AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2025-08-28 · Documentation low

File: bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md

Summary

Removed JSON policy example for GatewayAssumeRolePolicy with sts:AssumeRole permissions and resource conditions

Security assessment

Removal of a policy example doesn't indicate a security fix. The change removes documentation about required permissions but doesn't provide evidence of addressing a vulnerability.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md b/bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md
index 0738a7bdc..7d1ec2a74 100644
--- a//bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md
+++ b//bedrock-agentcore/latest/devguide/gateway-prerequisites-permissions.md
@@ -108,31 +107,0 @@ At the very least, whatever type of target is being configured, the execution ro
-JSON
-    
-
-****
-    
-    
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Sid": "GatewayAssumeRolePolicy",
-          "Effect": "Allow",
-          "Principal": {
-            "Service": "bedrock-agentcore.amazonaws.com"
-          },
-          "Action": "sts:AssumeRole",
-          "Condition": {
-            "StringEquals": {
-              "aws:SourceAccount": "{{accountId}}"
-            },
-            "ArnLike": {
-              "aws:SourceArn": "arn:aws:bedrock-agentcore:{{region}}:{{accountId}}:gateway/{{gatewayName}}-*"
-            }
-          }
-        }
-      ]
-    }
-          
-    
-