AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-03-13 · Documentation low

File: bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md

Summary

Updated error response description for SigV4-configured agents from 'return 403 for missing authentication' to 'return HTTP 403 with an ACCESS_DENIED error' and changed section header from 'IAM Permissions for AgentCore Runtime' to 'AGUI protocol contract'.

Security assessment

This change provides more specific error details (ACCESS_DENIED error code) but doesn't address a security vulnerability. It's a documentation clarification about error responses. The header change appears to be a section reorganization, not security-related.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md b/bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md
index dab678bb1..6660ca002 100644
--- a//bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md
+++ b//bedrock-agentcore/latest/devguide/runtime-a2a-protocol-contract.md
@@ -252 +252 @@ OAuth-configured agents follow [RFC 6749 (OAuth 2.0)](https://datatracker.ietf.o
-SigV4-configured agents return 403 for missing authentication and do NOT include WWW-Authenticate headers.
+SigV4-configured agents return HTTP 403 with an `ACCESS_DENIED` error and do not include `WWW-Authenticate` headers.
@@ -262 +262 @@ MCP protocol contract
-IAM Permissions for AgentCore Runtime
+AGUI protocol contract