AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-06-19 · Documentation high

File: cli/latest/reference/bedrock-agentcore-control/create-gateway.md

Summary

Updated AWS CLI version reference from 2.35.5 to 2.35.8; added allowedWorkloadConfiguration for access control; added payload filtering for interceptors; added WAF integration; updated field length constraints and ARN patterns.

Security assessment

The changes primarily add new security features: 1) allowedWorkloadConfiguration restricts workloads that can invoke targets using hosting environments and identities, 2) payloadFilter enables exclusion of sensitive response bodies from interceptor inputs, 3) WAF integration (webAclArn and wafConfiguration) adds web application firewall protections with fail-open/close modes. These are proactive security enhancements rather than fixes for existing vulnerabilities. The pattern changes (e.g., reduced name length from 100 to 48 characters) appear to be standard constraint updates without explicit security context.

Diff

diff --git a/cli/latest/reference/bedrock-agentcore-control/create-gateway.md b/cli/latest/reference/bedrock-agentcore-control/create-gateway.md
index e6e4ff942..22f61fff2 100644
--- a//cli/latest/reference/bedrock-agentcore-control/create-gateway.md
+++ b//cli/latest/reference/bedrock-agentcore-control/create-gateway.md
@@ -15 +15 @@
-  * [AWS CLI 2.35.5 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.8 Command Reference](../../index.html) »
@@ -113 +113 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
->   * pattern: `([0-9a-zA-Z][-]?){1,100}`
+>   * pattern: `([0-9a-zA-Z][-]?){1,48}`
@@ -707,0 +708,51 @@ JSON Syntax:
+>> 
+>> allowedWorkloadConfiguration -> (structure)
+>>
+>>> The configuration that restricts which workloads in the request’s identity chain are allowed to invoke the target, identified by their hosting environments and workload identities. At launch, this is supported only for AgentCore Runtime targets, and the allowed workloads are AgentCore Gateways.
+>>> 
+>>> hostingEnvironments -> (list)
+>>>
+>>>> The list of hosting environments whose workloads are allowed to invoke the target. At launch, the only supported hosting environment is AgentCore Gateway.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `10`
+>>>> 
+
+>>>> 
+>>>> (structure)
+>>>>
+>>>>> A hosting environment whose workloads are allowed to invoke the target. At launch, the only supported hosting environment is AgentCore Gateway.
+>>>>> 
+>>>>> arn -> (string) [required]
+>>>>>
+>>>>>> The Amazon Resource Name (ARN) of the hosting environment.
+>>>>>> 
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * min: `20`
+>>>>>>   * max: `1011`
+>>>>>> 
+
+>>> 
+>>> workloadIdentities -> (list)
+>>>
+>>>> The list of workload identities that are allowed to invoke the target.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `10`
+>>>> 
+
+>>>> 
+>>>> (string)
+>>>>
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `3`
+>>>>>   * max: `255`
+>>>>>   * pattern: `[A-Za-z0-9_.-]+`
+>>>>> 
+
@@ -765 +816,10 @@ JSON Syntax:
-        ]
+        ],
+        "allowedWorkloadConfiguration": {
+          "hostingEnvironments": [
+            {
+              "arn": "string"
+            }
+            ...
+          ],
+          "workloadIdentities": ["string", ...]
+        }
@@ -817 +877 @@ JSON Syntax:
->>>>>   * pattern: `arn:(aws[a-zA-Z-]*)?:lambda:([a-z]{2}(-gov)?-[a-z]+-\d{1}):(\d{12}):function:([a-zA-Z0-9-_.]+)(:(\$LATEST|[a-zA-Z0-9-]+))?`
+>>>>>   * pattern: `arn:(aws[a-zA-Z-]*)?:lambda:([a-z]{2}(-gov)?-[a-z]+-\d{1}):(\d{12}):function:([a-zA-Z0-9-_.]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?`
@@ -847,0 +908,14 @@ JSON Syntax:
+>>> 
+>>> payloadFilter -> (structure)
+>>>
+>>>> The filter that determines which parts of the request or response payload are passed as input to the interceptor.
+>>>> 
+>>>> exclude -> (list) [required]
+>>>>
+>>>>> The list of selectors that identify payload fields to exclude from the interceptor input.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `1`
+>>>>> 
@@ -849,4 +923,17 @@ JSON Syntax:
-Shorthand Syntax:
-    
-    
-    interceptor={lambda={arn=string}},interceptionPoints=string,string,inputConfiguration={passRequestHeaders=boolean} ...
+>>>>> 
+>>>>> (tagged union structure)
+>>>>>
+>>>>>> A selector that identifies a payload field to exclude from the interceptor input.
+>>>>>> 
+>>>>>> ### Note
+>>>>>> 
+>>>>>> This is a Tagged Union structure. Only one of the following top level keys can be set: `field`.
+>>>>>> 
+>>>>>> field -> (string)
+>>>>>>
+>>>>>>> The field to exclude from the interceptor input.
+>>>>>>> 
+>>>>>>> Possible values:
+>>>>>>> 
+>>>>>>>   * `RESPONSE_BODY`
+>>>>>>> 
@@ -867 +954,9 @@ JSON Syntax:
-          "passRequestHeaders": true|false
+          "passRequestHeaders": true|false,
+          "payloadFilter": {
+            "exclude": [
+              {
+                "field": "RESPONSE_BODY"
+              }
+              ...
+            ]
+          }
@@ -1173 +1268 @@ name -> (string)
->   * pattern: `([0-9a-zA-Z][-]?){1,100}`
+>   * pattern: `([0-9a-zA-Z][-]?){1,48}`
@@ -1725,0 +1821,51 @@ authorizerConfiguration -> (tagged union structure)
+>> 
+>> allowedWorkloadConfiguration -> (structure)
+>>
+>>> The configuration that restricts which workloads in the request’s identity chain are allowed to invoke the target, identified by their hosting environments and workload identities. At launch, this is supported only for AgentCore Runtime targets, and the allowed workloads are AgentCore Gateways.
+>>> 
+>>> hostingEnvironments -> (list)
+>>>
+>>>> The list of hosting environments whose workloads are allowed to invoke the target. At launch, the only supported hosting environment is AgentCore Gateway.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `10`
+>>>> 
+
+>>>> 
+>>>> (structure)
+>>>>
+>>>>> A hosting environment whose workloads are allowed to invoke the target. At launch, the only supported hosting environment is AgentCore Gateway.
+>>>>> 
+>>>>> arn -> (string) [required]
+>>>>>
+>>>>>> The Amazon Resource Name (ARN) of the hosting environment.
+>>>>>> 
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * min: `20`
+>>>>>>   * max: `1011`
+>>>>>> 
+
+>>> 
+>>> workloadIdentities -> (list)
+>>>
+>>>> The list of workload identities that are allowed to invoke the target.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `10`
+>>>> 
+
+>>>> 
+>>>> (string)
+>>>>
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `3`
+>>>>>   * max: `255`
+>>>>>   * pattern: `[A-Za-z0-9_.-]+`
+>>>>> 
+
@@ -1738,0 +1885,20 @@ kmsKeyArn -> (string)
+customTransformConfiguration -> (structure)
+
+> The custom transformation configuration for the gateway. This configuration defines how the gateway transforms requests and responses.
+> 
+> lambda -> (structure)
+>
+>> The Lambda configuration for custom transformations. This configuration defines how the gateway uses a Lambda function to transform data.
+>> 
+>> arn -> (string)
+>>
+>>> The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to transform data.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `170`
+>>>   * pattern: `arn:(aws[a-zA-Z-]*)?:lambda:([a-z]{2}(-gov)?-[a-z]+-\d{1}):(\d{12}):function:([a-zA-Z0-9-_.]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?`
+>>> 
+