AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-05-01 · Documentation low

File: bedrock-agentcore/latest/devguide/gateway-core-concepts.md

Summary

Updated Gateway core concepts to introduce two target types (MCP and HTTP), expanded authorization options, and reorganized content with new sections

Security assessment

Changes introduce multiple authorization methods (OAuth, IAM, authenticate only, no auth) and explicitly warn about 'no authorization' being for development/testing only. This documents security features but doesn't fix a specific vulnerability.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-core-concepts.md b/bedrock-agentcore/latest/devguide/gateway-core-concepts.md
index 7ec36b7d7..a874a06f1 100644
--- a//bedrock-agentcore/latest/devguide/gateway-core-concepts.md
+++ b//bedrock-agentcore/latest/devguide/gateway-core-concepts.md
@@ -7 +7 @@
-Key conceptsTool types
+Key conceptsTarget typesMCP tool types
@@ -11 +11 @@ Key conceptsTool types
-Amazon Bedrock AgentCore Gateway provides a standardized way for AI agents to discover and interact with tools. Understanding the core concepts of Gateway will help you design and implement effective tool integration strategies for your AI agents.
+Amazon Bedrock AgentCore Gateway provides a standardized way for AI agents to discover and interact with tools and services. Understanding the core concepts of Gateway will help you design and implement effective tool integration strategies for your AI agents.
@@ -18 +18 @@ Amazon Bedrock AgentCore Gateway provides a standardized way for AI agents to di
-An AgentCore Gateway acts like an MCP server, providing a single access point for an agent to interact with its tools. A Gateway can have multiple targets, each representing a different tool or set of tools.
+An AgentCore Gateway provides a single access point for an agent to interact with tools and services. A gateway can operate in two modes. In aggregation mode, the gateway acts as an MCP server, combining the capabilities of all its MCP targets into a unified virtual MCP server. For HTTP targets, the gateway sends traffic directly to the target without aggregation or protocol translation. A gateway can have multiple targets, each representing a different tool or set of tools.
@@ -23 +23 @@ An AgentCore Gateway acts like an MCP server, providing a single access point fo
-A target defines the APIs or Lambda function that a Gateway will provide as tools to an agent. Targets can be Lambda functions, OpenAPI specifications, Smithy models, or other tool definitions.
+A target defines the backend service that a gateway connects to. There are two categories of targets. MCP targets define APIs, Lambda functions, MCP servers, or tool definitions that the gateway aggregates into a unified MCP server. HTTP targets define HTTP-based services, such as AgentCore Runtime agents, that the gateway proxies requests to directly.
@@ -28 +28 @@ A target defines the APIs or Lambda function that a Gateway will provide as tool
-Since MCP only supports OAuth, each Gateway must have an attached OAuth authorizer. If you don’t have an OAuth authorization server already, you will be able to create one in this guide using Cognito.
+Each gateway must have an inbound authorization configuration to control client access. The gateway supports the following inbound authorization types: OAuth (JWT) for token-based authorization, IAM (AWS Signature Version 4) for AWS identity-based authorization, authenticate only for validating tokens while delegating authorization to the target, and no authorization for development and testing scenarios. You can configure the authorizer when you create or update a gateway.
@@ -35 +35 @@ When Gateway makes calls to your APIs or Lambda function it must use some creden
-## Tool types
+## Target types
@@ -37 +37,15 @@ When Gateway makes calls to your APIs or Lambda function it must use some creden
-Gateway supports several types of tools and integration methods:
+Gateway supports two categories of targets:
+
+**MCP target**
+    
+
+MCP targets operate in aggregation mode. The gateway combines the capabilities of all MCP targets into a single unified virtual MCP server. Clients see one consolidated `tools/list` response that includes tools from all attached MCP targets. MCP targets support capability synchronization, semantic tool search, and three-legged OAuth (3LO) at the target level. MCP target types include Lambda functions, API Gateway REST APIs, OpenAPI specifications, Smithy models, MCP servers, and built-in integration provider templates.
+
+**HTTP target**
+    
+
+HTTP targets send traffic directly to the target without aggregation or protocol translation. HTTP targets do not support capability synchronization or semantic tool search. Clients address each target individually through path-based routing. HTTP target types include Amazon Bedrock AgentCore Runtime agents.
+
+## MCP tool types
+
+Gateway supports several types of MCP tools and integration methods: