AWS bedrock-agentcore documentation change
Summary
Added documentation about 'Ineffective policies' as a type of issue detected by Cedar policy analysis, where policies have no impact on requests.
Security assessment
This change adds documentation about policy validation features that can detect ineffective security policies. While this relates to security policy management, there's no evidence it addresses a specific security vulnerability. It appears to be enhancing documentation about existing security analysis capabilities.
Diff
diff --git a/bedrock-agentcore/latest/devguide/policy-validation-overview.md b/bedrock-agentcore/latest/devguide/policy-validation-overview.md index f8cb580e5..d3871b81c 100644 --- a//bedrock-agentcore/latest/devguide/policy-validation-overview.md +++ b//bedrock-agentcore/latest/devguide/policy-validation-overview.md @@ -29,0 +30,2 @@ Cedar analysis uses automated reasoning to detect potential security and logic i + * **Ineffective policies** — If created, the policy has no impact: a Permit policy does not allow any requests, or a Forbid policy does not deny any requests. This applies at the policy level during generation, not at the policy engine level +