AWS bedrock-agentcore high security documentation change
Summary
Removed IAM policy example for Code Interpreter session management
Security assessment
Deleted policy defined granular permissions for code execution environments. Removal eliminates guidance for least-privilege access to code interpreter operations, increasing risk of unauthorized code execution.
Diff
diff --git a/bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md b/bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md index 50f1104f3..b20d9a48c 100644 --- a//bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md +++ b//bedrock-agentcore/latest/devguide/code-interpreter-resource-session-management.md @@ -17,30 +16,0 @@ The following IAM policy provides the necessary permissions for using the AgentC -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "bedrock-agentcore:CreateCodeInterpreter", - "bedrock-agentcore:StartCodeInterpreterSession", - "bedrock-agentcore:InvokeCodeInterpreter", - "bedrock-agentcore:StopCodeInterpreterSession", - "bedrock-agentcore:DeleteCodeInterpreter", - "bedrock-agentcore:ListCodeInterpreters", - "bedrock-agentcore:GetCodeInterpreter", - "bedrock-agentcore:GetCodeInterpreterSession", - "bedrock-agentcore:ListCodeInterpreterSessions" - ], - "Resource": "arn:aws:bedrock-agentcore:*" - } - ] - } - - -