AWS bedrock-agentcore documentation change
Summary
Updated link reference from './resource-based-policies.html' to './security.html#resource-based-policies' and changed typographical quote in 'caller's' to 'caller's'
Security assessment
This change updates a documentation link to point to a different location (security.html) and fixes a typographical quote. There is no evidence of addressing a security vulnerability or weakness. The content remains about access control features, but this is a routine documentation maintenance change.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-fine-grained-access-control.md b/bedrock-agentcore/latest/devguide/gateway-fine-grained-access-control.md index b27938b65..94b0cd2d9 100644 --- a//bedrock-agentcore/latest/devguide/gateway-fine-grained-access-control.md +++ b//bedrock-agentcore/latest/devguide/gateway-fine-grained-access-control.md @@ -9 +9 @@ Using interceptors for access controlAccess control levelsImplementation approac -Amazon Bedrock AgentCore Gateway provides fine-grained access control capabilities that allow you to control which users and agents can access specific tools and resources. You can implement access control through gateway interceptors for custom logic, or use resource-based policies for standard AWS-style access control. For information about resource-based policies, see [Resource-based policies for Amazon Bedrock AgentCore](./resource-based-policies.html). +Amazon Bedrock AgentCore Gateway provides fine-grained access control capabilities that allow you to control which users and agents can access specific tools and resources. You can implement access control through gateway interceptors for custom logic, or use resource-based policies for standard AWS-style access control. For information about resource-based policies, see [Resource-based policies for Amazon Bedrock AgentCore](./security.html#resource-based-policies). @@ -66 +66 @@ Use interceptors to examine JWT claims such as user roles, departments, or custo -For IAM-authenticated gateways, implement access control by matching against the caller's IAM ARN. Use pattern matching on `principal.id` in Cedar policies to restrict access based on AWS accounts, roles, or users. +For IAM-authenticated gateways, implement access control by matching against the caller’s IAM ARN. Use pattern matching on `principal.id` in Cedar policies to restrict access based on AWS accounts, roles, or users.