AWS bedrock-agentcore documentation change
Summary
Added new troubleshooting section for InvokeBrowser OS actions, updated formatting (quotes, table structure), and fixed minor text inconsistencies.
Security assessment
The changes are primarily documentation improvements and addition of a new troubleshooting section for InvokeBrowser API errors. The only security-related content is a pre-existing note about CORS security best practices (replacing wildcard origins), which was already present and only had formatting changed. No evidence of addressing a specific security vulnerability or incident.
Diff
diff --git a/bedrock-agentcore/latest/devguide/browser-tool-troubleshooting.md b/bedrock-agentcore/latest/devguide/browser-tool-troubleshooting.md index 58cc67768..b5f590f55 100644 --- a//bedrock-agentcore/latest/devguide/browser-tool-troubleshooting.md +++ b//bedrock-agentcore/latest/devguide/browser-tool-troubleshooting.md @@ -5 +5 @@ -Permission denied errorsModel access deniedBrowser session timeoutRecording not appearing in Amazon S3Playwright connection errorsAgent cannot make progress due to CAPTCHA checksCORS errors when integrating with browser applicationsSession Replay and Web Bot Auth don't work in new browser windows or contextsBrowser extensions issuesBrowser profile issuesTroubleshooting Root Certificate Authority issuesTroubleshooting browser proxies +Permission denied errorsModel access deniedBrowser session timeoutRecording not appearing in Amazon S3Playwright connection errorsAgent cannot make progress due to CAPTCHA checksCORS errors when integrating with browser applicationsSession Replay and Web Bot Auth don’t work in new browser windows or contextsBrowser extensions issuesBrowser profile issuesTroubleshooting Root Certificate Authority issuesTroubleshooting browser proxiesTroubleshooting InvokeBrowser OS actions @@ -40 +40 @@ This section provides solutions to common issues you might encounter when using - * Verify you're in the correct region (match the region in your code) + * Verify you’re in the correct region (match the region in your code) @@ -150 +149 @@ This section provides solutions to common issues you might encounter when using -In production environments, replace `allow_origins=["*"]` with specific domain origins for better security. +In production environments, replace allow_origins=["*"] with specific domain origins for better security. @@ -152 +151 @@ In production environments, replace `allow_origins=["*"]` with specific domain o -## Session Replay and Web Bot Auth don't work in new browser windows or contexts +## Session Replay and Web Bot Auth don’t work in new browser windows or contexts @@ -262 +260 @@ The following table describes common errors and their resolutions when configuri -Certificate configuration errors Error | Cause | Resolution +Error | Cause | Resolution @@ -267,2 +265,2 @@ Certificate content is not valid PEM/X.509 format | The secret value is not a va -Certificate has expired | The certificate's `notAfter` date is in the past. | Replace the expired certificate with a valid one in AWS Secrets Manager and retry. -Certificate is not yet valid | The certificate's `notBefore` date is in the future. | Wait until the certificate's validity period begins, or use a certificate that is currently valid. +Certificate has expired | The certificate’s `notAfter` date is in the past. | Replace the expired certificate with a valid one in AWS Secrets Manager and retry. +Certificate is not yet valid | The certificate’s `notBefore` date is in the future. | Wait until the certificate’s validity period begins, or use a certificate that is currently valid. @@ -287 +285 @@ Certificates configuration is not enabled | The certificates feature is not enab - * `Proxy credentials secret must be a JSON object with username and password fields` – Update the secret value to a valid JSON object: `{"username": "...", "password": "..."}`. + * `Proxy credentials secret must be a JSON object with username and password fields` – Update the secret value to a valid JSON object: `{"username": "…", "password": "…"}`. @@ -320,0 +319,24 @@ These errors are visible in Live View and through the automation API. +## Troubleshooting InvokeBrowser OS actions + +The following table describes common errors when using the InvokeBrowser API for OS-level browser actions. + +Exception | HTTP code | Description +---|---|--- +`ValidationException` | 400 | Invalid input. For coordinate-based actions ( `mouseClick` , `mouseMove` , `mouseDrag` , `mouseScroll` ), coordinates must be strictly within the session viewport bounds (1 < x < viewportWidth-2, 1 < y < viewportHeight-2). The default viewport size is 1456×819 pixels. Also returned for disabled actions or invalid parameter values. +`AccessDeniedException` | 403 | Insufficient permissions or action not allowed for the session. +`ResourceNotFoundException` | 404 | Invalid `browserIdentifier` or `sessionId`. +`ServiceQuotaExceededException` | 402 | Service quota has been exceeded. +`ThrottlingException` | 429 | Rate limit exceeded. +`InternalServerException` | 500 | Unexpected failure in execution. + +**Solution:** + + * Verify that coordinate values are within the session viewport dimensions. Use the `screenshot` action to capture the current screen and confirm the visible area. + + * Check that the browser session is still active and has not timed out. + + * Ensure your IAM identity has the `bedrock-agentcore:InvokeBrowser` permission. + + + + @@ -327 +349 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Root Certificate Authority +Browser OS action