BedrockAgentCoreControl / Client / delete_policy

delete_policy

BedrockAgentCoreControl.Client.delete_policy(**kwargs)

Deletes an existing policy from the AgentCore Policy system. Once deleted, the policy can no longer be used for agent behavior control and all references to it become invalid. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.

See also: AWS API Documentation

Request Syntax

response = client.delete_policy(
    policyEngineId='string',
    policyId='string'
)
Parameters:

  • policyEngineId (string) –

    [REQUIRED]

    The identifier of the policy engine that manages the policy to be deleted. This ensures the policy is deleted from the correct policy engine context.

  • policyId (string) –

    [REQUIRED]

    The unique identifier of the policy to be deleted. This must be a valid policy ID that exists within the specified policy engine.

Return type:

dict

Returns:

Response Syntax

{
    'policyId': 'string',
    'name': 'string',
    'policyEngineId': 'string',
    'definition': {
        'cedar': {
            'statement': 'string'
        }
    },
    'description': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'policyArn': 'string',
    'status': 'CREATING'|'ACTIVE'|'UPDATING'|'DELETING'|'CREATE_FAILED'|'UPDATE_FAILED'|'DELETE_FAILED',
    'statusReasons': [
        'string',
    ]
}

Response Structure

  • (dict) –

    • policyId (string) –

      The unique identifier of the policy being deleted. This confirms which policy the deletion operation targets.

    • name (string) –

      The customer-assigned name of the deleted policy. This confirms which policy was successfully removed from the system and matches the name that was originally assigned during policy creation.

    • policyEngineId (string) –

      The identifier of the policy engine from which the policy was deleted. This confirms the policy engine context for the deletion operation.

    • definition (dict) –

      Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.

      Note

      This is a Tagged Union structure. Only one of the following top level keys will be set: cedar. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

      • cedar (dict) –

        The Cedar policy definition within the policy definition structure. This contains the Cedar policy statement that defines the authorization logic using Cedar’s human-readable, analyzable policy language. Cedar policies specify principals (who can access), actions (what operations are allowed), resources (what can be accessed), and optional conditions for fine-grained control. Cedar provides a formal policy language designed for authorization with deterministic evaluation, making policies testable, reviewable, and auditable. All Cedar policies follow a default-deny model where actions are denied unless explicitly permitted, and forbid policies always override permit policies.

        • statement (string) –

          The Cedar policy statement that defines the authorization logic. This statement follows Cedar syntax and specifies principals, actions, resources, and conditions that determine when access should be allowed or denied.

    • description (string) –

      The human-readable description of the deleted policy.

    • createdAt (datetime) –

      The timestamp when the deleted policy was originally created.

    • updatedAt (datetime) –

      The timestamp when the deleted policy was last modified before deletion. This tracks the final state of the policy before it was removed from the system.

    • policyArn (string) –

      The Amazon Resource Name (ARN) of the deleted policy. This globally unique identifier confirms which policy resource was successfully removed.

    • status (string) –

      The status of the policy deletion operation. This provides information about any issues that occurred during the deletion process.

    • statusReasons (list) –

      Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.

      • (string) –

Exceptions

  • BedrockAgentCoreControl.Client.exceptions.AccessDeniedException

  • BedrockAgentCoreControl.Client.exceptions.ConflictException

  • BedrockAgentCoreControl.Client.exceptions.ValidationException

  • BedrockAgentCoreControl.Client.exceptions.ResourceNotFoundException

  • BedrockAgentCoreControl.Client.exceptions.ThrottlingException

  • BedrockAgentCoreControl.Client.exceptions.InternalServerException