AWS bedrock-agentcore documentation change
Summary
Clarified trust policy requirements and added console steps for AgentCore Runtime execution role configuration.
Security assessment
Changes provide procedural clarifications for IAM role setup but do not introduce new security features or address vulnerabilities.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-permissions.md b/bedrock-agentcore/latest/devguide/runtime-permissions.md index bc82041f4..d23c8dc16 100644 --- a//bedrock-agentcore/latest/devguide/runtime-permissions.md +++ b//bedrock-agentcore/latest/devguide/runtime-permissions.md @@ -281 +281 @@ JSON -The trust relationship for the AgentCore Runtime execution role should allow AgentCore Runtime to assume the role: +The AgentCore Runtime execution role must include the following trust policy which allows the AgentCore Runtime to assume the role. @@ -283 +283 @@ The trust relationship for the AgentCore Runtime execution role should allow Age -Replace the following: +In the policy, replace: @@ -291,0 +292,2 @@ Replace the following: +To add the trust policy to the AgentCore Runtime execution role, go to the AWS Management Console, navigate to the role, choose the **Trust relationships** tab, and choose **Edit trust policy**. +