AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-06-22 · Documentation low

File: bedrock-agentcore/latest/devguide/payments-process-payment.md

Summary

Added CLI examples for invoking agents with payment context using --payment-instrument-id and --payment-user-id flags

Security assessment

The changes document payment processing workflows without addressing vulnerabilities or weaknesses. The added flags relate to payment functionality, not security controls.

Diff

diff --git a/bedrock-agentcore/latest/devguide/payments-process-payment.md b/bedrock-agentcore/latest/devguide/payments-process-payment.md
index bf4a37a31..da32eb016 100644
--- a//bedrock-agentcore/latest/devguide/payments-process-payment.md
+++ b//bedrock-agentcore/latest/devguide/payments-process-payment.md
@@ -136,0 +137,23 @@ Use the `PaymentManager` class to generate payment headers manually within any a
+AgentCore CLI
+    
+
+If your agent is deployed with payment capabilities configured, invoke it with payment context and the x402 interceptor handles payment processing automatically:
+    
+    
+    agentcore invoke \
+      --prompt "Access the premium endpoint at https://example-x402-merchant.com/paid-api" \
+      --payment-instrument-id <INSTRUMENT_ID> \
+      --auto-session \
+      --payment-user-id [email protected]
+
+To use an explicit session instead of auto-creating one:
+    
+    
+    agentcore invoke \
+      --prompt "Access the premium endpoint at https://example-x402-merchant.com/paid-api" \
+      --payment-instrument-id <INSTRUMENT_ID> \
+      --payment-session-id <SESSION_ID> \
+      --payment-user-id [email protected]
+
+The deployed agent’s x402 plugin intercepts HTTP 402 responses, calls `ProcessPayment`, and retries the request with proof. Requires AgentCore CLI v0.19.0 or later.
+