AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-10 · Documentation low

File: bedrock-agentcore/latest/devguide/security_iam_service-with-iam.md

Summary

Updated section headings to be more specific to AgentCore, corrected internal hyperlinks from './resource-based-policies.html' to './security.html#resource-based-policies', updated apostrophes in contractions, and fixed formatting for condition keys (e.g., `aws:ResourceTag/key-name`).

Security assessment

Changes are primarily organizational (updating headings and internal links for better navigation) and typographical (fixing apostrophes and code formatting). No new security guidance, vulnerability fixes, or security feature documentation is added. The link corrections ensure users can find the correct documentation but do not change security content.

Diff

diff --git a/bedrock-agentcore/latest/devguide/security_iam_service-with-iam.md b/bedrock-agentcore/latest/devguide/security_iam_service-with-iam.md
index b80a70008..9a726f167 100644
--- a//bedrock-agentcore/latest/devguide/security_iam_service-with-iam.md
+++ b//bedrock-agentcore/latest/devguide/security_iam_service-with-iam.md
@@ -5 +5 @@
-Identity-based policiesResource-based policiesPolicy actionsPolicy resourcesPolicy condition keysACLsABACTemporary credentialsPrincipal permissionsService rolesService-linked roles
+Identity-based policies for AgentCoreResource-based policies within AgentCorePolicy actions for AgentCorePolicy resources for AgentCorePolicy condition keys for AgentCoreACLs in AgentCoreABAC with AgentCoreUsing temporary credentials with AgentCoreCross-service principal permissions for AgentCoreService roles for AgentCoreService-linked roles for AgentCore
@@ -49 +49 @@ Amazon Bedrock AgentCore supports resource-based policies for Agent Runtime and
-To learn how to create and manage resource-based policies for Amazon Bedrock AgentCore resources, see [Resource-based policies for Amazon Bedrock AgentCore](./resource-based-policies.html).
+To learn how to create and manage resource-based policies for Amazon Bedrock AgentCore resources, see [Resource-based policies for Amazon Bedrock AgentCore](./security.html#resource-based-policies).
@@ -53 +53 @@ To learn how to create and manage resource-based policies for Amazon Bedrock Age
-To view examples of AgentCore resource-based policies, see [Common use cases and examples](./resource-based-policies.html#resource-based-policies-examples).
+To view examples of AgentCore resource-based policies, see [Common use cases and examples](./security.html#resource-based-policies-examples).
@@ -86 +86 @@ Administrators can use AWS JSON policies to specify who has access to what. That
-The `Resource` JSON policy element specifies the object or objects to which the action applies. As a best practice, specify a resource using its [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). For actions that don't support resource-level permissions, use a wildcard (*) to indicate that the statement applies to all resources.
+The `Resource` JSON policy element specifies the object or objects to which the action applies. As a best practice, specify a resource using its [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html) . For actions that don’t support resource-level permissions, use a wildcard (*) to indicate that the statement applies to all resources.
@@ -134 +134 @@ Access control lists (ACLs) control which principals (account members, users, or
-Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on attributes called tags. You can attach tags to IAM entities and AWS resources, then design ABAC policies to allow operations when the principal's tag matches the tag on the resource.
+Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on attributes called tags. You can attach tags to IAM entities and AWS resources, then design ABAC policies to allow operations when the principal’s tag matches the tag on the resource.
@@ -136 +136 @@ Attribute-based access control (ABAC) is an authorization strategy that defines
-To control access based on tags, you provide tag information in the [condition element](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) of a policy using the `aws:ResourceTag/`key-name``, `aws:RequestTag/`key-name``, or `aws:TagKeys` condition keys.
+To control access based on tags, you provide tag information in the [condition element](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) of a policy using the `aws:ResourceTag/key-name` , `aws:RequestTag/key-name` , or `aws:TagKeys` condition keys.