AWS bedrock-agentcore documentation change
Summary
Updated terminology from 'AgentCore Policy' to 'Policy in AgentCore' throughout document. Clarified policy engine and analysis components.
Security assessment
Changes focus on rebranding/terminology rather than addressing security vulnerabilities. Content maintains security documentation about authorization controls using Cedar policies.
Diff
diff --git a/bedrock-agentcore/latest/devguide/policy-core-concepts.md b/bedrock-agentcore/latest/devguide/policy-core-concepts.md index ec997eadd..d77cd33e7 100644 --- a//bedrock-agentcore/latest/devguide/policy-core-concepts.md +++ b//bedrock-agentcore/latest/devguide/policy-core-concepts.md @@ -9 +9 @@ GatewayGateway TargetAmazon Bedrock AgentCore Gateway AuthorizerCedarCedar Polic -Before using Amazon Bedrock AgentCore Policy, it's important to understand the key concepts and components that work together to provide policy-based governance for your AI agents. +Before using Policy in Amazon Bedrock AgentCore, it's important to understand the key concepts and components that work together to provide policy-based governance for your AI agents. @@ -50 +50 @@ Since MCP only supports OAuth, each Gateway must have an attached OAuth authoriz -[Cedar](https://docs.cedarpolicy.com) is an open-source policy language developed by AWS for writing and enforcing authorization policies. Cedar policies are human-readable, analyzable, and can be validated against a schema. Amazon Bedrock AgentCore Policy uses Cedar to provide precise, verifiable access control for gateway tools. +[Cedar](https://docs.cedarpolicy.com) is an open-source policy language developed by AWS for writing and enforcing authorization policies. Cedar policies are human-readable, analyzable, and can be validated against a schema. Policy in AgentCore uses Cedar to provide precise, verifiable access control for gateway tools. @@ -58 +58 @@ A Cedar policy is a declarative statement that permits or forbids access to gate -The policy engine is the component of Amazon Bedrock AgentCore Policy that stores and evaluates Cedar policies. When you create policies, they apply to every gateway which is associated with the engine, as long as the policy scope matches the request. For every tool invocation, the policy engine evaluates all applicable policies against the request to determine whether to allow or deny access. The engine enforces default-deny and forbid-wins semantics automatically. +The policy engine is the core component of Policy in AgentCore that stores and evaluates Cedar policies. When you create policies, they apply to every gateway which is associated with the engine, as long as the policy scope matches the request. For every tool invocation, the policy engine evaluates all applicable policies against the request to determine whether to allow or deny access. The engine enforces default-deny and forbid-wins semantics automatically. @@ -70 +70 @@ Cedar validation checks that policies are syntactically correct and comply with -Cedar analysis uses automated reasoning to examine policies and detect potential issues. Amazon Bedrock AgentCore Policy uses automated reasoning to identify policies that always allow (no conditions restrict access) or always deny (forbid policies with no exceptions), helping ensure policies implement intended access control rather than being overly permissive or unnecessarily restrictive. +Cedar analysis uses automated reasoning to examine policies and detect potential issues. Policy in AgentCore uses automated reasoning to identify policies that always allow (no conditions restrict access) or always deny (forbid policies with no exceptions), helping ensure policies implement intended access control rather than being overly permissive or unnecessarily restrictive. @@ -82 +82 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Getting started with AgentCore Policy +Getting started with Policy in AgentCore @@ -84 +84 @@ Getting started with AgentCore Policy -AgentCore Gateway and AgentCore Policy IAM Permissions +AgentCore Gateway and Policy in AgentCore IAM Permissions