AWS bedrock-agentcore medium security documentation change
Summary
Added guidance about security feature limitations in browser contexts
Security assessment
Documents security-critical implementation details for Web Bot Auth and Session Replay features, explaining how improper context handling could bypass security controls.
Diff
diff --git a/bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md b/bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md index 10afecc5e..be0a7ace1 100644 --- a//bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md +++ b//bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md @@ -153,0 +154,17 @@ In production environments, replace `allow_origins=["*"]` with specific domain o +### Session Replay and Web Bot Auth don't work in new browser windows or contexts + +**Issue:** Session Replay and Web Bot Auth features are not available when your automation code creates new browser windows or contexts. + +**Cause:** These features rely on browser extensions that only work in the default browser context provided by Amazon Bedrock AgentCore. When you create a new context using methods like `browser.new_context()` in Playwright, the extensions are not available. + +**Solution:** Use the default browser context provided when you connect to the browser session. Avoid creating new contexts or windows if you need Session Replay or Web Bot Auth functionality. + + + # ✓ Use the existing default context + context = browser.contexts[0] + page = context.pages[0] + + # ✗ Don't create new contexts - Session Replay and Web Bot Auth won't work + # context = browser.new_context() + +