AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-06-07 · Documentation medium

File: bedrock-agentcore/latest/devguide/resource-based-policies.md

Summary

Added bedrock-agentcore:InvokeAgentRuntimeCommandShell permission for interactive shell sessions

Security assessment

Documents new IAM permission required for secure access to interactive shells, but doesn't address vulnerabilities. This extends security documentation for access control.

Diff

diff --git a/bedrock-agentcore/latest/devguide/resource-based-policies.md b/bedrock-agentcore/latest/devguide/resource-based-policies.md
index bb6d94da4..d283fff64 100644
--- a//bedrock-agentcore/latest/devguide/resource-based-policies.md
+++ b//bedrock-agentcore/latest/devguide/resource-based-policies.md
@@ -199,0 +200,2 @@ The `Resource` field in the policy document must contain the exact ARN of the re
+  * `bedrock-agentcore:InvokeAgentRuntimeCommandShell` \- Open an interactive WebSocket shell session in an active runtime session
+