AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-10 · Documentation low

File: bedrock-agentcore/latest/devguide/gateway-headers.md

Summary

Formatting changes to header restrictions: removed asterisk from Authorization header, changed code formatting for X-Amzn-Bedrock-AgentCore-Runtime-Custom-* exception, and updated typographical quotes in configuration instructions

Security assessment

These changes are primarily formatting and typographical corrections. The removal of the asterisk from 'Authorization*' clarifies that only the Authorization header itself is restricted, not headers starting with 'Authorization'. The change from backticks to plain text for the X-Amzn-Bedrock-AgentCore-Runtime-Custom-* exception is a formatting adjustment. No security vulnerability or new security feature is being documented.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-headers.md b/bedrock-agentcore/latest/devguide/gateway-headers.md
index deba01121..9a33b3ad8 100644
--- a//bedrock-agentcore/latest/devguide/gateway-headers.md
+++ b//bedrock-agentcore/latest/devguide/gateway-headers.md
@@ -26 +26 @@ To maintain security and prevent exposure of sensitive information, the followin
-Restricted headers Authorization*  
+Authorization*  
@@ -143 +146 @@ Additional validation rules apply to allowed headers:
-  * Headers starting with `X-Amzn-` are prohibited (except for `X-Amzn-Bedrock-AgentCore-Runtime-Custom-*` headers)
+  * Headers starting with `X-Amzn-` are prohibited (except for X-Amzn-Bedrock-AgentCore-Runtime-Custom-* headers)
@@ -154 +157 @@ You can configure header and query parameters at the target level when creating
-Configure header propagation by adding `allowedRequestHeaders`, `allowedResponseHeaders`, and `allowedQueryParameters` fields to your target's `metadataConfiguration`:
+Configure header propagation by adding `allowedRequestHeaders` , `allowedResponseHeaders` , and `allowedQueryParameters` fields to your target’s `metadataConfiguration` :
@@ -224 +227 @@ Interceptor lambdas can influence header propagation in the following ways:
-  * **Authorization header override:** The `Authorization` header from the interceptor lambda response is automatically propagated to the target. While the `Authorization` header cannot be configured in the target's allowlist, it will be forwarded to the target when provided by an interceptor lambda.
+  * **Authorization header override:** The `Authorization` header from the interceptor lambda response is automatically propagated to the target. While the `Authorization` header cannot be configured in the target’s allowlist, it will be forwarded to the target when provided by an interceptor lambda.