AWS Security ChangesHomeSearch

AWS bedrock-agentcore medium security documentation change

Service: bedrock-agentcore · 2025-08-10 · Security-related medium

File: bedrock-agentcore/latest/devguide/identity-outbound-credential-provider.md

Summary

Removed statement about automatic credential lifecycle management including proactive token refresh

Security assessment

Removal of documentation about proactive token refresh could indicate a security-impacting change in credential management capabilities, potentially affecting token expiration handling

Diff

diff --git a/bedrock-agentcore/latest/devguide/identity-outbound-credential-provider.md b/bedrock-agentcore/latest/devguide/identity-outbound-credential-provider.md
index 0f52f7847..c2fb0fb84 100644
--- a//bedrock-agentcore/latest/devguide/identity-outbound-credential-provider.md
+++ b//bedrock-agentcore/latest/devguide/identity-outbound-credential-provider.md
@@ -11 +11 @@ Credential management is a core feature of Amazon Bedrock AgentCore Identity tha
-The credential management system supports multiple credential types including OAuth2 access tokens, API keys, client certificates, SAML assertions, and custom authentication tokens. Each credential type has specific handling requirements for storage encryption and access patterns. The system automatically manages credential lifecycles, including proactive refresh of expiring tokens. All credential operations are logged and audited to provide complete visibility into credential usage and access patterns.
+The credential management system supports multiple credential types including OAuth2 access tokens, API keys, client certificates, SAML assertions, and custom authentication tokens. Each credential type has specific handling requirements for storage encryption and access patterns. All credential operations are logged and audited to provide complete visibility into credential usage and access patterns.