AWS bedrock-agentcore documentation change
Summary
Updated authorization options for MCP server targets to include credential providers and IAM authorization
Security assessment
Expands documentation about security options for MCP targets but doesn't reference any specific security issue. Improves clarity on authentication methods.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-core-concepts.md b/bedrock-agentcore/latest/devguide/gateway-core-concepts.md index a874a06f1..24776ac9c 100644 --- a//bedrock-agentcore/latest/devguide/gateway-core-concepts.md +++ b//bedrock-agentcore/latest/devguide/gateway-core-concepts.md @@ -33 +33 @@ Each gateway must have an inbound authorization configuration to control client -When Gateway makes calls to your APIs or Lambda function it must use some credentials to access those functionalities. When you create a Smithy or Lambda target, Gateway uses the attached execution role to make calls to those targets. When you create an OpenAPI target, you must attach an AgentCore credential provider which stores the API Key or OAuth credentials that Gateway will use to access the OpenAPI target. +When Gateway makes calls to your APIs or Lambda function it must use some credentials to access those functionalities. When you create a Smithy or Lambda target, Gateway uses the attached execution role to make calls to those targets. When you create an OpenAPI or MCP server target, you can attach an AgentCore credential provider which stores the API Key or OAuth credentials, configure IAM-based authorization with SigV4 signing, or use no authorization for publicly accessible endpoints.