AWS appstream2 medium security documentation change
Summary
Added detailed list of IAM permissions for agentaccess-mcp actions, clarified credential usage for MCP signing, and introduced new agent control features including MCP tool forwarding and user observation mode
Security assessment
The change explicitly documents granular IAM permissions required for agent actions (like screen capture and input simulation), emphasizes direct credential usage for signing requests, and adds user oversight capabilities. This addresses potential overprivileged access risks by specifying least-privilege permissions and introduces real-time user monitoring as a security control.
Diff
diff --git a/appstream2/latest/developerguide/getting-started-agent-access.md b/appstream2/latest/developerguide/getting-started-agent-access.md index 64eb982d4..c99581eb7 100644 --- a//appstream2/latest/developerguide/getting-started-agent-access.md +++ b//appstream2/latest/developerguide/getting-started-agent-access.md @@ -42 +42 @@ Before you begin, make sure you have the following: - * AWS credentials (environment variables, AWS profile, EC2 instance role, or Lambda execution role) with the following IAM permissions: + * AWS credentials (environment variables, AWS profile, EC2 instance role, or Lambda execution role) with the following IAM permissions. The agent uses these credentials directly to sign requests to the MCP service: @@ -56,0 +57,36 @@ Before you begin, make sure you have the following: +The `agentaccess-mcp:*` wildcard includes the following actions: + + * `agentaccess-mcp:InvokeMcp` — Initialize sessions and discover tools + + * `agentaccess-mcp:GetScreenshot` — Capture screen state + + * `agentaccess-mcp:LeftClick` — Perform left mouse click + + * `agentaccess-mcp:DoubleClick` — Perform double click + + * `agentaccess-mcp:TripleClick` — Perform triple click + + * `agentaccess-mcp:RightClick` — Perform right mouse click + + * `agentaccess-mcp:MiddleClick` — Perform middle mouse click + + * `agentaccess-mcp:TypeText` — Type text string + + * `agentaccess-mcp:KeyPress` — Press key or key combination + + * `agentaccess-mcp:HoldKey` — Hold key for duration + + * `agentaccess-mcp:Scroll` — Scroll at coordinates + + * `agentaccess-mcp:MovePointer` — Move pointer to coordinates + + * `agentaccess-mcp:LeftClickDrag` — Perform left click drag + + * `agentaccess-mcp:LeftMouseDown` — Press and hold left mouse button + + * `agentaccess-mcp:LeftMouseUp` — Release left mouse button + + * `agentaccess-mcp:CheckConnectionStatus` — Check connection status of a streaming session + + * `agentaccess-mcp:CallForwardedTool` — Invoke a forwarded tool on a remote instance + @@ -93,0 +130,4 @@ Create a WorkSpaces Applications stack with agent access enabled to allow AI age + * **Enable MCP tool forwarding** — Allow agents to interact with applications and the desktop operating system through direct MCP calls rather than using computer use tools. When enabled, MCP tools configured on the WorkSpaces application session are forwarded to the agent. + + * **Enable user control mode** — Allow users to observe agent sessions in real time through their browser. Observers see a live view of the desktop as the agent works. In VIEW_STOP mode, observers can stop the agent using a button at the top of the screen. Once stopped, the agent must start a new session to resume. + @@ -115 +155,2 @@ Run the following command to create a stack with agent access enabled: - {"AgentAction": "COMPUTER_INPUT", "Permission": "ENABLED"} + {"AgentAction": "COMPUTER_INPUT", "Permission": "ENABLED"}, + {"AgentAction": "FORWARD_MCP_TOOLS", "Permission": "ENABLED"} @@ -129 +170,2 @@ To also enable screenshot storage, add the `S3BucketArn` and `ScreenshotsUploadE - {"AgentAction": "COMPUTER_INPUT", "Permission": "ENABLED"} + {"AgentAction": "COMPUTER_INPUT", "Permission": "ENABLED"}, + {"AgentAction": "FORWARD_MCP_TOOLS", "Permission": "ENABLED"} @@ -186 +228 @@ Your agent connects to the managed MCP service at the following fixed endpoint: -The connection uses SigV4 signing with the service name `agentaccess-mcp`. You pass the streaming URL from Step 2 as a header on every MCP request. +The connection uses SigV4 signing with the service name `agentaccess-mcp`. Your agent signs each request using the AWS credentials configured in the prerequisites with the `agentaccess-mcp:*` permissions. You pass the streaming URL from Step 2 as a header on every MCP request.