AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-03-13 · Documentation low

File: bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md

Summary

Updated error response description for SigV4-configured agents from 'return 403 for missing authentication' to 'return HTTP 403 with an ACCESS_DENIED error'.

Security assessment

This change provides more specific error details (ACCESS_DENIED error code) but doesn't address a security vulnerability. It's a documentation clarification about error responses for authentication failures in MCP protocol.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md b/bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md
index 0e3f2aa73..890d19fc2 100644
--- a//bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md
+++ b//bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md
@@ -96 +96 @@ Response includes WWW-Authenticate header:
-SigV4-configured agents return 403 for missing authentication and do NOT include WWW-Authenticate headers.
+SigV4-configured agents return HTTP 403 with an `ACCESS_DENIED` error and do not include `WWW-Authenticate` headers.