AWS bedrock-agentcore documentation change
Summary
Formatting and minor text changes including punctuation updates (apostrophes to curly quotes), table reformatting (removing line breaks in bullet lists), and restructuring of OAuth authorization steps (adding example headings and step numbers).
Security assessment
The changes are purely cosmetic and editorial, involving punctuation, formatting, and structural reorganization of existing documentation. There is no evidence of addressing a security vulnerability, weakness, or incident. The content still describes the same authorization methods (IAM and OAuth) without introducing new security features or correcting security-related inaccuracies.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-building-adding-targets-authorization.md b/bedrock-agentcore/latest/devguide/gateway-building-adding-targets-authorization.md index f9a5b780f..56ce8eb47 100644 --- a//bedrock-agentcore/latest/devguide/gateway-building-adding-targets-authorization.md +++ b//bedrock-agentcore/latest/devguide/gateway-building-adding-targets-authorization.md @@ -26 +26 @@ To learn more about a credential provider configuration, select a topic: -If you're using IAM authorization through an AgentCore Gateway service role for your target, specify the `credentialProviderType` as `GATEWAY_IAM_ROLE`. The configuration depends on your target type. +If you’re using IAM authorization through an AgentCore Gateway service role for your target, specify the `credentialProviderType` as `GATEWAY_IAM_ROLE` . The configuration depends on your target type. @@ -39 +39 @@ The `iamCredentialProvider` configuration is not needed because the target servi -For MCP server targets, you must also provide an `iamCredentialProvider` with the service name used for [AWS Signature Version 4 (Sig V4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) signing. The `service` field is required. The `region` field is optional and defaults to the gateway's Region. +For MCP server targets, you must also provide an `iamCredentialProvider` with the service name used for [AWS Signature Version 4 (Sig V4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) signing. The `service` field is required. The `region` field is optional and defaults to the gateway’s Region. @@ -56,8 +56,2 @@ Field | Required | Description -`service` | Yes | The AWS service name used for SigV4 signing. This value must match the service name that the target expects when verifying the SigV4 signature. The following are common values: - - * `bedrock-agentcore` – For MCP servers hosted on Amazon Bedrock AgentCore, such as the runtime (see [Deploy MCP servers in AgentCore Runtime](./runtime-mcp.html)) or another gateway. - * `execute-api` – For MCP servers behind Amazon API Gateway. - * `lambda` – For MCP servers behind Lambda Function URLs. - - -`region` | No | The AWS Region for SigV4 signing. If omitted, defaults to the gateway's Region. +`service` | Yes | The AWS service name used for SigV4 signing. This value must match the service name that the target expects when verifying the SigV4 signature. The following are common values: `bedrock-agentcore` – For MCP servers hosted on Amazon Bedrock AgentCore, such as the runtime (see [Deploy MCP servers in AgentCore Runtime](./runtime-mcp.html) ) or another gateway. `execute-api` – For MCP servers behind Amazon API Gateway. `lambda` – For MCP servers behind Lambda Function URLs. +`region` | No | The AWS Region for SigV4 signing. If omitted, defaults to the gateway’s Region. @@ -67 +61 @@ Field | Required | Description -If you're using OAuth authorization, you specify the `credentialProviderType` as `OAUTH`. In the object that the `credentialProvider` field maps to, map an `oauthCredentialProvider` field name to an [OAuthCredentialProvider](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_OAuthCredentialProvider.html) object and provide the values based on your outbound authorization setup. +If you’re using OAuth authorization, you specify the `credentialProviderType` as `OAUTH` . In the object that the `credentialProvider` field maps to, map an `oauthCredentialProvider` field name to an [OAuthCredentialProvider](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_OAuthCredentialProvider.html) object and provide the values based on your outbound authorization setup. @@ -80 +74 @@ Select one of the following methods: -Client credentials +###### Example @@ -81,0 +76 @@ Client credentials +Client credentials @@ -83 +77,0 @@ Client credentials -Specify the `grantType` as `CLIENT_CREDENTIALS`, as in the following example: @@ -84,0 +79 @@ Specify the `grantType` as `CLIENT_CREDENTIALS`, as in the following example: + 1. Specify the `grantType` as `CLIENT_CREDENTIALS` , as in the following example: @@ -103 +97,0 @@ Specify the `grantType` as `CLIENT_CREDENTIALS`, as in the following example: -Authorization code @@ -106 +99,0 @@ Authorization code -Specify the `grantType` as `AUTHORIZATION_CODE` and include, in the `defaultReturnUrl` field, the URL to which to redirect the end user's browser after obtaining the authorization code, as in the following example: @@ -107,0 +101,4 @@ Specify the `grantType` as `AUTHORIZATION_CODE` and include, in the `defaultRetu +Authorization code + + + 1. Specify the `grantType` as `AUTHORIZATION_CODE` and include, in the `defaultReturnUrl` field, the URL to which to redirect the end user’s browser after obtaining the authorization code, as in the following example: