AWS bedrock-agentcore medium security documentation change
Summary
Added minimum S3 bucket permissions guidance for container and code deploy agents
Security assessment
Introduces least-privilege S3 access policies to prevent over-permissive bucket access. Specifically scopes permissions to prevent unauthorized data access through VPC endpoints. Addresses potential data exposure risks.
Diff
diff --git a/bedrock-agentcore/latest/devguide/agentcore-vpc.md b/bedrock-agentcore/latest/devguide/agentcore-vpc.md index 401f4cab1..d2d852355 100644 --- a//bedrock-agentcore/latest/devguide/agentcore-vpc.md +++ b//bedrock-agentcore/latest/devguide/agentcore-vpc.md @@ -456,0 +457,44 @@ For container agents, AgentCore periodically refreshes your container image from +**Minimum S3 bucket permissions for container agents** + +The S3 gateway endpoint uses an IAM policy document to limit access to the service. To follow the principle of least privilege, scope the S3 gateway endpoint policy to only the Amazon S3 bucket that Amazon ECR uses to store image layers. The following policy restricts access to the ECR layer storage bucket for your region: + + { + "Statement": [ + { + "Sid": "AllowECRLayerAccess", + "Principal": "*", + "Action": [ + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": ["arn:aws:s3:::prod-region-starport-layer-bucket/*"] + } + ] + } + +Replace `region` with your AWS Region identifier (for example, `us-east-2` for US East (Ohio)). + +**Minimum S3 bucket permissions for direct code deploy agents** + +For agents deployed using direct code deployment (zip-based), AgentCore stores your code artifacts in an internal service-owned S3 bucket. Scope the S3 gateway endpoint policy to only the code artifact bucket for your region: + + { + "Statement": [ + { + "Effect": "Allow", + "Principal": "*", + "Action": "s3:GetObject", + "Resource": [ + "arn:aws:s3:::acr-code-*-region-an", + "arn:aws:s3:::acr-code-*-region-an/*" + ] + } + ] + } + +Replace `region` with your AWS Region identifier (for example, `us-west-2`). + +###### Note + +If you are also using [persistent filesystems](./runtime-persistent-filesystems.html), add the session storage bucket (`acr-storage-*-region-an`) to this policy. See [Networking requirements](./runtime-persistent-filesystems.html#session-storage-networking) for the required permissions. +