AWS bedrock-agentcore documentation change
Summary
Updated error response description for SigV4-configured agents from 'return 403 for missing authentication' to 'return HTTP 403 with an ACCESS_DENIED error'.
Security assessment
This change provides more specific error details (ACCESS_DENIED error code) but doesn't address a security vulnerability. It's a documentation clarification about error responses for authentication failures.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-http-protocol-contract.md b/bedrock-agentcore/latest/devguide/runtime-http-protocol-contract.md index 39b4e222c..29ae71dae 100644 --- a//bedrock-agentcore/latest/devguide/runtime-http-protocol-contract.md +++ b//bedrock-agentcore/latest/devguide/runtime-http-protocol-contract.md @@ -369 +369 @@ Includes WWW-Authenticate header: -SigV4-configured agents return 403 for missing authentication and do NOT include WWW-Authenticate headers. +SigV4-configured agents return HTTP 403 with an `ACCESS_DENIED` error and do not include `WWW-Authenticate` headers.