AWS Security ChangesHomeSearch

AWS bedrock-agentcore medium security documentation change

Service: bedrock-agentcore · 2025-09-28 · Security-related medium

File: bedrock-agentcore/latest/devguide/runtime-oauth.md

Summary

Added optional JWT token propagation documentation with code examples for extracting claims in agent runtime

Security assessment

The change introduces security documentation for handling JWT tokens in authorization flows. While it demonstrates token processing with signature verification disabled (relying on prior validation), this could introduce security risks if implemented without proper safeguards. The documentation adds security-relevant content about token handling.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-oauth.md b/bedrock-agentcore/latest/devguide/runtime-oauth.md
index 82053a1a5..0506f1caa 100644
--- a//bedrock-agentcore/latest/devguide/runtime-oauth.md
+++ b//bedrock-agentcore/latest/devguide/runtime-oauth.md
@@ -5 +5 @@
-JWT inbound authorization and OAuth outbound access samplePrerequisitesStep 1: Prepare your agentStep 2: Set up AWS Cognito user pool and add a userStep 3: Deploy your agentStep 4: Use bearer token to invoke your agentStep 5: Set up your agent to access tools using OAuthTroubleshooting
+JWT inbound authorization and OAuth outbound access samplePrerequisitesStep 1: Prepare your agentStep 2: Set up AWS Cognito user pool and add a userStep 3: Deploy your agentStep 4: Use bearer token to invoke your agentStep 5: Set up your agent to access tools using OAuthStep 6: (Optional) Propagate a JWT token to AgentCore RuntimeTroubleshooting
@@ -63,0 +64,2 @@ When you create a runtime with Amazon Bedrock AgentCore, a Workload Identity is
+  * Step 6: (Optional) Propagate a JWT token to AgentCore Runtime
+
@@ -501,0 +504,60 @@ AgentCore Identity Service stores the Google access token in the AgentCore Token
+## Step 6: (Optional) Propagate a JWT token to AgentCore Runtime
+
+Optionally, you can pass an Authorization header to an AgentCore Runtime to extract claims. This can be done by using the request header allowlist configuration. For more information, see [RequestHeaderConfiguration](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_RequestHeaderConfiguration.html).
+
+### Step 6.1: Modify your agent code to read headers 
+
+In this step you make changes to your agent code so that you can decode and extract claims from a JWT token using PyJWT library.
+
+###### requirements.txt
+
+Add PyJWT dependency to your requirements.txt file.
+    
+    
+    PyJWT
+
+###### agent_example.py
+
+Change your main agent code as shown in the following code. You can decode without validation since your token was already validated by AgentCore Runtime when authorization was done.
+    
+    
+    import jwt
+    import json
+    ....
+     
+    @app.entrypoint
+    def invoke(payload, context):
+        auth_header = context.request_headers.get('Authorization')
+        if not auth_header:
+            return None
+        
+        # Remove "Bearer " prefix if present
+        token = auth_header.replace('Bearer ', '') if auth_header.startswith('Bearer ') else auth_header
+        try:
+            claims = jwt.decode(token, options={"verify_signature": False})
+            app.logger.info("Claims: %s", json.dumps(claims))
+        except jwt.InvalidTokenError as e:
+            app.logger.exception("Invalid JWT token: %s", e)
+        
+        .....
+
+### Step 6.2: Create the agent with request header allowlist 
+
+Use the AgentCore starter toolkit to create the agent with request header allowlist.
+    
+    
+    agentcore configure --entrypoint agent_example.py \
+     --name hello_agent \
+    --execution-role your-execution-role-arn \
+    --disable-otel \
+    --requirements-file requirements.txt \
+    --authorizer-config "{\"customJWTAuthorizer\":{\"discoveryUrl\":\"$DISCOVERY_URL\",\"allowedClients\":[\"$CLIENT_ID\"]}}" \
+    --request-header-allowlist "Authorization"
+     
+    // now launch the agent runtime
+    agentcore launch
+
+### Step 6.3: Invoke your agent 
+
+Invoke your agent using OAuth and you should see the claims in your agent logs in CloudWatch Logs.
+