Description
AWS::BedrockAgentCore::GatewayTarget.MetadataConfiguration exposes three properties for HTTP header / query-parameter propagation that the CLI does not surface:
AllowedRequestHeaders — Array of String — headers propagated from MCP client → upstream target.AllowedResponseHeaders — Array of String — headers propagated from upstream → MCP client.AllowedQueryParameters — Array of String — query params propagated end-to-end.
Source: MetadataConfiguration CFN docs.
CFN splits headers into request / response (unlike the data-plane API which uses a single allowedHeaders). The CLI's AgentCoreGatewayTargetSchema (src/schema/schemas/mcp.ts:339–546) has no metadataConfiguration block, and the L3 construct (@aws/agentcore-cdk — src/cdk/constructs/components/mcp/Gateway.ts) does not pass anything through.
This is the GatewayTarget counterpart to the existing requestHeaderAllowlist plumbing on Runtime (agent-env.ts:123–163) — same shape can be reused.
Acceptance Criteria
Additional Context
- CFN support: YES —
GatewayTarget.MetadataConfiguration (all three fields).
- L3 gap: yes —
@aws/agentcore-cdk GatewayTarget construct needs corresponding plumbing.
- Naming nuance: CFN splits
Request / Response headers; users will likely ask for a single "allowed headers" surface — keep both for parity with CFN, but document the distinction.
- Reuse the validator from
agent-env.ts:123–163 for header name format.
Description
AWS::BedrockAgentCore::GatewayTarget.MetadataConfigurationexposes three properties for HTTP header / query-parameter propagation that the CLI does not surface:AllowedRequestHeaders— Array of String — headers propagated from MCP client → upstream target.AllowedResponseHeaders— Array of String — headers propagated from upstream → MCP client.AllowedQueryParameters— Array of String — query params propagated end-to-end.Source: MetadataConfiguration CFN docs.
CFN splits headers into request / response (unlike the data-plane API which uses a single
allowedHeaders). The CLI'sAgentCoreGatewayTargetSchema(src/schema/schemas/mcp.ts:339–546) has nometadataConfigurationblock, and the L3 construct (@aws/agentcore-cdk—src/cdk/constructs/components/mcp/Gateway.ts) does not pass anything through.This is the GatewayTarget counterpart to the existing
requestHeaderAllowlistplumbing on Runtime (agent-env.ts:123–163) — same shape can be reused.Acceptance Criteria
metadataConfigurationblock toAgentCoreGatewayTargetSchema:allowedRequestHeaders?: string[]allowedResponseHeaders?: string[]allowedQueryParameters?: string[]--allowed-request-headers,--allowed-response-headers,--allowed-query-parameters(each repeatable or comma-separated).AddGatewayTargetFlow.tsx.CfnGatewayTarget.MetadataConfiguration.{AllowedRequestHeaders, AllowedResponseHeaders, AllowedQueryParameters}in the L3 construct.x-amz-*,x-amzn-*) consistent with Runtime allowlist validation.Additional Context
GatewayTarget.MetadataConfiguration(all three fields).@aws/agentcore-cdkGatewayTarget construct needs corresponding plumbing.Request/Responseheaders; users will likely ask for a single "allowed headers" surface — keep both for parity with CFN, but document the distinction.agent-env.ts:123–163for header name format.