AWS Security ChangesHomeSearch

AWS bedrock-agentcore high security documentation change

Service: bedrock-agentcore · 2026-06-19 · Security-related high

File: bedrock-agentcore/latest/devguide/recommendations-encryption.md

Summary

Fixed KMS condition type and added CLI example for encryption

Security assessment

Corrected key policy from StringLike to ArnLike to prevent over-permissive policies. Concrete evidence: Security-critical IAM condition fix and practical encryption implementation example

Diff

diff --git a/bedrock-agentcore/latest/devguide/recommendations-encryption.md b/bedrock-agentcore/latest/devguide/recommendations-encryption.md
index dd5d34827..9d308fa3b 100644
--- a//bedrock-agentcore/latest/devguide/recommendations-encryption.md
+++ b//bedrock-agentcore/latest/devguide/recommendations-encryption.md
@@ -83 +83 @@ The following key policy provides the minimum permissions required for recommend
-            "StringLike": {
+            "ArnLike": {
@@ -118,0 +119,11 @@ Specify the `kmsKeyArn` parameter when calling `StartRecommendation`:
+AgentCore CLI
+    
+    
+    
+    agentcore run recommendation \
+      -t system-prompt \
+      -r MyAgent \
+      -e Builtin.Correctness \
+      --inline "You are a helpful assistant" \
+      --kms-key arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
+