AWS Security ChangesHomeSearch

AWS bedrock-agentcore high security documentation change

Service: bedrock-agentcore · 2026-06-04 · Security-related high

File: bedrock-agentcore/latest/devguide/identity-getting-started-google.md

Summary

Added IAM policy security guidance restricting GetWorkloadAccessTokenForUserId

Security assessment

Identifies security risk in broad permissions and recommends explicit denial of GetWorkloadAccessTokenForUserId to enforce JWT validation, preventing privilege escalation.

Diff

diff --git a/bedrock-agentcore/latest/devguide/identity-getting-started-google.md b/bedrock-agentcore/latest/devguide/identity-getting-started-google.md
index 71bd9bf3b..c117a4179 100644
--- a//bedrock-agentcore/latest/devguide/identity-getting-started-google.md
+++ b//bedrock-agentcore/latest/devguide/identity-getting-started-google.md
@@ -48,0 +49,4 @@ Before you start, you need:
+###### Important
+
+The `BedrockAgentCoreFullAccess` managed policy grants broad permissions including `GetWorkloadAccessTokenForUserId`, which allows callers to issue workload access tokens using any user identifier string without IdP token verification. This is suitable for development and testing. For production deployments, create custom IAM policies that follow the principle of least privilege and restrict permissions to only the specific actions required. If your application uses JWT-based authentication (recommended for production), you can explicitly deny `GetWorkloadAccessTokenForUserId` to ensure all user identification goes through the verified JWT path. For more information, see [Get workload access token](./get-workload-access-token.html).
+