AWS bedrock-agentcore documentation change
Summary
Updated documentation to reference AgentCore CLI instead of starter toolkit, added clarification about when authentication is automatic vs. programmatic, and updated authorization details.
Security assessment
The change clarifies authentication methods but doesn't address security vulnerabilities. It adds a note about automatic authentication handling by the CLI, which is a usability improvement rather than a security fix.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-using-auth-ex-starter.md b/bedrock-agentcore/latest/devguide/gateway-using-auth-ex-starter.md index e7829eb2c..09b6f6175 100644 --- a//bedrock-agentcore/latest/devguide/gateway-using-auth-ex-starter.md +++ b//bedrock-agentcore/latest/devguide/gateway-using-auth-ex-starter.md @@ -5 +5 @@ -# Example: Authorization for the default gateway and target created by the AgentCore starter toolkit +# Example: Authorization for the default gateway and target created by the AgentCore CLI @@ -7 +7,7 @@ -If you used the AgentCore starter toolkit to create a gateway and a Lambda target, you'll authorize with the following: +If you used the AgentCore CLI to create a gateway and a Lambda target, the CLI configures JWT-based inbound authorization and IAM-based outbound authorization for you automatically. + +###### Note + +If you invoke your gateway using `agentcore invoke`, the CLI handles authentication automatically. The steps below are only needed if you want to invoke the gateway programmatically (for example, using the AWS SDK or `curl`). + +For programmatic access, you'll authorize with the following: @@ -11 +17 @@ If you used the AgentCore starter toolkit to create a gateway and a Lambda targe - * **Outbound authorization using IAM** – The AgentCore starter toolkit configures the following permissions for you, so you don't need any additional setup: + * **Outbound authorization using IAM** – The AgentCore CLI configures the following permissions for you, so you don't need any additional setup: @@ -20 +26 @@ If you used the AgentCore starter toolkit to create a gateway and a Lambda targe -You can obtain the access token created for your gateway by the AgentCore starter toolkit with the help of Amazon Cognito by collecting the following information: +You can obtain the access token created for your gateway by the AgentCore CLI with the help of Amazon Cognito by collecting the following information: