AWS Security ChangesHomeSearch

AWS bedrock-agentcore medium security documentation change

Service: bedrock-agentcore · 2025-08-28 · Security-related medium

File: bedrock-agentcore/latest/devguide/browser-observability.md

Summary

Removed IAM trust policy example for Bedrock AgentCore Browser observability role

Security assessment

Deleted policy enforced source account/ARN validation for service principal assumption. Removal eliminates guidance for proper role delegation security, potentially allowing broader role assumption if not properly configured.

Diff

diff --git a/bedrock-agentcore/latest/devguide/browser-observability.md b/bedrock-agentcore/latest/devguide/browser-observability.md
index 0f2b3b631..e4bd5095e 100644
--- a//bedrock-agentcore/latest/devguide/browser-observability.md
+++ b//bedrock-agentcore/latest/devguide/browser-observability.md
@@ -96,28 +95,0 @@ Following is the trust policy for the role ARN.
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [{
-            "Sid": "BedrockAgentCoreBuiltInTools",
-            "Effect": "Allow",
-            "Principal": {
-                "Service": "bedrock-agentcore.amazonaws.com"
-            },
-            "Action": "sts:AssumeRole",
-            "Condition": {
-                "StringEquals": {
-                    "aws:SourceAccount": "{{accountId}}"
-                },
-                "ArnLike": {
-                    "aws:SourceArn": "arn:aws:bedrock-agentcore:{{region}}:{{accountId}}:*"
-                }
-            }
-        }]
-    }
-    
-