AWS bedrock-agentcore documentation change
Summary
Updated documentation with typographical fixes (straight quotes to curly quotes), corrected a link anchor from '#invoke-agent' to '#oauth-invoke-agent', and restructured the SigV4 and OAuth sections by adding an 'Example' heading and reordering content for clarity.
Security assessment
The changes are primarily typographical and structural, with no evidence of addressing a specific security vulnerability. The link correction fixes a potential broken link but does not indicate a security issue. The documentation already covered authentication methods (SigV4, OAuth 2.0) and session management; these updates do not introduce new security features or address security weaknesses.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md b/bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md index 3907a2833..86946b2fa 100644 --- a//bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md +++ b//bedrock-agentcore/latest/devguide/runtime-get-started-websocket.md @@ -49 +49 @@ For more information about the WebSocket protocol, see [WebSocket RFC 6455](http -AgentCore Runtime's WebSocket support enables persistent, bidirectional streaming connections between clients and agents. AgentCore Runtime expects containers to implement WebSocket endpoints on port `8080` at the `/ws` path, which aligns with standard WebSocket server practices. +AgentCore Runtime’s WebSocket support enables persistent, bidirectional streaming connections between clients and agents. AgentCore Runtime expects containers to implement WebSocket endpoints on port `8080` at the `/ws` path, which aligns with standard WebSocket server practices. @@ -51 +51 @@ AgentCore Runtime's WebSocket support enables persistent, bidirectional streamin -AgentCore Runtime's WebSocket support provides the same serverless, session isolation, identity, and observability capabilities as `InvokeAgentRuntime`. Additionally, it enables low-latency, real-time bidirectional streaming of messages through WebSocket connections using SigV4 or OAuth 2.0 authentication, making it ideal for applications such as real-time conversational voice agents. +AgentCore Runtime’s WebSocket support provides the same serverless, session isolation, identity, and observability capabilities as `InvokeAgentRuntime` . Additionally, it enables low-latency, real-time bidirectional streaming of messages through WebSocket connections using SigV4 or OAuth 2.0 authentication, making it ideal for applications such as real-time conversational voice agents. @@ -211 +211 @@ Test your bidirectional streaming agent locally by opening another terminal wind -**Success:** You should see a response like `Received: {"echo":{"inputText":"Hello WebSocket!"}}`. In the terminal window that's running the agent, enter `Ctrl+C` to stop the agent. +**Success:** You should see a response like `Received: {"echo":{"inputText":"Hello WebSocket!"}}` . In the terminal window that’s running the agent, enter `Ctrl+C` to stop the agent. @@ -243 +243 @@ Run these commands from your project directory (`agentcore-runtime-quickstart-we -After deployment, you'll receive an agent runtime ARN that looks like: +After deployment, you’ll receive an agent runtime ARN that looks like: @@ -248 +248 @@ After deployment, you'll receive an agent runtime ARN that looks like: -Save this ARN as you'll need it to invoke your deployed agent. +Save this ARN as you’ll need it to invoke your deployed agent. @@ -393 +393 @@ AgentCore Runtime supports OAuth Bearer token authentication for WebSocket conne -Once you have completed the OAuth setup and obtained a bearer token following [Step 4: Use bearer token to invoke your agent](./runtime-oauth.html#invoke-agent) in the OAuth guide, you can use that token to establish WebSocket connections. +Once you have completed the OAuth setup and obtained a bearer token following [Step 4: Use bearer token to invoke your agent](./runtime-oauth.html#oauth-invoke-agent) in the OAuth guide, you can use that token to establish WebSocket connections. @@ -456 +456 @@ Run the client to test your deployed agent: -The browser's native WebSocket API does not provide a method to set custom headers during the handshake. To support OAuth authentication from browsers, AgentCore Runtime accepts the bearer token embedded in the `Sec-WebSocket-Protocol` header during the WebSocket handshake. +The browser’s native WebSocket API does not provide a method to set custom headers during the handshake. To support OAuth authentication from browsers, AgentCore Runtime accepts the bearer token embedded in the `Sec-WebSocket-Protocol` header during the WebSocket handshake. @@ -514 +514 @@ To use sessions with WebSocket connections, generate a unique session ID for eac -SigV4 Headers +###### Example @@ -515,0 +516 @@ SigV4 Headers +SigV4 Headers @@ -518 +519 @@ SigV4 Headers - from bedrock_agentcore.runtime import AgentCoreRuntimeClient + 1. from bedrock_agentcore.runtime import AgentCoreRuntimeClient @@ -548 +548,0 @@ SigV4 Headers -SigV4 Pre-signed URL @@ -552 +552,4 @@ SigV4 Pre-signed URL - from bedrock_agentcore.runtime import AgentCoreRuntimeClient +SigV4 Pre-signed URL + + + 1. from bedrock_agentcore.runtime import AgentCoreRuntimeClient @@ -583 +585,0 @@ SigV4 Pre-signed URL -OAuth @@ -587 +589,4 @@ OAuth - from bedrock_agentcore.runtime import AgentCoreRuntimeClient +OAuth + + + 1. from bedrock_agentcore.runtime import AgentCoreRuntimeClient @@ -627 +635 @@ By using the same session ID for related WebSocket connections, you ensure that -For WebSocket connections, the session's idle timeout is reset each time there is message activity between the client and agent. This includes any WebSocket message exchange such as sending data from client to agent, receiving responses from agent to client, or WebSocket ping/pong frames. This means that active WebSocket conversations will keep the session alive as long as messages continue to flow, preventing premature session termination during ongoing interactions. +For WebSocket connections, the session’s idle timeout is reset each time there is message activity between the client and agent. This includes any WebSocket message exchange such as sending data from client to agent, receiving responses from agent to client, or WebSocket ping/pong frames. This means that active WebSocket conversations will keep the session alive as long as messages continue to flow, preventing premature session termination during ongoing interactions.