AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-05-22 · Documentation medium

File: bedrock-agentcore/latest/devguide/gateway-interceptors-types.md

Summary

Added documentation for HTTP target interceptors including payload structure, examples, and security considerations for headers/authorization

Security assessment

Documents security-sensitive Authorization header handling and base64-encoded bodies but doesn't fix vulnerabilities. Explicitly mentions security implications like read-only httpMethod and header passthrough conditions.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-interceptors-types.md b/bedrock-agentcore/latest/devguide/gateway-interceptors-types.md
index 84d278d77..0de5ad1d2 100644
--- a//bedrock-agentcore/latest/devguide/gateway-interceptors-types.md
+++ b//bedrock-agentcore/latest/devguide/gateway-interceptors-types.md
@@ -7 +7 @@
-Request interceptorsResponse interceptorsResponse interceptors with streaming enabled
+Request interceptorsResponse interceptorsResponse interceptors with streaming enabledInterceptors for HTTP targets
@@ -11 +11,3 @@ Request interceptorsResponse interceptorsResponse interceptors with streaming en
-There are two types of interceptors that can be configured on your gateway:
+There are two types of interceptors that you can configure on your gateway: REQUEST interceptors and RESPONSE interceptors. The interceptor payload structure depends on the target type configured on your gateway.
+
+This topic covers the interceptor contracts for both MCP targets and HTTP targets (such as Amazon Bedrock AgentCore Runtime).
@@ -286,0 +289,101 @@ Non-streaming (unchanged) |  `headers`, `statusCode`, `body` |  N/A
+## Interceptors for HTTP targets
+
+HTTP targets use a different interceptor payload structure than MCP targets. For example, Amazon Bedrock AgentCore Runtime targets use this structure. The payload uses an `http` key instead of an `mcp` key. Request bodies are base64-encoded strings rather than parsed JSON objects.
+
+HTTP targets currently support only REQUEST interceptors. Support for response interceptors with HTTP targets is coming soon.
+
+The following list summarizes the key differences for HTTP target interceptors:
+
+  * The `httpMethod` field is read-only.
+
+  * The same override behavior applies: if `transformedGatewayResponse` is present in the output, the gateway returns that response immediately without calling the target.
+
+
+
+
+### Request interceptor input payload example
+
+The following JSON example shows the structure of the input payload that your request interceptor Lambda function receives when processing an HTTP target request:
+    
+    
+    {
+      "interceptorInputVersion": "1.0",
+      "http": {
+        "gatewayRequest": {
+          "path": "/my-target-name/invocations",
+          "httpMethod": "POST",
+          "headers": {
+            "Content-Type": "application/json",
+            "Authorization": "<bearer_token>"
+          },
+          "body": "<base64_encoded_body>"
+        }
+      }
+    }
+
+###### Note
+
+Note the following about the input payload:
+
+  * The `headers` field is included only if `passRequestHeaders` is set to `true` in the interceptor configuration.
+
+  * The `body` field is a base64-encoded string that represents the raw HTTP request body.
+
+  * The `httpMethod` field is included for informational purposes but is read-only. The interceptor cannot change it.
+
+
+
+
+### Request interceptor output payload example
+
+The following JSON example shows the structure of the output payload that your request interceptor Lambda function must return when transforming an HTTP target request:
+    
+    
+    {
+      "interceptorOutputVersion": "1.0",
+      "http": {
+        "transformedGatewayRequest": {
+          "headers": {
+            "Content-Type": "application/json",
+            "X-Custom-Header": "custom-value"
+          },
+          "body": "<base64_encoded_body>"
+        },
+        "transformedGatewayResponse": {
+          "contentType": "application/json",
+          "statusCode": 200,
+          "headers": {
+            "X-Custom-Header": "custom-value"
+          },
+          "body": "<base64_encoded_body>"
+        }
+      }
+    }
+
+###### Important
+
+Important notes about HTTP request interceptor output:
+
+  * The `interceptorOutputVersion` must be set to `"1.0"`.
+
+  * If the output contains a `transformedGatewayResponse`, the gateway returns that response immediately without calling the target.
+
+  * The `body` field must be a base64-encoded string.
+
+  * The `httpMethod` is not included in the output because it cannot be modified.
+
+
+
+
+### Key differences between MCP and HTTP interceptor payloads
+
+The following table summarizes the differences between MCP and HTTP target interceptor payloads.
+
+Field | MCP target | HTTP target  
+---|---|---  
+Body format |  Map<String, Object> (parsed JSON) |  String (base64-encoded)  
+Path |  Always "/mcp" |  Actual HTTP path (for example, "/my-target-name/invocations")  
+httpMethod |  Immutable |  Immutable  
+rawGatewayRequest |  Included |  Not included  
+Response interceptor |  Supported |  Not supported  
+