AWS bedrock-agentcore documentation change
Summary
Added new section 'Add an HTTP runtime target' with IAM authorization examples
Security assessment
The change documents secure configuration for HTTP targets using IAM authorization but shows no evidence of fixing a security vulnerability.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md b/bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md index b9f698117..de6ea93fc 100644 --- a//bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md +++ b//bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md @@ -7 +7 @@ -Add a Lambda targetAdd an API Gateway stage targetAdd an OpenAPI targetAdd a Smithy targetAdd an MCP server target +Add a Lambda targetAdd an API Gateway stage targetAdd an OpenAPI targetAdd a Smithy targetAdd an HTTP runtime targetAdd an MCP server target @@ -24,0 +25,2 @@ Select a topic to see examples of adding a target type: + * Add an HTTP runtime target + @@ -477,0 +480,63 @@ The wizard then prompts you for the target name, path to the Smithy model file, +## Add an HTTP runtime target + +You can add an Amazon Bedrock AgentCore Runtime agent as an HTTP target to your gateway. The gateway sends traffic directly to the runtime agent without aggregation or protocol translation. + +For more information about HTTP targets, see [Amazon Bedrock AgentCore Runtime targets](./gateway-target-http-runtime.html). + +Select one of the following methods: + +###### Example + +AWS CLI + + + 1. The following command creates an HTTP runtime target with IAM authorization: + + aws bedrock-agentcore-control create-gateway-target \ + --gateway-identifier "your-gateway-id" \ + --name "MyRuntimeTarget" \ + --description "Runtime gateway target" \ + --target-configuration '{ + "http": { + "agentcoreRuntime": { + "arn": "arn:aws:bedrock-agentcore:us-west-2:111122223333:runtime/RUNTIME_ID" + } + } + }' \ + --credential-provider-configurations '[{ + "credentialProviderType": "GATEWAY_IAM_ROLE" + }]' + + + + +Boto3 + + + 1. The following Python code shows how to add an HTTP runtime target using the AWS Python SDK (Boto3): + + import boto3 + + agentcore_client = boto3.client('bedrock-agentcore-control') + + target = agentcore_client.create_gateway_target( + gatewayIdentifier="your-gateway-id", + name="MyRuntimeTarget", + description="Runtime gateway target", + targetConfiguration={ + "http": { + "agentcoreRuntime": { + "arn": "arn:aws:bedrock-agentcore:us-west-2:111122223333:runtime/RUNTIME_ID" + } + } + }, + credentialProviderConfigurations=[ + { + "credentialProviderType": "GATEWAY_IAM_ROLE" + } + ] + ) + + + +