AWS bedrock-agentcore documentation change
Summary
Added link to security best practices documentation in IAM guidance section
Security assessment
The change references security best practices for IAM policies but doesn't fix a specific vulnerability. It improves security documentation around least privilege principles without addressing an active security issue.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-permissions.md b/bedrock-agentcore/latest/devguide/runtime-permissions.md index 3efe98e4b..17998bece 100644 --- a//bedrock-agentcore/latest/devguide/runtime-permissions.md +++ b//bedrock-agentcore/latest/devguide/runtime-permissions.md @@ -38 +38 @@ To use the AgentCore CLI, attach the following IAM policy to your IAM user or ro -The IAM policies created by the AgentCore CLI are designed for development and testing purposes. These permissions grant broad access to facilitate rapid prototyping and are not suitable for production environments. For production deployments, create custom IAM policies that follow the principle of least privilege and restrict permissions to only the specific resources and actions required by your Amazon Bedrock AgentCore application. +The IAM policies created by the AgentCore CLI are designed for development and testing purposes. These permissions grant broad access to facilitate rapid prototyping and are not suitable for production environments. For production deployments, create custom IAM policies that follow the principle of least privilege and restrict permissions to only the specific resources and actions required by your Amazon Bedrock AgentCore application. For complete IAM security guidance, see [Security best practices for AgentCore Runtime](./runtime-security-best-practices.html).