AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-10 · Documentation low

File: bedrock-agentcore/latest/devguide/gateway-inbound-auth.md

Summary

Updated typographical quotes (straight to curly apostrophes) and changed heading formatting from markdown '######' to bold '**' for several sections including 'To set up IAM-based inbound authorization', 'Example policy', 'Resources', and 'Security Best Practices'.

Security assessment

The changes are purely typographical and formatting updates. There is no evidence of addressing a security vulnerability, weakness, or incident. The content about security best practices and authorization methods remains unchanged in substance.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-inbound-auth.md b/bedrock-agentcore/latest/devguide/gateway-inbound-auth.md
index da26d2066..9d6240c31 100644
--- a//bedrock-agentcore/latest/devguide/gateway-inbound-auth.md
+++ b//bedrock-agentcore/latest/devguide/gateway-inbound-auth.md
@@ -28 +28 @@ If you use the AWS Management Console or AgentCore CLI to create your gateway, y
-If you don't plan to use the default authorization configuration using Amazon Cognito, select the topic that corresponds to the type of authorization that you plan to use to learn how to set it up:
+If you don’t plan to use the default authorization configuration using Amazon Cognito, select the topic that corresponds to the type of authorization that you plan to use to learn how to set it up:
@@ -43 +43 @@ If you don't plan to use the default authorization configuration using Amazon Co
-IAM-based inbound authorization lets you use the gateway caller's IAM credentials for authorization. You can use this option if you want to create an IAM identity through which users that call your gateway can be authenticated.
+IAM-based inbound authorization lets you use the gateway caller’s IAM credentials for authorization. You can use this option if you want to create an IAM identity through which users that call your gateway can be authenticated.
@@ -45 +45 @@ IAM-based inbound authorization lets you use the gateway caller's IAM credential
-###### To set up IAM-based inbound authorization
+**To set up IAM-based inbound authorization**
@@ -58 +58 @@ IAM-based inbound authorization lets you use the gateway caller's IAM credential
-###### Example policy
+**Example policy**
@@ -79 +79 @@ The following example shows a policy you could attach to an identity to allow it
-###### Resources
+**Resources**
@@ -116 +116 @@ After the command completes, the AgentCore CLI provides authentication and autho
-  * You'll use the authorizer configuration when you create the gateway.
+  * You’ll use the authorizer configuration when you create the gateway.
@@ -118 +118 @@ After the command completes, the AgentCore CLI provides authentication and autho
-  * For inbound authorization when invoking your gateway, you'll need to obtain an access token by using your client ID, client secret, and the token endpoint. For more information on how to obtain your access token, see the **Example** at [Use an AgentCore gateway](./gateway-using.html) or [The token issuer endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html) in the Amazon Cognito Developer Guide.
+  * For inbound authorization when invoking your gateway, you’ll need to obtain an access token by using your client ID, client secret, and the token endpoint. For more information on how to obtain your access token, see the **Example** at [Use an AgentCore gateway](./gateway-using.html) or [The token issuer endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html) in the Amazon Cognito Developer Guide.
@@ -127 +127 @@ Amazon Bedrock AgentCore supports JWTs from all identity providers. You can see
-In the process of creating the JWT, take note of the following values, which you'll fill out in the [CustomJWTAuthorizerConfiguration](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CustomJWTAuthorizerConfiguration.html) when you create a gateway, if they're applicable to your use case:
+In the process of creating the JWT, take note of the following values, which you’ll fill out in the [CustomJWTAuthorizerConfiguration](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CustomJWTAuthorizerConfiguration.html) when you create a gateway, if they’re applicable to your use case:
@@ -137 +137 @@ In the process of creating the JWT, take note of the following values, which you
-  * **Allowed scopes** – The scopes that define the limitations of an application's access to a user's account. For more information, see [OAuth Scopes](https://oauth.net/2/scope/).
+  * **Allowed scopes** – The scopes that define the limitations of an application’s access to a user’s account. For more information, see [OAuth Scopes](https://oauth.net/2/scope/).
@@ -144 +144 @@ In the process of creating the JWT, take note of the following values, which you
-You'll need these values to do the following:
+You’ll need these values to do the following:
@@ -148 +148 @@ You'll need these values to do the following:
-  * Obtain authorization credentials to invoke the gateway. To learn how to obtain your credentials, look up your identity provider's documentation. For example, if you used Amazon Cognito, see [The token issuer endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html) in the Amazon Cognito Developer Guide.
+  * Obtain authorization credentials to invoke the gateway. To learn how to obtain your credentials, look up your identity provider’s documentation. For example, if you used Amazon Cognito, see [The token issuer endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html) in the Amazon Cognito Developer Guide.
@@ -161 +161 @@ Do not use No Authorization gateways for production workloads unless you have im
-###### Security Best Practices
+**Security Best Practices**