AWS Security ChangesHomeSearch

AWS bedrock-agentcore medium security documentation change

Service: bedrock-agentcore · 2026-05-10 · Security-related medium

File: bedrock-agentcore/latest/devguide/policy-natural-language.md

Summary

Updated action names from double underscore (__) to triple underscore (___) in policy examples

Security assessment

Corrects policy syntax in examples to ensure proper enforcement. Prevents possible security misconfigurations in access control policies.

Diff

diff --git a/bedrock-agentcore/latest/devguide/policy-natural-language.md b/bedrock-agentcore/latest/devguide/policy-natural-language.md
index a7dcb65b5..360faa24c 100644
--- a//bedrock-agentcore/latest/devguide/policy-natural-language.md
+++ b//bedrock-agentcore/latest/devguide/policy-natural-language.md
@@ -81 +81 @@ Allow principal with username "refund-agent" to process refunds when the refund
-      action == AgentCore::Action::"RefundTool__process_refund",
+      action == AgentCore::Action::"RefundTool___process_refund",
@@ -152 +152 @@ Forbid policies ensure that specific actions cannot be mistakenly permitted. Eve
-      action == AgentCore::Action::"ModelAPI__view_results",
+      action == AgentCore::Action::"ModelAPI___view_results",
@@ -159 +159 @@ Forbid policies ensure that specific actions cannot be mistakenly permitted. Eve
-      action == AgentCore::Action::"ModelAPI__view_results",
+      action == AgentCore::Action::"ModelAPI___view_results",