AWS bedrock-agentcore documentation change
Summary
Added documentation about Service-Linked Role requirement for OAuth authentication starting October 2025
Security assessment
Documents a security-related feature (Service-Linked Role) but does not indicate a security vulnerability being fixed. The change introduces future security posture improvements through automated permissions management.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-mcp.md b/bedrock-agentcore/latest/devguide/runtime-mcp.md index 2da469951..a9ed0a0c2 100644 --- a//bedrock-agentcore/latest/devguide/runtime-mcp.md +++ b//bedrock-agentcore/latest/devguide/runtime-mcp.md @@ -186,0 +187,4 @@ Before configuring your deployment, you need to set up a Cognito user pool for a +###### Service-Linked Role for Authentication + +Starting **October 7, 2025** , Amazon Bedrock AgentCore uses a Service-Linked Role for workload identity permissions when using OAuth authentication. For detailed information about this change, see [Identity service-linked role](./service-linked-roles.html#identity-service-linked-role). + @@ -290,0 +295,4 @@ Run the script using the command `source setup_cognito.sh`. +###### Note + +For detailed OAuth authentication setup and Service-Linked Role information, see [Authenticate and authorize with Inbound Auth and Outbound Auth](./runtime-oauth.html). +