docs(payments): correct T02 description of the runtime execution role

[fahadfa-aws]

Issue

The Tutorial 02 README "Key Concepts" section described the execution role as ProcessPaymentRole with "explicit denies on CreatePaymentSession, CreatePaymentInstrument, and all control-plane operations." Two factual problems:

1. The deployed runtime is not bound to AgentCorePaymentsProcessPaymentRole. deploy_payment_agent.py:154 runs agentcore deploy -y, and the CLI's CDK construct creates a fresh execution role itself. The script then attaches a narrow inline policy (PaymentDataPlaneAccess) to whichever auto-created role it finds. The runtime's roleArn returned by GetAgentRuntime is that auto-created role.

2. The Deny ProcessPayment statement lives on the management role, not on ProcessPaymentRole. The official IAM guide puts the explicit Deny ProcessPayment on ManagementRole (the role used by app backends to create sessions). ProcessPaymentRole's design pattern is narrow scope — Allow only ProcessPayment and the read APIs, and the absence of CreatePaymentSession / CreatePaymentInstrument enforces separation.

utils.py matches the AWS-docs pattern correctly: MANAGEMENT_ROLE has \"deny\": [\"bedrock-agentcore:ProcessPayment\"]; PROCESS_PAYMENT_ROLE has only allow: with no deny: key.

Changes

• README.md (Key Concepts section): rewrite the role paragraph to describe the auto-created execution role plus the narrow inline policy that deploy_payment_agent.py attaches. Cross-link to the AWS IAM roles guide.
• deploy_payment_agent.py (line 160): add a code comment explaining that agentcore.json (AgentEnvSpec) does not currently expose executionRoleArn, so the runtime cannot be bound to a caller-managed role today. The narrow inline policy is the workaround that achieves the same separation.

Docs + one code comment. No behavior change.

Verification

AWS Knowledge MCP — re-read payments-iam-roles.html. Confirmed: "The explicit Deny on ProcessPayment in the management role" and the literal Statement[Sid: \"DenyProcessPayment\", Effect: \"Deny\", Action: \"bedrock-agentcore:ProcessPayment\"] is shown in the ManagementRole policy block. The ProcessPaymentRole policy block has only Allow statements.

Live AWS — fresh deploy on us-west-2 against 180780550628:

• agentcore deploy created CFN stack AgentCore-PaymentAgent-default
• GetAgentRuntime returned roleArn = AgentCore-PaymentAgent-de-ApplicationAgentPaymentAg-C28in3waHa31 (auto-CDK), not AgentCorePaymentsProcessPaymentRole
• GetRolePolicy(PaymentDataPlaneAccess) returned the literal Allow-only policy from deploy_payment_agent.py:170-191 — no Deny statements anywhere
• Stack torn down after verification

CLI schema — read the scaffolded agentcore/.llm-context/agentcore.ts. The AgentEnvSpec interface (the runtime config in agentcore.json) has fields name, build, entrypoint, codeLocation, runtimeVersion, envVars, networkMode, networkConfig, instrumentation, protocol, tags, filesystemConfigurations — no executionRoleArn. So binding to a caller-managed role isn't possible with CLI 0.19; the inline-policy approach is the available pattern.

[fahadfa-aws]

@mvangara10 — flagging this for your review when you have a moment. Tagged across the full set of payments-tutorial fixes I've been pushing today; happy to walk through any of them. Audit logs and test evidence are referenced in the PR description.

[fahadfa-aws]

Superseded by #1738 (consolidated PR)