We take security seriously at AWS. If you discover a security vulnerability in the Bedrock AgentCore Python SDK, we appreciate your help in disclosing it to us in a responsible manner.

Please do not report security vulnerabilities through public GitHub issues.

If you believe you have found a security vulnerability in this SDK, please report it to us through one of the following methods:

• Email: [email protected]
• Web Form: AWS Vulnerability Reporting

Please provide the following information to help us understand the nature and scope of the issue:

• Type of issue (e.g., credential exposure, injection vulnerability, authentication bypass, etc.)
• Full paths of source file(s) related to the issue
• Location of affected code (tag/branch/commit or direct URL)
• Special configuration required to reproduce
• Step-by-step instructions to reproduce
• Proof-of-concept or exploit code (if possible)
• Impact assessment - how an attacker might exploit this

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
• Initial Assessment: Our security team will evaluate your report and respond within 5 business days
• Status Updates: We will keep you informed about our progress
• Resolution: We will notify you when the vulnerability is fixed
• Recognition: We will acknowledge your contribution (unless you prefer to remain anonymous)

1. Report received - Security team acknowledges receipt
2. Triage - Severity assessment and impact analysis
3. Fix development - Creating and testing patches
4. Release - Coordinated disclosure and patch release
5. Post-mortem - Analysis and process improvements

We release patches for security vulnerabilities for the following versions:

❌ NEVER DO THIS:

# Never hardcode credentials
client = MemoryClient(
    aws_access_key_id="AKIAIOSFODNN7EXAMPLE",
    aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
)

✅ DO THIS INSTEAD:

# Use environment variables
client = MemoryClient()  # Uses AWS credential chain

# Or use IAM roles (recommended for production)
client = MemoryClient()  # Automatically uses instance role

• Always use HTTPS endpoints (enforced by default)
• Never disable SSL certificate verification
• Keep TLS libraries updated

# ✅ Good: Token handled securely
@requires_access_token(provider_name="github", scopes=["repo:read"])
async def my_function(payload, access_token):
    # Token is injected securely, never logged
    pass

# ❌ Bad: Never log tokens
logger.info(f"Token: {access_token}")  # NEVER DO THIS

• Always validate user inputs before passing to SDK
• Use the built-in Pydantic models for type safety
• Sanitize data that will be stored or processed

• Grant minimal IAM permissions required
• Use resource-based policies where possible
• Regularly audit and reduce permissions

• Enable CloudTrail for API audit logs
• Use CloudWatch for operational monitoring
• Never log sensitive data (tokens, credentials, PII)

The Bedrock AgentCore SDK includes these security features:

• Automatic credential handling via AWS credential provider chain
• TLS 1.2+ enforcement for all AWS API calls
• Request signing using AWS Signature Version 4
• Input validation using Pydantic models
• Memory safety - no credential storage, secure cleanup

• AWS IAM (SigV4) authentication
• OAuth2 with PKCE support
• API key management
• Workload identity tokens

• SSL verification always enabled
• Secure session management
• Request size limits
• Timeout configurations

• Never commit credentials to version control
• Don't pass credentials as command-line arguments
• Avoid credentials in configuration files

• Always use parameterized inputs
• Validate and sanitize user data
• Use SDK-provided methods for data handling

• Implement proper authentication
• Use IAM policies effectively
• Enable MFA where possible

• Always use HTTPS
• Verify SSL certificates
• Use latest TLS versions

# Install security scanning tools
pip install bandit safety

# Run security scan
bandit -r src/

# Check for known vulnerabilities
safety check

• Enable GitHub Dependabot
• Use CodeQL analysis
• Implement pre-commit hooks
• Regular dependency updates

This SDK is designed to help you build applications that can comply with:

• AWS Well-Architected Security Pillar
• OWASP Secure Coding Practices
• Common compliance frameworks (when properly configured)

• AWS Security Best Practices
• IAM Best Practices
• OWASP Python Security
• Python Security Guidelines

For non-security related issues, please use GitHub Issues.

For security-related questions that don't require immediate attention, please see our CONTRIBUTING.md guide.

Last updated: July 2025 This security policy may be updated at any time. Please check back regularly for updates.