AWS Security ChangesHomeSearch

AWS bedrock-agentcore high security documentation change

Service: bedrock-agentcore · 2026-06-22 · Security-related high

File: bedrock-agentcore/latest/devguide/release-notes.md

Summary

Added release notes for Gateway runtime targets, HTTP passthrough, inference targets, traffic enforcement, and payment support in CLI/CDK

Security assessment

Added security documentation for restricting runtime access to gateways only. Explicitly describes using resource-based policies and allowedWorkloadConfiguration to prevent direct access, which mitigates unauthorized invocation risks.

Diff

diff --git a/bedrock-agentcore/latest/devguide/release-notes.md b/bedrock-agentcore/latest/devguide/release-notes.md
index 221b5f5d3..dfe790c0f 100644
--- a//bedrock-agentcore/latest/devguide/release-notes.md
+++ b//bedrock-agentcore/latest/devguide/release-notes.md
@@ -46,0 +47,16 @@ New capabilities can now turn production traces into continuous improvement for
+### Gateway: AgentCore Runtime targets are now generally available
+
+You can add an Amazon Bedrock AgentCore Runtime agent as a target on your gateway. Your gateway sends traffic directly to the runtime agent without aggregation or protocol translation. This integration is now generally available (GA). As part of GA, you can provide an API schema for the runtime target so that the gateway policy engine applies guardrails. You can also use request and response interceptor Lambda functions to inspect or transform traffic, and enforce that the runtime accepts invocations only when they originate from your gateway. See [AgentCore Runtime targets](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-http-runtime.html).
+
+### Gateway: HTTP passthrough targets
+
+AgentCore Gateway now supports HTTP passthrough targets. These targets route traffic through your gateway to any HTTP endpoint without protocol translation. Passthrough targets are ideal for fronting agent URLs, external APIs, application-to-application (A2A) agents, external Model Context Protocol (MCP) servers, or custom inference endpoints. They provide a single gateway endpoint with unified authentication, policy enforcement, and observability. You can provide an API schema to enable policy engine features such as guardrails. You can also configure session stickiness so that weighted routing rules keep a session on the same target. See [HTTP passthrough targets](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-http-passthrough.html).
+
+### Gateway: Inference targets
+
+AgentCore Gateway now supports inference targets for fronting model providers. Inference connector targets provide a preconfigured setup for supported providers. Your gateway automatically handles operations, model discovery, model ID translation, and path rewriting. Inference provider targets give you explicit control over the endpoint, model mappings, per-model token limits, operations, and path rewriting. This includes providers that do not have a built-in connector. See [Inference connector targets](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-inference-connector.html) and [Inference provider targets](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-inference-provider.html).
+
+### Gateway: Enforce inbound traffic from the gateway
+
+You can now configure an Amazon Bedrock AgentCore Runtime to accept invocations only when they originate from your gateway. This prevents callers from bypassing the gateway and reaching the runtime directly. Source validation works across both inbound authorization types. For IAM (Signature Version 4, or SigV4) runtimes, use a resource-based policy that enforces the `aws:SourceArn` condition key. For OAuth (JSON Web Token, or JWT) runtimes, use `allowedWorkloadConfiguration` to restrict the allowed workload to your gateway. See [AgentCore Runtime targets](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-http-runtime.html).
+
@@ -54,0 +71,4 @@ Amazon Bedrock AgentCore Identity now allows you to reference existing AWS Secre
+### AgentCore CLI and CDK: Payments Support
+
+The AgentCore CLI (v0.19.0) and CDK constructs (v0.1.0-alpha.36) now include the Payments feature. The `agentcore add payment-manager` and `agentcore add payment-connector` commands create a Payment Manager and Payment Connector via CloudFormation, automatically connected to your Strands agent through the AgentCore SDK’s `AgentCorePaymentsPlugin`. After deploying with `agentcore deploy`, invoke your payments-eligible agent by passing `--payment-instrument-id` and `--payment-user-id` as flags through `agentcore invoke`, along with `--auto-session` to create or reuse a budget-limited session. The CLI also supports interactive TUI wizards for payment setup and `agentcore remove` commands for teardown. Requires CLI version 0.19.0 or later. See the [Payments quick start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/payments-getting-started.html) for both SDK and CLI paths.
+