AWS Security ChangesHomeSearch

AWS agent-toolkit medium security documentation change

Service: agent-toolkit · 2026-05-16 · Security-related medium

File: agent-toolkit/latest/userguide/data-protection.md

Summary

Revised file staging limits: reduced pre-signed URL expiration from 1 hour to 15 minutes, added file size restrictions (125MB single file, 1GB zip archive, 4GB total)

Security assessment

Reduced URL expiration time limits attack window for compromised credentials. File size restrictions mitigate denial-of-service risks by preventing oversized uploads. Directly addresses data protection controls.

Diff

diff --git a/agent-toolkit/latest/userguide/data-protection.md b/agent-toolkit/latest/userguide/data-protection.md
index 34a1741bc..85817594d 100644
--- a//agent-toolkit/latest/userguide/data-protection.md
+++ b//agent-toolkit/latest/userguide/data-protection.md
@@ -99 +99,12 @@ The AWS MCP Server service itself does not incur additional storage charges for
-The maximum size for a single staged file is 4 GB. Pre-signed URLs expire after a maximum of 1 hour.
+File staging has the following limits:
+
+  * Pre-signed URLs expire after a maximum of 15 minutes (900 seconds).
+
+  * The maximum size for a single staged file that the service downloads for processing is 125 MB.
+
+  * The maximum size for a staged zip archive (used for directory uploads such as `deploy push --source` or `gamelift upload-build --build-root`) is 1 GB.
+
+  * The maximum total size across all staged files on the runtime is 4 GB. This budget is shared across all concurrent operations.
+
+
+