AWS agent-toolkit documentation change
Summary
Added security characteristics documentation for Agent Toolkit components and new section links
Security assessment
Added explanations of security properties for AWS MCP Server and AWS CLI components, plus links to data protection and IAM documentation. Enhances security feature documentation without addressing specific vulnerabilities.
Diff
diff --git a/agent-toolkit/latest/userguide/security.md b/agent-toolkit/latest/userguide/security.md index 6b0675151..dd024bc84 100644 --- a//agent-toolkit/latest/userguide/security.md +++ b//agent-toolkit/latest/userguide/security.md @@ -19,0 +20,11 @@ Security is a shared responsibility between AWS and you. The [shared responsibil +The Agent Toolkit for AWS has different security characteristics depending on how you use it: + + * **AWS MCP Server** — A stateless proxy that executes AWS API calls on your behalf using your IAM credentials. Authentication and authorization for the operations it performs are governed by your IAM identity. + + * **AWS CLI (`aws agent-toolkit`)** — Commands that discover and install AWS-vended agent skills over HTTPS. These commands are unauthenticated and do not send credentials. No customer data is stored. + + + + +The topic-specific pages below cover security for both usage paths. + @@ -31,0 +43,4 @@ This documentation helps you understand how to apply the shared responsibility m + * [Data protection for the AWS CLI](./data-protection-service-endpoint.html) + + * [IAM for the AWS CLI](./security-iam-cli.html) +