AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2025-10-13 · Documentation low

File: bedrock-agentcore/latest/devguide/runtime-mcp.md

Summary

Added documentation about Service-Linked Role requirement for OAuth authentication starting October 2025

Security assessment

Documents a security-related feature (Service-Linked Role) but does not indicate a security vulnerability being fixed. The change introduces future security posture improvements through automated permissions management.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-mcp.md b/bedrock-agentcore/latest/devguide/runtime-mcp.md
index 2da469951..a9ed0a0c2 100644
--- a//bedrock-agentcore/latest/devguide/runtime-mcp.md
+++ b//bedrock-agentcore/latest/devguide/runtime-mcp.md
@@ -186,0 +187,4 @@ Before configuring your deployment, you need to set up a Cognito user pool for a
+###### Service-Linked Role for Authentication
+
+Starting **October 7, 2025** , Amazon Bedrock AgentCore uses a Service-Linked Role for workload identity permissions when using OAuth authentication. For detailed information about this change, see [Identity service-linked role](./service-linked-roles.html#identity-service-linked-role).
+
@@ -290,0 +295,4 @@ Run the script using the command `source setup_cognito.sh`.
+###### Note
+
+For detailed OAuth authentication setup and Service-Linked Role information, see [Authenticate and authorize with Inbound Auth and Outbound Auth](./runtime-oauth.html).
+