AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2025-10-16 · Documentation medium

File: bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md

Summary

Added Memory and Identity resource endpoint policies, expanded data plane operation details, and updated terminology to AWS PrivateLink

Security assessment

The changes document granular VPC endpoint policies for Memory operations and Identity resources, which are security controls. However, there is no evidence these changes address an active security issue.

Diff

diff --git a/bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md b/bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md
index 0226fd9ba..026ca482d 100644
--- a//bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md
+++ b//bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md
@@ -7,2 +6,0 @@ ConsiderationsCreate an interface endpointCreate an endpoint policy
-Amazon Bedrock AgentCore is in preview release and is subject to change. 
-
@@ -23 +21 @@ AgentCore supports the following through interface endpoints:
-  * Data plane operations (runtime APIs)
+  * Data plane operations (AgentCore Runtime and AgentCore Memory operations)
@@ -32 +30 @@ AgentCore supports the following through interface endpoints:
-Privatelink is currently not supported for Amazon Bedrock AgentCore control plane endpoints.
+AWS PrivateLink is currently not supported for Amazon Bedrock AgentCore control plane endpoints.
@@ -162,0 +161,87 @@ The following endpoint policy allows specific IAM principals to invoke Code Inte
+Memory
+    
+
+###### All data plane operations
+
+The following endpoint policy allows specific IAM principals to access us-east-1 data plane operations for a specific AgentCore Memory.
+    
+    
+    {
+       "Statement": [
+          {
+             "Effect": "Allow",
+             "Principal": {
+                "AWS": "arn:aws::iam::ACCOUNT_ID:root"
+             },
+             "Action": [
+                "bedrock-agentcore:CreateEvent",
+                "bedrock-agentcore:DeleteEvent",
+                "bedrock-agentcore:GetEvent",
+                "bedrock-agentcore:ListEvents",
+                "bedrock-agentcore:DeleteMemoryRecord",
+                "bedrock-agentcore:GetMemoryRecord",
+                "bedrock-agentcore:ListMemoryRecords",
+                "bedrock-agentcore:RetrieveMemoryRecords",
+                "bedrock-agentcore:ListActors",
+                "bedrock-agentcore:ListSessions",
+                "bedrock-agentcore:BatchCreateMemoryRecords",
+                "bedrock-agentcore:BatchDeleteMemoryRecords",
+                "bedrock-agentcore:BatchUpdateMemoryRecords"
+             ],
+             "Resource": "arn:aws::bedrock-agentcore:us-east-1:ACCOUNT_ID:memory/MEMORY_ID"
+          }
+       ]
+    }
+
+###### Access to all memories
+
+The following endpoint policy allows specific IAM principals access to all memories. 
+    
+    
+    {
+       "Statement": [
+          {
+             "Effect": "Allow",
+             "Principal": {
+                "AWS": "arn:aws::iam::ACCOUNT_ID:root"
+             },
+             "Action": [
+                "bedrock-agentcore:CreateEvent",
+                "bedrock-agentcore:DeleteEvent",
+                "bedrock-agentcore:GetEvent",
+                "bedrock-agentcore:ListEvents",
+                "bedrock-agentcore:DeleteMemoryRecord",
+                "bedrock-agentcore:GetMemoryRecord",
+                "bedrock-agentcore:ListMemoryRecords",
+                "bedrock-agentcore:RetrieveMemoryRecords",
+                "bedrock-agentcore:ListActors",
+                "bedrock-agentcore:ListSessions",
+                "bedrock-agentcore:BatchCreateMemoryRecords",
+                "bedrock-agentcore:BatchDeleteMemoryRecords",
+                "bedrock-agentcore:BatchUpdateMemoryRecords"
+             ],
+             "Resource": "arn:aws::bedrock-agentcore:us-east-1:ACCOUNT_ID:memory/*"
+          }
+       ]
+    }
+
+###### Access restriction by APIs
+
+The following endpoint policy grants permission for a specific IAM principal to create events in a specific AgentCore Memory resource. 
+    
+    
+    {
+       "Statement": [
+          {
+             "Effect": "Allow",
+             "Principal": {
+                "AWS": "arn:aws::iam::ACCOUNT_ID:root"
+             },
+             "Action": [
+                "bedrock-agentcore:CreateEvent"
+             ],
+             "Resource": "arn:aws::bedrock-agentcore:us-east-1:ACCOUNT_ID:memory/MEMORY_ID"
+          }
+       ]
+    }
+
@@ -196 +281 @@ The following is an example of a custom endpoint policy. When you attach this po
-                "*"
+                "bedrock:InvokeGateway"
@@ -202,0 +288,19 @@ The following is an example of a custom endpoint policy. When you attach this po
+Identity
+    
+
+The following endpoint policy allows access to Identity resources.
+    
+    
+    {
+       "Statement": [
+          {
+             "Effect": "Allow",
+             "Principal": "*",
+             "Action": [
+                "*"
+             ],
+             "Resource": "arn:aws:bedrock-agentcore:us-east-1:ACCOUNT_ID:workload-identity-directory/default/workload-identity/WORKLOAD_IDENTITY_ID"
+          }
+       ]
+    }
+
@@ -211 +315 @@ VPC and AWS PrivateLink
-Amazon Bedrock AgentCore Runtime and tools VPC configuration
+Configure AgentCore Runtime and built-in tools VPC configuration