Bedrock AgentCore Identity - Error in List Tags

Hello.

While not related to Bedrock, I found a similar issue in the following GitHub issue.
https://github.com/boto/boto3/issues/3368

If you encounter the same error with APIs other than AWS CLI (such as Boto3), it's possible that AWS has changed the API specifications.
If the API specifications have changed, you will need to escalate the issue to AWS support, as noted in the GitHub issue.

This sounds like a service-side issue with Bedrock AgentCore Identity rather than something on your end. The official API docs for ListTagsForResource: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListTagsForResource.html on the AgentCore Control Plane explicitly state:

This feature is currently available only for AgentCore Runtime, Browser, Browser Profile, Code Interpreter tool, and Gateway.

AgentCore Identity resources (like Outbound Auth identity providers) are not in that supported list. So the ListTagsForResource API doesn't currently support Identity resource ARNs, which is why you're getting the "Invalid input resource arn" BadRequestException. It works fine for Gateway, Runtime, etc. — those are explicitly supported It fails specifically for Identity resources — they're not supported yet

The console triggers this call automatically when you open a resource detail page, which is why you see the banner error. This sounds like is a service limitation. If tagging Identity resources is important for your workflow, I'd recommend opening an AWS Support case to discuss this further with the support engineers on the possible workarounds. Also, suggestion to keep an eye on the AgentCore API docs for updates to the supported resource list.