AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-02-22 · Documentation low

File: bedrock-agentcore/latest/devguide/use-gateway-with-policy.md

Summary

Added explanation of tool listing authorization behavior

Security assessment

Clarifies security behavior of tool listing (meta-action vs actual invocation) but doesn't fix a vulnerability. Improves documentation of security controls.

Diff

diff --git a/bedrock-agentcore/latest/devguide/use-gateway-with-policy.md b/bedrock-agentcore/latest/devguide/use-gateway-with-policy.md
index 821c7bef5..2a5203034 100644
--- a//bedrock-agentcore/latest/devguide/use-gateway-with-policy.md
+++ b//bedrock-agentcore/latest/devguide/use-gateway-with-policy.md
@@ -24 +24,5 @@ Follow the gateway authorization and authentication guide to obtain the credenti
-List available tools in your gateway. Depending on your policies, only authorized tools will be returned in the response.
+Tool listing is treated as a **meta action**. When a principal lists available tools, the policy engine does not evaluate the full context of a specific tool invocation (for example, input parameters).
+
+A principal is only allowed to see tools in the listing that they would be permitted to call by policy. Because the full context of a tool call is not available during listing, this means a principal is allowed to list a tool **if there exists any set of circumstances under which a call to that tool would be permitted**.
+
+As a result, a tool appearing in the list does not guarantee that a subsequent call to that tool will be authorized. The authorization decision for an actual tool invocation is evaluated separately using the full request context, including input parameters.