AWS bedrock-agentcore documentation change
Summary
Updated error response description for SigV4-configured agents from 'return 403 for missing authentication' to 'return HTTP 403 with an ACCESS_DENIED error'.
Security assessment
This change provides more specific error details (ACCESS_DENIED error code) but doesn't address a security vulnerability. It's a documentation clarification about error responses for authentication failures in MCP protocol.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md b/bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md index 0e3f2aa73..890d19fc2 100644 --- a//bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md +++ b//bedrock-agentcore/latest/devguide/runtime-mcp-protocol-contract.md @@ -96 +96 @@ Response includes WWW-Authenticate header: -SigV4-configured agents return 403 for missing authentication and do NOT include WWW-Authenticate headers. +SigV4-configured agents return HTTP 403 with an `ACCESS_DENIED` error and do not include `WWW-Authenticate` headers.