AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-05-25 · Documentation low

File: bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md

Summary

Added new example for creating MCP server target with API key authorization using AWS CLI and Boto3

Security assessment

This change adds documentation about securing API access using API key authorization headers, which is a security feature. However, there's no evidence it addresses a specific vulnerability.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md b/bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md
index de6ea93fc..e93e60828 100644
--- a//bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md
+++ b//bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md
@@ -722,0 +723,71 @@ Boto3
+**MCP server with API key authorization**
+
+The following example creates an MCP server target with API key authorization.
+
+Select one of the following methods:
+
+###### Example
+
+AWS CLI
+    
+
+  1.     aws bedrock-agentcore-control create-gateway-target \
+        --gateway-identifier "your-gateway-id" \
+        --name "MyMCPTarget" \
+        --target-configuration '{
+            "mcp": {
+                "mcpServer": {
+                    "endpoint": "https://my-mcp-server.example.com"
+                }
+            }
+        }' \
+        --credential-provider-configurations '[{
+            "credentialProviderType": "API_KEY",
+            "credentialProvider": {
+                "apiKeyCredentialProvider": {
+                    "providerArn": "arn:aws:bedrock-agentcore:us-west-2:123456789012:token-vault/default/apikeycredentialprovider/my-api-key",
+                    "credentialLocation": "HEADER",
+                    "credentialParameterName": "x-api-key",
+                    "credentialPrefix": ""
+                }
+            }
+        }]'
+
+
+
+
+Boto3
+    
+
+  1.     import boto3
+    
+    agentcore_client = boto3.client('bedrock-agentcore-control')
+    
+    target = agentcore_client.create_gateway_target(
+        gatewayIdentifier="your-gateway-id",
+        name="MyMCPTarget",
+        targetConfiguration={
+            "mcp": {
+                "mcpServer": {
+                    "endpoint": "https://my-mcp-server.example.com"
+                }
+            }
+        },
+        credentialProviderConfigurations=[
+            {
+                "credentialProviderType": "API_KEY",
+                "credentialProvider": {
+                    "apiKeyCredentialProvider": {
+                        "providerArn": "arn:aws:bedrock-agentcore:us-west-2:123456789012:token-vault/default/apikeycredentialprovider/my-api-key",
+                        "credentialLocation": "HEADER",
+                        "credentialParameterName": "x-api-key",
+                        "credentialPrefix": ""
+                    }
+                }
+            }
+        ]
+    )
+
+
+
+