AWS bedrock-agentcore high security documentation change
Summary
Added documentation for 'allowedWorkloadConfiguration' parameter in customJWTAuthorizer to restrict runtime invocations to specific AgentCore Gateways.
Security assessment
The change introduces explicit security controls to prevent unauthorized access to agent runtimes by allowing workload restrictions. This mitigates security risks by implementing granular access control for runtime targets.
Diff
diff --git a/bedrock-agentcore/latest/devguide/runtime-oauth.md b/bedrock-agentcore/latest/devguide/runtime-oauth.md index 3052f7b80..5d1305ecb 100644 --- a//bedrock-agentcore/latest/devguide/runtime-oauth.md +++ b//bedrock-agentcore/latest/devguide/runtime-oauth.md @@ -312,0 +313,39 @@ If both client_id and aud is provided, the agent runtime authorizer will verify +### Allowed workload configuration + +You can optionally configure `allowedWorkloadConfiguration` on the `customJWTAuthorizer` to restrict which workloads in the request’s identity chain are allowed to invoke the target. This is useful when your AgentCore Runtime is invoked through an AgentCore Gateway and you want to ensure only specific gateways can reach the runtime. + +The `allowedWorkloadConfiguration` object contains: + + * **hostingEnvironments** – A list of hosting environments whose workloads are allowed to invoke the target. At launch, the only supported hosting environment is AgentCore Gateway. + + * **workloadIdentities** – A list of workload identities that are allowed to invoke the target. + + + + +The following example creates an agent runtime with `allowedWorkloadConfiguration` that restricts invocation to a specific AgentCore Gateway: + + + { + "authorizerConfiguration": { + "customJWTAuthorizer": { + "discoveryUrl": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_example/.well-known/openid-configuration", + "allowedClients": ["your-client-id"], + "allowedWorkloadConfiguration": { + "hostingEnvironments": [ + { + "arn": "arn:aws:bedrock-agentcore:us-east-1:111122223333:gateway/my-gateway-id" + } + ], + "workloadIdentities": [ + "arn:aws:bedrock-agentcore:us-east-1:111122223333:gateway/my-gateway-id" + ] + } + } + } + } + +###### Note + +At launch, `allowedWorkloadConfiguration` is supported only for AgentCore Runtime targets, and the allowed workloads are AgentCore Gateways. +