Skip to content

feat(bedrock-agentcore): add grantInvokeWithWebSocketStream method to Runtime#37508

Open
mazyu36 wants to merge 3 commits intoaws:mainfrom
mazyu36:fix/issue-37495-grant-invoke-websocket-stream
Open

feat(bedrock-agentcore): add grantInvokeWithWebSocketStream method to Runtime#37508
mazyu36 wants to merge 3 commits intoaws:mainfrom
mazyu36:fix/issue-37495-grant-invoke-websocket-stream

Conversation

@mazyu36
Copy link
Copy Markdown
Contributor

@mazyu36 mazyu36 commented Apr 2, 2026
edited
Loading

Issue # (if applicable)

Closes #37495

Reason for this change

grantInvoke does not grant bedrock-agentcore:InvokeAgentRuntimeWithWebSocketStream, so roles cannot invoke AgentCore Runtimes via WebSocket stream.

Description of changes

Add two new grant methods to IBedrockAgentRuntime and RuntimeBase:

  • grantInvokeWithWebSocketStream — grants bedrock-agentcore:InvokeAgentRuntimeWithWebSocketStream
  • grantInvokeWithWebSocketStreamForUser — grants bedrock-agentcore:InvokeAgentRuntimeWithWebSocketStreamForUser

This follows the same pattern as the existing grantInvokeRuntime / grantInvokeRuntimeForUser methods, and is consistent with how CDK separates invocation channels (e.g. Lambda's grantInvoke vs grantInvokeUrl, API Gateway v2's grantManageConnections).

grantInvoke is intentionally left unchanged — users who need WebSocket stream access can call the new methods explicitly.

References:

Description of how you validated changes

  • 6 new unit tests added and passing:
    • grantInvokeWithWebSocketStream: permission grant, imported runtime, Grant object
    • grantInvokeWithWebSocketStreamForUser: permission grant, imported runtime, Grant object

Checklist

  • My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES
  • Is this a breaking change? No
  • Does this introduce a new feature? Yes — grantInvokeWithWebSocketStream and grantInvokeWithWebSocketStreamForUser

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@mazyu36
feat(bedrock-agentcore): add grantInvokeWithWebSocketStream method to…
f799300 
… Runtime

Add `grantInvokeWithWebSocketStream` to `IBedrockAgentRuntime` and `RuntimeBase`
to grant `bedrock-agentcore:InvokeAgentRuntimeWithWebSocketStream` permission,
enabling WebSocket stream invocation of AgentCore Runtimes.

Closes aws#37495
@github-actions github-actions bot added bug This issue is a bug. p2 labels Apr 2, 2026
@aws-cdk-automation aws-cdk-automation requested a review from a team April 2, 2026 12:40
@github-actions github-actions bot added the distinguished-contributor [Pilot] contributed 50+ PRs to the CDK label Apr 2, 2026
aws-cdk-automation
aws-cdk-automation requested changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter fails with the following errors:

❌ Features must contain a change to an integration test file and the resulting snapshot.

If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.

✅ A exemption request has been requested. Please wait for a maintainer's review.

@mazyu36
Copy link
Copy Markdown
Contributor Author

mazyu36 commented Apr 2, 2026
edited
Loading

Exemption Request: the change only adds a different IAM action string to an existing grant pattern.

@aws-cdk-automation aws-cdk-automation added the pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. label Apr 2, 2026
@aws-cdk-automation aws-cdk-automation added the pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. label Apr 2, 2026
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Apr 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

bug This issue is a bug. distinguished-contributor [Pilot] contributed 50+ PRs to the CDK p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(@aws-cdk/bedrock-agentcore-alpha): grantInvoke should grant invoking as a websocket

2 participants

@mazyu36 @aws-cdk-automation