AWS bedrock-agentcore medium security documentation change
Summary
Removed date/time limitation, added section about IAM principal authorization constraints and guidance
Security assessment
Documents a security-relevant limitation where Cedar policies cannot enforce IAM principal constraints, requiring use of IAM policies first. This clarifies potential misconfigurations that could lead to overprivileged access if not properly understood.
Diff
diff --git a/bedrock-agentcore/latest/devguide/policy-limitations-section.md b/bedrock-agentcore/latest/devguide/policy-limitations-section.md index 67c165392..98c7b1cf6 100644 --- a//bedrock-agentcore/latest/devguide/policy-limitations-section.md +++ b//bedrock-agentcore/latest/devguide/policy-limitations-section.md @@ -5 +5 @@ -Cedar language limitationsCurrent implementation limitations +Cedar language limitationsCurrent implementation limitationsFine-grained authorization on IAM principals @@ -26,2 +25,0 @@ The following limitations are specific to the current Amazon Bedrock AgentCore G - * **No date/time support** \- Date and time comparisons are not currently supported in policies - @@ -42,0 +41,17 @@ These implementation limitations may be addressed in future releases. +## Fine-grained authorization on IAM principals + +When using an IAM-authenticated Gateway, fine-grained authorization on IAM principals is not currently supported in Cedar policies. + +For Gateways configured with IAM authentication: + + * The `principal` in Cedar policies must remain unconstrained (wildcard). + + * You cannot use `==`, `in`, or `is` constraints to restrict specific IAM principals within Cedar. + + * Policies such as `permit(principal, action, resource);` express a wildcard principal by leaving the `principal` variable unconstrained. + + + + +To implement fine-grained authorization on the calling IAM principal, use IAM policies. IAM policies are evaluated before Cedar policies during request processing. After IAM authorization succeeds, Cedar policies can be used to enforce fine-grained constraints on actions, resources, tool inputs, and contextual attributes. +