AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-03-25 · Documentation low

File: bedrock-agentcore/latest/devguide/policy-validation-overview.md

Summary

Added documentation about 'Ineffective policies' as a type of issue detected by Cedar policy analysis, where policies have no impact on requests.

Security assessment

This change adds documentation about policy validation features that can detect ineffective security policies. While this relates to security policy management, there's no evidence it addresses a specific security vulnerability. It appears to be enhancing documentation about existing security analysis capabilities.

Diff

diff --git a/bedrock-agentcore/latest/devguide/policy-validation-overview.md b/bedrock-agentcore/latest/devguide/policy-validation-overview.md
index f8cb580e5..d3871b81c 100644
--- a//bedrock-agentcore/latest/devguide/policy-validation-overview.md
+++ b//bedrock-agentcore/latest/devguide/policy-validation-overview.md
@@ -29,0 +30,2 @@ Cedar analysis uses automated reasoning to detect potential security and logic i
+  * **Ineffective policies** — If created, the policy has no impact: a Permit policy does not allow any requests, or a Forbid policy does not deny any requests. This applies at the policy level during generation, not at the policy engine level
+