AWS Security ChangesHomeSearch

AWS bedrock-agentcore high security documentation change

Service: bedrock-agentcore · 2025-08-28 · Security-related high

File: bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md

Summary

Removed IAM policy example for Code Interpreter session management

Security assessment

Deleted policy defined granular permissions for code execution environments. Removal eliminates guidance for least-privilege access to code interpreter operations, increasing risk of unauthorized code execution.

Diff

diff --git a/bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md b/bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md
index 50f1104f3..b20d9a48c 100644
--- a//bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md
+++ b//bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md
@@ -17,30 +16,0 @@ The following IAM policy provides the necessary permissions for using the AgentC
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "bedrock-agentcore:CreateCodeInterpreter",
-                    "bedrock-agentcore:StartCodeInterpreterSession",
-                    "bedrock-agentcore:InvokeCodeInterpreter",
-                    "bedrock-agentcore:StopCodeInterpreterSession",
-                    "bedrock-agentcore:DeleteCodeInterpreter",
-                    "bedrock-agentcore:ListCodeInterpreters",
-                    "bedrock-agentcore:GetCodeInterpreter",
-                    "bedrock-agentcore:GetCodeInterpreterSession",
-                    "bedrock-agentcore:ListCodeInterpreterSessions"
-                ],
-                "Resource": "arn:aws:bedrock-agentcore:*"
-            }        
-        ]
-    }
-    
-    
-