Hi team,
We recently expanded the AgentCore Runtime Request Header Allowlist feature (docs). Previously, the allowlist only supported Authorization and headers prefixed with X-Amzn-Bedrock-AgentCore-Runtime-Custom-. The expansion loosens the validation performed in CP to allow customers to configure any valid HTTP header in their allowlist (e.g., X-Custom-Header, X-Api-Key) while blocking certain restricted headers.
The Runtime service (data plane) correctly forwards all allowlisted headers to the container — this has been validated end-to-end in prod PDX.
Where this breaks in BedrockAgentCoreApp:
The _build_request_context method in app.py#L395-L430 still has the old hardcoded filter that only populates context.request_headers with:
- The
Authorization header
- Headers matching the
X-Amzn-Bedrock-AgentCore-Runtime-Custom- prefix
Any newly-supported allowlisted header (e.g., X-Custom-Header, X-Api-Key) that arrives at the container is silently dropped by the SDK before reaching the customer's @app.entrypoint handler via context.request_headers.
Ask:
Since BedrockAgentCoreApp is the recommended SDK for building agents on AgentCore, and the docs show context.request_headers as the access pattern, we'd like the SDK to reflect the expanded feature's behavior. The Runtime service has already enforced the allowlist at the CP and forwarded only valid headers to the container — so the SDK should surface all headers that arrive rather than applying its own secondary filter based on the old prefix rules.
We'd really appreciate your help if you guys could take a look. Thanks so much!
Ivan :)
Hi team,
We recently expanded the AgentCore Runtime Request Header Allowlist feature (docs). Previously, the allowlist only supported
Authorizationand headers prefixed withX-Amzn-Bedrock-AgentCore-Runtime-Custom-. The expansion loosens the validation performed in CP to allow customers to configure any valid HTTP header in their allowlist (e.g.,X-Custom-Header,X-Api-Key) while blocking certain restricted headers.The Runtime service (data plane) correctly forwards all allowlisted headers to the container — this has been validated end-to-end in prod PDX.
Where this breaks in
BedrockAgentCoreApp:The
_build_request_contextmethod in app.py#L395-L430 still has the old hardcoded filter that only populatescontext.request_headerswith:AuthorizationheaderX-Amzn-Bedrock-AgentCore-Runtime-Custom-prefixAny newly-supported allowlisted header (e.g.,
X-Custom-Header,X-Api-Key) that arrives at the container is silently dropped by the SDK before reaching the customer's@app.entrypointhandler viacontext.request_headers.Ask:
Since
BedrockAgentCoreAppis the recommended SDK for building agents on AgentCore, and the docs showcontext.request_headersas the access pattern, we'd like the SDK to reflect the expanded feature's behavior. The Runtime service has already enforced the allowlist at the CP and forwarded only valid headers to the container — so the SDK should surface all headers that arrive rather than applying its own secondary filter based on the old prefix rules.We'd really appreciate your help if you guys could take a look. Thanks so much!
Ivan :)