AWS bedrock-agentcore documentation change
Summary
Added Topics section with navigation links, changed section headings from markdown style to bold text, and updated table formatting. Minor typographical changes (apostrophe formatting).
Security assessment
The changes are primarily organizational and editorial improvements. The security-related content about microVM isolation and session separation remains unchanged in substance. No evidence of addressing a specific security vulnerability or incident.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-sessions.md b/bedrock-agentcore/latest/devguide/runtime-sessions.md index 90814baf2..2ff1aeaa7 100644 --- a//bedrock-agentcore/latest/devguide/runtime-sessions.md +++ b//bedrock-agentcore/latest/devguide/runtime-sessions.md @@ -11 +11 @@ Amazon Bedrock AgentCore Runtime lets you isolate each user session and safely r - * **Complete execution environment separation** : Each user session in AgentCore Runtime receives its own dedicated microVM with isolated Compute, memory, and filesystem resources. This prevents one user's agent from accessing another user's data. After session completion, the entire microVM is terminated and memory is sanitized to remove all session data, eliminating cross-session contamination risks. + * **Complete execution environment separation** : Each user session in AgentCore Runtime receives its own dedicated microVM with isolated Compute, memory, and filesystem resources. This prevents one user’s agent from accessing another user’s data. After session completion, the entire microVM is terminated and memory is sanitized to remove all session data, eliminating cross-session contamination risks. @@ -15 +15 @@ Amazon Bedrock AgentCore Runtime lets you isolate each user session and safely r - * **Privileged tool operations** : AI agents perform privileged operations on users' behalf through integrated tools accessing various resources. AgentCore Runtime's isolation model ensures these tool operations maintain proper security contexts and prevents credential sharing or permission escalation between different user sessions. + * **Privileged tool operations** : AI agents perform privileged operations on users' behalf through integrated tools accessing various resources. AgentCore Runtime’s isolation model ensures these tool operations maintain proper security contexts and prevents credential sharing or permission escalation between different user sessions. @@ -25,0 +26,19 @@ AgentCore does not enforce session-to-user mappings - your client backend should +###### Topics + + * Understanding ephemeral context + + * Extended conversations and multi-step workflows + + * AgentCore Runtime session lifecycle + + * How to use sessions + + * Session headers by protocol + + * [Configure Amazon Bedrock AgentCore lifecycle settings](./runtime-lifecycle-settings.html) + + * [Stop a running session](./runtime-stop-session.html) + + + + @@ -40 +59 @@ Unlike traditional serverless functions that terminate after each request, Agent -###### Session creation +**Session creation** @@ -44 +63 @@ A new session is created on the first invoke with a unique runtimeSessionId prov -###### Session states +**Session states** @@ -70 +89 @@ To use sessions effectively: -###### Example Using sessions for a conversation +**Example Using sessions for a conversation** @@ -94 +112 @@ By using the same runtimeSessionId for related invocations, you ensure that cont -When invoking agents, include the appropriate session header to ensure requests are routed to the same microVM. The header depends on your agent's configured protocol: +When invoking agents, include the appropriate session header to ensure requests are routed to the same microVM. The header depends on your agent’s configured protocol: @@ -96 +114 @@ When invoking agents, include the appropriate session header to ensure requests -Session headers by protocol Protocol | Session Header +Protocol | Session Header