AWS bedrock-agentcore documentation change
Summary
Updated documentation for VPC interface endpoints for Amazon Bedrock AgentCore, including restructuring of content, formatting changes to service names, and reorganization of policy examples with added emphasis on authentication considerations.
Security assessment
The changes primarily involve formatting, restructuring, and clarifying existing documentation about VPC endpoint policies and authentication methods (SigV4 vs OAuth). The note about OAuth requiring a wildcard principal in endpoint policies is a security consideration that was already present but is now emphasized under an 'Important' heading. There is no evidence of addressing a specific security vulnerability or incident; rather, it's documentation improvement and clarification of existing security features and limitations.
Diff
diff --git a/bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md b/bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md index 6e6d0211d..8206d2bf7 100644 --- a//bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md +++ b//bedrock-agentcore/latest/devguide/vpc-interface-endpoints.md @@ -5 +5 @@ -ConsiderationsCreate an interface endpointCreate an endpoint policy +Considerations for AgentCoreCreate an interface endpoint for AgentCoreCreate an endpoint policy for your interface endpoint @@ -9 +9 @@ ConsiderationsCreate an interface endpointCreate an endpoint policy -You can use AWS PrivateLink to create a private connection between your VPC and Amazon Bedrock AgentCore. You can access AgentCore as if it were in your VPC, without the use of an internet gateway, NAT device, VPN connection, or Direct Connect connection. Instances in your VPC don't need public IP addresses to access AgentCore. +You can use AWS PrivateLink to create a private connection between your VPC and Amazon Bedrock AgentCore. You can access AgentCore as if it were in your VPC, without the use of an internet gateway, NAT device, VPN connection, or Direct Connect connection. Instances in your VPC don’t need public IP addresses to access AgentCore. @@ -21 +21 @@ AgentCore provides three AWS PrivateLink endpoints: - * **Data plane endpoint** \- `com.amazonaws.`region`.bedrock-agentcore` + * **Data plane endpoint** \- `com.amazonaws.region.bedrock-agentcore` @@ -23 +23 @@ AgentCore provides three AWS PrivateLink endpoints: - * **Control plane endpoint** \- `com.amazonaws.`region`.bedrock-agentcore-control` + * **Control plane endpoint** \- `com.amazonaws.region.bedrock-agentcore-control` @@ -25 +25 @@ AgentCore provides three AWS PrivateLink endpoints: - * **Gateway endpoint** \- `com.amazonaws.`region`.bedrock-agentcore.gateway` + * **Gateway endpoint** \- `com.amazonaws.region.bedrock-agentcore.gateway` @@ -32 +32 @@ The following table shows AWS PrivateLink support status for each AgentCore prim -AWS PrivateLink support by primitive Primitive | Data plane | Control plane +Primitive | Data plane | Control plane @@ -44 +44 @@ For a list of AWS Regions in which AgentCore interface endpoints are available, -###### Authorization considerations for data plane APIs +###### Important @@ -46 +46 @@ For a list of AWS Regions in which AgentCore interface endpoints are available, -The data plane APIs support both AWS Signature Version 4 (SigV4) headers for authentication and Bearer Token (OAuth) authentication. VPC endpoint policies can only restrict callers based on IAM principals and not OAuth users. For OAuth-based requests to succeed through the VPC endpoint, the principal must be set to `*` in the endpoint policy. Otherwise, only SigV4 allowlisted callers can make successful calls over the VPC endpoint. +The data plane APIs support both AWS Signature Version 4 (SigV4) headers for authentication and Bearer Token (OAuth) authentication. VPC endpoint policies can only restrict callers based on IAM principals and not OAuth users. For OAuth-based requests to succeed through the VPC endpoint, the principal must be set to * in the endpoint policy. Otherwise, only SigV4 allowlisted callers can make successful calls over the VPC endpoint. @@ -56 +56 @@ Create an interface endpoint for AgentCore using the following service name form - * All data plane primitives (Runtime, Built-in Tools, Memory, Identity): `com.amazonaws.`region`.bedrock-agentcore` + * All data plane primitives (Runtime, Built-in Tools, Memory, Identity): `com.amazonaws.region.bedrock-agentcore` @@ -58 +58 @@ Create an interface endpoint for AgentCore using the following service name form - * For AgentCore Gateway: `com.amazonaws.`region`.bedrock-agentcore.gateway` + * For AgentCore Gateway: `com.amazonaws.region.bedrock-agentcore.gateway` @@ -60 +60 @@ Create an interface endpoint for AgentCore using the following service name form - * For control plane operations (Runtime and Memory management): `com.amazonaws.`region`.bedrock-agentcore-control` + * For control plane operations (Runtime and Memory management): `com.amazonaws.region.bedrock-agentcore-control` @@ -75 +75 @@ An endpoint policy specifies the following information: - * For AgentCore Gateway, if your gateway ingress isn't [AWS Signature Version 4 (SigV4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html)-based (for example, if you use OAuth instead), you must specify the `Principal` field as the wildcard `*`. SigV4 -based authentication allows you to define the `Principal` as a specific AWS identity. This also applies to AgentCore Runtime. + * For AgentCore Gateway, if your gateway ingress isn’t [AWS Signature Version 4 (SigV4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) -based (for example, if you use OAuth instead), you must specify the `Principal` field as the wildcard * . SigV4 -based authentication allows you to define the `Principal` as a specific AWS identity. This also applies to AgentCore Runtime. @@ -86 +86 @@ For more information, see [Control access to services using endpoint policies](h -###### Endpoint policies for various primitives +**Endpoint policies for various primitives** @@ -90 +90 @@ The following examples show endpoint policies for different AgentCore components -Runtime +###### Example @@ -91,0 +92 @@ Runtime +Runtime @@ -93 +93,0 @@ Runtime -The following endpoint policy allows specific IAM principals to invoke agent runtime resources. @@ -94,0 +95 @@ The following endpoint policy allows specific IAM principals to invoke agent run + 1. The following endpoint policy allows specific IAM principals to invoke agent runtime resources. @@ -111 +112 @@ The following endpoint policy allows specific IAM principals to invoke agent run -###### Mixed IAM and OAuth authentication +**Mixed IAM and OAuth authentication** @@ -141 +140,0 @@ The above policy allows only the IAM principal to make `InvokeAgentRuntime` call -Code Interpreter Tool @@ -144 +142,0 @@ Code Interpreter Tool -The following endpoint policy allows specific IAM principals to invoke Code Interpreter resources. @@ -145,0 +144,4 @@ The following endpoint policy allows specific IAM principals to invoke Code Inte +Code Interpreter Tool + + + 1. The following endpoint policy allows specific IAM principals to invoke Code Interpreter resources. @@ -165 +170 @@ Memory -###### All data plane operations + 1. ====== All data plane operations @@ -197 +201 @@ The following endpoint policy allows specific IAM principals to access us-east-1 -###### Access to all memories +**Access to all memories** @@ -229 +232 @@ The following endpoint policy allows specific IAM principals access to all memor -###### Access restriction by APIs +**Access restriction by APIs** @@ -249 +250,0 @@ The following endpoint policy grants permission for a specific IAM principal to -Browser Tool @@ -252 +253,2 @@ Browser Tool -The following endpoint policy allows specific IAM principals to connect to Browser Tool resources. + +Browser Tool @@ -254,0 +257,2 @@ The following endpoint policy allows specific IAM principals to connect to Brows + 1. The following endpoint policy allows specific IAM principals to connect to Browser Tool resources. + @@ -270 +273,0 @@ The following endpoint policy allows specific IAM principals to connect to Brows -Gateway @@ -273 +275,0 @@ Gateway -The following is an example of a custom endpoint policy. When you attach this policy to your interface endpoint, it allows all principals to invoke the gateway specified in the `Resource` field. @@ -274,0 +277,4 @@ The following is an example of a custom endpoint policy. When you attach this po +Gateway + + + 1. The following is an example of a custom endpoint policy. When you attach this policy to your interface endpoint, it allows all principals to invoke the gateway specified in the `Resource` field. @@ -289 +294,0 @@ The following is an example of a custom endpoint policy. When you attach this po -Identity @@ -292 +296,0 @@ Identity -The following endpoint policy allows access to Identity resources. @@ -293,0 +298,4 @@ The following endpoint policy allows access to Identity resources. +Identity + + + 1. The following endpoint policy allows access to Identity resources.