AWS bedrock-agentcore documentation change
Summary
Updated documentation with typographical fixes (apostrophe formatting), corrected code examples for environment variable exports and Bearer token usage, and changed section headers from specific titles to generic 'Tip' and 'Note' markers.
Security assessment
The changes are primarily typographical and formatting improvements. The corrections to environment variable exports (removing nested backticks) and Bearer token examples improve clarity but don't address security vulnerabilities. The Auth0 note about audience parameters remains informational about proper OAuth/OIDC configuration without indicating a security incident.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-mcp.md b/bedrock-agentcore/latest/devguide/runtime-mcp.md index 71000ebcc..131ce29fc 100644 --- a//bedrock-agentcore/latest/devguide/runtime-mcp.md +++ b//bedrock-agentcore/latest/devguide/runtime-mcp.md @@ -122 +122 @@ Create a new file called `my_mcp_server.py`: -###### Stateful MCP for interactive features +###### Tip @@ -199 +199 @@ Before creating your project, you need to set up a Cognito user pool for authent -###### Service-Linked Role for Authentication +###### Note @@ -208 +208 @@ After setting up authentication, scaffold a new project with MCP protocol: -Follow the interactive prompts to provide a project name. The CLI scaffolds the project structure including an `agentcore/agentcore.json` configuration file. Copy your `my_mcp_server.py` file into the generated project's agent code directory, and ensure the entrypoint in `agentcore/agentcore.json` points to your server file. +Follow the interactive prompts to provide a project name. The CLI scaffolds the project structure including an `agentcore/agentcore.json` configuration file. Copy your `my_mcp_server.py` file into the generated project’s agent code directory, and ensure the entrypoint in `agentcore/agentcore.json` points to your server file. @@ -230 +230 @@ This command will: -After deployment, you'll receive an agent runtime ARN that looks like: +After deployment, you’ll receive an agent runtime ARN that looks like: @@ -241 +241 @@ Before testing, set the following environment variables: - * Export agent ARN as an environment variable: `export AGENT_ARN="`agent_arn`"` + * Export agent ARN as an environment variable: `export AGENT_ARN="agent_arn"` @@ -243 +243 @@ Before testing, set the following environment variables: - * Export bearer token as an environment variable: `export BEARER_TOKEN="`bearer_token`"` + * Export bearer token as an environment variable: `export BEARER_TOKEN="bearer_token"` @@ -330 +330 @@ After setting up authentication, scaffold a new project with MCP protocol: -Follow the interactive prompts to provide a project name. The CLI scaffolds the project structure including an `agentcore/agentcore.json` configuration file. Copy your `my_mcp_server.py` file into the generated project's agent code directory, and ensure the entrypoint in `agentcore/agentcore.json` points to your server file. +Follow the interactive prompts to provide a project name. The CLI scaffolds the project structure including an `agentcore/agentcore.json` configuration file. Copy your `my_mcp_server.py` file into the generated project’s agent code directory, and ensure the entrypoint in `agentcore/agentcore.json` points to your server file. @@ -352 +352 @@ This command will: -After deployment, you'll receive an agent runtime ARN that looks like: +After deployment, you’ll receive an agent runtime ARN that looks like: @@ -361 +361 @@ This client is based on the [official MCP SDK simple-auth-client example](https: -###### Auth0 Audience Parameter Requirement +###### Note @@ -363 +363 @@ This client is based on the [official MCP SDK simple-auth-client example](https: -When using Auth0 with Dynamic Client Registration, you must include the `audience` parameter in authorization requests to receive JWT tokens. Without this parameter, Auth0 returns opaque tokens or JWE (encrypted) tokens instead of standard JWT tokens. The MCP SDK sends OAuth 2.0's `resource` parameter (RFC 8707), but Auth0 requires the OIDC `audience` parameter for JWT tokens. Both parameters serve similar purposes but Auth0 prioritizes `audience`. For more information, see [Auth0 Community - JWT tokens with Dynamic Application Registration](https://community.auth0.com/t/jwt-tokens-with-dynamic-application-registration/189741). +When using Auth0 with Dynamic Client Registration, you must include the `audience` parameter in authorization requests to receive JWT tokens. Without this parameter, Auth0 returns opaque tokens or JWE (encrypted) tokens instead of standard JWT tokens. The MCP SDK sends OAuth 2.0’s `resource` parameter (RFC 8707), but Auth0 requires the OIDC `audience` parameter for JWT tokens. Both parameters serve similar purposes but Auth0 prioritizes `audience` . For more information, see [Auth0 Community - JWT tokens with Dynamic Application Registration](https://community.auth0.com/t/jwt-tokens-with-dynamic-application-registration/189741). @@ -999 +990 @@ To use the Inspector: - 3. You'll see your tools listed in the sidebar + 3. You’ll see your tools listed in the sidebar @@ -1033 +1024 @@ Then connect with the MCP Inspector: - * Enter your agent's endpoint URL using the encoded ARN. Make sure to use the same region as your agent's ARN: + * Enter your agent’s endpoint URL using the encoded ARN. Make sure to use the same region as your agent’s ARN: @@ -1041 +1032 @@ Example for us-west-2: - * Add your Bearer token in the Authentication section with header name `Authorization` and value `Bearer `YOUR_TOKEN`` + * Add your Bearer token in the Authentication section with header name `Authorization` and value `Bearer YOUR_TOKEN`