AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-05-22 · Documentation high

File: bedrock-agentcore/latest/devguide/harness-environment.md

Summary

Added security note about InvokeAgentRuntimeCommand running as root with privilege explanations

Security assessment

Explicitly documents security-critical privilege escalation (root access in microVM) and compares it to EC2/docker exec behaviors. Highlights IAM as primary access control but doesn't address a specific vulnerability.

Diff

diff --git a/bedrock-agentcore/latest/devguide/harness-environment.md b/bedrock-agentcore/latest/devguide/harness-environment.md
index 2be404432..46e693aad 100644
--- a//bedrock-agentcore/latest/devguide/harness-environment.md
+++ b//bedrock-agentcore/latest/devguide/harness-environment.md
@@ -70,0 +71,4 @@ See [InvokeAgentRuntimeCommand API](https://docs.aws.amazon.com/bedrock-agentcor
+###### Note
+
+Commands run as root (uid 0) within the microVM. This is analogous to root on your own EC2 instance - the IAM permission is the access gate, not the in-VM privilege level. If your Dockerfile includes a `USER` directive, it applies to the agent process only (the container’s main entrypoint). `InvokeAgentRuntimeCommand` runs at a higher privilege level for operational purposes, similar to how `docker exec` defaults to root even when the container runs as a non-root user. See [Execute shell commands in AgentCore Runtime sessions](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-execute-command.html) for full details on security, error handling, and best practices.
+