AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-01-10 · Documentation low

File: bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md

Summary

Added documentation about WebSocket session lifecycle management, explaining how idle timeout is reset by message activity including ping/pong frames.

Security assessment

The change clarifies session timeout behavior but doesn't address any specific vulnerability or security weakness. It's a functional documentation update about session management.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md b/bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md
index dd28030a0..ea3baf2f7 100644
--- a//bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md
+++ b//bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md
@@ -570,0 +571,6 @@ By using the same session ID for related WebSocket connections, you ensure that
+### Session lifecycle with WebSocket connections
+
+For WebSocket connections, the session's idle timeout is reset each time there is message activity between the client and agent. This includes any WebSocket message exchange such as sending data from client to agent, receiving responses from agent to client, or WebSocket ping/pong frames. This means that active WebSocket conversations will keep the session alive as long as messages continue to flow, preventing premature session termination during ongoing interactions.
+
+For more information about configuring lifecycle settings, see [Configure Amazon Bedrock AgentCore lifecycle settings](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-lifecycle-settings.html). For more direct control of session lifecycle through agent health status, see [Runtime session lifecycle management](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-long-run.html#runtime-long-run-session-lifecycle).
+