fix(payments): two IAM grants and SDK version compat

Found in end-to-end deploy + invoke testing:

1. Vended cdk-stack.ts: grant runtime execution role sts:AssumeRole on
   the ProcessPaymentRole. ProcessPaymentRole's trust policy allows
   AccountRootPrincipal, but the caller still needs sts:AssumeRole on
   its own role. Without this, every invoke that touches payments
   fails with AccessDenied.

2. Vended payments.py: detect whether the installed bedrock-agentcore
   SDK supports the boto3_session field via inspect.signature() before
   passing it. The field was added in 1.11; older published versions
   (1.10 and below) reject the kwarg. Falls back to the runtime role's
   default credentials with a warning when the SDK is too old.

Author: aidandaly24

src/assets/__tests__/__snapshots__/assets.snapshot.test.ts.snap

@@ -283,6 +283,7 @@ exports[`Assets Directory Snapshots > CDK assets > cdk/cdk/lib/cdk-stack.ts shou
   type CustomJWTAuthorizerConfig,
 } from '@aws/agentcore-cdk';
 import { CfnOutput, Stack, type StackProps } from 'aws-cdk-lib';
+import * as iam from 'aws-cdk-lib/aws-iam';
 import { Construct } from 'constructs';
 
 export interface PaymentConnectorSpec {
@@ -376,6 +377,16 @@ export class AgentCoreStack extends Stack {
           env.runtime.addEnvironmentVariable(\`\${prefix}_MANAGER_ARN\`, manager.paymentManagerArn);
           env.runtime.addEnvironmentVariable(\`\${prefix}_PROCESS_PAYMENT_ROLE_ARN\`, manager.processPaymentRoleArn);
 
+          // Grant runtime execution role permission to assume the ProcessPaymentRole.
+          // The ProcessPaymentRole's trust policy allows AccountRootPrincipal, but the
+          // caller still needs sts:AssumeRole on its own role to perform the assumption.
+          env.runtime.role.addToPrincipalPolicy(
+            new iam.PolicyStatement({
+              actions: ['sts:AssumeRole'],
+              resources: [manager.processPaymentRoleArn],
+            })
+          );
+
           if (payment.autoPayment !== undefined) {
             env.runtime.addEnvironmentVariable(\`\${prefix}_AUTO_PAYMENT\`, String(payment.autoPayment));
           }
@@ -5450,7 +5461,17 @@ def create_payments_plugin(user_id, instrument_id=None, session_id=None):
         config_kwargs["network_preferences_config"] = _network_prefs
 
     if _process_payment_role_arn:
-        config_kwargs["boto3_session"] = _assume_role_session(_process_payment_role_arn)
+        # Only pass boto3_session if SDK supports it (added in bedrock-agentcore >= 1.11).
+        # Older SDKs use the runtime role's default credentials and can still call ProcessPayment
+        # if the runtime role has been granted permission directly.
+        import inspect
+        if "boto3_session" in inspect.signature(AgentCorePaymentsPluginConfig).parameters:
+            config_kwargs["boto3_session"] = _assume_role_session(_process_payment_role_arn)
+        else:
+            logger.warning(
+                "PROCESS_PAYMENT_ROLE_ARN set but bedrock-agentcore SDK does not support boto3_session. "
+                "Upgrade to bedrock-agentcore>=1.11 to enable cross-role payment processing."
+            )
 
     if _auth_mode == "bearer":
         bearer_token = os.getenv("AGENTCORE_BEARER_TOKEN")

src/assets/cdk/lib/cdk-stack.ts

@@ -8,6 +8,7 @@ import {
   type CustomJWTAuthorizerConfig,
 } from '@aws/agentcore-cdk';
 import { CfnOutput, Stack, type StackProps } from 'aws-cdk-lib';
+import * as iam from 'aws-cdk-lib/aws-iam';
 import { Construct } from 'constructs';
 
 export interface PaymentConnectorSpec {
@@ -101,6 +102,16 @@ export class AgentCoreStack extends Stack {
           env.runtime.addEnvironmentVariable(`${prefix}_MANAGER_ARN`, manager.paymentManagerArn);
           env.runtime.addEnvironmentVariable(`${prefix}_PROCESS_PAYMENT_ROLE_ARN`, manager.processPaymentRoleArn);
 
+          // Grant runtime execution role permission to assume the ProcessPaymentRole.
+          // The ProcessPaymentRole's trust policy allows AccountRootPrincipal, but the
+          // caller still needs sts:AssumeRole on its own role to perform the assumption.
+          env.runtime.role.addToPrincipalPolicy(
+            new iam.PolicyStatement({
+              actions: ['sts:AssumeRole'],
+              resources: [manager.processPaymentRoleArn],
+            })
+          );
+
           if (payment.autoPayment !== undefined) {
             env.runtime.addEnvironmentVariable(`${prefix}_AUTO_PAYMENT`, String(payment.autoPayment));
           }

src/assets/python/http/strands/capabilities/payments/payments.py

@@ -113,7 +113,17 @@ def create_payments_plugin(user_id, instrument_id=None, session_id=None):
         config_kwargs["network_preferences_config"] = _network_prefs
 
     if _process_payment_role_arn:
-        config_kwargs["boto3_session"] = _assume_role_session(_process_payment_role_arn)
+        # Only pass boto3_session if SDK supports it (added in bedrock-agentcore >= 1.11).
+        # Older SDKs use the runtime role's default credentials and can still call ProcessPayment
+        # if the runtime role has been granted permission directly.
+        import inspect
+        if "boto3_session" in inspect.signature(AgentCorePaymentsPluginConfig).parameters:
+            config_kwargs["boto3_session"] = _assume_role_session(_process_payment_role_arn)
+        else:
+            logger.warning(
+                "PROCESS_PAYMENT_ROLE_ARN set but bedrock-agentcore SDK does not support boto3_session. "
+                "Upgrade to bedrock-agentcore>=1.11 to enable cross-role payment processing."
+            )
 
     if _auth_mode == "bearer":
         bearer_token = os.getenv("AGENTCORE_BEARER_TOKEN")