AWS bedrock-agentcore documentation change
Summary
Updated error response description for SigV4-configured agents from 'return 403 for missing authentication' to 'return HTTP 403 with an ACCESS_DENIED error' and changed section header from 'IAM Permissions for AgentCore Runtime' to 'AGUI protocol contract'.
Security assessment
This change provides more specific error details (ACCESS_DENIED error code) but doesn't address a security vulnerability. It's a documentation clarification about error responses. The header change appears to be a section reorganization, not security-related.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md b/bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md index dab678bb1..6660ca002 100644 --- a//bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md +++ b//bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md @@ -252 +252 @@ OAuth-configured agents follow [RFC 6749 (OAuth 2.0)](https://datatracker.ietf.o -SigV4-configured agents return 403 for missing authentication and do NOT include WWW-Authenticate headers. +SigV4-configured agents return HTTP 403 with an `ACCESS_DENIED` error and do not include `WWW-Authenticate` headers. @@ -262 +262 @@ MCP protocol contract -IAM Permissions for AgentCore Runtime +AGUI protocol contract