AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-05-25 · Documentation low

File: bedrock-agentcore/latest/devguide/gateway-core-concepts.md

Summary

Updated authorization options for MCP server targets to include credential providers and IAM authorization

Security assessment

Expands documentation about security options for MCP targets but doesn't reference any specific security issue. Improves clarity on authentication methods.

Diff

diff --git a/bedrock-agentcore/latest/devguide/gateway-core-concepts.md b/bedrock-agentcore/latest/devguide/gateway-core-concepts.md
index a874a06f1..24776ac9c 100644
--- a//bedrock-agentcore/latest/devguide/gateway-core-concepts.md
+++ b//bedrock-agentcore/latest/devguide/gateway-core-concepts.md
@@ -33 +33 @@ Each gateway must have an inbound authorization configuration to control client
-When Gateway makes calls to your APIs or Lambda function it must use some credentials to access those functionalities. When you create a Smithy or Lambda target, Gateway uses the attached execution role to make calls to those targets. When you create an OpenAPI target, you must attach an AgentCore credential provider which stores the API Key or OAuth credentials that Gateway will use to access the OpenAPI target.
+When Gateway makes calls to your APIs or Lambda function it must use some credentials to access those functionalities. When you create a Smithy or Lambda target, Gateway uses the attached execution role to make calls to those targets. When you create an OpenAPI or MCP server target, you can attach an AgentCore credential provider which stores the API Key or OAuth credentials, configure IAM-based authorization with SigV4 signing, or use no authorization for publicly accessible endpoints.