AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-04-19 · Documentation low

File: bedrock-agentcore/latest/devguide/policy-validate-policies.md

Summary

Updated introduction to clarify validation capabilities: schema checks always run, semantic validation detects security/logic issues, and validation modes control semantic validation.

Security assessment

This change provides clearer documentation about security validation features (semantic validation detects security issues) but doesn't indicate a specific security vulnerability was fixed. It helps users understand security implications of different validation modes.

Diff

diff --git a/bedrock-agentcore/latest/devguide/policy-validate-policies.md b/bedrock-agentcore/latest/devguide/policy-validate-policies.md
index 9b763def3..ef02b72e1 100644
--- a//bedrock-agentcore/latest/devguide/policy-validate-policies.md
+++ b//bedrock-agentcore/latest/devguide/policy-validate-policies.md
@@ -9 +9,3 @@
-Before deploying policies to production, Policy in AgentCore provides validation and analysis capabilities to catch errors and identify potential issues. Validation and analysis work differently depending on whether you are generating policies from natural language or creating and updating policies directly.
+Before deploying policies to production, Policy in AgentCore provides validation capabilities to catch errors and identify potential issues. Validation works differently depending on whether you are generating policies from natural language or creating and updating policies directly.
+
+Schema checks always run to verify that policies comply with the Cedar schema for your gateways. Semantic validation (automated reasoning) detects security and logic issues and can be controlled through the `validationMode` parameter. For more information about these capabilities and the validation modes, see [Validation and analysis overview](./policy-validation-overview.html).