AWS bedrock-agentcore high security documentation change
Summary
Fixed KMS condition type and added CLI example for encryption
Security assessment
Corrected key policy from StringLike to ArnLike to prevent over-permissive policies. Concrete evidence: Security-critical IAM condition fix and practical encryption implementation example
Diff
diff --git a/bedrock-agentcore/latest/devguide/recommendations-encryption.md b/bedrock-agentcore/latest/devguide/recommendations-encryption.md index dd5d34827..9d308fa3b 100644 --- a//bedrock-agentcore/latest/devguide/recommendations-encryption.md +++ b//bedrock-agentcore/latest/devguide/recommendations-encryption.md @@ -83 +83 @@ The following key policy provides the minimum permissions required for recommend - "StringLike": { + "ArnLike": { @@ -118,0 +119,11 @@ Specify the `kmsKeyArn` parameter when calling `StartRecommendation`: +AgentCore CLI + + + + agentcore run recommendation \ + -t system-prompt \ + -r MyAgent \ + -e Builtin.Correctness \ + --inline "You are a helpful assistant" \ + --kms-key arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab +