{
  "aws:requesttag/${tagkey}": {
    "key": "aws:RequestTag/${TagKey}",
    "description": "Filters access by creating requests based on the allowed set of values for each of the mandatory tags",
    "type": "String"
  },
  "aws:resourcetag/${tagkey}": {
    "key": "aws:ResourceTag/${TagKey}",
    "description": "Filters access by having actions based on the tag value associated with the resource",
    "type": "String"
  },
  "aws:tagkeys": {
    "key": "aws:TagKeys",
    "description": "Filters access by creating requests based on the presence of mandatory tags in the request",
    "type": "ArrayOfString"
  },
  "bedrock-agentcore:gatewayauthorizertype": {
    "key": "bedrock-agentcore:GatewayAuthorizerType",
    "description": "Filters access by the authorizerType attribute on a Gateway",
    "type": "String"
  },
  "bedrock-agentcore:inboundjwtclaim/aud": {
    "key": "bedrock-agentcore:InboundJwtClaim/aud",
    "description": "Filters access by the audience claim (aud) in the JWT passed in the request",
    "type": "ArrayOfString"
  },
  "bedrock-agentcore:inboundjwtclaim/client_id": {
    "key": "bedrock-agentcore:InboundJwtClaim/client_id",
    "description": "Filters access by the client_id claim in the JWT passed in the request",
    "type": "String"
  },
  "bedrock-agentcore:inboundjwtclaim/iss": {
    "key": "bedrock-agentcore:InboundJwtClaim/iss",
    "description": "Filters access by the issuer (iss) claim present in the JWT passed in the request",
    "type": "String"
  },
  "bedrock-agentcore:inboundjwtclaim/scope": {
    "key": "bedrock-agentcore:InboundJwtClaim/scope",
    "description": "Filters access by the scope claim in the JWT passed in the request",
    "type": "ArrayOfString"
  },
  "bedrock-agentcore:inboundjwtclaim/sub": {
    "key": "bedrock-agentcore:InboundJwtClaim/sub",
    "description": "Filters access by the subject claim (sub) in the JWT passed in the request",
    "type": "String"
  },
  "bedrock-agentcore:kmskeyarn": {
    "key": "bedrock-agentcore:KmsKeyArn",
    "description": "Filters access by KMS Key arn provided",
    "type": "String"
  },
  "bedrock-agentcore:runtimeauthorizertype": {
    "key": "bedrock-agentcore:RuntimeAuthorizerType",
    "description": "Filters access by the authorizer type configured for the AgentCore runtime",
    "type": "String"
  },
  "bedrock-agentcore:actorid": {
    "key": "bedrock-agentcore:actorId",
    "description": "Filters access by Actor Id",
    "type": "String"
  },
  "bedrock-agentcore:namespace": {
    "key": "bedrock-agentcore:namespace",
    "description": "Filters access by namespace",
    "type": "String"
  },
  "bedrock-agentcore:securitygroups": {
    "key": "bedrock-agentcore:securityGroups",
    "description": "Filters access by the ID of security groups configured for the AgentCore runtime",
    "type": "ArrayOfString"
  },
  "bedrock-agentcore:sessionid": {
    "key": "bedrock-agentcore:sessionId",
    "description": "Filters access by Session Id",
    "type": "String"
  },
  "bedrock-agentcore:strategyid": {
    "key": "bedrock-agentcore:strategyId",
    "description": "Filters access by Memory Strategy Id",
    "type": "String"
  },
  "bedrock-agentcore:subnets": {
    "key": "bedrock-agentcore:subnets",
    "description": "Filters access by the ID of subnets configured for the AgentCore runtime",
    "type": "ArrayOfString"
  },
  "bedrock-agentcore:userid": {
    "key": "bedrock-agentcore:userid",
    "description": "Filters access by the static user ID value passed in the request",
    "type": "String"
  }
}