AWS bedrock-agentcore documentation change
Summary
Added new example for creating MCP server target with API key authorization using AWS CLI and Boto3
Security assessment
This change adds documentation about securing API access using API key authorization headers, which is a security feature. However, there's no evidence it addresses a specific vulnerability.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md b/bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md index de6ea93fc..e93e60828 100644 --- a//bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md +++ b//bedrock-agentcore/latest/devguide/gateway-add-target-api-target-config.md @@ -722,0 +723,71 @@ Boto3 +**MCP server with API key authorization** + +The following example creates an MCP server target with API key authorization. + +Select one of the following methods: + +###### Example + +AWS CLI + + + 1. aws bedrock-agentcore-control create-gateway-target \ + --gateway-identifier "your-gateway-id" \ + --name "MyMCPTarget" \ + --target-configuration '{ + "mcp": { + "mcpServer": { + "endpoint": "https://my-mcp-server.example.com" + } + } + }' \ + --credential-provider-configurations '[{ + "credentialProviderType": "API_KEY", + "credentialProvider": { + "apiKeyCredentialProvider": { + "providerArn": "arn:aws:bedrock-agentcore:us-west-2:123456789012:token-vault/default/apikeycredentialprovider/my-api-key", + "credentialLocation": "HEADER", + "credentialParameterName": "x-api-key", + "credentialPrefix": "" + } + } + }]' + + + + +Boto3 + + + 1. import boto3 + + agentcore_client = boto3.client('bedrock-agentcore-control') + + target = agentcore_client.create_gateway_target( + gatewayIdentifier="your-gateway-id", + name="MyMCPTarget", + targetConfiguration={ + "mcp": { + "mcpServer": { + "endpoint": "https://my-mcp-server.example.com" + } + } + }, + credentialProviderConfigurations=[ + { + "credentialProviderType": "API_KEY", + "credentialProvider": { + "apiKeyCredentialProvider": { + "providerArn": "arn:aws:bedrock-agentcore:us-west-2:123456789012:token-vault/default/apikeycredentialprovider/my-api-key", + "credentialLocation": "HEADER", + "credentialParameterName": "x-api-key", + "credentialPrefix": "" + } + } + } + ] + ) + + + +