AWS bedrock-agentcore documentation change
Summary
Updated CLI commands and examples for creating AgentCore gateways, changing from 'bedrock-agentcore-starter-toolkit' to 'agentcore' commands. Added detailed examples for gateways without authorization and with JWT authorization, removed custom IAM role example, and added comprehensive interactive TUI instructions with screenshots.
Security assessment
The change documents different authorization types (NONE, CUSTOM_JWT, IAM) for gateways, which is a security feature. However, there is no evidence this addresses a specific security vulnerability or incident; it appears to be routine documentation updates for new CLI commands and improved user guidance.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-create-cli.md b/bedrock-agentcore/latest/devguide/gateway-create-cli.md index 6fe5b02f7..50baa498f 100644 --- a//bedrock-agentcore/latest/devguide/gateway-create-cli.md +++ b//bedrock-agentcore/latest/devguide/gateway-create-cli.md @@ -7 +7 @@ -You can use the Amazon Bedrock AgentCore starter toolkit CLI to create gateways with simplified commands. The CLI handles common configurations automatically, including IAM role creation and OAuth setup. +You can use the AgentCore CLI to create gateways with simplified commands. The CLI handles common configurations automatically, including IAM role creation and authorization setup. @@ -9 +9 @@ You can use the Amazon Bedrock AgentCore starter toolkit CLI to create gateways -Basic gateway +AgentCore CLI @@ -11,0 +12 @@ Basic gateway +Create a gateway without authorization: @@ -13 +14,2 @@ Basic gateway - bedrock-agentcore-starter-toolkit gateway create-mcp-gateway \ + + agentcore add gateway \ @@ -15 +17,5 @@ Basic gateway - --region us-east-1 + --authorizer-type NONE \ + --runtimes MyAgent + agentcore deploy + +Create a gateway with JWT authorization: @@ -17 +22,0 @@ Basic gateway -With semantic search @@ -18,0 +24,6 @@ With semantic search + agentcore add gateway \ + --name MyGateway \ + --authorizer-type CUSTOM_JWT \ + --discovery-url https://your-idp.example.com/.well-known/openid-configuration \ + --allowed-audience your-audience + agentcore deploy @@ -19,0 +31 @@ With semantic search +Semantic search is enabled by default. To disable it, pass the `--no-semantic-search` flag: @@ -21 +33,2 @@ With semantic search - bedrock-agentcore-starter-toolkit gateway create-mcp-gateway \ + + agentcore add gateway \ @@ -23,2 +36,4 @@ With semantic search - --region us-east-1 \ - --enable_semantic_search + --authorizer-type NONE \ + --runtimes MyAgent \ + --no-semantic-search + agentcore deploy @@ -26 +41,24 @@ With semantic search -With custom IAM role +Interactive + + +You can also use the AgentCore CLI interactive terminal UI. Run `agentcore` to open the TUI, then select **add** and choose **Gateway** : + + 1. In the **Add Resource** menu, select **Gateway** and press **Enter**. + + + + 2. Enter a name for your gateway and press **Enter**. + + + + 3. Select the authorizer type for your gateway. Choose **None** , **Custom JWT** , or **IAM** , then press **Enter**. + + + + 4. (Optional) Configure advanced settings such as semantic search and debug exception level. Use **Space** to toggle options, then press **Enter** to continue. + + + + 5. Review the gateway configuration summary and press **Enter** to confirm. + + @@ -30,4 +67,0 @@ With custom IAM role - bedrock-agentcore-starter-toolkit gateway create-mcp-gateway \ - --name MyGateway \ - --region us-east-1 \ - --role-arn arn:aws:iam::123456789012:role/MyGatewayRole @@ -35 +69 @@ With custom IAM role -After creating the gateway, you can add targets using the `create-mcp-gateway-target` command. For more information about CLI commands, see the [Get started with AgentCore Gateway](./gateway-quick-start.html). +After creating the gateway, you can add targets using the `agentcore add gateway-target` command. For more information about CLI commands, see the [Get started with AgentCore Gateway](./gateway-quick-start.html).