AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-10 · Documentation low

File: bedrock-agentcore/latest/devguide/gateway-event-types.md

Summary

Typographical changes normalizing apostrophes in the CloudTrail data events documentation for Bedrock AgentCore Gateway.

Security assessment

Only apostrophe changes (e.g., 'doesn't' to 'doesn’t') and no substantive updates to security content. The documentation about JWT claims and PII avoidance remains unchanged in meaning.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-event-types.md b/bedrock-agentcore/latest/devguide/gateway-event-types.md
index 90ff14d2e..39002fe3b 100644
--- a//bedrock-agentcore/latest/devguide/gateway-event-types.md
+++ b//bedrock-agentcore/latest/devguide/gateway-event-types.md
@@ -56 +56 @@ UpdateGatewayTarget | Updates an existing gateway target
-Data events provide information about the resource operations performed on or in a resource. These are also known as data plane operations. Data events are often high-volume activities. You must explicitly enable data events because they are not logged by default. The CloudTrail _Event history_ doesn't record data events.
+Data events provide information about the resource operations performed on or in a resource. These are also known as data plane operations. Data events are often high-volume activities. You must explicitly enable data events because they are not logged by default. The CloudTrail _Event history_ doesn’t record data events.
@@ -70 +70 @@ Bedrock-AgentCore gateway | AWS::BedrockAgentCore::Gateway | InvokeGateway
-Amazon Bedrock AgentCore Gateway data events differ from standard AWS data events in how identity information is stored. Because the Data API follows the MCP protocol and uses JSON Web Token (JWT)-based authentication rather than SigV4, Amazon Bedrock AgentCore Gateway data events don't have standard AWS identity information. Instead, identity is captured by logging specific JWT claims, including the "sub" claim.
+Amazon Bedrock AgentCore Gateway data events differ from standard AWS data events in how identity information is stored. Because the Data API follows the MCP protocol and uses JSON Web Token (JWT)-based authentication rather than SigV4, Amazon Bedrock AgentCore Gateway data events don’t have standard AWS identity information. Instead, identity is captured by logging specific JWT claims, including the "sub" claim.
@@ -78 +78 @@ We recommend that you avoid using any personally identifiable information (PII)
-Amazon Bedrock AgentCore Gateway provides error information as part of the `responseElements` field rather than as top-level `errorCode` and `errorMessage` fields. If you're looking for specific error types such as AccessDenied events, parse through the `responseElements` field in the CloudTrail event.
+Amazon Bedrock AgentCore Gateway provides error information as part of the `responseElements` field rather than as top-level `errorCode` and `errorMessage` fields. If you’re looking for specific error types such as AccessDenied events, parse through the `responseElements` field in the CloudTrail event.