AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2025-10-01 · Documentation low

File: bedrock-agentcore/latest/devguide/identity-idp-google.md

Summary

Added detailed Google OAuth2 configuration steps including redirect URI validation

Security assessment

Provides security-focused documentation for OAuth2 setup with proper redirect URI configuration and secret storage guidance, but no specific vulnerability addressed.

Diff

diff --git a/bedrock-agentcore/latest/devguide/identity-idp-google.md b/bedrock-agentcore/latest/devguide/identity-idp-google.md
index 7d3172996..720ad67ab 100644
--- a//bedrock-agentcore/latest/devguide/identity-idp-google.md
+++ b//bedrock-agentcore/latest/devguide/identity-idp-google.md
@@ -5 +5 @@
-Outbound
+Configuring a Google OAuth2 ApplicationOutbound
@@ -10,0 +11,39 @@ Amazon Bedrock AgentCore is in preview release and is subject to change.
+You can set up Google as an outbound provider using Google OAuth 2.0.
+
+## Configuring a Google OAuth2 Application
+
+###### To configure a Google OAuth2 application
+
+  1. Create a [developer account with Google](https://docs.aws.amazon.com/https://developers.google.com/identity).
+
+  2. Sign in to the [Google Cloud Platform console](https://docs.aws.amazon.com/https://console.cloud.google.com/home/dashboard).
+
+  3. From the top navigation bar, choose **Select a project**. If you already have a project in the Google platform, this menu displays your default project instead.
+
+  4. Choose **NEW PROJECT**.
+
+  5. Enter a name for your product and then choose **CREATE**.
+
+  6. On the left navigation bar, choose **APIs and Services** , and then choose **OAuth consent screen**.
+
+  7. Enter the app information, an **App domain** , **Authorized domains** , and **Developer contact information**. Your **Authorized domains** must include `bedrock-agentcore.{region}.amazonaws.com`. Choose **SAVE AND CONTINUE**.
+
+  8. Under **Scopes** , choose **Add or remove scopes** , and then choose the scopes necessary for your application.
+
+  9. Expand the left navigation bar again, choose **APIs and Services** , and then choose **Credentials**.
+
+  10. Choose **CREATE CREDENTIALS** , and then choose **OAuth client ID**.
+
+  11. Choose an **Application type** and give your client a **Name**.
+
+  12. Under **Authorized redirect URIs** , choose **ADD URI**. Enter the following:
+
+     * `https://bedrock-agentcore.{region}.amazonaws.com/identities/oauth2/callback`
+
+  13. Choose **CREATE**.
+
+  14. Securely store the values that Google displays under **Your client ID** and **Your client secret**. Provide these values to AgentCore Identity when you add a Google credential provider.
+
+
+
+