AWS bedrock-agentcore documentation change
Summary
Removed JSON policy example for GatewayAssumeRolePolicy with sts:AssumeRole permissions and resource conditions
Security assessment
Removal of a policy example doesn't indicate a security fix. The change removes documentation about required permissions but doesn't provide evidence of addressing a vulnerability.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md b/bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md index 0738a7bdc..7d1ec2a74 100644 --- a//bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md +++ b//bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md @@ -108,31 +107,0 @@ At the very least, whatever type of target is being configured, the execution ro -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "GatewayAssumeRolePolicy", - "Effect": "Allow", - "Principal": { - "Service": "bedrock-agentcore.amazonaws.com" - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "{{accountId}}" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:bedrock-agentcore:{{region}}:{{accountId}}:gateway/{{gatewayName}}-*" - } - } - } - ] - } - - -