AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-03-19 · Documentation low

File: bedrock-agentcore/latest/devguide/browser-proxies.md

Summary

Removed the entire 'Troubleshooting browser proxies' section and updated a link from browser-onboarding.html to browser-quickstart.html.

Security assessment

The change removes troubleshooting content about proxy configuration errors and credential validation, which are operational debugging steps. While the removed section mentioned security-related errors (like invalid credentials or missing permissions), this appears to be routine documentation cleanup or reorganization rather than addressing a specific security vulnerability. No new security documentation was added.

Diff

diff --git a/bedrock-agentcore/latest/devguide/browser-proxies.md b/bedrock-agentcore/latest/devguide/browser-proxies.md
index 41e721d3e..f7753f444 100644
--- a//bedrock-agentcore/latest/devguide/browser-proxies.md
+++ b//bedrock-agentcore/latest/devguide/browser-proxies.md
@@ -5 +5 @@
-OverviewPrerequisitesGetting startedConfiguration optionsComplete examplesUse casesSession behaviorCross-account secret accessSecurity considerationsPerformance considerationsConstraintsLimitationsTroubleshooting browser proxies
+OverviewPrerequisitesGetting startedConfiguration optionsComplete examplesUse casesSession behaviorCross-account secret accessSecurity considerationsPerformance considerationsConstraintsLimitations
@@ -49 +49 @@ Before configuring browser proxies, ensure you have:
-  * **General browser prerequisites** – Complete the standard browser tool setup. See [Get started with AgentCore Browser](./browser-onboarding.html).
+  * **General browser prerequisites** – Complete the standard browser tool setup. See [Get started with AgentCore Browser](./browser-quickstart.html).
@@ -596,48 +595,0 @@ Connection validation | Proxy connectivity is not validated at session creation.
-## Troubleshooting browser proxies
-
-### Errors when starting a session with proxy
-
-**Symptom:** `StartBrowserSession` returns an HTTP 400 error with a message beginning with `Failed to set up browser proxy:`.
-
-**Cause:** The proxy configuration or credentials secret is invalid.
-
-**Solution:**
-
-  * `Proxy credentials secret not found in Secrets Manager` – The secret ARN does not match any secret in the target account and Region. Verify the ARN is correct and that the secret has not been deleted or scheduled for deletion.
-
-  * `Invalid proxy credentials secret configuration (check encryption key for cross-account access)` – The secret exists but cannot be accessed. Ensure the calling identity has `secretsmanager:GetSecretValue` permission. For cross-account secrets, see Cross-account secret access.
-
-  * `Proxy credentials secret must be a JSON object with username and password fields` – Update the secret value to a valid JSON object: `{"username": "...", "password": "..."}`.
-
-  * `Failed to parse proxy credentials from secret` – The secret value could not be read as proxy credentials. Verify the secret contains a plain JSON string (not binary) with `username` and `password` fields.
-
-  * `Field 'username' is missing or empty in secret` or `Field 'password' is missing or empty in secret` – Ensure both `username` and `password` are present and non-empty in the secret.
-
-  * `Field 'username' contains invalid characters` or `Field 'password' contains invalid characters` – Use only the characters listed in the error message. See Step 1: Create a credentials secret (if using authentication) for allowed characters.
-
-  * `Field 'username' exceeds maximum length of 256 characters` or `Field 'password' exceeds maximum length of 256 characters` – Shorten the credential to 256 characters or fewer.
-
-
-
-
-### Proxy connection errors in browser
-
-**Symptom:** A browser session starts successfully, but page navigation fails for proxied domains with HTTP 502 errors or `net::ERR_INVALID_AUTH_CREDENTIALS`.
-
-**Cause:** The browser cannot connect to the proxy server, or the proxy server rejects the provided credentials. These are Chromium network errors, not AWS API errors.
-
-**Solution:**
-
-  * **HTTP 502 on proxied pages** – Verify the proxy hostname, port, and that the server is running and reachable from the public internet (or from your VPC if using VPC configuration).
-
-  * `net::ERR_INVALID_AUTH_CREDENTIALS` – Update the secret in Secrets Manager with valid credentials for the proxy server.
-
-  * Use `GetBrowserSession` to confirm the active proxy settings. Credentials are never returned in the response.
-
-
-
-
-###### Note
-
-These errors are visible in Live View and through the automation API.
-
@@ -652 +604 @@ Browser Profiles
-Troubleshoot built-in tools
+Troubleshoot AgentCore Browser