You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The AgentCore control plane exposes a full GatewayRule API (CreateGatewayRule, UpdateGatewayRule, DeleteGatewayRule, GetGatewayRule, ListGatewayRules — see bedrock-agentcore-control APIs), but there is no AWS::BedrockAgentCore::GatewayRule CFN resource and no CLI primitive for it.
GatewayRules let customers express per-target / per-tool routing logic (e.g. route tool/foo to target A under condition X, target B otherwise). Today CLI customers must drop into raw AWS SDK calls or the console to manage them — there's no agentcore add gateway-rule or agentcore.json slot.
Acceptance Criteria
Confirm with the service team that GatewayRule is GA / not preview-gated for CFN.
Add a new GatewayRulePrimitive (extends BasePrimitive) under src/cli/primitives/.
Add agentcore add gateway-rule and agentcore remove gateway-rule commands wired into cli.ts and the add/remove types.
Define AgentCoreGatewayRuleSchema in src/schema/schemas/mcp.ts (or a new gateway-rule.ts) with the same fields the control-plane API takes (rule name, target reference, match conditions, priority, etc. — finalized once we have the API shape).
Since CFN does not expose GatewayRule yet, apply the rules via control-plane API calls in a post-deploy step (same pattern proposed in feat: support resource based policies. #542 for resource-based policies).
TUI screens for add/list/remove gateway rules.
When CFN ships AWS::BedrockAgentCore::GatewayRule, switch to the CDK path and deprecate the imperative one.
Additional Context
CFN support: NO — no AWS::BedrockAgentCore::GatewayRule resource as of 2026-05-21.
Control-plane: YES — full CRUD via CreateGatewayRule / UpdateGatewayRule / DeleteGatewayRule / GetGatewayRule / ListGatewayRules.
Description
The AgentCore control plane exposes a full GatewayRule API (
CreateGatewayRule,UpdateGatewayRule,DeleteGatewayRule,GetGatewayRule,ListGatewayRules— see bedrock-agentcore-control APIs), but there is noAWS::BedrockAgentCore::GatewayRuleCFN resource and no CLI primitive for it.GatewayRules let customers express per-target / per-tool routing logic (e.g. route
tool/footo target A under condition X, target B otherwise). Today CLI customers must drop into raw AWS SDK calls or the console to manage them — there's noagentcore add gateway-ruleoragentcore.jsonslot.Acceptance Criteria
GatewayRulePrimitive(extendsBasePrimitive) undersrc/cli/primitives/.agentcore add gateway-ruleandagentcore remove gateway-rulecommands wired intocli.tsand theadd/removetypes.AgentCoreGatewayRuleSchemainsrc/schema/schemas/mcp.ts(or a newgateway-rule.ts) with the same fields the control-plane API takes (rule name, target reference, match conditions, priority, etc. — finalized once we have the API shape).AWS::BedrockAgentCore::GatewayRule, switch to the CDK path and deprecate the imperative one.Additional Context
AWS::BedrockAgentCore::GatewayRuleresource as of 2026-05-21.CreateGatewayRule/UpdateGatewayRule/DeleteGatewayRule/GetGatewayRule/ListGatewayRules.aws/agentcore-l3-cdk-constructs(no construct exists yet — once CFN ships, add an L3 wrapper).