AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-01-16 · Documentation low

File: bedrock-agentcore/latest/devguide/runtime-mcp.md

Summary

Added detailed instructions for URL-encoding agent ARNs and constructing endpoint URLs for MCP Inspector testing

Security assessment

Improves testing documentation without security implications. The Bearer token authentication mention is standard and not a new security feature.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-mcp.md b/bedrock-agentcore/latest/devguide/runtime-mcp.md
index 67a6b6aeb..67e62f50b 100644
--- a//bedrock-agentcore/latest/devguide/runtime-mcp.md
+++ b//bedrock-agentcore/latest/devguide/runtime-mcp.md
@@ -1024 +1024 @@ To use the Inspector:
-You can also test your deployed server using the MCP Inspector:
+You can also test your deployed server using the MCP Inspector. First, URL-encode your agent ARN:
@@ -1026 +1026,14 @@ You can also test your deployed server using the MCP Inspector:
-  1. Open the MCP Inspector: `npx @modelcontextprotocol/inspector`
+    
+    export AGENT_ARN="arn:aws:bedrock-agentcore:us-west-2:123456789012:runtime/my_mcp_server-xyz123"
+    echo -n $AGENT_ARN | jq -sRr '@uri'
+
+This outputs the URL-encoded ARN:
+    
+    
+    arn%3Aaws%3Abedrock-agentcore%3Aus-west-2%3A123456789012%3Aruntime%2Fmy_mcp_server-xyz123
+
+Then connect with the MCP Inspector:
+
+  1. Start the MCP Inspector:
+    
+        npx @modelcontextprotocol/inspector
@@ -1032 +1045,5 @@ You can also test your deployed server using the MCP Inspector:
-     * Enter your agent's endpoint URL, which will look like: `https://bedrock-agentcore.us-west-2.amazonaws.com/runtimes/arn%3Aaws%3Abedrock-agentcore%3Aus-west-2%3A`accountId`%3Aruntime%2F`runtimeName`/invocations?qualifier=DEFAULT`
+     * Enter your agent's endpoint URL using the encoded ARN. Make sure to use the same region as your agent's ARN:
+        
+                https://bedrock-agentcore.REGION.amazonaws.com/runtimes/ENCODED_ARN/invocations?qualifier=DEFAULT
+
+Example for us-west-2:
@@ -1034 +1051 @@ You can also test your deployed server using the MCP Inspector:
-     * Make sure to URL-encode your agent runtime ARN when constructing the endpoint URL. The colon (:) characters become %3A and forward slashes (/) become %2F in the encoded URL.
+                https://bedrock-agentcore.us-west-2.amazonaws.com/runtimes/arn%3Aaws%3Abedrock-agentcore%3Aus-west-2%3A123456789012%3Aruntime%2Fmy_mcp_server-xyz123/invocations?qualifier=DEFAULT
@@ -1036 +1053 @@ You can also test your deployed server using the MCP Inspector:
-     * Add your Bearer token under authentication
+     * Add your Bearer token in the Authentication section with header name `Authorization` and value `Bearer `YOUR_TOKEN``