AWS bedrock-agentcore documentation change
Summary
Updated documentation formatting, example structures, and placeholder text in browser proxy configuration examples. Removed angle brackets from placeholders in IAM policies, CLI commands, SDK code, and API examples. Also removed '&' from allowed password characters list.
Security assessment
The changes are primarily documentation formatting improvements and example restructuring. The removal of the '&' character from allowed password characters could be a correction to the allowed character set, but there's no evidence this addresses a security vulnerability. The IAM policy example changes remove angle brackets but don't introduce new security controls or address known vulnerabilities. These are routine documentation updates for clarity and consistency.
Diff
diff --git a/bedrock-agentcore/latest/devguide/browser-proxies.md b/bedrock-agentcore/latest/devguide/browser-proxies.md index 4df78f77d..d575347fb 100644 --- a//bedrock-agentcore/latest/devguide/browser-proxies.md +++ b//bedrock-agentcore/latest/devguide/browser-proxies.md @@ -75 +75 @@ Credential format requirements: -Proxy credential format requirements Field | Allowed characters +Field | Allowed characters @@ -78 +78 @@ Proxy credential format requirements Field | Allowed characters -`password` | Alphanumeric plus `@ . _ + = - ! # $ % & *` +`password` | Alphanumeric plus @ . _ + = - ! # $ % * @@ -93 +93 @@ Add this policy to the IAM identity that will create browser sessions: - "Resource": "arn:aws:secretsmanager:<AWS Region>:<AWS account>:secret:<secret-name>*" + "Resource": "arn:aws:secretsmanager:AWS Region:AWS account:secret:secret-name*" @@ -102 +102 @@ You can create a browser session with proxy configuration using the AWS CLI, SDK -AWS CLI +###### Example @@ -103,0 +104 @@ AWS CLI +AWS CLI @@ -105 +105,0 @@ AWS CLI -To start a browser session with a proxy using the AWS CLI: @@ -106,0 +107 @@ To start a browser session with a proxy using the AWS CLI: + 1. To start a browser session with a proxy using the AWS CLI: @@ -114 +115 @@ To start a browser session with a proxy using the AWS CLI: - "server": "<your-proxy-hostname>", + "server": "your-proxy-hostname", @@ -118 +119 @@ To start a browser session with a proxy using the AWS CLI: - "secretArn": "arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>" + "secretArn": "arn:aws:secretsmanager:region:account-id:secret:secret-name" @@ -134 +134 @@ For proxies using IP allowlisting instead of credentials, omit the `credentials` - "server": "<your-proxy-hostname>", + "server": "your-proxy-hostname", @@ -140 +139,0 @@ For proxies using IP allowlisting instead of credentials, omit the `credentials` -Boto3 @@ -143 +142,2 @@ Boto3 -To start a browser session with a proxy using the AWS SDK for Python (Boto3): + +Boto3 @@ -145,0 +146,2 @@ To start a browser session with a proxy using the AWS SDK for Python (Boto3): + 1. To start a browser session with a proxy using the AWS SDK for Python (Boto3): + @@ -148 +150 @@ To start a browser session with a proxy using the AWS SDK for Python (Boto3): - client = boto3.client('bedrock-agentcore', region_name='<region>') + client = boto3.client('bedrock-agentcore', region_name='region') @@ -156 +158 @@ To start a browser session with a proxy using the AWS SDK for Python (Boto3): - "server": "<your-proxy-hostname>", + "server": "your-proxy-hostname", @@ -160 +162 @@ To start a browser session with a proxy using the AWS SDK for Python (Boto3): - "secretArn": "arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>" + "secretArn": "arn:aws:secretsmanager:region:account-id:secret:secret-name" @@ -175 +176 @@ For proxies using IP allowlisting instead of credentials, omit the `credentials` - "server": "<your-proxy-hostname>", + "server": "your-proxy-hostname", @@ -181 +181,0 @@ For proxies using IP allowlisting instead of credentials, omit the `credentials` -API @@ -184 +183,0 @@ API -To start a browser session with a proxy using the API: @@ -185,0 +185,4 @@ To start a browser session with a proxy using the API: +API + + + 1. To start a browser session with a proxy using the API: @@ -188 +191 @@ To start a browser session with a proxy using the API: - Host: bedrock-agentcore.<region>.amazonaws.com + Host: bedrock-agentcore.region.amazonaws.com @@ -197 +200 @@ To start a browser session with a proxy using the API: - "server": "<your-proxy-hostname>", + "server": "your-proxy-hostname", @@ -201 +204 @@ To start a browser session with a proxy using the API: - "secretArn": "arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>" + "secretArn": "arn:aws:secretsmanager:region:account-id:secret:secret-name" @@ -215 +221 @@ Use `domainPatterns` to route specific domains through designated proxies: -AWS CLI +###### Example @@ -216,0 +223 @@ AWS CLI +AWS CLI @@ -219 +226 @@ AWS CLI - aws bedrock-agentcore start-browser-session \ + 1. aws bedrock-agentcore start-browser-session \ @@ -240 +246,0 @@ AWS CLI -Boto3 @@ -244 +250,4 @@ Boto3 - proxyConfiguration={ +Boto3 + + + 1. proxyConfiguration={ @@ -262 +270,0 @@ Boto3 -API @@ -266 +274,4 @@ API - { +API + + + 1. { @@ -288 +302 @@ With this configuration: - * Requests to `*.company.com` and `*.internal.corp` route through `corp-proxy.example.com` + * Requests to *.company.com and *.internal.corp route through `corp-proxy.example.com` @@ -297 +311 @@ Domain pattern format: -Domain pattern matching rules Pattern | Matches | Does not match +Pattern | Matches | Does not match @@ -302 +316 @@ Domain pattern matching rules Pattern | Matches | Does not match -Use `.example.com` (leading dot) for subdomains. Do not use `*.example.com`. +Use `.example.com` (leading dot) for subdomains. Do not use *.example.com. @@ -308 +322 @@ Use `bypass.domainPatterns` for domains that should connect directly without any -AWS CLI +###### Example @@ -309,0 +324 @@ AWS CLI +AWS CLI @@ -312 +327 @@ AWS CLI - aws bedrock-agentcore start-browser-session \ + 1. aws bedrock-agentcore start-browser-session \ @@ -327 +341,0 @@ AWS CLI -Boto3 @@ -331 +345,4 @@ Boto3 - proxyConfiguration={ +Boto3 + + + 1. proxyConfiguration={ @@ -343 +359,0 @@ Boto3 -API @@ -347 +363,4 @@ API - { +API + + + 1. { @@ -371 +393 @@ Traffic routes according to this precedence (highest to lowest): - 2. **Proxy domain patterns** – Domains matching a proxy's `domainPatterns` route through that proxy (first match wins based on array order). + 2. **Proxy domain patterns** – Domains matching a proxy’s `domainPatterns` route through that proxy (first match wins based on array order). @@ -382 +404 @@ The following examples show a full proxy configuration with domain patterns, byp -AWS CLI +###### Example @@ -383,0 +406 @@ AWS CLI +AWS CLI @@ -386 +409 @@ AWS CLI - aws bedrock-agentcore start-browser-session \ + 1. aws bedrock-agentcore start-browser-session \ @@ -392 +415 @@ AWS CLI - "server": "<proxy-hostname>", + "server": "proxy-hostname", @@ -397 +420 @@ AWS CLI - "secretArn": "arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>" + "secretArn": "arn:aws:secretsmanager:region:account-id:secret:secret-name" @@ -407 +429,0 @@ AWS CLI -Boto3 @@ -411 +433,2 @@ Boto3 - import boto3 +Boto3 + @@ -413 +436,3 @@ Boto3 - client = boto3.client('bedrock-agentcore', region_name='<region>') + 1. import boto3 + + client = boto3.client('bedrock-agentcore', region_name='region') @@ -421 +446 @@ Boto3 - "server": "<proxy-hostname>", + "server": "proxy-hostname", @@ -426 +451 @@ Boto3 - "secretArn": "arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>" + "secretArn": "arn:aws:secretsmanager:region:account-id:secret:secret-name" @@ -438 +462,0 @@ Boto3 -API @@ -442,2 +466,5 @@ API - PUT /browsers/aws.browser.v1/sessions/start HTTP/1.1 - Host: bedrock-agentcore.<region>.amazonaws.com +API + + + 1. PUT /browsers/aws.browser.v1/sessions/start HTTP/1.1 + Host: bedrock-agentcore.region.amazonaws.com @@ -452 +479 @@ API - "server": "<proxy-hostname>", + "server": "proxy-hostname", @@ -457 +484 @@ API - "secretArn": "arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>" + "secretArn": "arn:aws:secretsmanager:region:account-id:secret:secret-name" @@ -521 +551 @@ If the credentials secret is in a different AWS account, configure the following - "Principal": {"AWS": "arn:aws:iam::<caller-account-id>:root"}, + "Principal": {"AWS": "arn:aws:iam::caller-account-id:root"}, @@ -532 +562 @@ If the credentials secret is in a different AWS account, configure the following - "Principal": {"AWS": "arn:aws:iam::<caller-account-id>:root"}, + "Principal": {"AWS": "arn:aws:iam::caller-account-id:root"}, @@ -572 +602 @@ If the credentials secret is in a different AWS account, configure the following -Browser proxy constraints Constraint | Limit | Adjustable +Constraint | Limit | Adjustable @@ -587 +617 @@ Before configuring browser proxies, review these limitations to ensure the featu -Browser proxy limitations Limitation | Details +Limitation | Details