AWS bedrock-agentcore documentation change
Summary
Updated all action names in example policies from double underscores (__) to triple underscores (___)
Security assessment
Syntax change only modifies naming convention in policy examples without altering security logic or addressing vulnerabilities.
Diff
diff --git a/bedrock-agentcore/latest/devguide/example-policies.md b/bedrock-agentcore/latest/devguide/example-policies.md index 0d6487ec3..7ee0f9f08 100644 --- a//bedrock-agentcore/latest/devguide/example-policies.md +++ b//bedrock-agentcore/latest/devguide/example-policies.md @@ -32 +32 @@ The Insurance API provides five tools for managing insurance policies and claims -InsuranceAPI__get_policy +InsuranceAPI___get_policy @@ -44 +44 @@ Retrieve insurance policy details. -InsuranceAPI__file_claim +InsuranceAPI___file_claim @@ -62 +62 @@ File an insurance claim. -InsuranceAPI__update_coverage +InsuranceAPI___update_coverage @@ -78 +78 @@ Update policy coverage. -InsuranceAPI__get_claim_status +InsuranceAPI___get_claim_status @@ -90 +90 @@ Check claim status. -InsuranceAPI__calculate_premium +InsuranceAPI___calculate_premium @@ -122,2 +122,2 @@ This policy demonstrates how to grant access to multiple related actions using a - AgentCore::Action::"InsuranceAPI__get_policy", - AgentCore::Action::"InsuranceAPI__get_claim_status" + AgentCore::Action::"InsuranceAPI___get_policy", + AgentCore::Action::"InsuranceAPI___get_claim_status" @@ -141 +141 @@ This policy shows how to use OAuth scopes to control access to specific operatio - action == AgentCore::Action::"InsuranceAPI__file_claim", + action == AgentCore::Action::"InsuranceAPI___file_claim", @@ -162 +162 @@ This policy demonstrates using the `unless` clause to create exceptions to restr - action == AgentCore::Action::"InsuranceAPI__update_coverage", + action == AgentCore::Action::"InsuranceAPI___update_coverage", @@ -183 +183 @@ This policy shows how to validate input parameters and use OR logic for multiple - action == AgentCore::Action::"InsuranceAPI__file_claim", + action == AgentCore::Action::"InsuranceAPI___file_claim", @@ -206 +206 @@ This policy demonstrates how to enforce business rules by requiring optional fie - action == AgentCore::Action::"InsuranceAPI__file_claim", + action == AgentCore::Action::"InsuranceAPI___file_claim", @@ -226 +226 @@ This policy shows how to grant access based on specific user identities. - action == AgentCore::Action::"InsuranceAPI__update_coverage", + action == AgentCore::Action::"InsuranceAPI___update_coverage", @@ -247 +247 @@ This policy demonstrates flexible pattern matching using wildcards for category- - action == AgentCore::Action::"InsuranceAPI__calculate_premium", + action == AgentCore::Action::"InsuranceAPI___calculate_premium", @@ -268 +268 @@ This policy shows how to combine multiple conditions to create complex authoriza - action == AgentCore::Action::"InsuranceAPI__update_coverage", + action == AgentCore::Action::"InsuranceAPI___update_coverage", @@ -375 +375 @@ This policy permits any IAM-authenticated caller to use a specific tool: - action == AgentCore::Action::"OrderAPI__get_order", + action == AgentCore::Action::"OrderAPI___get_order", @@ -388 +388 @@ Restrict tool access to callers from specific AWS accounts: - action == AgentCore::Action::"OrderAPI__process_order", + action == AgentCore::Action::"OrderAPI___process_order", @@ -404 +404 @@ Restrict administrative tools to specific IAM roles: - action == AgentCore::Action::"AdminAPI__delete_resource", + action == AgentCore::Action::"AdminAPI___delete_resource", @@ -420 +420 @@ Combine IAM principal matching with tool input validation: - action == AgentCore::Action::"RefundAPI__process_refund", + action == AgentCore::Action::"RefundAPI___process_refund", @@ -438 +438 @@ Block callers from specific AWS accounts from accessing sensitive tools: - action == AgentCore::Action::"AdminAPI__delete_resource", + action == AgentCore::Action::"AdminAPI___delete_resource",