AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-10 · Documentation low

File: bedrock-agentcore/latest/devguide/gateway-create-api.md

Summary

Formatting and structural changes to documentation including reorganization of example sections, addition of example headers, renumbering of steps, and minor typographical fixes. The content remains functionally the same with improved presentation.

Security assessment

The changes are purely formatting and structural improvements to documentation. No new security vulnerabilities are addressed, and no security features are added. The note about the NONE authorizer type not performing authentication/authorization was already present and is simply reformatted. The changes do not introduce or mitigate any security risks.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-create-api.md b/bedrock-agentcore/latest/devguide/gateway-create-api.md
index b81e74d9c..c57a19413 100644
--- a//bedrock-agentcore/latest/devguide/gateway-create-api.md
+++ b//bedrock-agentcore/latest/devguide/gateway-create-api.md
@@ -35 +35 @@ The remaining fields depend on your gateway configuration and whether you want t
-  * `clientToken` – A client token value to ensure that a request completes no more than once. If you don't include this token, one is randomly generated for you. If you don't include a value, one is randomly generated for you. For more information, see [Ensuring idempotency](https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html).
+  * `clientToken` – A client token value to ensure that a request completes no more than once. If you don’t include this token, one is randomly generated for you. If you don’t include a value, one is randomly generated for you. For more information, see [Ensuring idempotency](https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html).
@@ -100 +100 @@ The following examples show the structure of the CustomClaimValidationsType obje
-String matches string
+###### Example
@@ -101,0 +102 @@ String matches string
+String matches string
@@ -104 +105 @@ String matches string
-    {
+  1.     {
@@ -115 +115,0 @@ String matches string
-Array contains string
@@ -119 +119,4 @@ Array contains string
-    {
+Array contains string
+    
+
+  1.     {
@@ -130 +132,0 @@ Array contains string
-Array contains any value in array
@@ -134 +136,4 @@ Array contains any value in array
-    {
+Array contains any value in array
+    
+
+  1.     {
@@ -145,3 +149,0 @@ Array contains any value in array
-To see examples of how to create a gateway, expand the section that corresponds to your use case:
-
-###### Topics
@@ -149 +150,0 @@ To see examples of how to create a gateway, expand the section that corresponds
-  * Create a gateway: basic example (Custom JWT authorization)
@@ -151 +151,0 @@ To see examples of how to create a gateway, expand the section that corresponds
-  * Create a gateway: basic example (IAM authorization)
@@ -153,7 +153 @@ To see examples of how to create a gateway, expand the section that corresponds
-  * Create a gateway: basic example (NONE authorizer)
-
-  * Create a gateway with semantic search
-
-  * Create a gateway with debugging messages
-
-  * Create a gateway with interceptor configurations
+To see examples of how to create a gateway, expand the section that corresponds to your use case:
@@ -161 +155 @@ To see examples of how to create a gateway, expand the section that corresponds
-  * Create a gateway with a policy engine configuration
+###### Topics
@@ -172,8 +166 @@ This section provides basic examples of creating a gateway.
-Note the following:
-
-  * The values for the authorization configuration are from when you set up [inbound authorization](./gateway-inbound-auth.html).
-
-  * If you choose an option that involves specifying an overt gateway service role ARN, ensure that you specify an existing one that you've set up. For more information, see [AgentCore Gateway service role permissions](./gateway-prerequisites-permissions.html#gateway-service-role-permissions).
-
-
-
+Note the following: * The values for the authorization configuration are from when you set up [inbound authorization](./gateway-inbound-auth.html) . * If you choose an option that involves specifying an overt gateway service role ARN, ensure that you specify an existing one that you’ve set up. For more information, see [AgentCore Gateway service role permissions](./gateway-prerequisites-permissions.html#gateway-service-role-permissions).
@@ -182,0 +170,2 @@ Select one of the following methods:
+###### Example
+
@@ -186 +175 @@ AgentCore CLI
-The AgentCore CLI provides a simple way to create a gateway in a command line interface.
+  1. The AgentCore CLI provides a simple way to create a gateway in a command line interface.
@@ -190 +179 @@ To create the gateway, you use the `agentcore add gateway` command. The gateway
-###### Using default arguments
+**Using default arguments**
@@ -197 +185 @@ Run the following command in a terminal to create a gateway with no authorizatio
-###### Specifying arguments
+**Specifying arguments**
@@ -214 +204 @@ Interactive
-Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
+  1. Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
@@ -216 +206 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
-  1. Enter the gateway name:
+  2. Enter the gateway name:
@@ -220 +210 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
-  2. Select **Custom JWT** as the authorizer type and press **Enter** :
+  3. Select **Custom JWT** as the authorizer type and press **Enter** :
@@ -224 +214 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
-  3. Configure advanced options:
+  4. Configure advanced options:
@@ -228 +218 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
-  4. Review the configuration summary and press **Enter** to confirm:
+  5. Review the configuration summary and press **Enter** to confirm:
@@ -238,2 +228 @@ AWS CLI
-Run the following code in a terminal to create a basic gateway with the AWS CLI:
-    
+  1. Run the following code in a terminal to create a basic gateway with the AWS CLI:
@@ -255 +243,0 @@ The `gatewayUrl` in the response is the endpoint to use when you invoke the gate
-AWS Python SDK (Boto3)
@@ -258 +245,0 @@ AWS Python SDK (Boto3)
-The following Python code shows how to create a basic gateway with the AWS Python SDK (Boto3):
@@ -259,0 +247,4 @@ The following Python code shows how to create a basic gateway with the AWS Pytho
+AWS Python SDK (Boto3)
+    
+
+  1. The following Python code shows how to create a basic gateway with the AWS Python SDK (Boto3):
@@ -284 +278 @@ The following Python code shows how to create a basic gateway with the AWS Pytho
-This section provides basic examples of creating a gateway using IAM authorization. With IAM authorization, you don't need an authorizer configuration.
+This section provides basic examples of creating a gateway using IAM authorization. With IAM authorization, you don’t need an authorizer configuration.
@@ -292 +286 @@ Select one of the following methods:
-AWS CLI
+###### Example
@@ -293,0 +288 @@ AWS CLI
+AWS CLI
@@ -295 +289,0 @@ AWS CLI
-Run the following in a terminal:
@@ -296,0 +291 @@ Run the following in a terminal:
+  1. Run the following in a terminal:
@@ -304 +298,0 @@ Run the following in a terminal:
-Boto3
@@ -308 +302,4 @@ Boto3
-    import boto3
+Boto3
+    
+
+  1.     import boto3
@@ -321,3 +317,0 @@ Boto3
-## Create a gateway: basic example (NONE authorizer)
-
-This section provides basic examples of creating a gateway with a NONE authorizer type. This represents a gateway that will not perform authentication or authorization for any incoming requests.
@@ -325 +318,0 @@ This section provides basic examples of creating a gateway with a NONE authorize
-###### Note
@@ -327 +319,0 @@ This section provides basic examples of creating a gateway with a NONE authorize
-  * The NONE authorizer type represents a gateway that will not perform authentication or authorization for any incoming requests. See [inbound authorization](./gateway-inbound-auth.html) for security concerns and details around using this configuration.
@@ -329 +321 @@ This section provides basic examples of creating a gateway with a NONE authorize
-  * If you choose an option that involves specifying an overt gateway service role ARN, ensure that you specify an existing one that you've set up. For more information, see [AgentCore Gateway service role permissions](./gateway-prerequisites-permissions.html#gateway-service-role-permissions).
+## Create a gateway: basic example (NONE authorizer)
@@ -330,0 +323 @@ This section provides basic examples of creating a gateway with a NONE authorize
+This section provides basic examples of creating a gateway with a NONE authorizer type. This represents a gateway that will not perform authentication or authorization for any incoming requests.
@@ -331,0 +325 @@ This section provides basic examples of creating a gateway with a NONE authorize
+###### Note
@@ -332,0 +327 @@ This section provides basic examples of creating a gateway with a NONE authorize
+* The NONE authorizer type represents a gateway that will not perform authentication or authorization for any incoming requests. See [inbound authorization](./gateway-inbound-auth.html) for security concerns and details around using this configuration. * If you choose an option that involves specifying an overt gateway service role ARN, ensure that you specify an existing one that you’ve set up. For more information, see [AgentCore Gateway service role permissions](./gateway-prerequisites-permissions.html#gateway-service-role-permissions).
@@ -335,0 +331,2 @@ Select one of the following methods:
+###### Example
+
@@ -339 +336 @@ AgentCore CLI
-The AgentCore CLI provides a simple way to create a gateway with NONE authorizer type in a command line interface.
+  1. The AgentCore CLI provides a simple way to create a gateway with NONE authorizer type in a command line interface.
@@ -354 +353 @@ Interactive
-Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
+  1. Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
@@ -356 +355 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
-  1. Enter the gateway name:
+  2. Enter the gateway name:
@@ -360 +359 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
-  2. Select **NONE** as the authorizer type and press **Enter** :
+  3. Select **NONE** as the authorizer type and press **Enter** :
@@ -364 +363 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
-  3. Configure advanced options:
+  4. Configure advanced options:
@@ -368 +367 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway** :
-  4. Review the configuration summary and press **Enter** to confirm:
+  5. Review the configuration summary and press **Enter** to confirm:
@@ -378,2 +377 @@ AWS CLI
-Run the following code in a terminal to create a gateway with NONE authorizer type using the AWS CLI:
-    
+  1. Run the following code in a terminal to create a gateway with NONE authorizer type using the AWS CLI:
@@ -389 +386,0 @@ The `gatewayUrl` in the response is the endpoint to use when you invoke the gate
-AWS Python SDK (Boto3)
@@ -392 +389,2 @@ AWS Python SDK (Boto3)
-The following Python code shows how to create a gateway with NONE authorizer type using the AWS Python SDK (Boto3):
+
+AWS Python SDK (Boto3)
@@ -394,0 +393,2 @@ The following Python code shows how to create a gateway with NONE authorizer typ
+  1. The following Python code shows how to create a gateway with NONE authorizer type using the AWS Python SDK (Boto3):
+    
@@ -416 +419 @@ Select one of the following methods:
-AgentCore CLI
+###### Example
@@ -417,0 +421 @@ AgentCore CLI
+AgentCore CLI
@@ -419 +422,0 @@ AgentCore CLI
-By default, semantic search is enabled when you create a gateway using the AgentCore CLI. To disable it, use the `--no-semantic-search` flag. To create a gateway with default semantic search enabled:
@@ -420,0 +424 @@ By default, semantic search is enabled when you create a gateway using the Agent
+  1. By default, semantic search is enabled when you create a gateway using the AgentCore CLI. To disable it, use the `--no-semantic-search` flag. To create a gateway with default semantic search enabled:
@@ -428 +435 @@ Interactive
-Run `agentcore` to open the TUI, then select **add** and choose **Gateway**. Semantic search is enabled by default in the advanced options:
+  1. Run `agentcore` to open the TUI, then select **add** and choose **Gateway** . Semantic search is enabled by default in the advanced options:
@@ -430 +437 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway**. Sem
-  1. Enter the gateway name:
+  2. Enter the gateway name:
@@ -434 +441 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway**. Sem
-  2. Select the authorizer type and press **Enter** :
+  3. Select the authorizer type and press **Enter** :
@@ -438 +445 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway**. Sem
-  3. In advanced options, verify that semantic search is enabled (this is the default):
+  4. In advanced options, verify that semantic search is enabled (this is the default):
@@ -442 +449 @@ Run `agentcore` to open the TUI, then select **add** and choose **Gateway**. Sem
-  4. Review the configuration summary and press **Enter** to confirm:
+  5. Review the configuration summary and press **Enter** to confirm:
@@ -452,2 +459 @@ AWS CLI
-Turn on semantic search when creating a gateway in the AWS CLI by specifying `searchType` as `SEMANTIC` in the `--protocol-configuration` object, as in the following example:
-    
+  1. Turn on semantic search when creating a gateway in the AWS CLI by specifying `searchType` as `SEMANTIC` in the `--protocol-configuration` object, as in the following example: