AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-10-13 · Documentation medium

File: cli/latest/reference/bedrock-agentcore-control/create-gateway.md

Summary

Added AWS_IAM authorization type, clarified CUSTOM_JWT requirements, and made authorizer-configuration conditional based on authorizerType

Security assessment

The documentation now explicitly describes AWS_IAM authentication as an option and clarifies security requirements for JWT configurations. While this improves security documentation, there's no evidence it addresses a specific existing vulnerability. The changes enhance authentication guidance but don't reference patching a known issue.

Diff

diff --git a/cli/latest/reference/bedrock-agentcore-control/create-gateway.md b/cli/latest/reference/bedrock-agentcore-control/create-gateway.md
index 4c9403150..f6dfbde2a 100644
--- a//cli/latest/reference/bedrock-agentcore-control/create-gateway.md
+++ b//cli/latest/reference/bedrock-agentcore-control/create-gateway.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.10 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.13 Command Reference](../../index.html) »
@@ -61 +61 @@ Creates a gateway for Amazon Bedrock Agent. A gateway serves as an integration p
-To create a gateway, you must specify a name, protocol type, and IAM role. The role grants the gateway permission to access Amazon Web Services services and resources.
+If you specify `CUSTOM_JWT` as the `authorizerType` , you must provide an `authorizerConfiguration` .
@@ -76 +76 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
-    --authorizer-configuration <value>
+    [--authorizer-configuration <value>]
@@ -127 +127 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
-> A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, the service ignores the request, but does not return an error. For more information, see [Ensuring idempotency](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html) .
+> A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don’t specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn’t return an error. For more information, see [Ensuring idempotency](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html) .
@@ -218,0 +219,5 @@ JSON Syntax:
+> 
+>   * `CUSTOM_JWT` \- Authorize with a bearer token.
+>   * `AWS_IAM` \- Authorize with your Amazon Web Services IAM credentials.
+> 
+
@@ -222,0 +228 @@ JSON Syntax:
+>   * `AWS_IAM`
@@ -226 +232 @@ JSON Syntax:
-`--authorizer-configuration` (tagged union structure) [required]
+`--authorizer-configuration` (tagged union structure)
@@ -228 +234 @@ JSON Syntax:
-> The authorizer configuration for the gateway.
+> The authorizer configuration for the gateway. Required if `authorizerType` is `CUSTOM_JWT` .
@@ -622,0 +629 @@ authorizerType -> (string)
+>   * `AWS_IAM`
@@ -724 +731 @@ exceptionLevel -> (string)
-  * [AWS CLI 2.31.10 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.13 Command Reference](../../index.html) »