The ARN of the VPC Lattice resource gateway created in your account.
resourceAssociationArn (string) --
The ARN of the service network resource association.
authorizationData (dict) --
OAuth2 authorization data for the created gateway target. This data is returned when the target requires user authorization through an authorization code grant type.
oauth2 (dict) --
OAuth2 authorization data for the gateway target.
authorizationUrl (string) --
The URL to initiate the authorization process. This URL is provided when the OAuth2 access token requires user authorization.
userId (string) --
The user identifier associated with the OAuth2 authorization session that is defined by AgentCore Gateway.
{'status': {'CREATE_PENDING_AUTH',
'SYNCHRONIZE_PENDING_AUTH',
'UPDATE_PENDING_AUTH'}}
Deletes a gateway target.
You cannot delete a target that is in a pending authorization state ( CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before deleting the target.
See also: AWS API Documentation
Request Syntax
client.delete_gateway_target(
gatewayIdentifier='string',
targetId='string'
)
string
[REQUIRED]
The unique identifier of the gateway associated with the target.
string
[REQUIRED]
The unique identifier of the gateway target to delete.
dict
Response Syntax
{
'gatewayArn': 'string',
'targetId': 'string',
'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED'|'SYNCHRONIZING'|'SYNCHRONIZE_UNSUCCESSFUL'|'CREATE_PENDING_AUTH'|'UPDATE_PENDING_AUTH'|'SYNCHRONIZE_PENDING_AUTH',
'statusReasons': [
'string',
]
}
Response Structure
(dict) --
gatewayArn (string) --
The Amazon Resource Name (ARN) of the gateway.
targetId (string) --
The unique identifier of the deleted gateway target.
status (string) --
The current status of the gateway target deletion.
statusReasons (list) --
The reasons for the current status of the gateway target deletion.
(string) --
{'authorizationData': {'oauth2': {'authorizationUrl': 'string',
'userId': 'string'}},
'status': {'CREATE_PENDING_AUTH',
'SYNCHRONIZE_PENDING_AUTH',
'UPDATE_PENDING_AUTH'},
'targetConfiguration': {'mcp': {'mcpServer': {'mcpToolSchema': {'inlinePayload': 'string',
's3': {'bucketOwnerAccountId': 'string',
'uri': 'string'}}}}}}
Retrieves information about a specific gateway target.
See also: AWS API Documentation
Request Syntax
client.get_gateway_target(
gatewayIdentifier='string',
targetId='string'
)
string
[REQUIRED]
The identifier of the gateway that contains the target.
string
[REQUIRED]
The unique identifier of the target to retrieve.
dict
Response Syntax
{
'gatewayArn': 'string',
'targetId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED'|'SYNCHRONIZING'|'SYNCHRONIZE_UNSUCCESSFUL'|'CREATE_PENDING_AUTH'|'UPDATE_PENDING_AUTH'|'SYNCHRONIZE_PENDING_AUTH',
'statusReasons': [
'string',
],
'name': 'string',
'description': 'string',
'targetConfiguration': {
'mcp': {
'openApiSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'smithyModel': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'lambda': {
'lambdaArn': 'string',
'toolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': [
{
'name': 'string',
'description': 'string',
'inputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
},
'outputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
}
},
]
}
},
'mcpServer': {
'endpoint': 'string',
'mcpToolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
}
},
'apiGateway': {
'restApiId': 'string',
'stage': 'string',
'apiGatewayToolConfiguration': {
'toolOverrides': [
{
'name': 'string',
'description': 'string',
'path': 'string',
'method': 'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST'
},
],
'toolFilters': [
{
'filterPath': 'string',
'methods': [
'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST',
]
},
]
}
}
}
},
'credentialProviderConfigurations': [
{
'credentialProviderType': 'GATEWAY_IAM_ROLE'|'OAUTH'|'API_KEY',
'credentialProvider': {
'oauthCredentialProvider': {
'providerArn': 'string',
'scopes': [
'string',
],
'customParameters': {
'string': 'string'
},
'grantType': 'CLIENT_CREDENTIALS'|'AUTHORIZATION_CODE',
'defaultReturnUrl': 'string'
},
'apiKeyCredentialProvider': {
'providerArn': 'string',
'credentialParameterName': 'string',
'credentialPrefix': 'string',
'credentialLocation': 'HEADER'|'QUERY_PARAMETER'
},
'iamCredentialProvider': {
'service': 'string',
'region': 'string'
}
}
},
],
'lastSynchronizedAt': datetime(2015, 1, 1),
'metadataConfiguration': {
'allowedRequestHeaders': [
'string',
],
'allowedQueryParameters': [
'string',
],
'allowedResponseHeaders': [
'string',
]
},
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedLatticeResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointManagedResources': [
{
'domain': 'string',
'resourceGatewayArn': 'string',
'resourceAssociationArn': 'string'
},
],
'authorizationData': {
'oauth2': {
'authorizationUrl': 'string',
'userId': 'string'
}
}
}
Response Structure
(dict) --
gatewayArn (string) --
The Amazon Resource Name (ARN) of the gateway.
targetId (string) --
The unique identifier of the gateway target.
createdAt (datetime) --
The timestamp when the gateway target was created.
updatedAt (datetime) --
The timestamp when the gateway target was last updated.
status (string) --
The current status of the gateway target.
statusReasons (list) --
The reasons for the current status of the gateway target.
(string) --
name (string) --
The name of the gateway target.
description (string) --
The description of the gateway target.
targetConfiguration (dict) --
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
mcp (dict) --
The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
openApiSchema (dict) --
The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
smithyModel (dict) --
The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
lambda (dict) --
The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
lambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
toolSchema (dict) --
The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (list) --
The inline payload of the tool schema. This payload contains the schema definition directly in the request.
(dict) --
A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
name (string) --
The name of the tool. This name identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. This description provides information about the purpose and usage of the tool.
inputSchema (dict) --
The input schema for the tool. This schema defines the structure of the input that the tool accepts.
type (string) --
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
outputSchema (dict) --
The output schema for the tool. This schema defines the structure of the output that the tool produces.
type (string) --
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
mcpServer (dict) --
The MCP server specified as the gateway target.
endpoint (string) --
The endpoint for the MCP server target configuration.
mcpToolSchema (dict) --
The tool schema configuration for the MCP server target. Supported only when the credential provider is configured with an authorization code grant type. Dynamic tool discovery/synchronization will be disabled when target is configured with mcpToolSchema.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the MCP tool schema definition.
apiGateway (dict) --
The configuration for an Amazon API Gateway target.
restApiId (string) --
The ID of the API Gateway REST API.
stage (string) --
The ID of the stage of the REST API to add as a target.
apiGatewayToolConfiguration (dict) --
The configuration for defining REST API tool filters and overrides for the gateway target.
toolOverrides (list) --
A list of explicit tool definitions with optional custom names and descriptions.
(dict) --
Settings to override configurations for a tool.
name (string) --
The name of tool. Identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
path (string) --
Resource path in the REST API (e.g., /pets). Must explicitly match an existing path in the REST API.
method (string) --
The HTTP method to expose for the specified path.
toolFilters (list) --
A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
(dict) --
Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
filterPath (string) --
Resource path to match in the REST API. Supports exact paths (for example, /pets) or wildcard paths (for example, /pets/* to match all paths under /pets). Must match existing paths in the REST API.
methods (list) --
The methods to filter for.
(string) --
credentialProviderConfigurations (list) --
The credential provider configurations for the gateway target.
(dict) --
The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
credentialProviderType (string) --
The type of credential provider. This field specifies which authentication method the gateway uses.
credentialProvider (dict) --
The credential provider. This field contains the specific configuration for the credential provider type.
oauthCredentialProvider (dict) --
The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
providerArn (string) --
The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
scopes (list) --
The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
(string) --
customParameters (dict) --
The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
(string) --
(string) --
grantType (string) --
Specifies the kind of credentials to use for authorization:
CLIENT_CREDENTIALS - Authorization with a client ID and secret.
AUTHORIZATION_CODE - Authorization with a token that is specific to an individual end user.
defaultReturnUrl (string) --
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
apiKeyCredentialProvider (dict) --
The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
providerArn (string) --
The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
credentialParameterName (string) --
The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
credentialPrefix (string) --
The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
credentialLocation (string) --
The location of the API key credential. This field specifies where in the request the API key should be placed.
iamCredentialProvider (dict) --
The IAM credential provider. This provider uses IAM authentication with SigV4 signing to access the target endpoint.
service (string) --
The target Amazon Web Services service name used for SigV4 signing. This value identifies the service that the gateway authenticates with when making requests to the target endpoint.
region (string) --
The Amazon Web Services Region used for SigV4 signing. If not specified, defaults to the gateway's Region.
lastSynchronizedAt (datetime) --
The last synchronization of the target.
metadataConfiguration (dict) --
The metadata configuration for HTTP header and query parameter propagation for the retrieved gateway target.
allowedRequestHeaders (list) --
A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.
(string) --
allowedQueryParameters (list) --
A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.
(string) --
allowedResponseHeaders (list) --
A list of HTTP headers that are allowed to be propagated from the target response back to the client.
(string) --
privateEndpoint (dict) --
The private endpoint configuration for the gateway target.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedLatticeResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
privateEndpointManagedResources (list) --
The managed resources created by the gateway for private endpoint connectivity.
(dict) --
Details of a resource created and managed by the gateway for private endpoint connectivity.
domain (string) --
The domain associated with this managed resource.
resourceGatewayArn (string) --
The ARN of the VPC Lattice resource gateway created in your account.
resourceAssociationArn (string) --
The ARN of the service network resource association.
authorizationData (dict) --
OAuth2 authorization data for the gateway target. This data is returned when the target requires user authorization through an authorization code grant type.
oauth2 (dict) --
OAuth2 authorization data for the gateway target.
authorizationUrl (string) --
The URL to initiate the authorization process. This URL is provided when the OAuth2 access token requires user authorization.
userId (string) --
The user identifier associated with the OAuth2 authorization session that is defined by AgentCore Gateway.
{'items': {'status': {'CREATE_PENDING_AUTH',
'SYNCHRONIZE_PENDING_AUTH',
'UPDATE_PENDING_AUTH'}}}
Lists all targets for a specific gateway.
See also: AWS API Documentation
Request Syntax
client.list_gateway_targets(
gatewayIdentifier='string',
maxResults=123,
nextToken='string'
)
string
[REQUIRED]
The identifier of the gateway to list targets for.
integer
The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.
string
If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.
dict
Response Syntax
{
'items': [
{
'targetId': 'string',
'name': 'string',
'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED'|'SYNCHRONIZING'|'SYNCHRONIZE_UNSUCCESSFUL'|'CREATE_PENDING_AUTH'|'UPDATE_PENDING_AUTH'|'SYNCHRONIZE_PENDING_AUTH',
'description': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
items (list) --
The list of gateway target summaries.
(dict) --
Contains summary information about a gateway target. A target represents an endpoint that the gateway can connect to.
targetId (string) --
The unique identifier of the target.
name (string) --
The name of the target.
status (string) --
The current status of the target.
description (string) --
The description of the target.
createdAt (datetime) --
The timestamp when the target was created.
updatedAt (datetime) --
The timestamp when the target was last updated.
nextToken (string) --
If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.
{'targets': {'authorizationData': {'oauth2': {'authorizationUrl': 'string',
'userId': 'string'}},
'status': {'CREATE_PENDING_AUTH',
'SYNCHRONIZE_PENDING_AUTH',
'UPDATE_PENDING_AUTH'},
'targetConfiguration': {'mcp': {'mcpServer': {'mcpToolSchema': {'inlinePayload': 'string',
's3': {'bucketOwnerAccountId': 'string',
'uri': 'string'}}}}}}}
Synchronizes the gateway targets by fetching the latest tool definitions from the target endpoints.
You cannot synchronize a target that is in a pending authorization state ( CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before synchronizing.
You cannot synchronize a target that has a static tool schema ( mcpToolSchema) configured. Remove the static schema through an UpdateGatewayTarget call to enable dynamic tool synchronization.
See also: AWS API Documentation
Request Syntax
client.synchronize_gateway_targets(
gatewayIdentifier='string',
targetIdList=[
'string',
]
)
string
[REQUIRED]
The gateway Identifier.
list
[REQUIRED]
The target ID list.
(string) --
dict
Response Syntax
{
'targets': [
{
'gatewayArn': 'string',
'targetId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED'|'SYNCHRONIZING'|'SYNCHRONIZE_UNSUCCESSFUL'|'CREATE_PENDING_AUTH'|'UPDATE_PENDING_AUTH'|'SYNCHRONIZE_PENDING_AUTH',
'statusReasons': [
'string',
],
'name': 'string',
'description': 'string',
'targetConfiguration': {
'mcp': {
'openApiSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'smithyModel': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'lambda': {
'lambdaArn': 'string',
'toolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': [
{
'name': 'string',
'description': 'string',
'inputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
},
'outputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
}
},
]
}
},
'mcpServer': {
'endpoint': 'string',
'mcpToolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
}
},
'apiGateway': {
'restApiId': 'string',
'stage': 'string',
'apiGatewayToolConfiguration': {
'toolOverrides': [
{
'name': 'string',
'description': 'string',
'path': 'string',
'method': 'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST'
},
],
'toolFilters': [
{
'filterPath': 'string',
'methods': [
'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST',
]
},
]
}
}
}
},
'credentialProviderConfigurations': [
{
'credentialProviderType': 'GATEWAY_IAM_ROLE'|'OAUTH'|'API_KEY',
'credentialProvider': {
'oauthCredentialProvider': {
'providerArn': 'string',
'scopes': [
'string',
],
'customParameters': {
'string': 'string'
},
'grantType': 'CLIENT_CREDENTIALS'|'AUTHORIZATION_CODE',
'defaultReturnUrl': 'string'
},
'apiKeyCredentialProvider': {
'providerArn': 'string',
'credentialParameterName': 'string',
'credentialPrefix': 'string',
'credentialLocation': 'HEADER'|'QUERY_PARAMETER'
},
'iamCredentialProvider': {
'service': 'string',
'region': 'string'
}
}
},
],
'lastSynchronizedAt': datetime(2015, 1, 1),
'metadataConfiguration': {
'allowedRequestHeaders': [
'string',
],
'allowedQueryParameters': [
'string',
],
'allowedResponseHeaders': [
'string',
]
},
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedLatticeResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointManagedResources': [
{
'domain': 'string',
'resourceGatewayArn': 'string',
'resourceAssociationArn': 'string'
},
],
'authorizationData': {
'oauth2': {
'authorizationUrl': 'string',
'userId': 'string'
}
}
},
]
}
Response Structure
(dict) --
targets (list) --
The gateway targets for synchronization.
(dict) --
The gateway target.
gatewayArn (string) --
The Amazon Resource Name (ARN) of the gateway target.
targetId (string) --
The target ID.
createdAt (datetime) --
The date and time at which the target was created.
updatedAt (datetime) --
The date and time at which the target was updated.
status (string) --
The status of the gateway target.
statusReasons (list) --
The status reasons for the target status.
(string) --
name (string) --
The name of the gateway target.
description (string) --
The description for the gateway target.
targetConfiguration (dict) --
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
mcp (dict) --
The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
openApiSchema (dict) --
The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
smithyModel (dict) --
The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
lambda (dict) --
The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
lambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
toolSchema (dict) --
The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (list) --
The inline payload of the tool schema. This payload contains the schema definition directly in the request.
(dict) --
A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
name (string) --
The name of the tool. This name identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. This description provides information about the purpose and usage of the tool.
inputSchema (dict) --
The input schema for the tool. This schema defines the structure of the input that the tool accepts.
type (string) --
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
outputSchema (dict) --
The output schema for the tool. This schema defines the structure of the output that the tool produces.
type (string) --
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
mcpServer (dict) --
The MCP server specified as the gateway target.
endpoint (string) --
The endpoint for the MCP server target configuration.
mcpToolSchema (dict) --
The tool schema configuration for the MCP server target. Supported only when the credential provider is configured with an authorization code grant type. Dynamic tool discovery/synchronization will be disabled when target is configured with mcpToolSchema.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the MCP tool schema definition.
apiGateway (dict) --
The configuration for an Amazon API Gateway target.
restApiId (string) --
The ID of the API Gateway REST API.
stage (string) --
The ID of the stage of the REST API to add as a target.
apiGatewayToolConfiguration (dict) --
The configuration for defining REST API tool filters and overrides for the gateway target.
toolOverrides (list) --
A list of explicit tool definitions with optional custom names and descriptions.
(dict) --
Settings to override configurations for a tool.
name (string) --
The name of tool. Identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
path (string) --
Resource path in the REST API (e.g., /pets). Must explicitly match an existing path in the REST API.
method (string) --
The HTTP method to expose for the specified path.
toolFilters (list) --
A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
(dict) --
Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
filterPath (string) --
Resource path to match in the REST API. Supports exact paths (for example, /pets) or wildcard paths (for example, /pets/* to match all paths under /pets). Must match existing paths in the REST API.
methods (list) --
The methods to filter for.
(string) --
credentialProviderConfigurations (list) --
The provider configurations.
(dict) --
The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
credentialProviderType (string) --
The type of credential provider. This field specifies which authentication method the gateway uses.
credentialProvider (dict) --
The credential provider. This field contains the specific configuration for the credential provider type.
oauthCredentialProvider (dict) --
The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
providerArn (string) --
The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
scopes (list) --
The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
(string) --
customParameters (dict) --
The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
(string) --
(string) --
grantType (string) --
Specifies the kind of credentials to use for authorization:
CLIENT_CREDENTIALS - Authorization with a client ID and secret.
AUTHORIZATION_CODE - Authorization with a token that is specific to an individual end user.
defaultReturnUrl (string) --
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
apiKeyCredentialProvider (dict) --
The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
providerArn (string) --
The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
credentialParameterName (string) --
The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
credentialPrefix (string) --
The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
credentialLocation (string) --
The location of the API key credential. This field specifies where in the request the API key should be placed.
iamCredentialProvider (dict) --
The IAM credential provider. This provider uses IAM authentication with SigV4 signing to access the target endpoint.
service (string) --
The target Amazon Web Services service name used for SigV4 signing. This value identifies the service that the gateway authenticates with when making requests to the target endpoint.
region (string) --
The Amazon Web Services Region used for SigV4 signing. If not specified, defaults to the gateway's Region.
lastSynchronizedAt (datetime) --
The last synchronization time.
metadataConfiguration (dict) --
The metadata configuration for HTTP header and query parameter propagation to and from this gateway target.
allowedRequestHeaders (list) --
A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.
(string) --
allowedQueryParameters (list) --
A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.
(string) --
allowedResponseHeaders (list) --
A list of HTTP headers that are allowed to be propagated from the target response back to the client.
(string) --
privateEndpoint (dict) --
The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedLatticeResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
privateEndpointManagedResources (list) --
A list of managed resources created by the gateway for private endpoint connectivity. These resources are created in your account when you use a managed VPC Lattice resource configuration.
(dict) --
Details of a resource created and managed by the gateway for private endpoint connectivity.
domain (string) --
The domain associated with this managed resource.
resourceGatewayArn (string) --
The ARN of the VPC Lattice resource gateway created in your account.
resourceAssociationArn (string) --
The ARN of the service network resource association.
authorizationData (dict) --
OAuth2 authorization data for the gateway target. This data is returned when a target is configured with a credential provider with authorization code grant type and requires user federation.
oauth2 (dict) --
OAuth2 authorization data for the gateway target.
authorizationUrl (string) --
The URL to initiate the authorization process. This URL is provided when the OAuth2 access token requires user authorization.
userId (string) --
The user identifier associated with the OAuth2 authorization session that is defined by AgentCore Gateway.
{'targetConfiguration': {'mcp': {'mcpServer': {'mcpToolSchema': {'inlinePayload': 'string',
's3': {'bucketOwnerAccountId': 'string',
'uri': 'string'}}}}}}
Response {'authorizationData': {'oauth2': {'authorizationUrl': 'string',
'userId': 'string'}},
'status': {'CREATE_PENDING_AUTH',
'SYNCHRONIZE_PENDING_AUTH',
'UPDATE_PENDING_AUTH'},
'targetConfiguration': {'mcp': {'mcpServer': {'mcpToolSchema': {'inlinePayload': 'string',
's3': {'bucketOwnerAccountId': 'string',
'uri': 'string'}}}}}}
Updates an existing gateway target.
You cannot update a target that is in a pending authorization state ( CREATE_PENDING_AUTH, UPDATE_PENDING_AUTH, or SYNCHRONIZE_PENDING_AUTH). Wait for the authorization to complete or fail before updating the target.
See also: AWS API Documentation
Request Syntax
client.update_gateway_target(
gatewayIdentifier='string',
targetId='string',
name='string',
description='string',
targetConfiguration={
'mcp': {
'openApiSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'smithyModel': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'lambda': {
'lambdaArn': 'string',
'toolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': [
{
'name': 'string',
'description': 'string',
'inputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
},
'outputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
}
},
]
}
},
'mcpServer': {
'endpoint': 'string',
'mcpToolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
}
},
'apiGateway': {
'restApiId': 'string',
'stage': 'string',
'apiGatewayToolConfiguration': {
'toolOverrides': [
{
'name': 'string',
'description': 'string',
'path': 'string',
'method': 'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST'
},
],
'toolFilters': [
{
'filterPath': 'string',
'methods': [
'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST',
]
},
]
}
}
}
},
credentialProviderConfigurations=[
{
'credentialProviderType': 'GATEWAY_IAM_ROLE'|'OAUTH'|'API_KEY',
'credentialProvider': {
'oauthCredentialProvider': {
'providerArn': 'string',
'scopes': [
'string',
],
'customParameters': {
'string': 'string'
},
'grantType': 'CLIENT_CREDENTIALS'|'AUTHORIZATION_CODE',
'defaultReturnUrl': 'string'
},
'apiKeyCredentialProvider': {
'providerArn': 'string',
'credentialParameterName': 'string',
'credentialPrefix': 'string',
'credentialLocation': 'HEADER'|'QUERY_PARAMETER'
},
'iamCredentialProvider': {
'service': 'string',
'region': 'string'
}
}
},
],
metadataConfiguration={
'allowedRequestHeaders': [
'string',
],
'allowedQueryParameters': [
'string',
],
'allowedResponseHeaders': [
'string',
]
},
privateEndpoint={
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedLatticeResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
}
)
string
[REQUIRED]
The unique identifier of the gateway associated with the target.
string
[REQUIRED]
The unique identifier of the gateway target to update.
string
[REQUIRED]
The updated name for the gateway target.
string
The updated description for the gateway target.
dict
[REQUIRED]
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
mcp (dict) --
The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
openApiSchema (dict) --
The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
smithyModel (dict) --
The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
lambda (dict) --
The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
lambdaArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
toolSchema (dict) -- [REQUIRED]
The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (list) --
The inline payload of the tool schema. This payload contains the schema definition directly in the request.
(dict) --
A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
name (string) -- [REQUIRED]
The name of the tool. This name identifies the tool in the Model Context Protocol.
description (string) -- [REQUIRED]
The description of the tool. This description provides information about the purpose and usage of the tool.
inputSchema (dict) -- [REQUIRED]
The input schema for the tool. This schema defines the structure of the input that the tool accepts.
type (string) -- [REQUIRED]
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
outputSchema (dict) --
The output schema for the tool. This schema defines the structure of the output that the tool produces.
type (string) -- [REQUIRED]
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
mcpServer (dict) --
The MCP server specified as the gateway target.
endpoint (string) -- [REQUIRED]
The endpoint for the MCP server target configuration.
mcpToolSchema (dict) --
The tool schema configuration for the MCP server target. Supported only when the credential provider is configured with an authorization code grant type. Dynamic tool discovery/synchronization will be disabled when target is configured with mcpToolSchema.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the MCP tool schema definition.
apiGateway (dict) --
The configuration for an Amazon API Gateway target.
restApiId (string) -- [REQUIRED]
The ID of the API Gateway REST API.
stage (string) -- [REQUIRED]
The ID of the stage of the REST API to add as a target.
apiGatewayToolConfiguration (dict) -- [REQUIRED]
The configuration for defining REST API tool filters and overrides for the gateway target.
toolOverrides (list) --
A list of explicit tool definitions with optional custom names and descriptions.
(dict) --
Settings to override configurations for a tool.
name (string) -- [REQUIRED]
The name of tool. Identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
path (string) -- [REQUIRED]
Resource path in the REST API (e.g., /pets). Must explicitly match an existing path in the REST API.
method (string) -- [REQUIRED]
The HTTP method to expose for the specified path.
toolFilters (list) -- [REQUIRED]
A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
(dict) --
Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
filterPath (string) -- [REQUIRED]
Resource path to match in the REST API. Supports exact paths (for example, /pets) or wildcard paths (for example, /pets/* to match all paths under /pets). Must match existing paths in the REST API.
methods (list) -- [REQUIRED]
The methods to filter for.
(string) --
list
The updated credential provider configurations for the gateway target.
(dict) --
The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
credentialProviderType (string) -- [REQUIRED]
The type of credential provider. This field specifies which authentication method the gateway uses.
credentialProvider (dict) --
The credential provider. This field contains the specific configuration for the credential provider type.
oauthCredentialProvider (dict) --
The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
providerArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
scopes (list) -- [REQUIRED]
The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
(string) --
customParameters (dict) --
The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
(string) --
(string) --
grantType (string) --
Specifies the kind of credentials to use for authorization:
CLIENT_CREDENTIALS - Authorization with a client ID and secret.
AUTHORIZATION_CODE - Authorization with a token that is specific to an individual end user.
defaultReturnUrl (string) --
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
apiKeyCredentialProvider (dict) --
The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
providerArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
credentialParameterName (string) --
The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
credentialPrefix (string) --
The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
credentialLocation (string) --
The location of the API key credential. This field specifies where in the request the API key should be placed.
iamCredentialProvider (dict) --
The IAM credential provider. This provider uses IAM authentication with SigV4 signing to access the target endpoint.
service (string) -- [REQUIRED]
The target Amazon Web Services service name used for SigV4 signing. This value identifies the service that the gateway authenticates with when making requests to the target endpoint.
region (string) --
The Amazon Web Services Region used for SigV4 signing. If not specified, defaults to the gateway's Region.
dict
Configuration for HTTP header and query parameter propagation to the gateway target.
allowedRequestHeaders (list) --
A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.
(string) --
allowedQueryParameters (list) --
A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.
(string) --
allowedResponseHeaders (list) --
A list of HTTP headers that are allowed to be propagated from the target response back to the client.
(string) --
dict
The private endpoint configuration for the gateway target. Use this to connect the gateway to private resources in your VPC.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedLatticeResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) -- [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) -- [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) -- [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
dict
Response Syntax
{
'gatewayArn': 'string',
'targetId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'status': 'CREATING'|'UPDATING'|'UPDATE_UNSUCCESSFUL'|'DELETING'|'READY'|'FAILED'|'SYNCHRONIZING'|'SYNCHRONIZE_UNSUCCESSFUL'|'CREATE_PENDING_AUTH'|'UPDATE_PENDING_AUTH'|'SYNCHRONIZE_PENDING_AUTH',
'statusReasons': [
'string',
],
'name': 'string',
'description': 'string',
'targetConfiguration': {
'mcp': {
'openApiSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'smithyModel': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
},
'lambda': {
'lambdaArn': 'string',
'toolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': [
{
'name': 'string',
'description': 'string',
'inputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
},
'outputSchema': {
'type': 'string'|'number'|'object'|'array'|'boolean'|'integer',
'properties': {
'string': {'... recursive ...'}
},
'required': [
'string',
],
'items': {'... recursive ...'},
'description': 'string'
}
},
]
}
},
'mcpServer': {
'endpoint': 'string',
'mcpToolSchema': {
's3': {
'uri': 'string',
'bucketOwnerAccountId': 'string'
},
'inlinePayload': 'string'
}
},
'apiGateway': {
'restApiId': 'string',
'stage': 'string',
'apiGatewayToolConfiguration': {
'toolOverrides': [
{
'name': 'string',
'description': 'string',
'path': 'string',
'method': 'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST'
},
],
'toolFilters': [
{
'filterPath': 'string',
'methods': [
'GET'|'DELETE'|'HEAD'|'OPTIONS'|'PATCH'|'PUT'|'POST',
]
},
]
}
}
}
},
'credentialProviderConfigurations': [
{
'credentialProviderType': 'GATEWAY_IAM_ROLE'|'OAUTH'|'API_KEY',
'credentialProvider': {
'oauthCredentialProvider': {
'providerArn': 'string',
'scopes': [
'string',
],
'customParameters': {
'string': 'string'
},
'grantType': 'CLIENT_CREDENTIALS'|'AUTHORIZATION_CODE',
'defaultReturnUrl': 'string'
},
'apiKeyCredentialProvider': {
'providerArn': 'string',
'credentialParameterName': 'string',
'credentialPrefix': 'string',
'credentialLocation': 'HEADER'|'QUERY_PARAMETER'
},
'iamCredentialProvider': {
'service': 'string',
'region': 'string'
}
}
},
],
'lastSynchronizedAt': datetime(2015, 1, 1),
'metadataConfiguration': {
'allowedRequestHeaders': [
'string',
],
'allowedQueryParameters': [
'string',
],
'allowedResponseHeaders': [
'string',
]
},
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedLatticeResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointManagedResources': [
{
'domain': 'string',
'resourceGatewayArn': 'string',
'resourceAssociationArn': 'string'
},
],
'authorizationData': {
'oauth2': {
'authorizationUrl': 'string',
'userId': 'string'
}
}
}
Response Structure
(dict) --
gatewayArn (string) --
The Amazon Resource Name (ARN) of the gateway.
targetId (string) --
The unique identifier of the updated gateway target.
createdAt (datetime) --
The timestamp when the gateway target was created.
updatedAt (datetime) --
The timestamp when the gateway target was last updated.
status (string) --
The current status of the updated gateway target.
statusReasons (list) --
The reasons for the current status of the updated gateway target.
(string) --
name (string) --
The updated name of the gateway target.
description (string) --
The updated description of the gateway target.
targetConfiguration (dict) --
The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.
mcp (dict) --
The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.
openApiSchema (dict) --
The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
smithyModel (dict) --
The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.
s3 (dict) --
The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the API schema definition.
lambda (dict) --
The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.
lambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.
toolSchema (dict) --
The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (list) --
The inline payload of the tool schema. This payload contains the schema definition directly in the request.
(dict) --
A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.
name (string) --
The name of the tool. This name identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. This description provides information about the purpose and usage of the tool.
inputSchema (dict) --
The input schema for the tool. This schema defines the structure of the input that the tool accepts.
type (string) --
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
outputSchema (dict) --
The output schema for the tool. This schema defines the structure of the output that the tool produces.
type (string) --
The type of the schema definition. This field specifies the data type of the schema.
properties (dict) --
The properties of the schema definition. These properties define the fields in the schema.
(string) --
(dict) --
A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.
required (list) --
The required fields in the schema definition. These fields must be provided when using the schema.
(string) --
items (dict) --
The items in the schema definition. This field is used for array types to define the structure of the array elements.
description (string) --
The description of the schema definition. This description provides information about the purpose and usage of the schema.
mcpServer (dict) --
The MCP server specified as the gateway target.
endpoint (string) --
The endpoint for the MCP server target configuration.
mcpToolSchema (dict) --
The tool schema configuration for the MCP server target. Supported only when the credential provider is configured with an authorization code grant type. Dynamic tool discovery/synchronization will be disabled when target is configured with mcpToolSchema.
s3 (dict) --
The Amazon S3 location of the tool schema. This location contains the schema definition file.
uri (string) --
The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.
bucketOwnerAccountId (string) --
The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.
inlinePayload (string) --
The inline payload containing the MCP tool schema definition.
apiGateway (dict) --
The configuration for an Amazon API Gateway target.
restApiId (string) --
The ID of the API Gateway REST API.
stage (string) --
The ID of the stage of the REST API to add as a target.
apiGatewayToolConfiguration (dict) --
The configuration for defining REST API tool filters and overrides for the gateway target.
toolOverrides (list) --
A list of explicit tool definitions with optional custom names and descriptions.
(dict) --
Settings to override configurations for a tool.
name (string) --
The name of tool. Identifies the tool in the Model Context Protocol.
description (string) --
The description of the tool. Provides information about the purpose and usage of the tool. If not provided, uses the description from the API's OpenAPI specification.
path (string) --
Resource path in the REST API (e.g., /pets). Must explicitly match an existing path in the REST API.
method (string) --
The HTTP method to expose for the specified path.
toolFilters (list) --
A list of path and method patterns to expose as tools using metadata from the REST API's OpenAPI specification.
(dict) --
Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.
filterPath (string) --
Resource path to match in the REST API. Supports exact paths (for example, /pets) or wildcard paths (for example, /pets/* to match all paths under /pets). Must match existing paths in the REST API.
methods (list) --
The methods to filter for.
(string) --
credentialProviderConfigurations (list) --
The updated credential provider configurations for the gateway target.
(dict) --
The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.
credentialProviderType (string) --
The type of credential provider. This field specifies which authentication method the gateway uses.
credentialProvider (dict) --
The credential provider. This field contains the specific configuration for the credential provider type.
oauthCredentialProvider (dict) --
The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.
providerArn (string) --
The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.
scopes (list) --
The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
(string) --
customParameters (dict) --
The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.
(string) --
(string) --
grantType (string) --
Specifies the kind of credentials to use for authorization:
CLIENT_CREDENTIALS - Authorization with a client ID and secret.
AUTHORIZATION_CODE - Authorization with a token that is specific to an individual end user.
defaultReturnUrl (string) --
The URL where the end user's browser is redirected after obtaining the authorization code. Generally points to the customer's application.
apiKeyCredentialProvider (dict) --
The API key credential provider. This provider uses an API key to authenticate with the target endpoint.
providerArn (string) --
The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.
credentialParameterName (string) --
The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.
credentialPrefix (string) --
The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.
credentialLocation (string) --
The location of the API key credential. This field specifies where in the request the API key should be placed.
iamCredentialProvider (dict) --
The IAM credential provider. This provider uses IAM authentication with SigV4 signing to access the target endpoint.
service (string) --
The target Amazon Web Services service name used for SigV4 signing. This value identifies the service that the gateway authenticates with when making requests to the target endpoint.
region (string) --
The Amazon Web Services Region used for SigV4 signing. If not specified, defaults to the gateway's Region.
lastSynchronizedAt (datetime) --
The date and time at which the targets were last synchronized.
metadataConfiguration (dict) --
The metadata configuration that was applied to the gateway target.
allowedRequestHeaders (list) --
A list of HTTP headers that are allowed to be propagated from incoming client requests to the target.
(string) --
allowedQueryParameters (list) --
A list of URL query parameters that are allowed to be propagated from incoming gateway URL to the target.
(string) --
allowedResponseHeaders (list) --
A list of HTTP headers that are allowed to be propagated from the target response back to the client.
(string) --
privateEndpoint (dict) --
The private endpoint configuration for the gateway target.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedLatticeResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
privateEndpointManagedResources (list) --
The managed resources created by the gateway for private endpoint connectivity.
(dict) --
Details of a resource created and managed by the gateway for private endpoint connectivity.
domain (string) --
The domain associated with this managed resource.
resourceGatewayArn (string) --
The ARN of the VPC Lattice resource gateway created in your account.
resourceAssociationArn (string) --
The ARN of the service network resource association.
authorizationData (dict) --
OAuth2 authorization data for the updated gateway target. This data is returned when the target requires user authorization through an authorization code grant type.
oauth2 (dict) --
OAuth2 authorization data for the gateway target.
authorizationUrl (string) --
The URL to initiate the authorization process. This URL is provided when the OAuth2 access token requires user authorization.
userId (string) --
The user identifier associated with the OAuth2 authorization session that is defined by AgentCore Gateway.