2026/03/31 - AWS Security Agent - 50 new api methods
Changes AWS Security Agent is a service that proactively secures applications throughout the development lifecycle with automated security reviews and on-demand penetration testing.
Stops the execution of a running pentest
See also: AWS API Documentation
Request Syntax
client.stop_pentest_job(
agentSpaceId='string',
pentestJobId='string'
)
string
[REQUIRED]
ID of the agent space where the pentest exists
string
[REQUIRED]
Identifier of the pentest job to stop
dict
Response Syntax
{}
Response Structure
(dict) --
Output for the StopPentestJob operation
Retrieves the Integrations associated with the user's account
See also: AWS API Documentation
Request Syntax
client.list_integrations(
filter={
'provider': 'GITHUB',
'providerType': 'SOURCE_CODE'|'DOCUMENTATION'
},
nextToken='string',
maxResults=123
)
dict
Filter criteria for integrations
provider (string) --
Filter by provider
providerType (string) --
Filter by provider type
string
Token for pagination
integer
Maximum number of results to return
dict
Response Syntax
{
'integrationSummaries': [
{
'integrationId': 'string',
'installationId': 'string',
'provider': 'GITHUB',
'providerType': 'SOURCE_CODE'|'DOCUMENTATION',
'displayName': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
integrationSummaries (list) --
List of integration summaries
(dict) --
Summary information about an integration
integrationId (string) --
Unique identifier of the integration
installationId (string) --
Installation identifier from the provider
provider (string) --
Provider type
providerType (string) --
Type of provider integration
displayName (string) --
Display name for the integration
nextToken (string) --
Token for pagination to retrieve the next set of results
Lists all members associated to an agent space with pagination support
See also: AWS API Documentation
Request Syntax
client.list_memberships(
applicationId='string',
agentSpaceId='string',
memberType='USER'|'ALL',
maxResults=123,
nextToken='string'
)
string
[REQUIRED]
Application identifier
string
[REQUIRED]
Agent space identifier
string
Filter by member type
integer
Maximum number of results to return
string
Token for pagination
dict
Response Syntax
{
'membershipSummaries': [
{
'membershipId': 'string',
'applicationId': 'string',
'agentSpaceId': 'string',
'memberType': 'USER',
'config': {
'user': {
'role': 'MEMBER'
}
},
'metadata': {
'user': {
'username': 'string',
'email': 'string'
}
},
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'createdBy': 'string',
'updatedBy': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Response structure for listing members associated to an agent space
membershipSummaries (list) --
List of membership summaries
(dict) --
Membership summary for list operations
membershipId (string) --
Member identifier (userId or agentSpaceId)
applicationId (string) --
Application identifier
agentSpaceId (string) --
Agent space identifier
memberType (string) --
Type of member
config (dict) --
Configuration specific to the member type
user (dict) --
Configuration for user members
role (string) --
Role of the user associated to the agent space
metadata (dict) --
Member-specific metadata
user (dict) --
User metadata for USER members
username (string) --
User name/display name
email (string) --
User email address
createdAt (datetime) --
Timestamp when the membership was created (ISO 8601)
updatedAt (datetime) --
Timestamp when the membership was last updated (ISO 8601)
createdBy (string) --
User ID who created the membership
updatedBy (string) --
User ID who last updated the membership
nextToken (string) --
Token for next page of results
Starts code remediation for the specified findings
See also: AWS API Documentation
Request Syntax
client.start_code_remediation(
agentSpaceId='string',
pentestJobId='string',
findingIds=[
'string',
]
)
string
[REQUIRED]
ID of the agent space where the pentest job exists
string
[REQUIRED]
Identifier of the pentest job to start code remediation for
list
[REQUIRED]
Identifiers of the findings to start code remediation for
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Output for the StartCodeRemediation operation
Adds a single member to an agent space with specified role
See also: AWS API Documentation
Request Syntax
client.create_membership(
applicationId='string',
agentSpaceId='string',
membershipId='string',
memberType='USER',
config={
'user': {
'role': 'MEMBER'
}
}
)
string
[REQUIRED]
Application identifier
string
[REQUIRED]
Agent space identifier
string
[REQUIRED]
Member identifier (userId or agentSpaceId)
string
[REQUIRED]
Type of member (USER or AGENT_SPACE)
dict
Membership details (user or agent specific)
user (dict) --
Configuration for user members
role (string) --
Role of the user associated to the agent space
dict
Response Syntax
{}
Response Structure
(dict) --
Response structure for adding a single member to an agent space
Creates the Integration of the Security Agent App with an external Provider
See also: AWS API Documentation
Request Syntax
client.create_integration(
provider='GITHUB',
input={
'github': {
'code': 'string',
'state': 'string',
'organizationName': 'string'
}
},
integrationDisplayName='string',
kmsKeyId='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
Provider to integrate with
dict
[REQUIRED]
Provider-specific input parameters
github (dict) --
GitHub integration input
code (string) -- [REQUIRED]
Authorization code from OAuth flow
state (string) -- [REQUIRED]
CSRF state token for OAuth security
organizationName (string) --
Name of the GitHub organization
string
[REQUIRED]
Display name for the integration
string
KMS key ID for encrypting integration details
dict
Tags to associate with the integration
(string) --
Key for a resource tag
(string) --
Value for a resource tag
dict
Response Syntax
{
'integrationId': 'string'
}
Response Structure
(dict) --
integrationId (string) --
Unique identifier of the created integration
Retrieves multiple target domains in a single request
See also: AWS API Documentation
Request Syntax
client.batch_get_target_domains(
targetDomainIds=[
'string',
]
)
list
[REQUIRED]
List of target domain IDs to retrieve
(string) --
dict
Response Syntax
{
'targetDomains': [
{
'targetDomainId': 'string',
'domainName': 'string',
'verificationStatus': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE',
'verificationDetails': {
'method': 'DNS_TXT'|'HTTP_ROUTE',
'dnsTxt': {
'token': 'string',
'dnsRecordName': 'string',
'dnsRecordType': 'TXT'
},
'httpRoute': {
'token': 'string',
'routePath': 'string'
}
},
'createdAt': datetime(2015, 1, 1),
'verifiedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetTargetDomains operation
targetDomains (list) --
List of target domains that were successfully retrieved
(dict) --
Represents a target domain
targetDomainId (string) --
Unique identifier of the target domain
domainName (string) --
Name of the registered target domain
verificationStatus (string) --
Current verification status of the registered target domain
verificationDetails (dict) --
Verification details to verify registered target domain
method (string) --
Type of domain ownership verification method
dnsTxt (dict) --
Represents dns txt verification details
token (string) --
Token used to verify domain ownership
dnsRecordName (string) --
Record name to be added in DNS for target domain
dnsRecordType (string) --
Type of record to be added in DNS for target domain
httpRoute (dict) --
Represents http route verification details
token (string) --
Token used to verify domain ownership
routePath (string) --
Route path where verification token should be placed
createdAt (datetime) --
Timestamp when the target domain was registered
verifiedAt (datetime) --
Timestamp when the target domain was last successfully verified
notFound (list) --
List of target domain IDs that could not be found
(string) --
Initiates the execution of a pentest
See also: AWS API Documentation
Request Syntax
client.start_pentest_job(
agentSpaceId='string',
pentestId='string'
)
string
[REQUIRED]
ID of the agent space where the pentest exists
string
[REQUIRED]
Identifier of the pentest to execute
dict
Response Syntax
{
'title': 'string',
'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'pentestId': 'string',
'pentestJobId': 'string',
'agentSpaceId': 'string'
}
Response Structure
(dict) --
Output for the StartPentestJob operation
title (string) --
Title of the pentest job
status (string) --
Current status of the pentest job
createdAt (datetime) --
Timestamp when the pentest job was created
updatedAt (datetime) --
Timestamp when the pentest job was last updated
pentestId (string) --
Unique identifier of the pentest
pentestJobId (string) --
Unique identifier of the pentest job
agentSpaceId (string) --
ID of the agent space where the pentest exists
Creates a target domain record
See also: AWS API Documentation
Request Syntax
client.create_target_domain(
targetDomainName='string',
verificationMethod='DNS_TXT'|'HTTP_ROUTE',
tags={
'string': 'string'
}
)
string
[REQUIRED]
Domain name of the target domain
string
[REQUIRED]
Verification method for the target domain
dict
Tags to associate with the target domain
(string) --
Key for a resource tag
(string) --
Value for a resource tag
dict
Response Syntax
{
'targetDomainId': 'string',
'domainName': 'string',
'verificationStatus': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE',
'verificationDetails': {
'method': 'DNS_TXT'|'HTTP_ROUTE',
'dnsTxt': {
'token': 'string',
'dnsRecordName': 'string',
'dnsRecordType': 'TXT'
},
'httpRoute': {
'token': 'string',
'routePath': 'string'
}
},
'createdAt': datetime(2015, 1, 1),
'verifiedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Output for the CreateTargetDomain operation
targetDomainId (string) --
Unique identifier of the created target domain
domainName (string) --
Name of the created target domain
verificationStatus (string) --
Current verification status of the registered target domain
verificationDetails (dict) --
Verification details to verify registered target domain
method (string) --
Type of domain ownership verification method
dnsTxt (dict) --
Represents dns txt verification details
token (string) --
Token used to verify domain ownership
dnsRecordName (string) --
Record name to be added in DNS for target domain
dnsRecordType (string) --
Type of record to be added in DNS for target domain
httpRoute (dict) --
Represents http route verification details
token (string) --
Token used to verify domain ownership
routePath (string) --
Route path where verification token should be placed
createdAt (datetime) --
Timestamp when the target domain was registered
verifiedAt (datetime) --
Timestamp when the target domain was last successfully verified
Creates a new application
See also: AWS API Documentation
Request Syntax
client.create_application(
idcInstanceArn='string',
roleArn='string',
defaultKmsKeyId='string',
tags={
'string': 'string'
}
)
string
ARN of the IAM Identity Center instance used for user authentication. Optional for non-IdC applications
string
ARN of the IAM role that the application uses to access AWS resources on your behalf
string
Default KMS key identifier used to encrypt application data
dict
Tags to associate with the application
(string) --
Key for a resource tag
(string) --
Value for a resource tag
dict
Response Syntax
{
'applicationId': 'string'
}
Response Structure
(dict) --
applicationId (string) --
Application ID
Delete an Artifact from the given agent space
See also: AWS API Documentation
Request Syntax
client.delete_artifact(
agentSpaceId='string',
artifactId='string'
)
string
[REQUIRED]
Unique identifier of the agent space
string
[REQUIRED]
Unique identifier of the artifact
dict
Response Syntax
{}
Response Structure
(dict) --
Removes tags from a Security Agent resource
See also: AWS API Documentation
Request Syntax
client.untag_resource(
resourceArn='string',
tagKeys=[
'string',
]
)
string
[REQUIRED]
ARN of the resource to untag
list
[REQUIRED]
List of tag keys to remove from the resource
(string) --
Key for a resource tag
dict
Response Syntax
{}
Response Structure
(dict) --
Output for UntagResource operation
Creates an agent space record
See also: AWS API Documentation
Request Syntax
client.create_agent_space(
name='string',
description='string',
awsResources={
'vpcs': [
{
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
],
'logGroups': [
'string',
],
's3Buckets': [
'string',
],
'secretArns': [
'string',
],
'lambdaFunctionArns': [
'string',
],
'iamRoles': [
'string',
]
},
targetDomainIds=[
'string',
],
codeReviewSettings={
'controlsScanning': True|False,
'generalPurposeScanning': True|False
},
kmsKeyId='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
Name of the agent space
string
Description of the agent space
dict
AWS resource configurations associated with the agent space
vpcs (list) --
VPC configurations that the Security Agent accesses in the customer environment
(dict) --
Customer VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
logGroups (list) --
CloudWatch log group ARNs or names used to store Security Agent logs
(string) --
Log group ARN or name for agent space AWS resources
s3Buckets (list) --
S3 bucket ARNs or names used to store Security Agent artifacts
(string) --
S3 bucket ARN or name for agent space AWS resources
secretArns (list) --
SecretsManager secret ARNs or names used to store tester credentials for pentests
(string) --
Secret ARN or name for agent space AWS resources
lambdaFunctionArns (list) --
Lambda function ARNs or names used to retrieve tester credentials for pentests
(string) --
Lambda function ARN or name for agent space AWS resources
iamRoles (list) --
IAM role ARNs that the Security Agent can assume to access customer resources
(string) --
ARN of an IAM role that the service can assume to access customer resources
list
Target domain IDs to associate with the agent space
(string) --
dict
Configuration for code review analysis, including controls scanning and general purpose scanning settings
controlsScanning (boolean) -- [REQUIRED]
Whether Controls are utilized for code review analysis
generalPurposeScanning (boolean) -- [REQUIRED]
Whether general purpose analysis is performed for code review
string
Identifier of the KMS key used to encrypt data. Can be a key ID, key ARN, alias name, or alias ARN. If not specified, an AWS managed key is used.
dict
Tags to associate with the agent space
(string) --
Key for a resource tag
(string) --
Value for a resource tag
dict
Response Syntax
{
'agentSpaceId': 'string',
'name': 'string',
'description': 'string',
'awsResources': {
'vpcs': [
{
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
],
'logGroups': [
'string',
],
's3Buckets': [
'string',
],
'secretArns': [
'string',
],
'lambdaFunctionArns': [
'string',
],
'iamRoles': [
'string',
]
},
'targetDomainIds': [
'string',
],
'codeReviewSettings': {
'controlsScanning': True|False,
'generalPurposeScanning': True|False
},
'kmsKeyId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Output for the CreateAgentSpace operation
agentSpaceId (string) --
Unique identifier of the created agent space
name (string) --
Name of the created agent space
description (string) --
Description of the created agent space
awsResources (dict) --
AWS resource configurations associated with the agent space
vpcs (list) --
VPC configurations that the Security Agent accesses in the customer environment
(dict) --
Customer VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
logGroups (list) --
CloudWatch log group ARNs or names used to store Security Agent logs
(string) --
Log group ARN or name for agent space AWS resources
s3Buckets (list) --
S3 bucket ARNs or names used to store Security Agent artifacts
(string) --
S3 bucket ARN or name for agent space AWS resources
secretArns (list) --
SecretsManager secret ARNs or names used to store tester credentials for pentests
(string) --
Secret ARN or name for agent space AWS resources
lambdaFunctionArns (list) --
Lambda function ARNs or names used to retrieve tester credentials for pentests
(string) --
Lambda function ARN or name for agent space AWS resources
iamRoles (list) --
IAM role ARNs that the Security Agent can assume to access customer resources
(string) --
ARN of an IAM role that the service can assume to access customer resources
targetDomainIds (list) --
List of target domain IDs registered with the agent space
(string) --
codeReviewSettings (dict) --
Configuration for code review analysis, including controls scanning and general purpose scanning settings
controlsScanning (boolean) --
Whether Controls are utilized for code review analysis
generalPurposeScanning (boolean) --
Whether general purpose analysis is performed for code review
kmsKeyId (string) --
Identifier of the KMS key used to encrypt data. Can be a key ID, key ARN, alias name, or alias ARN. If not specified, an AWS managed key is used.
createdAt (datetime) --
Timestamp when the agent space was created
updatedAt (datetime) --
Timestamp when the agent space was last updated
Lists discovered endpoints associated with a pentest job with optional URI prefix filtering
See also: AWS API Documentation
Request Syntax
client.list_discovered_endpoints(
maxResults=123,
pentestJobId='string',
agentSpaceId='string',
prefix='string',
nextToken='string'
)
integer
Maximum number of discovered endpoints to return in a single request (default: 50)
string
[REQUIRED]
Identifier of the pentest job for which to retrieve discovered endpoints
string
[REQUIRED]
ID of the agent space where the pentest job exists
string
Optional URI prefix filter to narrow down results
string
Token for pagination
dict
Response Syntax
{
'discoveredEndpoints': [
{
'uri': 'string',
'pentestJobId': 'string',
'taskId': 'string',
'agentSpaceId': 'string',
'evidence': 'string',
'operation': 'string',
'description': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListDiscoveredEndpoints operation
discoveredEndpoints (list) --
List of discovered endpoints for the pentest job
(dict) --
Represents a discovered endpoint during pentest execution
uri (string) --
The URI of the discovered endpoint
pentestJobId (string) --
Identifier of the pentest job that discovered this endpoint
taskId (string) --
Identifier of the task that discovered this endpoint
agentSpaceId (string) --
Identifier of the agent space where the endpoint was discovered
evidence (string) --
Optional evidence or additional information about the endpoint
operation (string) --
Operation or action associated with the endpoint
description (string) --
Additional description of the endpoint
nextToken (string) --
Token for pagination to retrieve the next set of results
Lists tags for a Security Agent resource
See also: AWS API Documentation
Request Syntax
client.list_tags_for_resource(
resourceArn='string'
)
string
[REQUIRED]
ARN of the resource to list tags for
dict
Response Syntax
{
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
Output for ListTagsForResource operation
tags (dict) --
Tags associated with the resource
(string) --
Key for a resource tag
(string) --
Value for a resource tag
Removes a single member associated to an agent space
See also: AWS API Documentation
Request Syntax
client.delete_membership(
applicationId='string',
agentSpaceId='string',
membershipId='string',
memberType='USER'
)
string
[REQUIRED]
Application identifier
string
[REQUIRED]
Agent space identifier
string
[REQUIRED]
Member identifier (userId or agentSpaceId)
string
Type of member (USER or AGENT_SPACE)
dict
Response Syntax
{}
Response Structure
(dict) --
Response structure for removing a single member from an agent space
Lists the integrated resources for an agent space
See also: AWS API Documentation
Request Syntax
client.list_integrated_resources(
agentSpaceId='string',
integrationId='string',
resourceType='CODE_REPOSITORY',
nextToken='string',
maxResults=123
)
string
[REQUIRED]
Unique identifier of the agent space
string
Filter integrated resources by a specific integration
string
Filter integrated resources by resource type
string
Token for pagination
integer
Maximum number of results to return
dict
Response Syntax
{
'integratedResourceSummaries': [
{
'integrationId': 'string',
'resource': {
'githubRepository': {
'name': 'string',
'providerResourceId': 'string',
'owner': 'string',
'accessType': 'PRIVATE'|'PUBLIC'
}
},
'capabilities': {
'github': {
'leaveComments': True|False,
'remediateCode': True|False
}
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
integratedResourceSummaries (list) --
List of integrated resources
(dict) --
Summary information about an integrated resource
integrationId (string) --
Unique identifier of the integration
resource (dict) --
The integrated resource details
githubRepository (dict) --
Metadata for a GitHub repository resource
name (string) --
Name of the resource e.g. repository name, etc
providerResourceId (string) --
Unique resource identifier from the vendor
owner (string) --
Owner of the repository
accessType (string) --
Access / Visibility Type of the integrated resource
capabilities (dict) --
Capabilities of the integrated resource
github (dict) --
Capabilities for GitHub repositories
leaveComments (boolean) --
Post code review comments on pull requests
remediateCode (boolean) --
Create pull requests with automated fixes
nextToken (string) --
Token for pagination to retrieve the next set of results
Deletes multiple pentests in a single request
See also: AWS API Documentation
Request Syntax
client.batch_delete_pentests(
pentestIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
List of pentest IDs to delete
(string) --
string
[REQUIRED]
ID of the agent space where the pentests exist
dict
Response Syntax
{
'deleted': [
{
'pentestId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'assets': {
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
'excludeRiskTypes': [
'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
],
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'vpcConfig': {
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
'networkTrafficConfig': {
'rules': [
{
'effect': 'ALLOW'|'DENY',
'pattern': 'string',
'networkTrafficRuleType': 'URL'
},
],
'customHeaders': [
{
'name': 'string',
'value': 'string'
},
]
},
'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'failed': [
{
'pentestId': 'string',
'reason': 'string'
},
]
}
Response Structure
(dict) --
Output for the BatchDeletePentests operation
deleted (list) --
List of successfully deleted pentests
(dict) --
Represents a pentest configuration and execution details
pentestId (string) --
Unique identifier for the pentest
agentSpaceId (string) --
ID of the agent space where the pentest exists
title (string) --
Title or name of the pentest
assets (dict) --
Collection of assets to be tested or used during the pentest
endpoints (list) --
List of web application endpoints to test
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
actors (list) --
List of actors that interact with the system
(dict) --
Represents an entity that interacts with the system during security testing
identifier (string) --
Unique identifier for the actor (case-insensitive)
uris (list) --
List of URIs accessible with the actor's credentials
(string) --
authentication (dict) --
Authentication information used by the actor to access resources
providerType (string) --
Provider type for the authentication credentials
value (string) --
Authentication credential value or reference
description (string) --
Additional description or details about the actor
documents (list) --
List of documents providing context for testing
(dict) --
Information about a document relevant to security testing
s3Location (string) --
S3 storage location of the document
artifactId (string) --
Artifact ID of the document
sourceCode (list) --
List of source code repositories for static analysis
(dict) --
Information about a source code repository for static analysis
s3Location (string) --
S3 storage location of the repository
integratedRepositories (list) --
List of integrated code repositories
(dict) --
Information about an integrated repository
integrationId (string) --
Integration identifier
providerResourceId (string) --
External provider resource identifier, e.g., Github repository identifier
excludeRiskTypes (list) --
A list of risk types excluded from the pentest execution
(string) --
Type of security risk
serviceRole (string) --
Service role ARN for accessing customer resources
logConfig (dict) --
CloudWatch log group and stream prefix where pentest execution logs are stored
logGroup (string) --
Name of the CloudWatch log group
logStream (string) --
Name of the CloudWatch log stream
vpcConfig (dict) --
VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
networkTrafficConfig (dict) --
Configuration for network traffic filtering
rules (list) --
Traffic filtering rules
(dict) --
Network traffic filtering rule
effect (string) --
Action to take when the rule matches
pattern (string) --
Pattern to match against
networkTrafficRuleType (string) --
Type of network traffic rule
customHeaders (list) --
Custom headers for requests
(dict) --
Custom headers to be set for network requests
name (string) --
Name of header to set value for
value (string) --
Value to set for header
codeRemediationStrategy (string) --
Strategy for code remediation on findings
createdAt (datetime) --
Timestamp when the pentest was created
updatedAt (datetime) --
Timestamp when the pentest was last updated
failed (list) --
List of pentests that could not be deleted and the reasons for failure
(dict) --
Information about a failed pentest deletion attempt
pentestId (string) --
Identifier of the pentest that failed to delete
reason (string) --
Reason for the deletion failure
Deletes a target domain record
See also: AWS API Documentation
Request Syntax
client.delete_target_domain(
targetDomainId='string'
)
string
[REQUIRED]
Unique identifier of the target domain to delete
dict
Response Syntax
{
'targetDomainId': 'string'
}
Response Structure
(dict) --
Output for the DeleteTargetDomain operation
targetDomainId (string) --
Unique identifier of the deleted target domain
Adds tags to a Security Agent resource
See also: AWS API Documentation
Request Syntax
client.tag_resource(
resourceArn='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
ARN of the resource to tag
dict
[REQUIRED]
Tags to add to the resource
(string) --
Key for a resource tag
(string) --
Value for a resource tag
dict
Response Syntax
{}
Response Structure
(dict) --
Output for TagResource operation
Retrieves application details by application ID
See also: AWS API Documentation
Request Syntax
client.get_application(
applicationId='string'
)
string
[REQUIRED]
Application ID
dict
Response Syntax
{
'applicationId': 'string',
'domain': 'string',
'applicationName': 'string',
'idcConfiguration': {
'idcApplicationArn': 'string',
'idcInstanceArn': 'string'
},
'roleArn': 'string',
'defaultKmsKeyId': 'string'
}
Response Structure
(dict) --
applicationId (string) --
Application ID
domain (string) --
Domain where the application is available
applicationName (string) --
Name of the application, automatically assigned by the service
idcConfiguration (dict) --
IAM Identity Center configuration for the application
idcApplicationArn (string) --
ARN of the IAM Identity Center application associated with this application
idcInstanceArn (string) --
ARN of the IAM Identity Center instance used for user authentication
roleArn (string) --
ARN of the IAM role that the application uses to access AWS resources on your behalf
defaultKmsKeyId (string) --
Default KMS key identifier used to encrypt application data
Updates an agent space record
See also: AWS API Documentation
Request Syntax
client.update_agent_space(
agentSpaceId='string',
name='string',
description='string',
awsResources={
'vpcs': [
{
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
],
'logGroups': [
'string',
],
's3Buckets': [
'string',
],
'secretArns': [
'string',
],
'lambdaFunctionArns': [
'string',
],
'iamRoles': [
'string',
]
},
targetDomainIds=[
'string',
],
codeReviewSettings={
'controlsScanning': True|False,
'generalPurposeScanning': True|False
}
)
string
[REQUIRED]
ID of the agent space to update
string
Name of the agent space
string
Description of the agent space
dict
AWS resource configurations associated with the agent space
vpcs (list) --
VPC configurations that the Security Agent accesses in the customer environment
(dict) --
Customer VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
logGroups (list) --
CloudWatch log group ARNs or names used to store Security Agent logs
(string) --
Log group ARN or name for agent space AWS resources
s3Buckets (list) --
S3 bucket ARNs or names used to store Security Agent artifacts
(string) --
S3 bucket ARN or name for agent space AWS resources
secretArns (list) --
SecretsManager secret ARNs or names used to store tester credentials for pentests
(string) --
Secret ARN or name for agent space AWS resources
lambdaFunctionArns (list) --
Lambda function ARNs or names used to retrieve tester credentials for pentests
(string) --
Lambda function ARN or name for agent space AWS resources
iamRoles (list) --
IAM role ARNs that the Security Agent can assume to access customer resources
(string) --
ARN of an IAM role that the service can assume to access customer resources
list
Target domain IDs to associate with the agent space
(string) --
dict
Configuration for code review analysis, including controls scanning and general purpose scanning settings
controlsScanning (boolean) -- [REQUIRED]
Whether Controls are utilized for code review analysis
generalPurposeScanning (boolean) -- [REQUIRED]
Whether general purpose analysis is performed for code review
dict
Response Syntax
{
'agentSpaceId': 'string',
'name': 'string',
'description': 'string',
'awsResources': {
'vpcs': [
{
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
],
'logGroups': [
'string',
],
's3Buckets': [
'string',
],
'secretArns': [
'string',
],
'lambdaFunctionArns': [
'string',
],
'iamRoles': [
'string',
]
},
'targetDomainIds': [
'string',
],
'codeReviewSettings': {
'controlsScanning': True|False,
'generalPurposeScanning': True|False
},
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Output for the UpdateAgentSpace operation
agentSpaceId (string) --
Unique identifier of the agent space
name (string) --
Name of the agent space
description (string) --
Description of the agent space
awsResources (dict) --
AWS resource configurations associated with the agent space
vpcs (list) --
VPC configurations that the Security Agent accesses in the customer environment
(dict) --
Customer VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
logGroups (list) --
CloudWatch log group ARNs or names used to store Security Agent logs
(string) --
Log group ARN or name for agent space AWS resources
s3Buckets (list) --
S3 bucket ARNs or names used to store Security Agent artifacts
(string) --
S3 bucket ARN or name for agent space AWS resources
secretArns (list) --
SecretsManager secret ARNs or names used to store tester credentials for pentests
(string) --
Secret ARN or name for agent space AWS resources
lambdaFunctionArns (list) --
Lambda function ARNs or names used to retrieve tester credentials for pentests
(string) --
Lambda function ARN or name for agent space AWS resources
iamRoles (list) --
IAM role ARNs that the Security Agent can assume to access customer resources
(string) --
ARN of an IAM role that the service can assume to access customer resources
targetDomainIds (list) --
List of target domain IDs registered with the agent space
(string) --
codeReviewSettings (dict) --
Configuration for code review analysis, including controls scanning and general purpose scanning settings
controlsScanning (boolean) --
Whether Controls are utilized for code review analysis
generalPurposeScanning (boolean) --
Whether general purpose analysis is performed for code review
createdAt (datetime) --
Timestamp when the agent space was created
updatedAt (datetime) --
Timestamp when the agent space was last updated
Lists the artifacts for the associated agent space
See also: AWS API Documentation
Request Syntax
client.list_artifacts(
agentSpaceId='string',
nextToken='string',
maxResults=123
)
string
[REQUIRED]
Unique identifier of the agent space
string
Token for pagination
integer
Maximum number of results to return
dict
Response Syntax
{
'artifactSummaries': [
{
'artifactId': 'string',
'fileName': 'string',
'artifactType': 'TXT'|'PNG'|'JPEG'|'MD'|'PDF'|'DOCX'|'DOC'|'JSON'|'YAML'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
artifactSummaries (list) --
List of artifact summaries
(dict) --
Summary information about an artifact
artifactId (string) --
Unique identifier of the artifact
fileName (string) --
Name of the artifact file
artifactType (string) --
Type of the artifact file
nextToken (string) --
Token for pagination to retrieve the next set of results
Verifies ownership for a registered target domain
See also: AWS API Documentation
Request Syntax
client.verify_target_domain(
targetDomainId='string'
)
string
[REQUIRED]
Unique identifier of the target domain
dict
Response Syntax
{
'targetDomainId': 'string',
'domainName': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'verifiedAt': datetime(2015, 1, 1),
'status': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE'
}
Response Structure
(dict) --
Output for verifying ownership for a registered target domain in an agent space
targetDomainId (string) --
Unique identifier of the target domain
domainName (string) --
Name of the registered target domain
createdAt (datetime) --
Timestamp when the target domain was registered
updatedAt (datetime) --
Timestamp when the target domain was last updated
verifiedAt (datetime) --
Timestamp when the target domain was last successfully verified
status (string) --
Current verification status of the registered target domain
Retrieve the list of artifact metadata for the given agent space
See also: AWS API Documentation
Request Syntax
client.batch_get_artifact_metadata(
agentSpaceId='string',
artifactIds=[
'string',
]
)
string
[REQUIRED]
Unique identifier of the agent space
list
[REQUIRED]
List of artifact identifiers
(string) --
The id of the artifact
dict
Response Syntax
{
'artifactMetadataList': [
{
'agentSpaceId': 'string',
'artifactId': 'string',
'fileName': 'string',
'updatedAt': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
artifactMetadataList (list) --
List of artifact metadata
(dict) --
Metadata in relation to the artifact
agentSpaceId (string) --
Unique identifier of the agent space
artifactId (string) --
Unique identifier of the artifact
fileName (string) --
Name of the artifact file
updatedAt (datetime) --
Timestamp when the artifact was last updated
Lists pentest jobs associated with a pentest
See also: AWS API Documentation
Request Syntax
client.list_pentest_jobs_for_pentest(
maxResults=123,
pentestId='string',
agentSpaceId='string',
nextToken='string'
)
integer
Maximum number of pentest jobs to return in a single request
string
[REQUIRED]
Identifier of the pentest for which to retrieve associated jobs
string
[REQUIRED]
ID of the agent space where the pentest exists
string
Token for pagination
dict
Response Syntax
{
'pentestJobSummaries': [
{
'pentestJobId': 'string',
'pentestId': 'string',
'title': 'string',
'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListPentestJobsForPentest operation
pentestJobSummaries (list) --
List of pentest job summaries associated with the pentest
(dict) --
Summary information for a pentest job
pentestJobId (string) --
Unique identifier of the pentest job
pentestId (string) --
Identifier of the parent pentest
title (string) --
Title or name of the pentest
status (string) --
Current status of the pentest job
createdAt (datetime) --
Timestamp when the pentest job was created
updatedAt (datetime) --
Timestamp when the pentest job was last updated
nextToken (string) --
Token for pagination to retrieve the next set of results
Retrieves multiple pentests in a single request
See also: AWS API Documentation
Request Syntax
client.batch_get_pentests(
pentestIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
List of pentest IDs to retrieve
(string) --
string
[REQUIRED]
ID of the agent space where the pentest exists
dict
Response Syntax
{
'pentests': [
{
'pentestId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'assets': {
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
'excludeRiskTypes': [
'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
],
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'vpcConfig': {
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
'networkTrafficConfig': {
'rules': [
{
'effect': 'ALLOW'|'DENY',
'pattern': 'string',
'networkTrafficRuleType': 'URL'
},
],
'customHeaders': [
{
'name': 'string',
'value': 'string'
},
]
},
'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetPentests operation
pentests (list) --
List of successfully retrieved pentests
(dict) --
Represents a pentest configuration and execution details
pentestId (string) --
Unique identifier for the pentest
agentSpaceId (string) --
ID of the agent space where the pentest exists
title (string) --
Title or name of the pentest
assets (dict) --
Collection of assets to be tested or used during the pentest
endpoints (list) --
List of web application endpoints to test
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
actors (list) --
List of actors that interact with the system
(dict) --
Represents an entity that interacts with the system during security testing
identifier (string) --
Unique identifier for the actor (case-insensitive)
uris (list) --
List of URIs accessible with the actor's credentials
(string) --
authentication (dict) --
Authentication information used by the actor to access resources
providerType (string) --
Provider type for the authentication credentials
value (string) --
Authentication credential value or reference
description (string) --
Additional description or details about the actor
documents (list) --
List of documents providing context for testing
(dict) --
Information about a document relevant to security testing
s3Location (string) --
S3 storage location of the document
artifactId (string) --
Artifact ID of the document
sourceCode (list) --
List of source code repositories for static analysis
(dict) --
Information about a source code repository for static analysis
s3Location (string) --
S3 storage location of the repository
integratedRepositories (list) --
List of integrated code repositories
(dict) --
Information about an integrated repository
integrationId (string) --
Integration identifier
providerResourceId (string) --
External provider resource identifier, e.g., Github repository identifier
excludeRiskTypes (list) --
A list of risk types excluded from the pentest execution
(string) --
Type of security risk
serviceRole (string) --
Service role ARN for accessing customer resources
logConfig (dict) --
CloudWatch log group and stream prefix where pentest execution logs are stored
logGroup (string) --
Name of the CloudWatch log group
logStream (string) --
Name of the CloudWatch log stream
vpcConfig (dict) --
VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
networkTrafficConfig (dict) --
Configuration for network traffic filtering
rules (list) --
Traffic filtering rules
(dict) --
Network traffic filtering rule
effect (string) --
Action to take when the rule matches
pattern (string) --
Pattern to match against
networkTrafficRuleType (string) --
Type of network traffic rule
customHeaders (list) --
Custom headers for requests
(dict) --
Custom headers to be set for network requests
name (string) --
Name of header to set value for
value (string) --
Value to set for header
codeRemediationStrategy (string) --
Strategy for code remediation on findings
createdAt (datetime) --
Timestamp when the pentest was created
updatedAt (datetime) --
Timestamp when the pentest was last updated
notFound (list) --
List of pentest IDs that could not be found
(string) --
Deletes the Integration of the Security Agent App with an external Provider
See also: AWS API Documentation
Request Syntax
client.delete_integration(
integrationId='string'
)
string
[REQUIRED]
Unique identifier of the integration
dict
Response Syntax
{}
Response Structure
(dict) --
Retrieves multiple pentest jobs in a single request
See also: AWS API Documentation
Request Syntax
client.batch_get_pentest_jobs(
pentestJobIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
List of pentest job IDs to retrieve
(string) --
string
[REQUIRED]
ID of the agent space where the pentest exists
dict
Response Syntax
{
'pentestJobs': [
{
'pentestJobId': 'string',
'pentestId': 'string',
'title': 'string',
'overview': 'string',
'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'excludePaths': [
{
'uri': 'string'
},
],
'allowedDomains': [
{
'uri': 'string'
},
],
'excludeRiskTypes': [
'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
],
'steps': [
{
'name': 'PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING',
'status': 'NOT_STARTED'|'IN_PROGRESS'|'COMPLETED'|'FAILED'|'STOPPED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'executionContext': [
{
'contextType': 'ERROR'|'CLIENT_ERROR'|'WARNING'|'INFO',
'context': 'string',
'timestamp': datetime(2015, 1, 1)
},
],
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'vpcConfig': {
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
'networkTrafficConfig': {
'rules': [
{
'effect': 'ALLOW'|'DENY',
'pattern': 'string',
'networkTrafficRuleType': 'URL'
},
],
'customHeaders': [
{
'name': 'string',
'value': 'string'
},
]
},
'errorInformation': {
'code': 'CLIENT_ERROR'|'INTERNAL_ERROR'|'STOPPED_BY_USER',
'message': 'string'
},
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
],
'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetPentestJobs operation
pentestJobs (list) --
List of successfully retrieved pentest jobs
(dict) --
Represents a pentest job
pentestJobId (string) --
Unique identifier of the pentest job
pentestId (string) --
Identifier of the parent pentest
title (string) --
Title or name of the pentest
overview (string) --
Overview or description of the pentest job
status (string) --
Current status of the pentest job
endpoints (list) --
List of web application endpoints to test
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
actors (list) --
List of actors that interact with the system
(dict) --
Represents an entity that interacts with the system during security testing
identifier (string) --
Unique identifier for the actor (case-insensitive)
uris (list) --
List of URIs accessible with the actor's credentials
(string) --
authentication (dict) --
Authentication information used by the actor to access resources
providerType (string) --
Provider type for the authentication credentials
value (string) --
Authentication credential value or reference
description (string) --
Additional description or details about the actor
documents (list) --
List of documents providing context for testing
(dict) --
Information about a document relevant to security testing
s3Location (string) --
S3 storage location of the document
artifactId (string) --
Artifact ID of the document
sourceCode (list) --
List of source code repositories for static analysis
(dict) --
Information about a source code repository for static analysis
s3Location (string) --
S3 storage location of the repository
excludePaths (list) --
List of URL paths to exclude from testing
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
allowedDomains (list) --
List of allowed domains for network access
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
excludeRiskTypes (list) --
A list of risk types excluded from the pentest job
(string) --
Type of security risk
steps (list) --
List of execution steps for the pentest job
(dict) --
Represents a single step in pentest job execution
name (string) --
Name of the execution step
status (string) --
Current status of the step
createdAt (datetime) --
Timestamp when the step was created
updatedAt (datetime) --
Timestamp when the step was last updated
executionContext (list) --
A list of execution context messages associated with the pentest job
(dict) --
Additional context about a pentest or task execution
contextType (string) --
The category of context
context (string) --
Context associated with a pentest or task execution
timestamp (datetime) --
Timestamp associated with a pentest or task execution
serviceRole (string) --
Service role ARN for accessing customer resources
logConfig (dict) --
CloudWatch log group and stream prefix where pentest job logs are stored
logGroup (string) --
Name of the CloudWatch log group
logStream (string) --
Name of the CloudWatch log stream
vpcConfig (dict) --
VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
networkTrafficConfig (dict) --
Configuration for network traffic filtering
rules (list) --
Traffic filtering rules
(dict) --
Network traffic filtering rule
effect (string) --
Action to take when the rule matches
pattern (string) --
Pattern to match against
networkTrafficRuleType (string) --
Type of network traffic rule
customHeaders (list) --
Custom headers for requests
(dict) --
Custom headers to be set for network requests
name (string) --
Name of header to set value for
value (string) --
Value to set for header
errorInformation (dict) --
Error information regarding the pentest job
code (string) --
Pentest job failure error code
message (string) --
Pentest job failure error message
integratedRepositories (list) --
List of integrated code repositories
(dict) --
Information about an integrated repository
integrationId (string) --
Integration identifier
providerResourceId (string) --
External provider resource identifier, e.g., Github repository identifier
codeRemediationStrategy (string) --
Strategy for code remediation on findings
createdAt (datetime) --
Timestamp when the pentest job was created
updatedAt (datetime) --
Timestamp when the pentest job was last updated
notFound (list) --
List of pentest job IDs that could not be found
(string) --
Initiates the registration of Security Agent App for an external Provider
See also: AWS API Documentation
Request Syntax
client.initiate_provider_registration(
provider='GITHUB'
)
string
[REQUIRED]
Provider to register with
dict
Response Syntax
{
'redirectTo': 'string',
'csrfState': 'string'
}
Response Structure
(dict) --
redirectTo (string) --
OAuth redirect URL
csrfState (string) --
CSRF state token for OAuth security
Creates a new pentest configuration
See also: AWS API Documentation
Request Syntax
client.create_pentest(
title='string',
agentSpaceId='string',
assets={
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
excludeRiskTypes=[
'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
],
serviceRole='string',
logConfig={
'logGroup': 'string',
'logStream': 'string'
},
vpcConfig={
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
networkTrafficConfig={
'rules': [
{
'effect': 'ALLOW'|'DENY',
'pattern': 'string',
'networkTrafficRuleType': 'URL'
},
],
'customHeaders': [
{
'name': 'string',
'value': 'string'
},
]
},
codeRemediationStrategy='AUTOMATIC'|'DISABLED'
)
string
[REQUIRED]
Title of the pentest
string
[REQUIRED]
ID of the agent space where the pentest should be created
dict
Assets to be tested during the pentest
endpoints (list) --
List of web application endpoints to test
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
actors (list) --
List of actors that interact with the system
(dict) --
Represents an entity that interacts with the system during security testing
identifier (string) --
Unique identifier for the actor (case-insensitive)
uris (list) --
List of URIs accessible with the actor's credentials
(string) --
authentication (dict) --
Authentication information used by the actor to access resources
providerType (string) --
Provider type for the authentication credentials
value (string) --
Authentication credential value or reference
description (string) --
Additional description or details about the actor
documents (list) --
List of documents providing context for testing
(dict) --
Information about a document relevant to security testing
s3Location (string) --
S3 storage location of the document
artifactId (string) --
Artifact ID of the document
sourceCode (list) --
List of source code repositories for static analysis
(dict) --
Information about a source code repository for static analysis
s3Location (string) --
S3 storage location of the repository
integratedRepositories (list) --
List of integrated code repositories
(dict) --
Information about an integrated repository
integrationId (string) -- [REQUIRED]
Integration identifier
providerResourceId (string) -- [REQUIRED]
External provider resource identifier, e.g., Github repository identifier
list
A list of risk types excluded from the pentest execution
(string) --
Type of security risk
string
Service role ARN for accessing customer resources
dict
CloudWatch log group and stream prefix where pentest execution logs are stored
logGroup (string) --
Name of the CloudWatch log group
logStream (string) --
Name of the CloudWatch log stream
dict
VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
dict
Configuration for network traffic filtering
rules (list) --
Traffic filtering rules
(dict) --
Network traffic filtering rule
effect (string) --
Action to take when the rule matches
pattern (string) --
Pattern to match against
networkTrafficRuleType (string) --
Type of network traffic rule
customHeaders (list) --
Custom headers for requests
(dict) --
Custom headers to be set for network requests
name (string) --
Name of header to set value for
value (string) --
Value to set for header
string
Strategy for code remediation on findings
dict
Response Syntax
{
'pentestId': 'string',
'title': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'assets': {
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
'excludeRiskTypes': [
'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
],
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'agentSpaceId': 'string'
}
Response Structure
(dict) --
Output for the CreatePentest operation
pentestId (string) --
Unique identifier of the created pentest
title (string) --
Title of the created pentest
createdAt (datetime) --
Timestamp when the pentest was created
updatedAt (datetime) --
Timestamp when the pentest was last updated
assets (dict) --
Assets to be tested in the created pentest
endpoints (list) --
List of web application endpoints to test
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
actors (list) --
List of actors that interact with the system
(dict) --
Represents an entity that interacts with the system during security testing
identifier (string) --
Unique identifier for the actor (case-insensitive)
uris (list) --
List of URIs accessible with the actor's credentials
(string) --
authentication (dict) --
Authentication information used by the actor to access resources
providerType (string) --
Provider type for the authentication credentials
value (string) --
Authentication credential value or reference
description (string) --
Additional description or details about the actor
documents (list) --
List of documents providing context for testing
(dict) --
Information about a document relevant to security testing
s3Location (string) --
S3 storage location of the document
artifactId (string) --
Artifact ID of the document
sourceCode (list) --
List of source code repositories for static analysis
(dict) --
Information about a source code repository for static analysis
s3Location (string) --
S3 storage location of the repository
integratedRepositories (list) --
List of integrated code repositories
(dict) --
Information about an integrated repository
integrationId (string) --
Integration identifier
providerResourceId (string) --
External provider resource identifier, e.g., Github repository identifier
excludeRiskTypes (list) --
A list of risk types excluded from the pentest execution
(string) --
Type of security risk
serviceRole (string) --
Service role ARN for accessing customer resources
logConfig (dict) --
CloudWatch log group and stream prefix where pentest execution logs are stored
logGroup (string) --
Name of the CloudWatch log group
logStream (string) --
Name of the CloudWatch log stream
agentSpaceId (string) --
ID of the agent space where the pentest was created
Updates a target domain record
See also: AWS API Documentation
Request Syntax
client.update_target_domain(
targetDomainId='string',
verificationMethod='DNS_TXT'|'HTTP_ROUTE'
)
string
[REQUIRED]
Unique identifier of the target domain to update
string
[REQUIRED]
Verification method for the target domain
dict
Response Syntax
{
'targetDomainId': 'string',
'domainName': 'string',
'verificationStatus': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE',
'verificationDetails': {
'method': 'DNS_TXT'|'HTTP_ROUTE',
'dnsTxt': {
'token': 'string',
'dnsRecordName': 'string',
'dnsRecordType': 'TXT'
},
'httpRoute': {
'token': 'string',
'routePath': 'string'
}
},
'createdAt': datetime(2015, 1, 1),
'verifiedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Output for the UpdateTargetDomain operation
targetDomainId (string) --
Unique identifier of the target domain
domainName (string) --
Name of the target domain
verificationStatus (string) --
Current verification status of the registered target domain
verificationDetails (dict) --
Verification details to verify registered target domain
method (string) --
Type of domain ownership verification method
dnsTxt (dict) --
Represents dns txt verification details
token (string) --
Token used to verify domain ownership
dnsRecordName (string) --
Record name to be added in DNS for target domain
dnsRecordType (string) --
Type of record to be added in DNS for target domain
httpRoute (dict) --
Represents http route verification details
token (string) --
Token used to verify domain ownership
routePath (string) --
Route path where verification token should be placed
createdAt (datetime) --
Timestamp when the target domain was registered
verifiedAt (datetime) --
Timestamp when the target domain was last successfully verified
Lists all applications in the account
See also: AWS API Documentation
Request Syntax
client.list_applications(
nextToken='string',
maxResults=123
)
string
Token for pagination
integer
Maximum number of results to return
dict
Response Syntax
{
'applicationSummaries': [
{
'applicationId': 'string',
'applicationName': 'string',
'domain': 'string',
'defaultKmsKeyId': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
applicationSummaries (list) --
List of application summaries
(dict) --
Application summary for list operations
applicationId (string) --
Unique identifier of the application
applicationName (string) --
Name of the application, automatically assigned by the service
domain (string) --
Domain where the application is available
defaultKmsKeyId (string) --
Default KMS key identifier used to encrypt application data
nextToken (string) --
Token for next page of results
Lists pentests with optional filtering by status
See also: AWS API Documentation
Request Syntax
client.list_pentests(
maxResults=123,
nextToken='string',
agentSpaceId='string'
)
integer
Maximum number of pentests to return in a single request
string
Token for pagination
string
[REQUIRED]
ID of the agent space where the pentest exists
dict
Response Syntax
{
'pentestSummaries': [
{
'pentestId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListPentests operation
pentestSummaries (list) --
List of pentest summaries matching the filter criteria
(dict) --
Summary information for a pentest
pentestId (string) --
Unique identifier for the pentest
agentSpaceId (string) --
ID of the agent space where the pentest exists
title (string) --
Title or name of the pentest
createdAt (datetime) --
Timestamp when the pentest was created
updatedAt (datetime) --
Timestamp when the pentest was last updated
nextToken (string) --
Token for pagination to retrieve the next set of results
Lists findings with filtering and pagination support. When filters are applied, the actual number of results returned may be less than the specified limit
See also: AWS API Documentation
Request Syntax
client.list_findings(
maxResults=123,
pentestJobId='string',
agentSpaceId='string',
nextToken='string',
riskType='string',
riskLevel='UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
status='ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
confidence='FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
name='string'
)
integer
Maximum number of findings to return in a single request (default: 50)
string
[REQUIRED]
Identifier of the pentest job for which to retrieve associated findings
string
[REQUIRED]
ID of the agent space where the pentest job exists
string
Token for pagination
string
Filter findings by risk type
string
Filter findings by risk level
string
Filter findings by status
string
Filter findings by confidence level
string
Filter findings by name (case-insensitive substring search)
dict
Response Syntax
{
'findingsSummaries': [
{
'findingId': 'string',
'agentSpaceId': 'string',
'pentestId': 'string',
'pentestJobId': 'string',
'name': 'string',
'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
'riskType': 'string',
'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListFindings operation
findingsSummaries (list) --
List of finding summaries matching the filter criteria
(dict) --
Summary information for a security finding
findingId (string) --
Unique identifier for the finding
agentSpaceId (string) --
Identifier of the agent space that created this finding
pentestId (string) --
Identifier of the parent pentest
pentestJobId (string) --
Identifier of the pentest job
name (string) --
Name or title of the finding
status (string) --
Current status of the finding
riskType (string) --
Type of security risk identified
riskLevel (string) --
Severity level of the identified risk
confidence (string) --
Confidence level of the finding
createdAt (datetime) --
Timestamp when the finding was created
updatedAt (datetime) --
Timestamp when the finding was last updated
nextToken (string) --
Token for pagination to retrieve the next set of results
Lists target domains
See also: AWS API Documentation
Request Syntax
client.list_target_domains(
nextToken='string',
maxResults=123
)
string
Token for pagination
integer
Maximum number of target domains to return
dict
Response Syntax
{
'targetDomainSummaries': [
{
'targetDomainId': 'string',
'domainName': 'string',
'verificationStatus': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListTargetDomains operation
targetDomainSummaries (list) --
List of target domain summaries
(dict) --
Summary information for a target domain
targetDomainId (string) --
Unique identifier of the target domain
domainName (string) --
Name of the registered target domain
verificationStatus (string) --
Current verification status of the registered target domain
nextToken (string) --
Token for next page of results
Updates an existing security finding with new details or status
See also: AWS API Documentation
Request Syntax
client.update_finding(
findingId='string',
agentSpaceId='string',
riskLevel='UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
status='ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE'
)
string
[REQUIRED]
Identifier of the finding to update
string
[REQUIRED]
ID of the agent space where the finding exists
string
Updated severity level of the identified risk
string
Updated status of the finding
dict
Response Syntax
{}
Response Structure
(dict) --
Output for the UpdateFinding operation
Retrieve an Artifact for the given agent space
See also: AWS API Documentation
Request Syntax
client.get_artifact(
agentSpaceId='string',
artifactId='string'
)
string
[REQUIRED]
Unique identifier of the agent space
string
[REQUIRED]
Unique identifier of the artifact
dict
Response Syntax
{
'agentSpaceId': 'string',
'artifactId': 'string',
'artifact': {
'contents': 'string',
'type': 'TXT'|'PNG'|'JPEG'|'MD'|'PDF'|'DOCX'|'DOC'|'JSON'|'YAML'
},
'fileName': 'string',
'updatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
agentSpaceId (string) --
Unique identifier of the agent space
artifactId (string) --
Unique identifier of the artifact
artifact (dict) --
Artifact details
contents (string) --
The content of the artifact
type (string) --
The file type of the artifact
fileName (string) --
Name of the artifact file
updatedAt (datetime) --
Timestamp when the artifact was last updated
Retrieves multiple findings in a single request
See also: AWS API Documentation
Request Syntax
client.batch_get_findings(
findingIds=[
'string',
],
agentSpaceId='string'
)
list
[REQUIRED]
List of finding IDs to retrieve
(string) --
string
[REQUIRED]
ID of the agent space where the findings exist
dict
Response Syntax
{
'findings': [
{
'findingId': 'string',
'agentSpaceId': 'string',
'pentestId': 'string',
'pentestJobId': 'string',
'taskId': 'string',
'name': 'string',
'description': 'string',
'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
'riskType': 'string',
'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'riskScore': 'string',
'reasoning': 'string',
'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
'attackScript': 'string',
'codeRemediationTask': {
'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED',
'statusReason': 'string',
'taskDetails': [
{
'repoName': 'string',
'codeDiffLink': 'string',
'pullRequestLink': 'string'
},
]
},
'lastUpdatedBy': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetFindings operation
findings (list) --
List of successfully retrieved findings
(dict) --
Represents a security vulnerability or issue discovered during testing
findingId (string) --
Unique identifier for the finding
agentSpaceId (string) --
Identifier of the agent space that created this finding
pentestId (string) --
Identifier of the parent pentest
pentestJobId (string) --
Identifier of the pentest job
taskId (string) --
Identifier of the associated task
name (string) --
Name or title of the finding
description (string) --
Detailed description of the security vulnerability
status (string) --
Current status of the finding
riskType (string) --
Type of security risk identified
riskLevel (string) --
Severity level of the identified risk
riskScore (string) --
Risk score associated with the finding
reasoning (string) --
Justification for the assigned risk score
confidence (string) --
Confidence level of the finding
attackScript (string) --
Proof-of-concept code demonstrating the vulnerability
codeRemediationTask (dict) --
Code remediation task associated with this finding
status (string) --
Current status of the code remediation task
statusReason (string) --
Reason for the current code remediation task status
taskDetails (list) --
Details of the code remediation for each repository
(dict) --
Code remediation details for a single repository
repoName (string) --
Name of the repository
codeDiffLink (string) --
Link to the code diff for the remediation
pullRequestLink (string) --
Link to the pull request for the remediation
lastUpdatedBy (string) --
Identifier of the task or agent that last updated this finding
createdAt (datetime) --
Timestamp when the finding was created
updatedAt (datetime) --
Timestamp when the finding was last updated
notFound (list) --
List of finding IDs that could not be found
(string) --
Lists tasks associated with a specific pentest job
See also: AWS API Documentation
Request Syntax
client.list_pentest_job_tasks(
agentSpaceId='string',
maxResults=123,
pentestJobId='string',
stepName='PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING',
categoryName='string',
nextToken='string'
)
string
[REQUIRED]
ID of the agent space where the pentest exists
integer
Maximum number of tasks to return in a single request
string
Identifier of the pentest job whose tasks to list
string
Filter tasks by step name
string
Filter tasks by category name.
string
Token for pagination to retrieve the next set of results
dict
Response Syntax
{
'taskSummaries': [
{
'taskId': 'string',
'pentestId': 'string',
'pentestJobId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'riskType': 'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListPentestJobTasks operation
taskSummaries (list) --
List of task summaries associated with the specified pentest job
(dict) --
Summary information for a task
taskId (string) --
Unique identifier for the task
pentestId (string) --
Identifier of the parent pentest
pentestJobId (string) --
Identifier of the pentest job this task belongs to
agentSpaceId (string) --
Identifier of the agent space this task belongs to
title (string) --
Title or name of the task
riskType (string) --
Type of security risk this task is designed to test
executionStatus (string) --
Current status of the task execution
createdAt (datetime) --
Timestamp when the task was created
updatedAt (datetime) --
Timestamp when the task was last updated
nextToken (string) --
Token for pagination to retrieve the next set of results
Lists agent spaces
See also: AWS API Documentation
Request Syntax
client.list_agent_spaces(
nextToken='string',
maxResults=123
)
string
Token for pagination
integer
Maximum number of agent spaces to return
dict
Response Syntax
{
'agentSpaceSummaries': [
{
'agentSpaceId': 'string',
'name': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for the ListAgentSpaces operation
agentSpaceSummaries (list) --
List of agent space summaries
(dict) --
Summary information for an agent space
agentSpaceId (string) --
Unique identifier of the agent space
name (string) --
Name of the agent space
createdAt (datetime) --
Timestamp when the agent space was created
updatedAt (datetime) --
Timestamp when the agent space was last updated
nextToken (string) --
Token for next page of results
Updates an existing pentest with new configuration or settings
See also: AWS API Documentation
Request Syntax
client.update_pentest(
pentestId='string',
agentSpaceId='string',
title='string',
assets={
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
excludeRiskTypes=[
'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
],
serviceRole='string',
logConfig={
'logGroup': 'string',
'logStream': 'string'
},
vpcConfig={
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
networkTrafficConfig={
'rules': [
{
'effect': 'ALLOW'|'DENY',
'pattern': 'string',
'networkTrafficRuleType': 'URL'
},
],
'customHeaders': [
{
'name': 'string',
'value': 'string'
},
]
},
codeRemediationStrategy='AUTOMATIC'|'DISABLED'
)
string
[REQUIRED]
Identifier of the pentest to update
string
[REQUIRED]
ID of the agent space where the pentest exists
string
New title for the pentest
dict
Updated assets to be tested
endpoints (list) --
List of web application endpoints to test
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
actors (list) --
List of actors that interact with the system
(dict) --
Represents an entity that interacts with the system during security testing
identifier (string) --
Unique identifier for the actor (case-insensitive)
uris (list) --
List of URIs accessible with the actor's credentials
(string) --
authentication (dict) --
Authentication information used by the actor to access resources
providerType (string) --
Provider type for the authentication credentials
value (string) --
Authentication credential value or reference
description (string) --
Additional description or details about the actor
documents (list) --
List of documents providing context for testing
(dict) --
Information about a document relevant to security testing
s3Location (string) --
S3 storage location of the document
artifactId (string) --
Artifact ID of the document
sourceCode (list) --
List of source code repositories for static analysis
(dict) --
Information about a source code repository for static analysis
s3Location (string) --
S3 storage location of the repository
integratedRepositories (list) --
List of integrated code repositories
(dict) --
Information about an integrated repository
integrationId (string) -- [REQUIRED]
Integration identifier
providerResourceId (string) -- [REQUIRED]
External provider resource identifier, e.g., Github repository identifier
list
A list of risk types excluded from the pentest execution
(string) --
Type of security risk
string
Updated service role ARN for accessing customer resources
dict
CloudWatch log group and stream prefix where pentest execution logs are stored
logGroup (string) --
Name of the CloudWatch log group
logStream (string) --
Name of the CloudWatch log stream
dict
VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
dict
Configuration for network traffic filtering
rules (list) --
Traffic filtering rules
(dict) --
Network traffic filtering rule
effect (string) --
Action to take when the rule matches
pattern (string) --
Pattern to match against
networkTrafficRuleType (string) --
Type of network traffic rule
customHeaders (list) --
Custom headers for requests
(dict) --
Custom headers to be set for network requests
name (string) --
Name of header to set value for
value (string) --
Value to set for header
string
Strategy for code remediation on findings
dict
Response Syntax
{
'pentestId': 'string',
'title': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1),
'assets': {
'endpoints': [
{
'uri': 'string'
},
],
'actors': [
{
'identifier': 'string',
'uris': [
'string',
],
'authentication': {
'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
'value': 'string'
},
'description': 'string'
},
],
'documents': [
{
's3Location': 'string',
'artifactId': 'string'
},
],
'sourceCode': [
{
's3Location': 'string'
},
],
'integratedRepositories': [
{
'integrationId': 'string',
'providerResourceId': 'string'
},
]
},
'excludeRiskTypes': [
'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
],
'serviceRole': 'string',
'logConfig': {
'logGroup': 'string',
'logStream': 'string'
},
'agentSpaceId': 'string'
}
Response Structure
(dict) --
Output for the UpdatePentest operation
pentestId (string) --
Unique identifier of the updated pentest
title (string) --
Title of the updated pentest
createdAt (datetime) --
Timestamp when the pentest was created
updatedAt (datetime) --
Timestamp when the pentest was last updated
assets (dict) --
Assets to be tested in the updated pentest
endpoints (list) --
List of web application endpoints to test
(dict) --
Represents a web application endpoint to be tested
uri (string) --
URI of the endpoint to test
actors (list) --
List of actors that interact with the system
(dict) --
Represents an entity that interacts with the system during security testing
identifier (string) --
Unique identifier for the actor (case-insensitive)
uris (list) --
List of URIs accessible with the actor's credentials
(string) --
authentication (dict) --
Authentication information used by the actor to access resources
providerType (string) --
Provider type for the authentication credentials
value (string) --
Authentication credential value or reference
description (string) --
Additional description or details about the actor
documents (list) --
List of documents providing context for testing
(dict) --
Information about a document relevant to security testing
s3Location (string) --
S3 storage location of the document
artifactId (string) --
Artifact ID of the document
sourceCode (list) --
List of source code repositories for static analysis
(dict) --
Information about a source code repository for static analysis
s3Location (string) --
S3 storage location of the repository
integratedRepositories (list) --
List of integrated code repositories
(dict) --
Information about an integrated repository
integrationId (string) --
Integration identifier
providerResourceId (string) --
External provider resource identifier, e.g., Github repository identifier
excludeRiskTypes (list) --
A list of risk types excluded from the pentest execution
(string) --
Type of security risk
serviceRole (string) --
Service role ARN for accessing customer resources
logConfig (dict) --
CloudWatch log group and stream prefix where pentest execution logs are stored
logGroup (string) --
Name of the CloudWatch log group
logStream (string) --
Name of the CloudWatch log stream
agentSpaceId (string) --
ID of the agent space where the pentest exists
Deletes an agent space record
See also: AWS API Documentation
Request Syntax
client.delete_agent_space(
agentSpaceId='string'
)
string
[REQUIRED]
Unique identifier of the agent space to delete
dict
Response Syntax
{
'agentSpaceId': 'string'
}
Response Structure
(dict) --
Output for the DeleteAgentSpace operation
agentSpaceId (string) --
Unique identifier of the deleted agent space
Retrieves multiple agent spaces in a single request
See also: AWS API Documentation
Request Syntax
client.batch_get_agent_spaces(
agentSpaceIds=[
'string',
]
)
list
[REQUIRED]
List of agent space IDs to retrieve
(string) --
Unique identifier of the agent space
dict
Response Syntax
{
'agentSpaces': [
{
'agentSpaceId': 'string',
'name': 'string',
'description': 'string',
'awsResources': {
'vpcs': [
{
'vpcArn': 'string',
'securityGroupArns': [
'string',
],
'subnetArns': [
'string',
]
},
],
'logGroups': [
'string',
],
's3Buckets': [
'string',
],
'secretArns': [
'string',
],
'lambdaFunctionArns': [
'string',
],
'iamRoles': [
'string',
]
},
'targetDomainIds': [
'string',
],
'codeReviewSettings': {
'controlsScanning': True|False,
'generalPurposeScanning': True|False
},
'kmsKeyId': 'string',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetAgentSpaces operation
agentSpaces (list) --
List of agent spaces that were successfully retrieved
(dict) --
Agent space structure
agentSpaceId (string) --
Unique identifier of the agent space
name (string) --
Name of the agent space
description (string) --
Description of the agent space
awsResources (dict) --
AWS resource configurations
vpcs (list) --
VPC configurations that the Security Agent accesses in the customer environment
(dict) --
Customer VPC configuration that the Security Agent accesses
vpcArn (string) --
ARN or ID of the customer VPC
securityGroupArns (list) --
List of security group ARNs or IDs in the customer VPC
(string) --
ARN or ID of a security group
subnetArns (list) --
List of subnet ARNs or IDs in the customer VPC
(string) --
ARN or ID of a subnet
logGroups (list) --
CloudWatch log group ARNs or names used to store Security Agent logs
(string) --
Log group ARN or name for agent space AWS resources
s3Buckets (list) --
S3 bucket ARNs or names used to store Security Agent artifacts
(string) --
S3 bucket ARN or name for agent space AWS resources
secretArns (list) --
SecretsManager secret ARNs or names used to store tester credentials for pentests
(string) --
Secret ARN or name for agent space AWS resources
lambdaFunctionArns (list) --
Lambda function ARNs or names used to retrieve tester credentials for pentests
(string) --
Lambda function ARN or name for agent space AWS resources
iamRoles (list) --
IAM role ARNs that the Security Agent can assume to access customer resources
(string) --
ARN of an IAM role that the service can assume to access customer resources
targetDomainIds (list) --
List of target domain IDs registered with the agent space
(string) --
codeReviewSettings (dict) --
Configuration for code review analysis, including controls scanning and general purpose scanning settings
controlsScanning (boolean) --
Whether Controls are utilized for code review analysis
generalPurposeScanning (boolean) --
Whether general purpose analysis is performed for code review
kmsKeyId (string) --
Identifier of the KMS key used to encrypt data. Can be a key ID, key ARN, alias name, or alias ARN. If not specified, an AWS managed key is used.
createdAt (datetime) --
Timestamp when the agent space was created
updatedAt (datetime) --
Timestamp when the agent space was last updated
notFound (list) --
List of agent space IDs that could not be found
(string) --
Unique identifier of the agent space
Retrieves multiple tasks for a pentest job in a single request
See also: AWS API Documentation
Request Syntax
client.batch_get_pentest_job_tasks(
agentSpaceId='string',
taskIds=[
'string',
]
)
string
[REQUIRED]
ID of the agent space where the pentest exists
list
[REQUIRED]
List of task IDs to retrieve
(string) --
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'pentestId': 'string',
'pentestJobId': 'string',
'agentSpaceId': 'string',
'title': 'string',
'description': 'string',
'categories': [
{
'name': 'string',
'isPrimary': True|False
},
],
'riskType': 'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
'targetEndpoint': {
'uri': 'string'
},
'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
'logsLocation': {
'logType': 'CLOUDWATCH',
'cloudWatchLog': {
'logGroup': 'string',
'logStream': 'string'
}
},
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'notFound': [
'string',
]
}
Response Structure
(dict) --
Output for the BatchGetPentestJobTasks operation
tasks (list) --
List of successfully retrieved tasks
(dict) --
Represents a task within a pentest job
taskId (string) --
Unique identifier for the task
pentestId (string) --
Identifier of the parent pentest
pentestJobId (string) --
Identifier of the pentest job this task belongs to
agentSpaceId (string) --
Identifier of the agent space this task belongs to
title (string) --
Title or name of the task
description (string) --
Detailed description of the task's purpose and scope
categories (list) --
List of categories associated with this task
(dict) --
Represents a category classification for tasks
name (string) --
Name of the category
isPrimary (boolean) --
Whether this is the primary category for the task
riskType (string) --
Type of security risk this task is designed to test
targetEndpoint (dict) --
Target endpoint for this security test
uri (string) --
URI of the endpoint to test
executionStatus (string) --
Current status of the task execution
logsLocation (dict) --
Location of execution logs for auditing and review
logType (string) --
Type of log storage
cloudWatchLog (dict) --
CloudWatch log information if logs are stored in CloudWatch
logGroup (string) --
Name of the CloudWatch log group
logStream (string) --
Name of the CloudWatch log stream
createdAt (datetime) --
Timestamp when the task was created
updatedAt (datetime) --
Timestamp when the task was last updated
notFound (list) --
List of task IDs that could not be found
(string) --
Adds an Artifact for the given agent space
See also: AWS API Documentation
Request Syntax
client.add_artifact(
agentSpaceId='string',
artifactContent=b'bytes',
artifactType='TXT'|'PNG'|'JPEG'|'MD'|'PDF'|'DOCX'|'DOC'|'JSON'|'YAML',
fileName='string'
)
string
[REQUIRED]
Unique identifier of the agent space
bytes
[REQUIRED]
Binary content of the artifact
string
[REQUIRED]
Type of the artifact file
string
[REQUIRED]
Name of the artifact file
dict
Response Syntax
{
'artifactId': 'string'
}
Response Structure
(dict) --
artifactId (string) --
Unique identifier of the created artifact
Updates application configuration
See also: AWS API Documentation
Request Syntax
client.update_application(
applicationId='string',
roleArn='string',
defaultKmsKeyId='string'
)
string
[REQUIRED]
Application ID
string
ARN of the IAM role that the application uses to access AWS resources on your behalf
string
Default KMS key identifier. Use an empty string to remove the default KMS key.
dict
Response Syntax
{
'applicationId': 'string'
}
Response Structure
(dict) --
applicationId (string) --
Application ID
Gets Integration metadata from the provided id
See also: AWS API Documentation
Request Syntax
client.get_integration(
integrationId='string'
)
string
[REQUIRED]
Unique identifier of the integration
dict
Response Syntax
{
'integrationId': 'string',
'installationId': 'string',
'provider': 'GITHUB',
'providerType': 'SOURCE_CODE'|'DOCUMENTATION',
'displayName': 'string',
'kmsKeyId': 'string'
}
Response Structure
(dict) --
integrationId (string) --
Unique identifier of the integration
installationId (string) --
Installation identifier from the provider
provider (string) --
Provider type
providerType (string) --
Type of provider integration
displayName (string) --
Display name for the integration
kmsKeyId (string) --
KMS key ID for encrypting integration details
Updates the integrated resources for an agent space
See also: AWS API Documentation
Request Syntax
client.update_integrated_resources(
agentSpaceId='string',
integrationId='string',
items=[
{
'resource': {
'githubRepository': {
'name': 'string',
'owner': 'string'
}
},
'capabilities': {
'github': {
'leaveComments': True|False,
'remediateCode': True|False
}
}
},
]
)
string
[REQUIRED]
Unique identifier of the agent space
string
[REQUIRED]
Unique identifier of the integration
list
[REQUIRED]
List of integrated resources to update
(dict) --
Input item for updating an integrated resource
resource (dict) -- [REQUIRED]
Configuration of the resource
githubRepository (dict) --
GitHub repository resource
name (string) -- [REQUIRED]
Name of the resource e.g. repository name, etc
owner (string) -- [REQUIRED]
Owner of the repository
capabilities (dict) --
Provider-specific capabilities for the resource
github (dict) --
Capabilities for GitHub repositories
leaveComments (boolean) --
Post code review comments on pull requests
remediateCode (boolean) --
Create pull requests with automated fixes
dict
Response Syntax
{}
Response Structure
(dict) --
Deletes an application
See also: AWS API Documentation
Request Syntax
client.delete_application(
applicationId='string'
)
string
[REQUIRED]
Application ID
None