AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-02-22 · Documentation low

File: bedrock-agentcore/latest/devguide/policy-understanding-cedar.md

Summary

Added new 'Policy evaluation algorithm' section explaining authorization evaluation logic

Security assessment

Documents authorization evaluation logic (default deny, forbid/permit interactions) but doesn't address a specific vulnerability. Enhances understanding of security controls.

Diff

diff --git a/bedrock-agentcore/latest/devguide/policy-understanding-cedar.md b/bedrock-agentcore/latest/devguide/policy-understanding-cedar.md
index 2b7b76483..758d678f5 100644
--- a//bedrock-agentcore/latest/devguide/policy-understanding-cedar.md
+++ b//bedrock-agentcore/latest/devguide/policy-understanding-cedar.md
@@ -5 +5 @@
-Example policyPolicy structurePolicy effectsDefault denyAuthorization evaluationPolicy independence
+Example policyPolicy structurePolicy effectsDefault denyAuthorization evaluationPolicy independencePolicy evaluation algorithm
@@ -24,0 +25,2 @@ AgentCore Policy uses Cedar policies to control access to AgentCore Gateway tool
+  * Policy evaluation algorithm
+
@@ -111,0 +114,17 @@ Policies do not reference or depend on other policies.
+## Policy evaluation algorithm
+
+When a request is evaluated, the policy engine determines the authorization decision using the following algorithm:
+
+  1. If any `forbid` policy matches the request, the decision is DENY.
+
+  2. If no `forbid` policy matches the request and at least one `permit` policy matches, the decision is ALLOW.
+
+  3. If neither `forbid` nor `permit` policies match the request, the decision is DENY.
+
+
+
+
+This evaluation model enforces a **default deny** posture.
+
+A `forbid` policy can never result in an ALLOW decision. The `unless` clause on a `forbid` policy specifies conditions under which that `forbid` policy does not apply; it does **not** grant permission and does not override a matching `permit` policy.
+