mirror of
https://github.com/awslabs/amazon-bedrock-agentcore-samples.git
synced 2025-09-08 20:50:46 +00:00
0172468fd4
- Replace all previous product references with AgentCore terminology - Add SSL certificate support to backend servers with mandatory host parameter - Update OpenAPI specs to use HTTPS with configurable domain placeholders - Add comprehensive SSL setup documentation in README - Update URLs from development to production endpoints - Add EC2 instance metadata commands for IP retrieval - Include sed command for bulk domain replacement in OpenAPI specs
5.8 KiB
5.8 KiB
Command Line Arguments Reference
This document describes all command line arguments available for the AgentCore Gateway Management Tool.
Usage
python main.py [-h] [--region REGION] [--endpoint-url ENDPOINT_URL] --role-arn ROLE_ARN --discovery-url DISCOVERY_URL
[--allowed-audience ALLOWED_AUDIENCE] [--allowed-clients ALLOWED_CLIENTS]
[--description-for-gateway DESCRIPTION] [--description-for-target DESCRIPTION]
[--search-type SEARCH_TYPE] [--protocol-version PROTOCOL_VERSION]
[--create-s3-target] [--s3-uri S3_URI] [--create-inline-target]
[--openapi-schema-file OPENAPI_SCHEMA_FILE] [--provider-arn PROVIDER_ARN]
[--save-gateway-url] [--delete-gateway-if-exists] [--output-json]
gateway_name
Required Arguments
gateway_name
- Type: String
- Description: Name for the AgentCore Gateway
AWS Configuration
--region
- Type: String
- Default: us-east-1
- Description: AWS region
--endpoint-url
- Type: String
- Default: https://bedrock-agentcore-control.us-east-1.amazonaws.com
- Description: Amazon Bedrock AgentCore Control endpoint URL
--role-arn
- Type: String
- Required: Yes
- Description: IAM Role ARN with gateway permissions
Authorization Configuration
--discovery-url
- Type: String
- Required: Yes
- Description: JWT discovery URL for authorization
--allowed-audience
- Type: String
- Default: MCPGateway
- Description: Allowed JWT audience (for Auth0/Okta)
--allowed-clients
- Type: String (comma-separated)
- Description: Allowed JWT client IDs (for Cognito)
Gateway Configuration
--description-for-gateway
- Type: String
- Default: "AgentCore Gateway created via SDK"
- Description: Gateway description
--description-for-target
- Type: String (can be specified multiple times)
- Default: "S3 target for OpenAPI schema"
- Description: Target description (can be specified multiple times for multiple targets)
--search-type
- Type: String
- Default: SEMANTIC
- Description: MCP search type
--protocol-version
- Type: String
- Default: 2025-03-26
- Description: MCP protocol version
Target Configuration
--create-s3-target
- Type: Flag
- Description: Create an S3 OpenAPI target
--s3-uri
- Type: String (can be specified multiple times)
- Description: S3 URI for OpenAPI schema (can be specified multiple times to create multiple targets)
--create-inline-target
- Type: Flag
- Description: Create an inline OpenAPI target
--openapi-schema-file
- Type: String
- Description: File containing OpenAPI schema for inline target
--provider-arn
- Type: String
- Description: OAuth credential provider ARN for targets
Output Options
--save-gateway-url
- Type: Flag
- Description: Save gateway URL to .gateway_uri file
--delete-gateway-if-exists
- Type: Flag
- Description: Delete gateway if it already exists before creating new one
--output-json
- Type: Flag
- Description: Output responses in JSON format
Examples
Create Gateway for Cognito
python main.py "CognitoGateway" \
--role-arn "arn:aws:iam::123456789012:role/TestRole" \
--discovery-url "https://cognito-idp.us-west-2.amazonaws.com/YourUserPoolId/.well-known/openid-configuration" \
--allowed-clients "your-client-id"
Create Gateway for Okta
python main.py "OktaGateway" \
--role-arn "arn:aws:iam::123456789012:role/TestRole" \
--discovery-url "https://dev-xxxxx.okta.com/oauth2/default/.well-known/openid-configuration" \
--allowed-audience "gateway123"
Create Gateway for Auth0
python main.py "Auth0Gateway" \
--role-arn "arn:aws:iam::123456789012:role/TestRole" \
--discovery-url "https://dev-xxxxx.us.auth0.com/.well-known/openid-configuration" \
--allowed-audience "gateway123"
Full Example with S3 Target
python main.py "ProductionGateway" \
--region "us-east-1" \
--role-arn "arn:aws:iam::123456789012:role/GatewayRole" \
--discovery-url "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_xxxxx/.well-known/openid-configuration" \
--allowed-audience "MCPGateway" \
--description-for-gateway "Production Gateway for API Integration" \
--create-s3-target \
--s3-uri "s3://my-bucket/openapi-spec.yaml" \
--provider-arn "arn:aws:bedrock-agentcore:us-east-1:123456789012:token-vault/default/oauth2credentialprovider/Cognito" \
--save-gateway-url \
--output-json
Create Gateway with Inline OpenAPI Target
python main.py "TestGateway" \
--role-arn "arn:aws:iam::123456789012:role/GatewayRole" \
--discovery-url "https://your-domain.auth0.com/.well-known/openid-configuration" \
--create-inline-target \
--openapi-schema-file "./schemas/hello.yaml" \
--provider-arn "arn:aws:bedrock-agentcore:us-east-1:123456789012:token-vault/default/oauth2credentialprovider/Auth0"
Create Gateway with Multiple S3 Targets
python main.py "MultiTargetGateway" \
--role-arn "arn:aws:iam::123456789012:role/GatewayRole" \
--discovery-url "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxx/.well-known/openid-configuration" \
--allowed-clients "client-id-1,client-id-2" \
--create-s3-target \
--s3-uri "s3://my-bucket/api1.yaml" \
--s3-uri "s3://my-bucket/api2.yaml" \
--s3-uri "s3://my-bucket/api3.yaml" \
--description-for-target "First API schema" \
--description-for-target "Second API schema" \
--description-for-target "Third API schema" \
--provider-arn "arn:aws:bedrock-agentcore:us-east-1:123456789012:token-vault/default/oauth2credentialprovider/Cognito" \
--save-gateway-url