Amazon Bedrock Agentcore
(bedrock-agentcore)
IAM Changes
Services
2025-08-05
2025-08-05
2 new resources | 23 updated actions
Additions
Resources
workload-identity-directory
Arn:
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}
token-vault
Arn:
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}
Updates
Actions
InvokeAgentRuntime
Description
Old:
Grants permission to invoke an agent endpoint
New:
Grants permission to invoke an agent runtime endpoint
CreateApiKeyCredentialProvider
Resources
+ apikeycredentialprovider
+ token-vault
CreateOauth2CredentialProvider
Resources
+ oauth2credentialprovider
+ token-vault
CreateWorkloadIdentity
Resources
+ workload-identity
+ workload-identity-directory
DeleteApiKeyCredentialProvider
Resources
+ apikeycredentialprovider
+ token-vault
DeleteOauth2CredentialProvider
Resources
+ oauth2credentialprovider
+ token-vault
DeleteWorkloadIdentity
Resources
+ workload-identity
+ workload-identity-directory
GetApiKeyCredentialProvider
Resources
+ apikeycredentialprovider
+ token-vault
GetOauth2CredentialProvider
Resources
+ oauth2credentialprovider
+ token-vault
GetResourceApiKey
Resources
+ apikeycredentialprovider
+ token-vault
+ workload-identity
+ workload-identity-directory
GetResourceOauth2Token
Resources
+ oauth2credentialprovider
+ token-vault
+ workload-identity
+ workload-identity-directory
GetTokenVault
Resources
+ token-vault
GetWorkloadAccessToken
Resources
+ workload-identity
+ workload-identity-directory
GetWorkloadAccessTokenForJWT
Resources
+ workload-identity
+ workload-identity-directory
GetWorkloadAccessTokenForUserId
Resources
+ workload-identity
+ workload-identity-directory
GetWorkloadIdentity
Resources
+ workload-identity
+ workload-identity-directory
ListApiKeyCredentialProviders
Resources
+ apikeycredentialprovider
+ token-vault
ListOauth2CredentialProviders
Resources
+ oauth2credentialprovider
+ token-vault
ListWorkloadIdentities
Resources
+ workload-identity
+ workload-identity-directory
SetTokenVaultCMK
Resources
+ token-vault
UpdateApiKeyCredentialProvider
Resources
+ apikeycredentialprovider
+ token-vault
UpdateOauth2CredentialProvider
Resources
+ oauth2credentialprovider
+ token-vault
UpdateWorkloadIdentity
Resources
+ workload-identity
+ workload-identity-directory