AWS Security ChangesHomeSearch

AWS bedrock-agentcore high security documentation change

Service: bedrock-agentcore · 2026-06-04 · Security-related high

File: bedrock-agentcore/latest/devguide/runtime-oauth.md

Summary

Added security guidance about when to use User-Id header versus JWT authentication, emphasizing cryptographic verification requirements

Security assessment

Explicitly warns about unverified userId header risks and mandates JWT for production to prevent impersonation attacks. Highlights lack of cryptographic verification in userId path.

Diff

diff --git a/bedrock-agentcore/latest/devguide/runtime-oauth.md b/bedrock-agentcore/latest/devguide/runtime-oauth.md
index 532fccb55..3052f7b80 100644
--- a//bedrock-agentcore/latest/devguide/runtime-oauth.md
+++ b//bedrock-agentcore/latest/devguide/runtime-oauth.md
@@ -26 +26 @@ The default authentication and authorization mechanism that works automatically
-If your solution requires the hosted agent to retrieve OAuth tokens on behalf of end users (using Authorization Code Grant), you can specify the user identifier by including the `X-Amzn-Bedrock-AgentCore-Runtime-User-Id` header in your requests.
+If your solution requires the hosted agent to retrieve OAuth tokens on behalf of end users (using Authorization Code Grant), you can specify the user identifier by including the `X-Amzn-Bedrock-AgentCore-Runtime-User-Id` header in your requests. This header uses the `GetWorkloadAccessTokenForUserId` path internally.
@@ -31,0 +32,10 @@ Invoking InvokeAgentRuntime with the `X-Amzn-Bedrock-AgentCore-Runtime-User-Id h
+**When to use this header versus JWT Bearer Token authentication**
+
+This header is designed for the following use cases:
+
+  * **Enterprise customers with customer-managed user identifiers** — Organizations that maintain their own user identity strings and need to pass them through to AgentCore Identity for credential binding.
+
+  * **Development and quickstart scenarios** — Builders who don’t yet have an IdP token available and need a fast path to test user-scoped credential flows.
+
+For production deployments where you have an identity provider configured, use JWT Bearer Token authentication instead. The JWT path (`GetWorkloadAccessTokenForJWT`) validates the token’s issuer, signature, and expiry, providing cryptographic proof of the user’s identity. The `X-Amzn-Bedrock-AgentCore-Runtime-User-Id` header path does not verify the userId against an authenticated end-user identity — it relies on the calling workload to pass the correct value and on your IAM policies to restrict who can supply it.
+
@@ -38 +48 @@ For a consolidated view of all Runtime security recommendations, see [Security b
-While IAM authentication secures the API access, the `X-Amzn-Bedrock-AgentCore-Runtime-User-Id` header requires additional security considerations:
+Because AgentCore treats the header value as an opaque identifier without verifying it against an authenticated identity, you must apply the following controls to maintain the security boundary:
@@ -59,2 +68,0 @@ While IAM authentication secures the API access, the `X-Amzn-Bedrock-AgentCore-R
-Remember that Amazon Bedrock AgentCore treats this header value as an opaque identifier and relies on your application’s logic to maintain the security boundary between authenticated users and their corresponding `user-id` values.
-