AWS bedrock-agentcore high security documentation change
Summary
Added security warning about GetWorkloadAccessTokenForUserId permission and recommended explicit denial in production
Security assessment
Identifies excessive permission risk in managed policy and recommends restricting token issuance to verified JWT path to prevent unauthorized token generation.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-permissions.md b/bedrock-agentcore/latest/devguide/runtime-permissions.md index 17998bece..402b1e1ac 100644 --- a//bedrock-agentcore/latest/devguide/runtime-permissions.md +++ b//bedrock-agentcore/latest/devguide/runtime-permissions.md @@ -30 +30 @@ For information about using resource-based policies to control access to your Ag -To use Amazon Bedrock AgentCore, you can attach the [BedrockAgentCoreFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/BedrockAgentCoreFullAccess.html) AWS managed policy to your IAM user or IAM. role. This AWS managed policy grants broad permissions. We recommend creating a custom policy with only the permissions your application requires by copying the relevant statements and restricting the resources to your specific use case. To use the AgentCore CLI, you need additional permissions. +To use Amazon Bedrock AgentCore, you can attach the [BedrockAgentCoreFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/BedrockAgentCoreFullAccess.html) AWS managed policy to your IAM user or IAM role. This AWS managed policy grants broad permissions including `GetWorkloadAccessTokenForUserId`, which allows issuing workload access tokens using caller-supplied user identifier strings without IdP token verification. We recommend creating a custom policy with only the permissions your application requires by copying the relevant statements and restricting the resources to your specific use case. For production deployments where your application has JWT tokens available, explicitly deny `GetWorkloadAccessTokenForUserId` and grant only `GetWorkloadAccessTokenForJWT`. For more information, see [Get workload access token](./get-workload-access-token.html). To use the AgentCore CLI, you need additional permissions.