AWS bedrock-agentcore documentation change
Summary
Updated typography by replacing straight apostrophes with curly apostrophes in multiple sentences throughout the document.
Security assessment
The changes are purely typographical (changing ' to ’) and do not alter any technical, functional, or security-related content. There is no evidence of addressing a specific security vulnerability, weakness, or incident. The changes are cosmetic and do not add or modify security documentation.
Diff
diff --git a/bedrock-agentcore/latest/devguide/identity-use-cases.md b/bedrock-agentcore/latest/devguide/identity-use-cases.md index 3ffb7ed15..9b7de06d9 100644 --- a//bedrock-agentcore/latest/devguide/identity-use-cases.md +++ b//bedrock-agentcore/latest/devguide/identity-use-cases.md @@ -28 +28 @@ Amazon Bedrock AgentCore Identity supports a wide range of use cases across diff -AI agents that help users manage their personal productivity by accessing services like Google Drive, Microsoft Office 365, or Slack represent one of the most common and valuable applications of AgentCore Identity. These agents use OAuth 2.0 authorization code grant to obtain explicit user consent (3Lo) and access user data securely across multiple systems. For example, a research agent might search the web using AgentCore Browser, generate a comprehensive report, and save it to the user's Google Drive, all while maintaining proper authentication and authorization throughout the entire workflow. +AI agents that help users manage their personal productivity by accessing services like Google Drive, Microsoft Office 365, or Slack represent one of the most common and valuable applications of AgentCore Identity. These agents use OAuth 2.0 authorization code grant to obtain explicit user consent (3Lo) and access user data securely across multiple systems. For example, a research agent might search the web using AgentCore Browser, generate a comprehensive report, and save it to the user’s Google Drive, all while maintaining proper authentication and authorization throughout the entire workflow. @@ -30 +30 @@ AI agents that help users manage their personal productivity by accessing servic -The complexity of managing credentials across multiple third-party services makes AgentCore Identity particularly valuable for personal assistant scenarios. Consider a meeting agent that needs to access a user's Google Calendar to check availability, join a Zoom meeting to take notes, schedule follow-up meetings, and draft emails for approval. Each of these services requires different authentication mechanisms and user consent, but AgentCore Identity orchestrates the entire process seamlessly while the agent maintains its own identity and the user retains control over what data is accessed. +The complexity of managing credentials across multiple third-party services makes AgentCore Identity particularly valuable for personal assistant scenarios. Consider a meeting agent that needs to access a user’s Google Calendar to check availability, join a Zoom meeting to take notes, schedule follow-up meetings, and draft emails for approval. Each of these services requires different authentication mechanisms and user consent, but AgentCore Identity orchestrates the entire process seamlessly while the agent maintains its own identity and the user retains control over what data is accessed. @@ -32 +32 @@ The complexity of managing credentials across multiple third-party services make -Personal assistant agents also benefit from AgentCore Identity's token storage and secure credential management, which eliminate the need for users to repeatedly authorize access to their accounts. Once a user has granted permission for an agent to access their Google Drive, for instance, the agent can continue to access that service for subsequent tasks without requiring re-authorization, as long as the stored tokens remain valid. This creates a smooth user experience while maintaining security through proper token management. +Personal assistant agents also benefit from AgentCore Identity’s token storage and secure credential management, which eliminate the need for users to repeatedly authorize access to their accounts. Once a user has granted permission for an agent to access their Google Drive, for instance, the agent can continue to access that service for subsequent tasks without requiring re-authorization, as long as the stored tokens remain valid. This creates a smooth user experience while maintaining security through proper token management. @@ -36 +36 @@ Personal assistant agents also benefit from AgentCore Identity's token storage a -Agents that automate business processes by integrating with enterprise systems like Salesforce, SharePoint, or internal APIs represent a critical use case for organizations seeking to improve operational efficiency. These agents typically use OAuth 2.0 client credentials grant for machine-to-machine authentication (2Lo) when accessing systems that don't require user interaction, and may require access to multiple systems with different authentication requirements. For example, an HR automation agent might need to access employee data from an HRIS system, update records in Salesforce, and generate reports in SharePoint, each requiring different credentials and authorization scopes. +Agents that automate business processes by integrating with enterprise systems like Salesforce, SharePoint, or internal APIs represent a critical use case for organizations seeking to improve operational efficiency. These agents typically use OAuth 2.0 client credentials grant for machine-to-machine authentication (2Lo) when accessing systems that don’t require user interaction, and may require access to multiple systems with different authentication requirements. For example, an HR automation agent might need to access employee data from an HRIS system, update records in Salesforce, and generate reports in SharePoint, each requiring different credentials and authorization scopes. @@ -44 +44 @@ The audit and compliance capabilities of AgentCore Identity are particularly imp -AI agents that assist customer service representatives by accessing customer data from CRM systems, knowledge bases, and support ticketing systems must authenticate securely while providing real-time assistance during customer interactions. These agents need to access sensitive customer information from multiple sources while maintaining strict security controls and audit trails. For example, a customer service agent might need to access a customer's order history from an e-commerce platform, check their support ticket status in a ticketing system, and retrieve relevant troubleshooting information from a knowledge base, all while the customer is on the phone. +AI agents that assist customer service representatives by accessing customer data from CRM systems, knowledge bases, and support ticketing systems must authenticate securely while providing real-time assistance during customer interactions. These agents need to access sensitive customer information from multiple sources while maintaining strict security controls and audit trails. For example, a customer service agent might need to access a customer’s order history from an e-commerce platform, check their support ticket status in a ticketing system, and retrieve relevant troubleshooting information from a knowledge base, all while the customer is on the phone. @@ -54 +54 @@ The long-running nature of data processing workflows makes credential management -Data processing and analytics use cases also benefit from AgentCore Identity's support for different authentication mechanisms across various data sources. A single analytics workflow might need to access data from AWS services using IAM credentials, third-party APIs using OAuth 2.0 tokens, and on-premise databases using API keys or other authentication methods. AgentCore Identity provides a unified interface for managing all these different credential types, enabling data processing agents to focus on their core analytics functions rather than the complexity of credential management across diverse systems. +Data processing and analytics use cases also benefit from AgentCore Identity’s support for different authentication mechanisms across various data sources. A single analytics workflow might need to access data from AWS services using IAM credentials, third-party APIs using OAuth 2.0 tokens, and on-premise databases using API keys or other authentication methods. AgentCore Identity provides a unified interface for managing all these different credential types, enabling data processing agents to focus on their core analytics functions rather than the complexity of credential management across diverse systems. @@ -60 +60 @@ Agents that automate software development workflows by integrating with version -Development and DevOps scenarios present unique security challenges because agents often need elevated privileges to perform deployment and infrastructure management tasks, while also needing to maintain strict controls to prevent unauthorized changes to production systems. AgentCore Identity addresses these challenges through its fine-grained access control capabilities and comprehensive audit logging, ensuring that DevOps agents can perform necessary automation tasks while supporting security and compliance. The service supports role-based access controls that can be configured to limit agent access to specific environments, repositories, or deployment targets based on the agent's identity and the context of the operation. +Development and DevOps scenarios present unique security challenges because agents often need elevated privileges to perform deployment and infrastructure management tasks, while also needing to maintain strict controls to prevent unauthorized changes to production systems. AgentCore Identity addresses these challenges through its fine-grained access control capabilities and comprehensive audit logging, ensuring that DevOps agents can perform necessary automation tasks while supporting security and compliance. The service supports role-based access controls that can be configured to limit agent access to specific environments, repositories, or deployment targets based on the agent’s identity and the context of the operation.