AWS Security ChangesHomeSearch

AWS bedrock-agentcore medium security documentation change

Service: bedrock-agentcore · 2025-11-07 · Security-related medium

File: bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md

Summary

Added guidance about security feature limitations in browser contexts

Security assessment

Documents security-critical implementation details for Web Bot Auth and Session Replay features, explaining how improper context handling could bypass security controls.

Diff

diff --git a/bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md b/bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md
index 10afecc5e..be0a7ace1 100644
--- a//bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md
+++ b//bedrock-agentcore/latest/devguide/built-in-tools-troubleshooting.md
@@ -153,0 +154,17 @@ In production environments, replace `allow_origins=["*"]` with specific domain o
+### Session Replay and Web Bot Auth don't work in new browser windows or contexts
+
+**Issue:** Session Replay and Web Bot Auth features are not available when your automation code creates new browser windows or contexts.
+
+**Cause:** These features rely on browser extensions that only work in the default browser context provided by Amazon Bedrock AgentCore. When you create a new context using methods like `browser.new_context()` in Playwright, the extensions are not available.
+
+**Solution:** Use the default browser context provided when you connect to the browser session. Avoid creating new contexts or windows if you need Session Replay or Web Bot Auth functionality.
+    
+    
+    # ✓ Use the existing default context
+    context = browser.contexts[0]
+    page = context.pages[0]
+    
+    # ✗ Don't create new contexts - Session Replay and Web Bot Auth won't work
+    # context = browser.new_context()
+    
+