AWS bedrock-agentcore documentation change
Summary
Formatting and typographical updates, including example restructuring and table adjustments.
Security assessment
The changes are primarily formatting and typographical, with no indication of addressing a security vulnerability or adding new security features. The content remains about configuring root CA certificates for secure HTTPS connections, but the changes themselves do not introduce new security information or address a specific security issue.
Diff
diff --git a/bedrock-agentcore/latest/devguide/code-interpreter-root-ca-certificates.md b/bedrock-agentcore/latest/devguide/code-interpreter-root-ca-certificates.md index 06e682e44..3628825ff 100644 --- a//bedrock-agentcore/latest/devguide/code-interpreter-root-ca-certificates.md +++ b//bedrock-agentcore/latest/devguide/code-interpreter-root-ca-certificates.md @@ -11 +11 @@ By default, Amazon Bedrock AgentCore Code Interpreter sessions trust only public -Amazon Bedrock AgentCore retrieves the PEM-encoded certificate content from AWS Secrets Manager using your caller credentials, validates the X.509 format and expiry, and installs the certificates into the session's OS trust store. This enables the code interpreter to establish trusted HTTPS connections to your internal resources. +Amazon Bedrock AgentCore retrieves the PEM-encoded certificate content from AWS Secrets Manager using your caller credentials, validates the X.509 format and expiry, and installs the certificates into the session’s OS trust store. This enables the code interpreter to establish trusted HTTPS connections to your internal resources. @@ -23 +23 @@ Root Certificate Authority for Amazon Bedrock AgentCore Code Interpreter works a - 4. Valid certificates are deployed to the session's OS trust store, making them available to code execution runtimes and any network clients within the sandbox. + 4. Valid certificates are deployed to the session’s OS trust store, making them available to code execution runtimes and any network clients within the sandbox. @@ -65 +65 @@ Before you can use a root CA certificate with Amazon Bedrock AgentCore Code Inte -AWS CLI +###### Example @@ -66,0 +67 @@ AWS CLI +AWS CLI @@ -69 +70 @@ AWS CLI - aws secretsmanager create-secret \ + 1. aws secretsmanager create-secret \ @@ -75 +75,0 @@ AWS CLI -Boto3 @@ -79 +79,4 @@ Boto3 - import boto3 +Boto3 + + + 1. import boto3 @@ -105 +111 @@ To start a code interpreter session that trusts your custom root CA certificates -AWS CLI +###### Example @@ -106,0 +113 @@ AWS CLI +AWS CLI @@ -109 +116 @@ AWS CLI - aws bedrock-agentcore start-code-interpreter-session \ + 1. aws bedrock-agentcore start-code-interpreter-session \ @@ -122 +128,0 @@ AWS CLI -Boto3 @@ -126 +132,4 @@ Boto3 - import boto3 +Boto3 + + + 1. import boto3 @@ -147 +155,0 @@ Boto3 -API @@ -151 +159,4 @@ API - { +API + + + 1. { @@ -168 +182 @@ You can provide multiple root CA certificates in a single code interpreter sessi -AWS CLI +###### Example @@ -169,0 +184 @@ AWS CLI +AWS CLI @@ -172 +187 @@ AWS CLI - aws bedrock-agentcore start-code-interpreter-session \ + 1. aws bedrock-agentcore start-code-interpreter-session \ @@ -192 +206,0 @@ AWS CLI -Boto3 @@ -196 +210,4 @@ Boto3 - response = client.start_code_interpreter_session( +Boto3 + + + 1. response = client.start_code_interpreter_session( @@ -223 +243 @@ This is useful for organization-wide certificates that should be trusted by all -Boto3 +###### Example @@ -224,0 +245 @@ Boto3 +Boto3 @@ -227 +248 @@ Boto3 - response = client.create_code_interpreter( + 1. response = client.create_code_interpreter( @@ -250 +274 @@ Certificates must meet the following requirements: -Certificate requirements Requirement | Details +Requirement | Details @@ -256 +280 @@ Maximum certificates per session | 10 per session and 10 per tool. A session can -Secret ARN format | `arn:aws:secretsmanager:`region`:`account-id`:secret:`secret-name`` +Secret ARN format | `arn:aws:secretsmanager:region:account-id:secret:secret-name` @@ -263 +287 @@ The following table describes common errors and their resolutions when configuri -Certificate configuration errors Error | Cause | Resolution +Error | Cause | Resolution @@ -268,2 +292,2 @@ Certificate content is not valid PEM/X.509 format | The secret value is not a va -Certificate has expired | The certificate's `notAfter` date is in the past. | Replace the expired certificate with a valid one in AWS Secrets Manager and retry. -Certificate is not yet valid | The certificate's `notBefore` date is in the future. | Wait until the certificate's validity period begins, or use a certificate that is currently valid. +Certificate has expired | The certificate’s `notAfter` date is in the past. | Replace the expired certificate with a valid one in AWS Secrets Manager and retry. +Certificate is not yet valid | The certificate’s `notBefore` date is in the future. | Wait until the certificate’s validity period begins, or use a certificate that is currently valid.