AWS bedrock-agentcore documentation change
Summary
Added guidance to use InvokeAgentRuntimeCommand for shell operations and updated section headings
Security assessment
Introduces security best practice documentation by recommending separation between LLM routing and direct command execution, though not addressing a specific vulnerability
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-invoke-agent.md b/bedrock-agentcore/latest/devguide/runtime-invoke-agent.md index ffd2fa42d..57f77194d 100644 --- a//bedrock-agentcore/latest/devguide/runtime-invoke-agent.md +++ b//bedrock-agentcore/latest/devguide/runtime-invoke-agent.md @@ -14,0 +15,2 @@ The `InvokeAgentRuntime` operation accepts your request payload as binary data u +To execute shell commands (such as running tests, git operations, or environment setup) in the same session, use the [Execute shell commands in AgentCore Runtime sessions](./runtime-execute-command.html) operation. Both operations work on the same agent runtime and session. + @@ -147,0 +150,2 @@ Follow these best practices when using the `InvokeAgentRuntime` operation: + * Use `InvokeAgentRuntimeCommand` for deterministic operations (tests, git, builds) instead of routing them through the agent's LLM. See [Execute shell commands in AgentCore Runtime sessions](./runtime-execute-command.html). + @@ -159 +163 @@ AgentCore Runtime versioning and endpoints -Observe agents +Execute shell commands