AWS cli documentation change
Summary
Added AWS_IAM authorization type, clarified CUSTOM_JWT requirements, and made authorizer-configuration conditional based on authorizerType
Security assessment
The documentation now explicitly describes AWS_IAM authentication as an option and clarifies security requirements for JWT configurations. While this improves security documentation, there's no evidence it addresses a specific existing vulnerability. The changes enhance authentication guidance but don't reference patching a known issue.
Diff
diff --git a/cli/latest/reference/bedrock-agentcore-control/create-gateway.md b/cli/latest/reference/bedrock-agentcore-control/create-gateway.md index 4c9403150..f6dfbde2a 100644 --- a//cli/latest/reference/bedrock-agentcore-control/create-gateway.md +++ b//cli/latest/reference/bedrock-agentcore-control/create-gateway.md @@ -15 +15 @@ - * [AWS CLI 2.31.10 Command Reference](../../index.html) » + * [AWS CLI 2.31.13 Command Reference](../../index.html) » @@ -61 +61 @@ Creates a gateway for Amazon Bedrock Agent. A gateway serves as an integration p -To create a gateway, you must specify a name, protocol type, and IAM role. The role grants the gateway permission to access Amazon Web Services services and resources. +If you specify `CUSTOM_JWT` as the `authorizerType` , you must provide an `authorizerConfiguration` . @@ -76 +76 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc - --authorizer-configuration <value> + [--authorizer-configuration <value>] @@ -127 +127 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc -> A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, the service ignores the request, but does not return an error. For more information, see [Ensuring idempotency](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html) . +> A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don’t specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn’t return an error. For more information, see [Ensuring idempotency](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html) . @@ -218,0 +219,5 @@ JSON Syntax: +> +> * `CUSTOM_JWT` \- Authorize with a bearer token. +> * `AWS_IAM` \- Authorize with your Amazon Web Services IAM credentials. +> + @@ -222,0 +228 @@ JSON Syntax: +> * `AWS_IAM` @@ -226 +232 @@ JSON Syntax: -`--authorizer-configuration` (tagged union structure) [required] +`--authorizer-configuration` (tagged union structure) @@ -228 +234 @@ JSON Syntax: -> The authorizer configuration for the gateway. +> The authorizer configuration for the gateway. Required if `authorizerType` is `CUSTOM_JWT` . @@ -622,0 +629 @@ authorizerType -> (string) +> * `AWS_IAM` @@ -724 +731 @@ exceptionLevel -> (string) - * [AWS CLI 2.31.10 Command Reference](../../index.html) » + * [AWS CLI 2.31.13 Command Reference](../../index.html) »