AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-10 · Documentation low

File: bedrock-agentcore/latest/devguide/runtime-header-allowlist.md

Summary

Formatting and structural updates to documentation for configuring request header allowlists and OAuth authorizer in AgentCore. Changes include adding numbered steps, example headers, and minor text formatting (e.g., curly quotes).

Security assessment

The changes are purely documentation formatting and structural improvements (adding numbered steps, example sections). No new security features are introduced, and there is no evidence of addressing a specific security vulnerability or incident. The content about header allowlists and OAuth configuration existed previously.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-header-allowlist.md b/bedrock-agentcore/latest/devguide/runtime-header-allowlist.md
index 53643bec6..5920654ef 100644
--- a//bedrock-agentcore/latest/devguide/runtime-header-allowlist.md
+++ b//bedrock-agentcore/latest/devguide/runtime-header-allowlist.md
@@ -47 +47 @@ Create an AgentCore project using the AgentCore CLI:
-Update your agent's entrypoint file to access the custom headers from the request context:
+Update your agent’s entrypoint file to access the custom headers from the request context:
@@ -77 +77 @@ Configure the request header allowlist on your agent runtime so that custom head
-AgentCore CLI
+###### Example
@@ -78,0 +79 @@ AgentCore CLI
+AgentCore CLI
@@ -80 +80,0 @@ AgentCore CLI
-Add the `requestHeaderAllowlist` field to your agent configuration in `agentcore/agentcore.json`:
@@ -81,0 +82 @@ Add the `requestHeaderAllowlist` field to your agent configuration in `agentcore
+  1. Add the `requestHeaderAllowlist` field to your agent configuration in `agentcore/agentcore.json` :
@@ -102 +101,0 @@ Note the agent runtime ARN from the output. You need it if you plan to invoke us
-AWS SDK
@@ -105 +104,2 @@ AWS SDK
-After deploying your agent, update the runtime configuration using the AWS SDK:
+
+AWS SDK
@@ -107,0 +108,2 @@ After deploying your agent, update the runtime configuration using the AWS SDK:
+  1. After deploying your agent, update the runtime configuration using the AWS SDK:
+    
@@ -127 +132 @@ Pass custom headers when invoking your agent so that your agent code can access
-AgentCore CLI
+###### Example
@@ -128,0 +134 @@ AgentCore CLI
+AgentCore CLI
@@ -130 +135,0 @@ AgentCore CLI
-Use the `-H` flag to pass custom headers with `agentcore invoke`:
@@ -131,0 +137 @@ Use the `-H` flag to pass custom headers with `agentcore invoke`:
+  1. Use the `-H` flag to pass custom headers with `agentcore invoke` :
@@ -143 +147,0 @@ You can pass multiple headers by repeating the `-H` flag:
-AWS SDK
@@ -146 +149,0 @@ AWS SDK
-Use boto3 with event handlers to add custom headers to your agent invocation. For more details on botocore events, see [botocore events documentation](https://botocore.amazonaws.com/v1/documentation/api/latest/topics/events.html).
@@ -147,0 +151,4 @@ Use boto3 with event handlers to add custom headers to your agent invocation. Fo
+AWS SDK
+    
+
+  1. Use boto3 with event handlers to add custom headers to your agent invocation. For more details on botocore events, see [botocore events documentation](https://botocore.amazonaws.com/v1/documentation/api/latest/topics/events.html).
@@ -184 +194 @@ To pass the JWT token used for OAuth-based inbound access to your agent, configu
-AgentCore CLI
+###### Example
@@ -185,0 +196 @@ AgentCore CLI
+AgentCore CLI
@@ -187 +197,0 @@ AgentCore CLI
-Add the authorizer configuration to your agent in `agentcore/agentcore.json`:
@@ -188,0 +199 @@ Add the authorizer configuration to your agent in `agentcore/agentcore.json`:
+  1. Add the authorizer configuration to your agent in `agentcore/agentcore.json` :
@@ -219 +232,4 @@ AWS SDK
-For information about setting up an agent with OAuth inbound access using the AWS SDK, see [Authenticate and authorize with Inbound Auth and Outbound Auth](./runtime-oauth.html).
+  1. For information about setting up an agent with OAuth inbound access using the AWS SDK, see [Authenticate and authorize with Inbound Auth and Outbound Auth](./runtime-oauth.html).
+
+
+