AWS API Changes

2026/06/17 - AWS Security Agent - 31 new 21 updated api methods

Changes Updated AWS Security Agent SDK model with new APIs for threat modeling, code review, security requirements, and additional integration providers.

BatchGetSecurityRequirements (new)

Link ¶

Batch retrieves security requirements from a pack.

See also: AWS API Documentation

Request Syntax

client.batch_get_security_requirements(
    packId='string',
    securityRequirementNames=[
        'string',
    ]
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to retrieve requirements from.

type securityRequirementNames:

list

param securityRequirementNames:

[REQUIRED]

The list of security requirement names to retrieve.

(string) --

rtype:

dict

returns:

Response Syntax

{
    'securityRequirements': [
        {
            'packId': 'string',
            'name': 'string',
            'description': 'string',
            'domain': 'string',
            'evaluation': 'string',
            'remediation': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'errors': [
        {
            'securityRequirementName': 'string',
            'code': 'string',
            'message': 'string'
        },
    ]
}

Response Structure

(dict) --
- securityRequirements (list) --
  
  The list of security requirements that were successfully retrieved.
  - (dict) --
    
    Contains information about a successfully retrieved security requirement.
    - packId (string) --
      
      The unique identifier of the pack containing the security requirement.
    - name (string) --
      
      The name of the security requirement.
    - description (string) --
      
      A description of the security requirement.
    - domain (string) --
      
      The security domain the requirement belongs to.
    - evaluation (string) --
      
      The evaluation criteria used to assess compliance with this requirement.
    - remediation (string) --
      
      The recommended remediation steps when the requirement is not met.
    - createdAt (datetime) --
      
      The date and time the security requirement was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the security requirement was last updated, in UTC format.
- errors (list) --
  
  The list of errors for security requirements that failed to be retrieved.
  - (dict) --
    
    Contains information about an error that occurred for a specific security requirement during a batch operation.
    - securityRequirementName (string) --
      
      The name of the security requirement that caused the error.
    - code (string) --
      
      The error code.
    - message (string) --
      
      The error message.

CreateSecurityRequirementPack (new)

Link ¶

Creates a customer managed security requirement pack.

See also: AWS API Documentation

Request Syntax

client.create_security_requirement_pack(
    name='string',
    description='string',
    status='ENABLED'|'DISABLED',
    kmsKeyId='string',
    tags={
        'string': 'string'
    }
)

type name:

string

param name:

[REQUIRED]

The name of the security requirement pack.

type description:

string

param description:

A description of the security requirement pack.

type status:

string

param status:

The status of the pack. Defaults to ENABLED if not provided.

type kmsKeyId:

string

param kmsKeyId:

The identifier of the AWS KMS key used to encrypt pack contents.

type tags:

dict

param tags:

The tags to associate with the security requirement pack.

(string) --

Key for a resource tag.
- (string) --
  
  Value for a resource tag.

rtype:

dict

returns:

Response Syntax

{
    'packId': 'string',
    'status': 'ENABLED'|'DISABLED',
    'kmsKeyId': 'string'
}

Response Structure

(dict) --
- packId (string) --
  
  The unique identifier of the created security requirement pack.
- status (string) --
  
  The status of the created security requirement pack.
- kmsKeyId (string) --
  
  The identifier of the AWS KMS key used to encrypt pack contents.

UpdateSecurityRequirementPack (new)

Link ¶

Updates a security requirement pack. For customer managed packs, both metadata and status can be updated. For AWS managed packs, only status can be updated.

See also: AWS API Documentation

Request Syntax

client.update_security_requirement_pack(
    packId='string',
    name='string',
    description='string',
    status='ENABLED'|'DISABLED'
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to update.

type name:

string

param name:

The updated name of the security requirement pack.

type description:

string

param description:

The updated description of the security requirement pack.

type status:

string

param status:

The updated status of the security requirement pack.

rtype:

dict

returns:

Response Syntax

{
    'packId': 'string',
    'name': 'string',
    'description': 'string',
    'status': 'ENABLED'|'DISABLED'
}

Response Structure

(dict) --
- packId (string) --
  
  The unique identifier of the security requirement pack.
- name (string) --
  
  The name of the security requirement pack.
- description (string) --
  
  The description of the security requirement pack.
- status (string) --
  
  The status of the security requirement pack.

ListSecurityRequirements (new)

Link ¶

Lists security requirements within a pack.

See also: AWS API Documentation

Request Syntax

client.list_security_requirements(
    packId='string',
    nextToken='string',
    maxResults=123
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to list requirements for.

type nextToken:

string

param nextToken:

The pagination token from a previous request to retrieve the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single request.

rtype:

dict

returns:

Response Syntax

{
    'securityRequirementSummaries': [
        {
            'packId': 'string',
            'name': 'string',
            'description': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --
- securityRequirementSummaries (list) --
  
  The list of security requirement summaries.
  - (dict) --
    
    Contains summary information about a security requirement.
    - packId (string) --
      
      The unique identifier of the pack containing the security requirement.
    - name (string) --
      
      The name of the security requirement.
    - description (string) --
      
      A description of the security requirement.
    - createdAt (datetime) --
      
      The date and time the security requirement was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the security requirement was last updated, in UTC format.
- nextToken (string) --
  
  The pagination token to use in a subsequent request to retrieve the next page of results.

ListThreatModelJobTasks (new)

Link ¶

Returns a paginated list of task summaries for the specified threat model job.

See also: AWS API Documentation

Request Syntax

client.list_threat_model_job_tasks(
    agentSpaceId='string',
    maxResults=123,
    threatModelJobId='string',
    nextToken='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type threatModelJobId:

string

param threatModelJobId:

[REQUIRED]

The unique identifier of the threat model job to list tasks for.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response.

rtype:

dict

returns:

Response Syntax

{
    'threatModelJobTaskSummaries': [
        {
            'taskId': 'string',
            'threatModelId': 'string',
            'threatModelJobId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --

Output for the ListThreatModelJobTasks operation.
- threatModelJobTaskSummaries (list) --
  
  The list of threat model job task summaries.
  - (dict) --
    
    Contains summary information about a threat model job task.
    - taskId (string) --
      
      The unique identifier of the task.
    - threatModelId (string) --
      
      The unique identifier of the threat model associated with the task.
    - threatModelJobId (string) --
      
      The unique identifier of the threat model job that contains the task.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space.
    - title (string) --
      
      The title of the task.
    - executionStatus (string) --
      
      The current execution status of the task.
    - createdAt (datetime) --
      
      The date and time the task was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the task was last updated, in UTC format.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response.

ListThreatModels (new)

Link ¶

Returns a paginated list of threat model summaries for the specified agent space.

See also: AWS API Documentation

Request Syntax

client.list_threat_models(
    maxResults=123,
    nextToken='string',
    agentSpaceId='string'
)

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to list threat models for.

rtype:

dict

returns:

Response Syntax

{
    'threatModelSummaries': [
        {
            'threatModelId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --

Output for the ListThreatModels operation.
- threatModelSummaries (list) --
  
  The list of threat model summaries.
  - (dict) --
    
    Contains summary information about a threat model.
    - threatModelId (string) --
      
      The unique identifier of the threat model.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space that contains the threat model.
    - title (string) --
      
      The title of the threat model.
    - createdAt (datetime) --
      
      The date and time the threat model was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the threat model was last updated, in UTC format.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response.

UpdatePrivateConnectionCertificate (new)

Link ¶

Updates the certificate associated with a private connection. Certificates can be added or replaced but not removed.

See also: AWS API Documentation

Request Syntax

client.update_private_connection_certificate(
    privateConnectionName='string',
    certificate='string'
)

type privateConnectionName:

string

param privateConnectionName:

[REQUIRED]

The name of the private connection to update.

type certificate:

string

param certificate:

[REQUIRED]

The PEM-encoded certificate chain for the private connection.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
    'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
    'resourceGatewayId': 'string',
    'hostAddress': 'string',
    'vpcId': 'string',
    'resourceConfigurationId': 'string',
    'certificateExpiryTime': datetime(2015, 1, 1),
    'dnsResolution': 'PUBLIC'|'IN_VPC',
    'failureMessage': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- name (string) --
  
  The name of the private connection.
- type (string) --
  
  The type of the private connection, indicating whether it is service-managed or self-managed.
- status (string) --
  
  The current status of the private connection.
- resourceGatewayId (string) --
  
  The identifier or ARN of the VPC Lattice resource gateway.
- hostAddress (string) --
  
  The IP address or DNS name of the target resource.
- vpcId (string) --
  
  The identifier of the VPC the resource gateway is created in.
- resourceConfigurationId (string) --
  
  The identifier or ARN of the VPC Lattice resource configuration.
- certificateExpiryTime (datetime) --
  
  The date and time the connection's certificate expires, in UTC format.
- dnsResolution (string) --
  
  The DNS resolution mode for the resource gateway.
- failureMessage (string) --
  
  A message describing why the private connection entered a failed state, if applicable.
- tags (dict) --
  
  The tags attached to the private connection.
  - (string) --
    
    Key for a resource tag.
    - (string) --
      
      Value for a resource tag.

StopThreatModelJob (new)

Link ¶

Stops a running threat model job.

See also: AWS API Documentation

Request Syntax

client.stop_threat_model_job(
    agentSpaceId='string',
    threatModelJobId='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type threatModelJobId:

string

param threatModelJobId:

[REQUIRED]

The unique identifier of the threat model job to stop.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

Output for the StopThreatModelJob operation.

BatchGetThreatModelJobs (new)

Link ¶

Retrieves information about one or more threat model jobs in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_threat_model_jobs(
    threatModelJobIds=[
        'string',
    ],
    agentSpaceId='string'
)

type threatModelJobIds:

list

param threatModelJobIds:

[REQUIRED]

The list of threat model job identifiers to retrieve.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the threat model jobs.

rtype:

dict

returns:

Response Syntax

{
    'threatModelJobs': [
        {
            'threatModelJobId': 'string',
            'threatModelId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1),
            'executionStartTime': datetime(2015, 1, 1),
            'executionEndTime': datetime(2015, 1, 1),
            'sourceCode': [
                {
                    's3Location': 'string'
                },
            ],
            'integratedRepositories': [
                {
                    'integrationId': 'string',
                    'providerResourceId': 'string'
                },
            ],
            'documents': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'scopeDocs': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'errorInformation': {
                'code': 'CLIENT_ERROR'|'INTERNAL_ERROR'|'STOPPED_BY_USER',
                'message': 'string'
            },
            'systemOverview': 'string'
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetThreatModelJobs operation.
- threatModelJobs (list) --
  
  The list of threat model jobs that were found.
  - (dict) --
    
    Represents a threat model job, which is an execution instance of a threat model.
    - threatModelJobId (string) --
      
      The unique identifier of the threat model job.
    - threatModelId (string) --
      
      The unique identifier of the threat model associated with the job.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space.
    - title (string) --
      
      The title of the threat model job.
    - status (string) --
      
      The current status of the threat model job.
    - createdAt (datetime) --
      
      The date and time the threat model job was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the threat model job was last updated, in UTC format.
    - executionStartTime (datetime) --
      
      The date and time the threat model job execution started, in UTC format.
    - executionEndTime (datetime) --
      
      The date and time the threat model job execution ended, in UTC format.
    - sourceCode (list) --
      
      The list of source code repositories used for threat modeling.
      - (dict) --
        
        Represents a source code repository used for security analysis during a pentest.
        
        s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
    - integratedRepositories (list) --
      
      The list of integrated repositories used for threat modeling.
      - (dict) --
        
        Represents a code repository that is integrated with the service through a third-party provider.
        
        integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
        
        providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
    - documents (list) --
      
      The list of documents used for threat modeling.
      - (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
    - scopeDocs (list) --
      
      The scoped documents for the agent to focus on during threat modeling.
      - (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
    - errorInformation (dict) --
      
      Error information if the threat model job encountered an error.
      - code (string) --
        
        The error code. Valid values include CLIENT_ERROR, INTERNAL_ERROR, and STOPPED_BY_USER.
      - message (string) --
        
        A message describing the error.
    - systemOverview (string) --
      
      The system overview generated during threat modeling.
- notFound (list) --
  
  The list of threat model job identifiers that were not found.
  - (string) --

BatchUpdateSecurityRequirements (new)

Link ¶

Batch updates security requirements within a customer managed pack.

See also: AWS API Documentation

Request Syntax

client.batch_update_security_requirements(
    packId='string',
    securityRequirements=[
        {
            'name': 'string',
            'description': 'string',
            'domain': 'string',
            'evaluation': 'string',
            'remediation': 'string'
        },
    ]
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack containing the requirements to update.

type securityRequirements:

list

param securityRequirements:

[REQUIRED]

The list of security requirement updates to apply.

(dict) --

Contains the details for updating an existing security requirement within a pack. The name is an immutable identifier used to locate the requirement and cannot be modified.
- name (string) -- [REQUIRED]
  
  The name of the security requirement to update. This is an immutable identifier and cannot be changed once the requirement is created.
- description (string) --
  
  The updated description of the security requirement.
- domain (string) --
  
  The updated security domain the requirement belongs to.
- evaluation (string) --
  
  The updated evaluation criteria used to assess compliance with this requirement.
- remediation (string) --
  
  The updated remediation steps when the requirement is not met.

rtype:

dict

returns:

Response Syntax

{
    'updatedSecurityRequirementNames': [
        'string',
    ],
    'errors': [
        {
            'securityRequirementName': 'string',
            'code': 'string',
            'message': 'string'
        },
    ]
}

Response Structure

(dict) --
- updatedSecurityRequirementNames (list) --
  
  The list of security requirement names that were successfully updated.
  - (string) --
- errors (list) --
  
  The list of errors for security requirements that failed to be updated.
  - (dict) --
    
    Contains information about an error that occurred for a specific security requirement during a batch operation.
    - securityRequirementName (string) --
      
      The name of the security requirement that caused the error.
    - code (string) --
      
      The error code.
    - message (string) --
      
      The error message.

GetSecurityRequirementPack (new)

Link ¶

Retrieves information about a security requirement pack.

See also: AWS API Documentation

Request Syntax

client.get_security_requirement_pack(
    packId='string'
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'packId': 'string',
    'name': 'string',
    'description': 'string',
    'vendorName': 'string',
    'managementType': 'AWS_MANAGED'|'CUSTOMER_MANAGED',
    'status': 'ENABLED'|'DISABLED',
    'importStatus': 'PENDING'|'IN_PROGRESS'|'FAILED'|'COMPLETED',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'kmsKeyId': 'string'
}

Response Structure

(dict) --
- packId (string) --
  
  The unique identifier of the security requirement pack.
- name (string) --
  
  The name of the security requirement pack.
- description (string) --
  
  A description of the security requirement pack.
- vendorName (string) --
  
  The vendor name for AWS managed packs, such as ISO or NIST.
- managementType (string) --
  
  The management type of the pack. Valid values are AWS_MANAGED and CUSTOMER_MANAGED.
- status (string) --
  
  The status of the security requirement pack.
- importStatus (string) --
  
  The status of the security requirements import workflow for this pack.
- createdAt (datetime) --
  
  The date and time the security requirement pack was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the security requirement pack was last updated, in UTC format.
- kmsKeyId (string) --
  
  The identifier of the AWS KMS key used to encrypt pack contents.

UpdateThreat (new)

Link ¶

Updates a threat.

See also: AWS API Documentation

Request Syntax

client.update_threat(
    threatId='string',
    agentSpaceId='string',
    title='string',
    status='OPEN'|'RESOLVED'|'DISMISSED',
    comments='string',
    statement='string',
    severity='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
    threatSource='string',
    prerequisites='string',
    threatAction='string',
    threatImpact='string',
    impactedGoal=[
        'string',
    ],
    impactedAssets=[
        'string',
    ],
    anchor={
        'kind': 'string',
        'id': 'string',
        'packageId': 'string'
    },
    evidence=[
        {
            'packageId': 'string',
            'path': 'string'
        },
    ],
    recommendation='string'
)

type threatId:

string

param threatId:

[REQUIRED]

The unique identifier of the threat to update.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type title:

string

param title:

A short title summarizing the threat.

type status:

string

param status:

The updated status of the threat.

type comments:

string

param comments:

Optional customer comment.

type statement:

string

param statement:

The updated natural-language threat statement.

type severity:

string

param severity:

The updated severity level of the threat.

type threatSource:

string

param threatSource:

The updated actor or origin of the threat.

type prerequisites:

string

param prerequisites:

The updated conditions required for the threat to be exploitable.

type threatAction:

string

param threatAction:

The updated description of what the threat source can do.

type threatImpact:

string

param threatImpact:

The updated direct consequence of the threat action.

type impactedGoal:

list

param impactedGoal:

The updated security goals affected by the threat.

(string) --

type impactedAssets:

list

param impactedAssets:

The updated list of specific assets affected by the threat.

(string) --

type anchor:

dict

param anchor:

The updated DFD element this threat is anchored to.

kind (string) --

The kind of DFD element.
id (string) --

The identifier of the DFD element.
packageId (string) --

The package identifier containing the DFD element.

type evidence:

list

param evidence:

The updated source code files supporting the threat.

(dict) --

Source code file supporting a threat.
- packageId (string) --
  
  The package identifier containing the evidence file.
- path (string) --
  
  The file path of the evidence.

type recommendation:

string

param recommendation:

The updated recommended mitigation guidance for this threat.

rtype:

dict

returns:

Response Syntax

{
    'threatId': 'string',
    'threatJobId': 'string',
    'title': 'string',
    'statement': 'string',
    'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
    'status': 'OPEN'|'RESOLVED'|'DISMISSED',
    'comments': 'string',
    'stride': [
        'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
    ],
    'threatSource': 'string',
    'prerequisites': 'string',
    'threatAction': 'string',
    'threatImpact': 'string',
    'impactedGoal': [
        'string',
    ],
    'impactedAssets': [
        'string',
    ],
    'anchor': {
        'kind': 'string',
        'id': 'string',
        'packageId': 'string'
    },
    'evidence': [
        {
            'packageId': 'string',
            'path': 'string'
        },
    ],
    'recommendation': 'string',
    'createdBy': 'CUSTOMER'|'AGENT',
    'updatedBy': 'CUSTOMER'|'AGENT',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

(dict) --

Output for the UpdateThreat operation.
- threatId (string) --
  
  The unique identifier of the threat.
- threatJobId (string) --
  
  The unique identifier of the threat model job the threat belongs to.
- title (string) --
  
  A short title summarizing the threat.
- statement (string) --
  
  The natural-language threat statement.
- severity (string) --
  
  The severity level of the threat.
- status (string) --
  
  The current status of the threat.
- comments (string) --
  
  Optional customer comment on the threat.
- stride (list) --
  
  The STRIDE categories applicable to this threat.
  - (string) --
    
    STRIDE threat classification category.
- threatSource (string) --
  
  The actor or origin of the threat.
- prerequisites (string) --
  
  The conditions required for the threat to be exploitable.
- threatAction (string) --
  
  What the threat source can do.
- threatImpact (string) --
  
  The direct consequence of the threat action.
- impactedGoal (list) --
  
  The security goals affected by the threat.
  - (string) --
- impactedAssets (list) --
  
  The specific assets affected by the threat.
  - (string) --
- anchor (dict) --
  
  The DFD element this threat is anchored to.
  - kind (string) --
    
    The kind of DFD element.
  - id (string) --
    
    The identifier of the DFD element.
  - packageId (string) --
    
    The package identifier containing the DFD element.
- evidence (list) --
  
  The source code files supporting the threat.
  - (dict) --
    
    Source code file supporting a threat.
    - packageId (string) --
      
      The package identifier containing the evidence file.
    - path (string) --
      
      The file path of the evidence.
- recommendation (string) --
  
  The recommended mitigation guidance for this threat.
- createdBy (string) --
  
  Who created this threat.
- updatedBy (string) --
  
  Who last updated this threat.
- createdAt (datetime) --
  
  The date and time the threat was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the threat was last updated, in UTC format.

BatchGetThreats (new)

Link ¶

Retrieves information about one or more threats.

See also: AWS API Documentation

Request Syntax

client.batch_get_threats(
    threatIds=[
        'string',
    ],
    agentSpaceId='string'
)

type threatIds:

list

param threatIds:

[REQUIRED]

The list of threat identifiers to retrieve.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

rtype:

dict

returns:

Response Syntax

{
    'threats': [
        {
            'threatId': 'string',
            'threatJobId': 'string',
            'title': 'string',
            'statement': 'string',
            'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
            'status': 'OPEN'|'RESOLVED'|'DISMISSED',
            'comments': 'string',
            'threatSource': 'string',
            'prerequisites': 'string',
            'threatAction': 'string',
            'threatImpact': 'string',
            'impactedGoal': [
                'string',
            ],
            'impactedAssets': [
                'string',
            ],
            'anchor': {
                'kind': 'string',
                'id': 'string',
                'packageId': 'string'
            },
            'evidence': [
                {
                    'packageId': 'string',
                    'path': 'string'
                },
            ],
            'stride': [
                'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
            ],
            'recommendation': 'string',
            'createdBy': 'CUSTOMER'|'AGENT',
            'updatedBy': 'CUSTOMER'|'AGENT',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetThreats operation.
- threats (list) --
  
  The list of threats that were found.
  - (dict) --
    
    Represents a threat identified during threat modeling.
    - threatId (string) --
      
      The unique identifier of the threat.
    - threatJobId (string) --
      
      The unique identifier of the threat model job that produced the threat.
    - title (string) --
      
      A short title summarizing the threat.
    - statement (string) --
      
      The natural-language threat statement.
    - severity (string) --
      
      The severity level of the threat.
    - status (string) --
      
      The current status of the threat.
    - comments (string) --
      
      Optional customer comment on the threat.
    - threatSource (string) --
      
      The actor or origin of the threat.
    - prerequisites (string) --
      
      The conditions required for the threat to be exploitable.
    - threatAction (string) --
      
      What the threat source can do.
    - threatImpact (string) --
      
      The direct consequence of the threat action.
    - impactedGoal (list) --
      
      The security goals affected by the threat.
      - (string) --
    - impactedAssets (list) --
      
      The specific assets affected by the threat.
      - (string) --
    - anchor (dict) --
      
      The DFD element this threat is anchored to.
      - kind (string) --
        
        The kind of DFD element.
      - id (string) --
        
        The identifier of the DFD element.
      - packageId (string) --
        
        The package identifier containing the DFD element.
    - evidence (list) --
      
      The source code files supporting the threat.
      - (dict) --
        
        Source code file supporting a threat.
        
        packageId (string) --
        
        The package identifier containing the evidence file.
        
        path (string) --
        
        The file path of the evidence.
    - stride (list) --
      
      The STRIDE categories applicable to this threat.
      - (string) --
        
        STRIDE threat classification category.
    - recommendation (string) --
      
      The recommended mitigation guidance for this threat.
    - createdBy (string) --
      
      Who created this threat.
    - updatedBy (string) --
      
      Who last updated this threat.
    - createdAt (datetime) --
      
      The date and time the threat was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the threat was last updated, in UTC format.
- notFound (list) --
  
  The list of threat identifiers that were not found.
  - (string) --

CreateThreatModel (new)

Link ¶

Creates a new threat model configuration in an agent space. A threat model defines the parameters for automated threat analysis.

See also: AWS API Documentation

Request Syntax

client.create_threat_model(
    title='string',
    agentSpaceId='string',
    description='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    scopeDocs=[
        {
            's3Location': 'string',
            'artifactId': 'string',
            'integratedDocument': {
                'integrationId': 'string',
                'resourceId': 'string'
            }
        },
    ],
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    reportDestination={
        'integrationId': 'string',
        'containerId': 'string',
        'parentId': 'string',
        'documentId': 'string'
    }
)

type title:

string

param title:

[REQUIRED]

The title of the threat model.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to create the threat model in.

type description:

string

param description:

A description of the application or system being threat modeled.

type assets:

dict

param assets:

The assets to include in the threat model.

endpoints (list) --

The list of endpoints to test during the pentest.
- (dict) --
  
  Represents a target endpoint for penetration testing.
  - uri (string) --
    
    The URI of the endpoint.
actors (list) --

The list of actors used during penetration testing.
- (dict) --
  
  Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
  - identifier (string) --
    
    The unique identifier for the actor.
  - uris (list) --
    
    The list of URIs that the actor targets during testing.
    - (string) --
  - authentication (dict) --
    
    The authentication configuration for the actor.
    - providerType (string) --
      
      The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
    - value (string) --
      
      The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
  - description (string) --
    
    A description of the actor.
documents (list) --

The list of documents that provide context for the pentest.
- (dict) --
  
  Represents a document that provides context for security testing.
  - s3Location (string) --
    
    The Amazon S3 location of the document.
  - artifactId (string) --
    
    The unique identifier of the artifact associated with the document.
  - integratedDocument (dict) --
    
    A reference to a document in an integrated third-party provider.
    - integrationId (string) -- [REQUIRED]
      
      The identifier of the integration that provides access to the document.
    - resourceId (string) -- [REQUIRED]
      
      The provider-specific resource identifier for the document.
sourceCode (list) --

The list of source code repositories to analyze during the pentest.
- (dict) --
  
  Represents a source code repository used for security analysis during a pentest.
  - s3Location (string) --
    
    The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --

The list of integrated repositories associated with the pentest.
- (dict) --
  
  Represents a code repository that is integrated with the service through a third-party provider.
  - integrationId (string) -- [REQUIRED]
    
    The unique identifier of the integration that provides access to the repository.
  - providerResourceId (string) -- [REQUIRED]
    
    The provider-specific resource identifier for the repository.

type scopeDocs:

list

param scopeDocs:

The scoped documents for the agent to focus on during threat modeling.

(dict) --

Represents a document that provides context for security testing.
- s3Location (string) --
  
  The Amazon S3 location of the document.
- artifactId (string) --
  
  The unique identifier of the artifact associated with the document.
- integratedDocument (dict) --
  
  A reference to a document in an integrated third-party provider.
  - integrationId (string) -- [REQUIRED]
    
    The identifier of the integration that provides access to the document.
  - resourceId (string) -- [REQUIRED]
    
    The provider-specific resource identifier for the document.

type serviceRole:

string

param serviceRole:

[REQUIRED]

The IAM service role to use for the threat model.

type logConfig:

dict

param logConfig:

The CloudWatch Logs configuration for the threat model.

logGroup (string) --

The name of the CloudWatch log group.
logStream (string) --

The name of the CloudWatch log stream.

type reportDestination:

dict

param reportDestination:

The destination for publishing scan reports to an integrated document provider.

integrationId (string) -- [REQUIRED]

The integration identifier for the document provider.
containerId (string) -- [REQUIRED]

The container identifier where the report will be published.
parentId (string) --

The parent document identifier under which the report will be created.
documentId (string) --

The existing document identifier to update instead of creating a new document.

rtype:

dict

returns:

Response Syntax

{
    'threatModelId': 'string',
    'title': 'string',
    'agentSpaceId': 'string',
    'description': 'string',
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'scopeDocs': [
        {
            's3Location': 'string',
            'artifactId': 'string',
            'integratedDocument': {
                'integrationId': 'string',
                'resourceId': 'string'
            }
        },
    ],
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

(dict) --

Output for the CreateThreatModel operation.
- threatModelId (string) --
  
  The unique identifier of the created threat model.
- title (string) --
  
  The title of the threat model.
- agentSpaceId (string) --
  
  The unique identifier of the agent space that contains the threat model.
- description (string) --
  
  A description of the application or system being threat modeled.
- assets (dict) --
  
  The assets included in the threat model.
  - endpoints (list) --
    
    The list of endpoints to test during the pentest.
    - (dict) --
      
      Represents a target endpoint for penetration testing.
      - uri (string) --
        
        The URI of the endpoint.
  - actors (list) --
    
    The list of actors used during penetration testing.
    - (dict) --
      
      Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
      - identifier (string) --
        
        The unique identifier for the actor.
      - uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
      - authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
      - description (string) --
        
        A description of the actor.
  - documents (list) --
    
    The list of documents that provide context for the pentest.
    - (dict) --
      
      Represents a document that provides context for security testing.
      - s3Location (string) --
        
        The Amazon S3 location of the document.
      - artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
      - integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
  - sourceCode (list) --
    
    The list of source code repositories to analyze during the pentest.
    - (dict) --
      
      Represents a source code repository used for security analysis during a pentest.
      - s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
  - integratedRepositories (list) --
    
    The list of integrated repositories associated with the pentest.
    - (dict) --
      
      Represents a code repository that is integrated with the service through a third-party provider.
      - integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
      - providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
- scopeDocs (list) --
  
  The scoped documents for the agent to focus on during threat modeling.
  - (dict) --
    
    Represents a document that provides context for security testing.
    - s3Location (string) --
      
      The Amazon S3 location of the document.
    - artifactId (string) --
      
      The unique identifier of the artifact associated with the document.
    - integratedDocument (dict) --
      
      A reference to a document in an integrated third-party provider.
      - integrationId (string) --
        
        The identifier of the integration that provides access to the document.
      - resourceId (string) --
        
        The provider-specific resource identifier for the document.
- serviceRole (string) --
  
  The IAM service role used for the threat model.
- logConfig (dict) --
  
  The CloudWatch Logs configuration for the threat model.
  - logGroup (string) --
    
    The name of the CloudWatch log group.
  - logStream (string) --
    
    The name of the CloudWatch log stream.
- createdAt (datetime) --
  
  The date and time the threat model was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the threat model was last updated, in UTC format.

DeleteSecurityRequirementPack (new)

Link ¶

Deletes a customer managed security requirement pack and all its associated security requirements.

See also: AWS API Documentation

Request Syntax

client.delete_security_requirement_pack(
    packId='string'
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to delete.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

DescribePrivateConnection (new)

Link ¶

Retrieves the details of a private connection.

See also: AWS API Documentation

Request Syntax

client.describe_private_connection(
    privateConnectionName='string'
)

type privateConnectionName:

string

param privateConnectionName:

[REQUIRED]

The name of the private connection to describe.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
    'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
    'resourceGatewayId': 'string',
    'hostAddress': 'string',
    'vpcId': 'string',
    'resourceConfigurationId': 'string',
    'certificateExpiryTime': datetime(2015, 1, 1),
    'dnsResolution': 'PUBLIC'|'IN_VPC',
    'failureMessage': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- name (string) --
  
  The name of the private connection.
- type (string) --
  
  The type of the private connection, indicating whether it is service-managed or self-managed.
- status (string) --
  
  The current status of the private connection.
- resourceGatewayId (string) --
  
  The identifier or ARN of the VPC Lattice resource gateway.
- hostAddress (string) --
  
  The IP address or DNS name of the target resource.
- vpcId (string) --
  
  The identifier of the VPC the resource gateway is created in.
- resourceConfigurationId (string) --
  
  The identifier or ARN of the VPC Lattice resource configuration.
- certificateExpiryTime (datetime) --
  
  The date and time the connection's certificate expires, in UTC format.
- dnsResolution (string) --
  
  The DNS resolution mode for the resource gateway.
- failureMessage (string) --
  
  A message describing why the private connection entered a failed state, if applicable.
- tags (dict) --
  
  The tags attached to the private connection.
  - (string) --
    
    Key for a resource tag.
    - (string) --
      
      Value for a resource tag.

ListSecurityRequirementPacks (new)

Link ¶

Lists all security requirement packs in the caller's account.

See also: AWS API Documentation

Request Syntax

client.list_security_requirement_packs(
    filter={
        'managementType': 'AWS_MANAGED'|'CUSTOMER_MANAGED',
        'status': 'ENABLED'|'DISABLED'
    },
    nextToken='string',
    maxResults=123
)

type filter:

dict

param filter:

The filter criteria for listing security requirement packs.

managementType (string) --

Filter packs by management type. Valid values are AWS_MANAGED and CUSTOMER_MANAGED.
status (string) --

Filter packs by status. Valid values are ENABLED and DISABLED.

type nextToken:

string

param nextToken:

The pagination token from a previous request to retrieve the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single request.

rtype:

dict

returns:

Response Syntax

{
    'securityRequirementPackSummaries': [
        {
            'packId': 'string',
            'name': 'string',
            'description': 'string',
            'vendorName': 'string',
            'managementType': 'AWS_MANAGED'|'CUSTOMER_MANAGED',
            'status': 'ENABLED'|'DISABLED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --
- securityRequirementPackSummaries (list) --
  
  The list of security requirement pack summaries.
  - (dict) --
    
    Contains summary information about a security requirement pack.
    - packId (string) --
      
      The unique identifier of the security requirement pack.
    - name (string) --
      
      The name of the security requirement pack.
    - description (string) --
      
      A description of the security requirement pack.
    - vendorName (string) --
      
      The vendor name for AWS managed packs.
    - managementType (string) --
      
      The management type of the pack.
    - status (string) --
      
      The status of the security requirement pack.
    - createdAt (datetime) --
      
      The date and time the security requirement pack was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the security requirement pack was last updated, in UTC format.
- nextToken (string) --
  
  The pagination token to use in a subsequent request to retrieve the next page of results.

BatchGetThreatModels (new)

Link ¶

Retrieves information about one or more threat models in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_threat_models(
    threatModelIds=[
        'string',
    ],
    agentSpaceId='string'
)

type threatModelIds:

list

param threatModelIds:

[REQUIRED]

The list of threat model identifiers to retrieve.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the threat models.

rtype:

dict

returns:

Response Syntax

{
    'threatModels': [
        {
            'threatModelId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'description': 'string',
            'assets': {
                'endpoints': [
                    {
                        'uri': 'string'
                    },
                ],
                'actors': [
                    {
                        'identifier': 'string',
                        'uris': [
                            'string',
                        ],
                        'authentication': {
                            'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                            'value': 'string'
                        },
                        'description': 'string'
                    },
                ],
                'documents': [
                    {
                        's3Location': 'string',
                        'artifactId': 'string',
                        'integratedDocument': {
                            'integrationId': 'string',
                            'resourceId': 'string'
                        }
                    },
                ],
                'sourceCode': [
                    {
                        's3Location': 'string'
                    },
                ],
                'integratedRepositories': [
                    {
                        'integrationId': 'string',
                        'providerResourceId': 'string'
                    },
                ]
            },
            'scopeDocs': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetThreatModels operation.
- threatModels (list) --
  
  The list of threat models that were found.
  - (dict) --
    
    Represents a threat model configuration that defines the parameters for automated threat analysis, including target assets and logging configuration.
    - threatModelId (string) --
      
      The unique identifier of the threat model.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space that contains the threat model.
    - title (string) --
      
      The title of the threat model.
    - description (string) --
      
      A description of the application or system being threat modeled.
    - assets (dict) --
      
      The assets included in the threat model.
      - endpoints (list) --
        
        The list of endpoints to test during the pentest.
        
        (dict) --
        
        Represents a target endpoint for penetration testing.
        
        uri (string) --
        
        The URI of the endpoint.
      - actors (list) --
        
        The list of actors used during penetration testing.
        
        (dict) --
        
        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
        
        identifier (string) --
        
        The unique identifier for the actor.
        
        uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
        
        authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
        
        description (string) --
        
        A description of the actor.
      - documents (list) --
        
        The list of documents that provide context for the pentest.
        
        (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
      - sourceCode (list) --
        
        The list of source code repositories to analyze during the pentest.
        
        (dict) --
        
        Represents a source code repository used for security analysis during a pentest.
        
        s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
      - integratedRepositories (list) --
        
        The list of integrated repositories associated with the pentest.
        
        (dict) --
        
        Represents a code repository that is integrated with the service through a third-party provider.
        
        integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
        
        providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
    - scopeDocs (list) --
      
      The scoped documents for the agent to focus on during threat modeling.
      - (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
    - serviceRole (string) --
      
      The IAM service role used for the threat model.
    - logConfig (dict) --
      
      The CloudWatch Logs configuration for the threat model.
      - logGroup (string) --
        
        The name of the CloudWatch log group.
      - logStream (string) --
        
        The name of the CloudWatch log stream.
    - createdAt (datetime) --
      
      The date and time the threat model was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the threat model was last updated, in UTC format.
- notFound (list) --
  
  The list of threat model identifiers that were not found.
  - (string) --

BatchDeleteThreatModels (new)

Link ¶

Deletes one or more threat models from an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_delete_threat_models(
    threatModelIds=[
        'string',
    ],
    agentSpaceId='string'
)

type threatModelIds:

list

param threatModelIds:

[REQUIRED]

The list of threat model identifiers to delete.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the threat models to delete.

rtype:

dict

returns:

Response Syntax

{
    'deleted': [
        'string',
    ],
    'failed': [
        {
            'threatModelId': 'string',
            'reason': 'string'
        },
    ]
}

Response Structure

(dict) --

Output for the BatchDeleteThreatModels operation.
- deleted (list) --
  
  The list of threat model identifiers that were successfully deleted.
  - (string) --
- failed (list) --
  
  The list of threat models that failed to delete, including the reason for each failure.
  - (dict) --
    
    Contains information about a threat model that failed to delete.
    - threatModelId (string) --
      
      The unique identifier of the threat model that failed to delete.
    - reason (string) --
      
      The reason the threat model failed to delete.

BatchDeleteSecurityRequirements (new)

Link ¶

Batch deletes security requirements from a customer managed pack.

See also: AWS API Documentation

Request Syntax

client.batch_delete_security_requirements(
    packId='string',
    securityRequirementNames=[
        'string',
    ]
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to remove requirements from.

type securityRequirementNames:

list

param securityRequirementNames:

[REQUIRED]

The list of security requirement names to delete.

(string) --

rtype:

dict

returns:

Response Syntax

{
    'deletedSecurityRequirementNames': [
        'string',
    ],
    'errors': [
        {
            'securityRequirementName': 'string',
            'code': 'string',
            'message': 'string'
        },
    ]
}

Response Structure

(dict) --
- deletedSecurityRequirementNames (list) --
  
  The list of security requirement names that were successfully deleted.
  - (string) --
- errors (list) --
  
  The list of errors for security requirements that failed to be deleted.
  - (dict) --
    
    Contains information about an error that occurred for a specific security requirement during a batch operation.
    - securityRequirementName (string) --
      
      The name of the security requirement that caused the error.
    - code (string) --
      
      The error code.
    - message (string) --
      
      The error message.

ListPrivateConnections (new)

Link ¶

Lists the private connections in your account.

See also: AWS API Documentation

Request Syntax

client.list_private_connections(
    maxResults=123,
    nextToken='string'
)

type maxResults:

integer

param maxResults:

The maximum number of private connections to return in a single response.

type nextToken:

string

param nextToken:

The token for the next page of results.

rtype:

dict

returns:

Response Syntax

{
    'privateConnections': [
        {
            'name': 'string',
            'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
            'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
            'resourceGatewayId': 'string',
            'hostAddress': 'string',
            'vpcId': 'string',
            'resourceConfigurationId': 'string',
            'certificateExpiryTime': datetime(2015, 1, 1),
            'dnsResolution': 'PUBLIC'|'IN_VPC',
            'failureMessage': 'string',
            'tags': {
                'string': 'string'
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --
- privateConnections (list) --
  
  The list of private connections.
  - (dict) --
    
    Summarizes a private connection.
    - name (string) --
      
      The name of the private connection.
    - type (string) --
      
      The type of the private connection, indicating whether it is service-managed or self-managed.
    - status (string) --
      
      The current status of the private connection.
    - resourceGatewayId (string) --
      
      The identifier or ARN of the VPC Lattice resource gateway.
    - hostAddress (string) --
      
      The IP address or DNS name of the target resource.
    - vpcId (string) --
      
      The identifier of the VPC the resource gateway is created in.
    - resourceConfigurationId (string) --
      
      The identifier or ARN of the VPC Lattice resource configuration.
    - certificateExpiryTime (datetime) --
      
      The date and time the connection's certificate expires, in UTC format.
    - dnsResolution (string) --
      
      The DNS resolution mode for the resource gateway.
    - failureMessage (string) --
      
      A message describing why the private connection entered a failed state, if applicable.
    - tags (dict) --
      
      The tags attached to the private connection.
      - (string) --
        
        Key for a resource tag.
        
        (string) --
        
        Value for a resource tag.
- nextToken (string) --
  
  The token to use to retrieve the next page of results, if more results are available.

ListThreats (new)

Link ¶

Returns a paginated list of threats for a threat model job.

See also: AWS API Documentation

Request Syntax

client.list_threats(
    threatJobId='string',
    agentSpaceId='string',
    nextToken='string',
    maxResults=123
)

type threatJobId:

string

param threatJobId:

[REQUIRED]

The unique identifier of the threat model job to list threats for.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

rtype:

dict

returns:

Response Syntax

{
    'threats': [
        {
            'threatId': 'string',
            'threatJobId': 'string',
            'title': 'string',
            'statement': 'string',
            'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
            'status': 'OPEN'|'RESOLVED'|'DISMISSED',
            'stride': [
                'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
            ],
            'createdBy': 'CUSTOMER'|'AGENT',
            'updatedBy': 'CUSTOMER'|'AGENT',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --

Output for the ListThreats operation.
- threats (list) --
  
  The list of threat summaries.
  - (dict) --
    
    Contains summary information about a threat.
    - threatId (string) --
      
      The unique identifier of the threat.
    - threatJobId (string) --
      
      The unique identifier of the threat model job that produced the threat.
    - title (string) --
      
      A short title summarizing the threat.
    - statement (string) --
      
      The natural-language threat statement.
    - severity (string) --
      
      The severity level of the threat.
    - status (string) --
      
      The current status of the threat.
    - stride (list) --
      
      The STRIDE categories applicable to this threat.
      - (string) --
        
        STRIDE threat classification category.
    - createdBy (string) --
      
      Who created this threat.
    - updatedBy (string) --
      
      Who last updated this threat.
    - createdAt (datetime) --
      
      The date and time the threat was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the threat was last updated, in UTC format.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response.

StartThreatModelJob (new)

Link ¶

Starts a new threat model job for a threat model configuration.

See also: AWS API Documentation

Request Syntax

client.start_threat_model_job(
    agentSpaceId='string',
    threatModelId='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type threatModelId:

string

param threatModelId:

[REQUIRED]

The unique identifier of the threat model to start a job for.

rtype:

dict

returns:

Response Syntax

{
    'title': 'string',
    'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'threatModelId': 'string',
    'threatModelJobId': 'string',
    'agentSpaceId': 'string'
}

Response Structure

(dict) --

Output for the StartThreatModelJob operation.
- title (string) --
  
  The title of the threat model job.
- status (string) --
  
  The current status of the threat model job.
- createdAt (datetime) --
  
  The date and time the threat model job was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the threat model job was last updated, in UTC format.
- threatModelId (string) --
  
  The unique identifier of the threat model.
- threatModelJobId (string) --
  
  The unique identifier of the started threat model job.
- agentSpaceId (string) --
  
  The unique identifier of the agent space.

CreatePrivateConnection (new)

Link ¶

Creates a private connection for reaching a self-hosted provider instance over private networking using Amazon VPC Lattice.

See also: AWS API Documentation

Request Syntax

client.create_private_connection(
    privateConnectionName='string',
    mode={
        'serviceManaged': {
            'hostAddress': 'string',
            'vpcId': 'string',
            'subnetIds': [
                'string',
            ],
            'securityGroupIds': [
                'string',
            ],
            'ipAddressType': 'IPV4'|'IPV6'|'DUAL_STACK',
            'ipv4AddressesPerEni': 123,
            'portRanges': [
                'string',
            ],
            'certificate': 'string',
            'dnsResolution': 'PUBLIC'|'IN_VPC'
        },
        'selfManaged': {
            'resourceConfigurationId': 'string',
            'certificate': 'string'
        }
    },
    tags={
        'string': 'string'
    }
)

type privateConnectionName:

string

param privateConnectionName:

[REQUIRED]

A unique name for the private connection within your account.

type mode:

dict

param mode:

[REQUIRED]

The configuration for the private connection. Specify either a service-managed or a self-managed mode.

serviceManaged (dict) --

The configuration for a service-managed private connection, where the service manages the resource gateway lifecycle.
- hostAddress (string) -- [REQUIRED]
  
  The IP address or DNS name of the target resource.
- vpcId (string) -- [REQUIRED]
  
  The VPC to create the service-managed resource gateway in.
- subnetIds (list) -- [REQUIRED]
  
  The subnets that the service-managed resource gateway spans.
  - (string) --
    
    The identifier of a subnet.
- securityGroupIds (list) --
  
  The security groups to attach to the service-managed resource gateway.
  - (string) --
    
    The identifier of a security group.
- ipAddressType (string) --
  
  The IP address type of the service-managed resource gateway.
- ipv4AddressesPerEni (integer) --
  
  The number of IPv4 addresses in each elastic network interface for the service-managed resource gateway.
- portRanges (list) --
  
  The TCP port ranges that a consumer can use to access the resource.
  - (string) --
    
    A single TCP port or an inclusive range of TCP ports, for example 443 or 8000-8100.
- certificate (string) --
  
  The certificate for the private connection.
- dnsResolution (string) --
  
  The DNS resolution mode for the resource gateway. Defaults to PUBLIC when not set.
selfManaged (dict) --

The configuration for a self-managed private connection, where you manage your own resource configuration.
- resourceConfigurationId (string) -- [REQUIRED]
  
  The identifier or ARN of the resource configuration.
- certificate (string) --
  
  The certificate for the private connection.

type tags:

dict

param tags:

The tags to attach to the private connection.

(string) --

Key for a resource tag.
- (string) --
  
  Value for a resource tag.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
    'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
    'resourceGatewayId': 'string',
    'hostAddress': 'string',
    'vpcId': 'string',
    'resourceConfigurationId': 'string',
    'certificateExpiryTime': datetime(2015, 1, 1),
    'dnsResolution': 'PUBLIC'|'IN_VPC',
    'failureMessage': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- name (string) --
  
  The name of the private connection.
- type (string) --
  
  The type of the private connection, indicating whether it is service-managed or self-managed.
- status (string) --
  
  The current status of the private connection.
- resourceGatewayId (string) --
  
  The identifier or ARN of the VPC Lattice resource gateway.
- hostAddress (string) --
  
  The IP address or DNS name of the target resource.
- vpcId (string) --
  
  The identifier of the VPC the resource gateway is created in.
- resourceConfigurationId (string) --
  
  The identifier or ARN of the VPC Lattice resource configuration.
- certificateExpiryTime (datetime) --
  
  The date and time the connection's certificate expires, in UTC format.
- dnsResolution (string) --
  
  The DNS resolution mode for the resource gateway.
- failureMessage (string) --
  
  A message describing why the private connection entered a failed state, if applicable.
- tags (dict) --
  
  The tags attached to the private connection.
  - (string) --
    
    Key for a resource tag.
    - (string) --
      
      Value for a resource tag.

DeletePrivateConnection (new)

Link ¶

Deletes a private connection.

See also: AWS API Documentation

Request Syntax

client.delete_private_connection(
    privateConnectionName='string'
)

type privateConnectionName:

string

param privateConnectionName:

[REQUIRED]

The name of the private connection to delete.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
    'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
    'resourceGatewayId': 'string',
    'hostAddress': 'string',
    'vpcId': 'string',
    'resourceConfigurationId': 'string',
    'certificateExpiryTime': datetime(2015, 1, 1),
    'dnsResolution': 'PUBLIC'|'IN_VPC',
    'failureMessage': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- name (string) --
  
  The name of the private connection.
- type (string) --
  
  The type of the private connection, indicating whether it is service-managed or self-managed.
- status (string) --
  
  The current status of the private connection.
- resourceGatewayId (string) --
  
  The identifier or ARN of the VPC Lattice resource gateway.
- hostAddress (string) --
  
  The IP address or DNS name of the target resource.
- vpcId (string) --
  
  The identifier of the VPC the resource gateway is created in.
- resourceConfigurationId (string) --
  
  The identifier or ARN of the VPC Lattice resource configuration.
- certificateExpiryTime (datetime) --
  
  The date and time the connection's certificate expires, in UTC format.
- dnsResolution (string) --
  
  The DNS resolution mode for the resource gateway.
- failureMessage (string) --
  
  A message describing why the private connection entered a failed state, if applicable.
- tags (dict) --
  
  The tags attached to the private connection.
  - (string) --
    
    Key for a resource tag.
    - (string) --
      
      Value for a resource tag.

ListThreatModelJobs (new)

Link ¶

Returns a paginated list of threat model job summaries for the specified threat model.

See also: AWS API Documentation

Request Syntax

client.list_threat_model_jobs(
    maxResults=123,
    threatModelId='string',
    agentSpaceId='string',
    nextToken='string'
)

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type threatModelId:

string

param threatModelId:

[REQUIRED]

The unique identifier of the threat model to list jobs for.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response.

rtype:

dict

returns:

Response Syntax

{
    'threatModelJobSummaries': [
        {
            'threatModelJobId': 'string',
            'threatModelId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --

Output for the ListThreatModelJobs operation.
- threatModelJobSummaries (list) --
  
  The list of threat model job summaries.
  - (dict) --
    
    Contains summary information about a threat model job.
    - threatModelJobId (string) --
      
      The unique identifier of the threat model job.
    - threatModelId (string) --
      
      The unique identifier of the threat model associated with the job.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space.
    - title (string) --
      
      The title of the threat model job.
    - status (string) --
      
      The current status of the threat model job.
    - createdAt (datetime) --
      
      The date and time the threat model job was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the threat model job was last updated, in UTC format.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response.

BatchGetThreatModelJobTasks (new)

Link ¶

Retrieves information about one or more tasks within a threat model job.

See also: AWS API Documentation

Request Syntax

client.batch_get_threat_model_job_tasks(
    agentSpaceId='string',
    threatModelJobTaskIds=[
        'string',
    ]
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the tasks.

type threatModelJobTaskIds:

list

param threatModelJobTaskIds:

[REQUIRED]

The list of task identifiers to retrieve.

(string) --

rtype:

dict

returns:

Response Syntax

{
    'threatModelJobTasks': [
        {
            'taskId': 'string',
            'threatModelId': 'string',
            'threatModelJobId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'description': 'string',
            'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
            'logsLocation': {
                'logType': 'CLOUDWATCH',
                'cloudWatchLog': {
                    'logGroup': 'string',
                    'logStream': 'string'
                }
            },
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetThreatModelJobTasks operation.
- threatModelJobTasks (list) --
  
  The list of threat model job tasks that were found.
  - (dict) --
    
    Represents an individual task within a threat model job.
    - taskId (string) --
      
      The unique identifier of the task.
    - threatModelId (string) --
      
      The unique identifier of the threat model associated with the task.
    - threatModelJobId (string) --
      
      The unique identifier of the threat model job that contains the task.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space.
    - title (string) --
      
      The title of the task.
    - description (string) --
      
      A description of the task.
    - executionStatus (string) --
      
      The current execution status of the task.
    - logsLocation (dict) --
      
      The location of the task execution logs.
      - logType (string) --
        
        The type of log storage. Currently, only CLOUDWATCH is supported.
      - cloudWatchLog (dict) --
        
        The CloudWatch Logs location for the task logs.
        
        logGroup (string) --
        
        The name of the CloudWatch log group.
        
        logStream (string) --
        
        The name of the CloudWatch log stream.
    - createdAt (datetime) --
      
      The date and time the task was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the task was last updated, in UTC format.
- notFound (list) --
  
  The list of task identifiers that were not found.
  - (string) --

UpdateThreatModel (new)

Link ¶

Updates an existing threat model configuration.

See also: AWS API Documentation

Request Syntax

client.update_threat_model(
    threatModelId='string',
    agentSpaceId='string',
    title='string',
    description='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    scopeDocs=[
        {
            's3Location': 'string',
            'artifactId': 'string',
            'integratedDocument': {
                'integrationId': 'string',
                'resourceId': 'string'
            }
        },
    ],
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    }
)

type threatModelId:

string

param threatModelId:

[REQUIRED]

The unique identifier of the threat model to update.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the threat model.

type title:

string

param title:

The updated title of the threat model.

type description:

string

param description:

The updated description of the application or system being threat modeled.

type assets:

dict

param assets:

The updated assets for the threat model.

endpoints (list) --

The list of endpoints to test during the pentest.
- (dict) --
  
  Represents a target endpoint for penetration testing.
  - uri (string) --
    
    The URI of the endpoint.
actors (list) --

The list of actors used during penetration testing.
- (dict) --
  
  Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
  - identifier (string) --
    
    The unique identifier for the actor.
  - uris (list) --
    
    The list of URIs that the actor targets during testing.
    - (string) --
  - authentication (dict) --
    
    The authentication configuration for the actor.
    - providerType (string) --
      
      The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
    - value (string) --
      
      The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
  - description (string) --
    
    A description of the actor.
documents (list) --

The list of documents that provide context for the pentest.
- (dict) --
  
  Represents a document that provides context for security testing.
  - s3Location (string) --
    
    The Amazon S3 location of the document.
  - artifactId (string) --
    
    The unique identifier of the artifact associated with the document.
  - integratedDocument (dict) --
    
    A reference to a document in an integrated third-party provider.
    - integrationId (string) -- [REQUIRED]
      
      The identifier of the integration that provides access to the document.
    - resourceId (string) -- [REQUIRED]
      
      The provider-specific resource identifier for the document.
sourceCode (list) --

The list of source code repositories to analyze during the pentest.
- (dict) --
  
  Represents a source code repository used for security analysis during a pentest.
  - s3Location (string) --
    
    The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --

The list of integrated repositories associated with the pentest.
- (dict) --
  
  Represents a code repository that is integrated with the service through a third-party provider.
  - integrationId (string) -- [REQUIRED]
    
    The unique identifier of the integration that provides access to the repository.
  - providerResourceId (string) -- [REQUIRED]
    
    The provider-specific resource identifier for the repository.

type scopeDocs:

list

param scopeDocs:

The updated scoped documents for the agent to focus on during threat modeling.

(dict) --

Represents a document that provides context for security testing.
- s3Location (string) --
  
  The Amazon S3 location of the document.
- artifactId (string) --
  
  The unique identifier of the artifact associated with the document.
- integratedDocument (dict) --
  
  A reference to a document in an integrated third-party provider.
  - integrationId (string) -- [REQUIRED]
    
    The identifier of the integration that provides access to the document.
  - resourceId (string) -- [REQUIRED]
    
    The provider-specific resource identifier for the document.

type serviceRole:

string

param serviceRole:

The updated IAM service role for the threat model.

type logConfig:

dict

param logConfig:

The updated CloudWatch Logs configuration for the threat model.

logGroup (string) --

The name of the CloudWatch log group.
logStream (string) --

The name of the CloudWatch log stream.

rtype:

dict

returns:

Response Syntax

{
    'threatModelId': 'string',
    'title': 'string',
    'agentSpaceId': 'string',
    'description': 'string',
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'scopeDocs': [
        {
            's3Location': 'string',
            'artifactId': 'string',
            'integratedDocument': {
                'integrationId': 'string',
                'resourceId': 'string'
            }
        },
    ],
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

(dict) --

Output for the UpdateThreatModel operation.
- threatModelId (string) --
  
  The unique identifier of the threat model.
- title (string) --
  
  The title of the threat model.
- agentSpaceId (string) --
  
  The unique identifier of the agent space that contains the threat model.
- description (string) --
  
  A description of the application or system being threat modeled.
- assets (dict) --
  
  The assets included in the threat model.
  - endpoints (list) --
    
    The list of endpoints to test during the pentest.
    - (dict) --
      
      Represents a target endpoint for penetration testing.
      - uri (string) --
        
        The URI of the endpoint.
  - actors (list) --
    
    The list of actors used during penetration testing.
    - (dict) --
      
      Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
      - identifier (string) --
        
        The unique identifier for the actor.
      - uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
      - authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
      - description (string) --
        
        A description of the actor.
  - documents (list) --
    
    The list of documents that provide context for the pentest.
    - (dict) --
      
      Represents a document that provides context for security testing.
      - s3Location (string) --
        
        The Amazon S3 location of the document.
      - artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
      - integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
  - sourceCode (list) --
    
    The list of source code repositories to analyze during the pentest.
    - (dict) --
      
      Represents a source code repository used for security analysis during a pentest.
      - s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
  - integratedRepositories (list) --
    
    The list of integrated repositories associated with the pentest.
    - (dict) --
      
      Represents a code repository that is integrated with the service through a third-party provider.
      - integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
      - providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
- scopeDocs (list) --
  
  The scoped documents for the agent to focus on during threat modeling.
  - (dict) --
    
    Represents a document that provides context for security testing.
    - s3Location (string) --
      
      The Amazon S3 location of the document.
    - artifactId (string) --
      
      The unique identifier of the artifact associated with the document.
    - integratedDocument (dict) --
      
      A reference to a document in an integrated third-party provider.
      - integrationId (string) --
        
        The identifier of the integration that provides access to the document.
      - resourceId (string) --
        
        The provider-specific resource identifier for the document.
- serviceRole (string) --
  
  The IAM service role used for the threat model.
- logConfig (dict) --
  
  The CloudWatch Logs configuration for the threat model.
  - logGroup (string) --
    
    The name of the CloudWatch log group.
  - logStream (string) --
    
    The name of the CloudWatch log stream.
- createdAt (datetime) --
  
  The date and time the threat model was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the threat model was last updated, in UTC format.

BatchCreateSecurityRequirements (new)

Link ¶

Batch creates security requirements in a customer managed pack.

See also: AWS API Documentation

Request Syntax

client.batch_create_security_requirements(
    packId='string',
    securityRequirements=[
        {
            'name': 'string',
            'description': 'string',
            'domain': 'string',
            'evaluation': 'string',
            'remediation': 'string'
        },
    ]
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to add requirements to.

type securityRequirements:

list

param securityRequirements:

[REQUIRED]

The list of security requirements to create.

(dict) --

Contains the details for a security requirement to create within a pack.
- name (string) -- [REQUIRED]
  
  The name of the security requirement.
- description (string) -- [REQUIRED]
  
  A description of the security requirement.
- domain (string) -- [REQUIRED]
  
  The security domain the requirement belongs to.
- evaluation (string) -- [REQUIRED]
  
  The evaluation criteria used to assess compliance with this requirement.
- remediation (string) --
  
  The recommended remediation steps when the requirement is not met.

rtype:

dict

returns:

Response Syntax

{
    'securityRequirements': [
        {
            'packId': 'string',
            'name': 'string',
            'description': 'string',
            'domain': 'string',
            'evaluation': 'string',
            'remediation': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'errors': [
        {
            'securityRequirementName': 'string',
            'code': 'string',
            'message': 'string'
        },
    ]
}

Response Structure

(dict) --
- securityRequirements (list) --
  
  The list of security requirements that were successfully created.
  - (dict) --
    
    Contains information about a successfully created security requirement.
    - packId (string) --
      
      The unique identifier of the pack containing the security requirement.
    - name (string) --
      
      The name of the security requirement.
    - description (string) --
      
      A description of the security requirement.
    - domain (string) --
      
      The security domain the requirement belongs to.
    - evaluation (string) --
      
      The evaluation criteria used to assess compliance with this requirement.
    - remediation (string) --
      
      The recommended remediation steps when the requirement is not met.
    - createdAt (datetime) --
      
      The date and time the security requirement was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the security requirement was last updated, in UTC format.
- errors (list) --
  
  The list of errors for security requirements that failed to be created.
  - (dict) --
    
    Contains information about an error that occurred for a specific security requirement during a batch operation.
    - securityRequirementName (string) --
      
      The name of the security requirement that caused the error.
    - code (string) --
      
      The error code.
    - message (string) --
      
      The error message.

ImportSecurityRequirements (new)

Link ¶

Imports security requirements from uploaded documents into a customer managed security requirement pack. The import process asynchronously extracts and generates structured security requirements from the provided source files.

See also: AWS API Documentation

Request Syntax

client.import_security_requirements(
    packId='string',
    input={
        'documents': [
            {
                'name': 'string',
                'format': 'MD'|'PDF'|'TXT'|'DOCX'|'DOC',
                'content': b'bytes'
            },
        ]
    }
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to import requirements into.

type input:

dict

param input:

[REQUIRED]

The import source containing the documents to extract security requirements from.

documents (list) --

The list of documents to extract security requirements from.
- (dict) --
  
  A document used as source material for importing security requirements.
  - name (string) -- [REQUIRED]
    
    The file name of the document.
  - format (string) -- [REQUIRED]
    
    The format of the document. Valid values are MD, PDF, TXT, DOCX, and DOC.
  - content (bytes) -- [REQUIRED]
    
    The binary content of the document.

rtype:

dict

returns:

Response Syntax

{
    'packId': 'string',
    'importStatus': 'PENDING'|'IN_PROGRESS'|'FAILED'|'COMPLETED'
}

Response Structure

(dict) --
- packId (string) --
  
  The unique identifier of the security requirement pack.
- importStatus (string) --
  
  The status of the import workflow.

CreateThreat (new)

Link ¶

Creates a new threat under a threat model job.

See also: AWS API Documentation

Request Syntax

client.create_threat(
    agentSpaceId='string',
    threatJobId='string',
    title='string',
    statement='string',
    severity='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
    comments='string',
    stride=[
        'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
    ],
    threatSource='string',
    prerequisites='string',
    threatAction='string',
    threatImpact='string',
    impactedGoal=[
        'string',
    ],
    impactedAssets=[
        'string',
    ],
    anchor={
        'kind': 'string',
        'id': 'string',
        'packageId': 'string'
    },
    evidence=[
        {
            'packageId': 'string',
            'path': 'string'
        },
    ],
    recommendation='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type threatJobId:

string

param threatJobId:

[REQUIRED]

The unique identifier of the threat model job the threat belongs to.

type title:

string

param title:

A short title summarizing the threat.

type statement:

string

param statement:

The natural-language threat statement.

type severity:

string

param severity:

The severity level of the threat.

type comments:

string

param comments:

Optional customer comment on the threat.

type stride:

list

param stride:

The STRIDE categories applicable to this threat.

(string) --

STRIDE threat classification category.

type threatSource:

string

param threatSource:

The actor or origin of the threat.

type prerequisites:

string

param prerequisites:

The conditions required for the threat to be exploitable.

type threatAction:

string

param threatAction:

What the threat source can do.

type threatImpact:

string

param threatImpact:

The direct consequence of the threat action.

type impactedGoal:

list

param impactedGoal:

The security goals affected by the threat.

(string) --

type impactedAssets:

list

param impactedAssets:

The specific assets affected by the threat.

(string) --

type anchor:

dict

param anchor:

The DFD element this threat is anchored to.

kind (string) --

The kind of DFD element.
id (string) --

The identifier of the DFD element.
packageId (string) --

The package identifier containing the DFD element.

type evidence:

list

param evidence:

The source code files supporting the threat.

(dict) --

Source code file supporting a threat.
- packageId (string) --
  
  The package identifier containing the evidence file.
- path (string) --
  
  The file path of the evidence.

type recommendation:

string

param recommendation:

The recommended mitigation guidance for this threat.

rtype:

dict

returns:

Response Syntax

{
    'threatId': 'string',
    'threatJobId': 'string',
    'title': 'string',
    'statement': 'string',
    'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
    'status': 'OPEN'|'RESOLVED'|'DISMISSED',
    'comments': 'string',
    'stride': [
        'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
    ],
    'threatSource': 'string',
    'prerequisites': 'string',
    'threatAction': 'string',
    'threatImpact': 'string',
    'impactedGoal': [
        'string',
    ],
    'impactedAssets': [
        'string',
    ],
    'anchor': {
        'kind': 'string',
        'id': 'string',
        'packageId': 'string'
    },
    'evidence': [
        {
            'packageId': 'string',
            'path': 'string'
        },
    ],
    'recommendation': 'string',
    'createdBy': 'CUSTOMER'|'AGENT',
    'updatedBy': 'CUSTOMER'|'AGENT',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

(dict) --

Output for the CreateThreat operation.
- threatId (string) --
  
  The unique identifier of the created threat.
- threatJobId (string) --
  
  The unique identifier of the threat model job the threat belongs to.
- title (string) --
  
  A short title summarizing the threat.
- statement (string) --
  
  The natural-language threat statement.
- severity (string) --
  
  The severity level of the threat.
- status (string) --
  
  The current status of the threat.
- comments (string) --
  
  Optional customer comment on the threat.
- stride (list) --
  
  The STRIDE categories applicable to this threat.
  - (string) --
    
    STRIDE threat classification category.
- threatSource (string) --
  
  The actor or origin of the threat.
- prerequisites (string) --
  
  The conditions required for the threat to be exploitable.
- threatAction (string) --
  
  What the threat source can do.
- threatImpact (string) --
  
  The direct consequence of the threat action.
- impactedGoal (list) --
  
  The security goals affected by the threat.
  - (string) --
- impactedAssets (list) --
  
  The specific assets affected by the threat.
  - (string) --
- anchor (dict) --
  
  The DFD element this threat is anchored to.
  - kind (string) --
    
    The kind of DFD element.
  - id (string) --
    
    The identifier of the DFD element.
  - packageId (string) --
    
    The package identifier containing the DFD element.
- evidence (list) --
  
  The source code files supporting the threat.
  - (dict) --
    
    Source code file supporting a threat.
    - packageId (string) --
      
      The package identifier containing the evidence file.
    - path (string) --
      
      The file path of the evidence.
- recommendation (string) --
  
  The recommended mitigation guidance for this threat.
- createdBy (string) --
  
  Who created this threat.
- updatedBy (string) --
  
  Who last updated this threat.
- createdAt (datetime) --
  
  The date and time the threat was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the threat was last updated, in UTC format.

BatchDeletePentests (updated)

Link ¶
Changes (response)

{'deleted': {'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                             'resourceId': 'string'}}},
             'cleanUpStrategy': 'BEST_EFFORT_DELETE | RETAIN_ALL',
             'disableManagedSkills': ['FINDING_PERSONALIZATION | '
                                      'LOGIN_OPTIMIZATION']}}

Deletes one or more pentests from an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_delete_pentests(
    pentestIds=[
        'string',
    ],
    agentSpaceId='string'
)

type pentestIds:

list

param pentestIds:

[REQUIRED]

The list of pentest identifiers to delete.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the pentests to delete.

rtype:

dict

returns:

Response Syntax

{
    'deleted': [
        {
            'pentestId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'assets': {
                'endpoints': [
                    {
                        'uri': 'string'
                    },
                ],
                'actors': [
                    {
                        'identifier': 'string',
                        'uris': [
                            'string',
                        ],
                        'authentication': {
                            'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                            'value': 'string'
                        },
                        'description': 'string'
                    },
                ],
                'documents': [
                    {
                        's3Location': 'string',
                        'artifactId': 'string',
                        'integratedDocument': {
                            'integrationId': 'string',
                            'resourceId': 'string'
                        }
                    },
                ],
                'sourceCode': [
                    {
                        's3Location': 'string'
                    },
                ],
                'integratedRepositories': [
                    {
                        'integrationId': 'string',
                        'providerResourceId': 'string'
                    },
                ]
            },
            'excludeRiskTypes': [
                'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'vpcConfig': {
                'vpcArn': 'string',
                'securityGroupArns': [
                    'string',
                ],
                'subnetArns': [
                    'string',
                ]
            },
            'networkTrafficConfig': {
                'rules': [
                    {
                        'effect': 'ALLOW'|'DENY',
                        'pattern': 'string',
                        'networkTrafficRuleType': 'URL'
                    },
                ],
                'customHeaders': [
                    {
                        'name': 'string',
                        'value': 'string'
                    },
                ]
            },
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'cleanUpStrategy': 'BEST_EFFORT_DELETE'|'RETAIN_ALL',
            'disableManagedSkills': [
                'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
            ],
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'failed': [
        {
            'pentestId': 'string',
            'reason': 'string'
        },
    ]
}

Response Structure

(dict) --

Output for the BatchDeletePentests operation.
- deleted (list) --
  
  The list of pentests that were successfully deleted.
  - (dict) --
    
    Represents a pentest configuration that defines the parameters for security testing, including target assets, risk type exclusions, and infrastructure settings.
    - pentestId (string) --
      
      The unique identifier of the pentest.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space that contains the pentest.
    - title (string) --
      
      The title of the pentest.
    - assets (dict) --
      
      The assets included in the pentest.
      - endpoints (list) --
        
        The list of endpoints to test during the pentest.
        
        (dict) --
        
        Represents a target endpoint for penetration testing.
        
        uri (string) --
        
        The URI of the endpoint.
      - actors (list) --
        
        The list of actors used during penetration testing.
        
        (dict) --
        
        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
        
        identifier (string) --
        
        The unique identifier for the actor.
        
        uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
        
        authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
        
        description (string) --
        
        A description of the actor.
      - documents (list) --
        
        The list of documents that provide context for the pentest.
        
        (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
      - sourceCode (list) --
        
        The list of source code repositories to analyze during the pentest.
        
        (dict) --
        
        Represents a source code repository used for security analysis during a pentest.
        
        s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
      - integratedRepositories (list) --
        
        The list of integrated repositories associated with the pentest.
        
        (dict) --
        
        Represents a code repository that is integrated with the service through a third-party provider.
        
        integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
        
        providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
    - excludeRiskTypes (list) --
      
      The list of risk types excluded from the pentest.
      - (string) --
        
        Type of security risk.
    - serviceRole (string) --
      
      The IAM service role used for the pentest.
    - logConfig (dict) --
      
      The CloudWatch Logs configuration for the pentest.
      - logGroup (string) --
        
        The name of the CloudWatch log group.
      - logStream (string) --
        
        The name of the CloudWatch log stream.
    - vpcConfig (dict) --
      
      The VPC configuration for the pentest.
      - vpcArn (string) --
        
        The Amazon Resource Name (ARN) of the VPC.
      - securityGroupArns (list) --
        
        The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.
        
        (string) --
        
        ARN or ID of a security group.
      - subnetArns (list) --
        
        The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.
        
        (string) --
        
        ARN or ID of a subnet.
    - networkTrafficConfig (dict) --
      
      The network traffic configuration for the pentest.
      - rules (list) --
        
        The list of network traffic rules that control which URLs are allowed or denied during testing.
        
        (dict) --
        
        A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.
        
        effect (string) --
        
        The effect of the rule. Valid values are ALLOW and DENY.
        
        pattern (string) --
        
        The URL pattern to match for the rule.
        
        networkTrafficRuleType (string) --
        
        The type of the network traffic rule. Currently, only URL is supported.
      - customHeaders (list) --
        
        The list of custom HTTP headers to include in network traffic during testing.
        
        (dict) --
        
        A custom HTTP header to include in network traffic during penetration testing.
        
        name (string) --
        
        The name of the custom header.
        
        value (string) --
        
        The value of the custom header.
    - codeRemediationStrategy (string) --
      
      The code remediation strategy for the pentest.
    - cleanUpStrategy (string) --
      
      Strategy for cleaning up resources after pentest job completion.
    - disableManagedSkills (list) --
      
      A list of managed skills to disable for this pentest. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.
      - (string) --
        
        Type of managed skill that can be enabled or disabled for a pentest.
    - createdAt (datetime) --
      
      The date and time the pentest was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the pentest was last updated, in UTC format.
- failed (list) --
  
  The list of pentests that failed to delete, including the reason for each failure.
  - (dict) --
    
    Contains information about a pentest that failed to delete.
    - pentestId (string) --
      
      The unique identifier of the pentest that failed to delete.
    - reason (string) --
      
      The reason the pentest failed to delete.

BatchGetCodeReviewJobs (updated)

Link ¶
Changes (response)

{'codeReviewJobs': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                         'resourceId': 'string'}},
                    'steps': {'name': {'VALIDATION'}}}}

Retrieves information about one or more code review jobs in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_code_review_jobs(
    codeReviewJobIds=[
        'string',
    ],
    agentSpaceId='string'
)

type codeReviewJobIds:

list

param codeReviewJobIds:

[REQUIRED]

The list of code review job identifiers to retrieve.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the code review jobs.

rtype:

dict

returns:

Response Syntax

{
    'codeReviewJobs': [
        {
            'codeReviewJobId': 'string',
            'codeReviewId': 'string',
            'title': 'string',
            'overview': 'string',
            'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
            'documents': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'sourceCode': [
                {
                    's3Location': 'string'
                },
            ],
            'steps': [
                {
                    'name': 'PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING'|'VALIDATION',
                    'status': 'NOT_STARTED'|'IN_PROGRESS'|'COMPLETED'|'FAILED'|'STOPPED',
                    'createdAt': datetime(2015, 1, 1),
                    'updatedAt': datetime(2015, 1, 1)
                },
            ],
            'executionContext': [
                {
                    'contextType': 'ERROR'|'CLIENT_ERROR'|'WARNING'|'INFO',
                    'context': 'string',
                    'timestamp': datetime(2015, 1, 1)
                },
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'errorInformation': {
                'code': 'CLIENT_ERROR'|'INTERNAL_ERROR'|'STOPPED_BY_USER',
                'message': 'string'
            },
            'integratedRepositories': [
                {
                    'integrationId': 'string',
                    'providerResourceId': 'string'
                },
            ],
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetCodeReviewJobs operation.
- codeReviewJobs (list) --
  
  The list of code review jobs that were found.
  - (dict) --
    
    Represents a code review job, which is an execution instance of a code review. A code review job progresses through preflight, static analysis, and finalizing steps.
    - codeReviewJobId (string) --
      
      The unique identifier of the code review job.
    - codeReviewId (string) --
      
      The unique identifier of the code review associated with the job.
    - title (string) --
      
      The title of the code review job.
    - overview (string) --
      
      An overview of the code review job results.
    - status (string) --
      
      The current status of the code review job.
    - documents (list) --
      
      The list of documents providing context for the code review job.
      - (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
    - sourceCode (list) --
      
      The list of source code repositories analyzed during the code review job.
      - (dict) --
        
        Represents a source code repository used for security analysis during a pentest.
        
        s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
    - steps (list) --
      
      The list of steps in the code review job execution.
      - (dict) --
        
        Represents a step in the pentest job execution pipeline. Steps include preflight, static analysis, pentest, and finalizing.
        
        name (string) --
        
        The name of the step. Valid values include PREFLIGHT, STATIC_ANALYSIS, PENTEST, VALIDATION, and FINALIZING.
        
        status (string) --
        
        The current status of the step.
        
        createdAt (datetime) --
        
        The date and time the step was created, in UTC format.
        
        updatedAt (datetime) --
        
        The date and time the step was last updated, in UTC format.
    - executionContext (list) --
      
      The execution context messages for the code review job.
      - (dict) --
        
        Contains contextual information about the execution of a pentest job, such as errors, warnings, or informational messages.
        
        contextType (string) --
        
        The type of context. Valid values include ERROR, CLIENT_ERROR, WARNING, and INFO.
        
        context (string) --
        
        The context message.
        
        timestamp (datetime) --
        
        The date and time the context was recorded, in UTC format.
    - serviceRole (string) --
      
      The IAM service role used for the code review job.
    - logConfig (dict) --
      
      The CloudWatch Logs configuration for the code review job.
      - logGroup (string) --
        
        The name of the CloudWatch log group.
      - logStream (string) --
        
        The name of the CloudWatch log stream.
    - errorInformation (dict) --
      
      Error information if the code review job encountered an error.
      - code (string) --
        
        The error code. Valid values include CLIENT_ERROR, INTERNAL_ERROR, and STOPPED_BY_USER.
      - message (string) --
        
        A message describing the error.
    - integratedRepositories (list) --
      
      The list of integrated repositories associated with the code review job.
      - (dict) --
        
        Represents a code repository that is integrated with the service through a third-party provider.
        
        integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
        
        providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
    - codeRemediationStrategy (string) --
      
      The code remediation strategy for the code review job.
    - createdAt (datetime) --
      
      The date and time the code review job was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the code review job was last updated, in UTC format.
- notFound (list) --
  
  The list of code review job identifiers that were not found.
  - (string) --

BatchGetCodeReviews (updated)

Link ¶
Changes (response)

{'codeReviews': {'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                                 'resourceId': 'string'}}},
                 'validationMode': 'DISABLED | SIMULATED'}}

Retrieves information about one or more code reviews in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_code_reviews(
    codeReviewIds=[
        'string',
    ],
    agentSpaceId='string'
)

type codeReviewIds:

list

param codeReviewIds:

[REQUIRED]

The list of code review identifiers to retrieve.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the code reviews.

rtype:

dict

returns:

Response Syntax

{
    'codeReviews': [
        {
            'codeReviewId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'assets': {
                'endpoints': [
                    {
                        'uri': 'string'
                    },
                ],
                'actors': [
                    {
                        'identifier': 'string',
                        'uris': [
                            'string',
                        ],
                        'authentication': {
                            'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                            'value': 'string'
                        },
                        'description': 'string'
                    },
                ],
                'documents': [
                    {
                        's3Location': 'string',
                        'artifactId': 'string',
                        'integratedDocument': {
                            'integrationId': 'string',
                            'resourceId': 'string'
                        }
                    },
                ],
                'sourceCode': [
                    {
                        's3Location': 'string'
                    },
                ],
                'integratedRepositories': [
                    {
                        'integrationId': 'string',
                        'providerResourceId': 'string'
                    },
                ]
            },
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'validationMode': 'DISABLED'|'SIMULATED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetCodeReviews operation.
- codeReviews (list) --
  
  The list of code reviews that were found.
  - (dict) --
    
    Represents a code review configuration that defines the parameters for automated security-focused code analysis, including target assets and logging configuration.
    - codeReviewId (string) --
      
      The unique identifier of the code review.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space that contains the code review.
    - title (string) --
      
      The title of the code review.
    - assets (dict) --
      
      The assets included in the code review.
      - endpoints (list) --
        
        The list of endpoints to test during the pentest.
        
        (dict) --
        
        Represents a target endpoint for penetration testing.
        
        uri (string) --
        
        The URI of the endpoint.
      - actors (list) --
        
        The list of actors used during penetration testing.
        
        (dict) --
        
        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
        
        identifier (string) --
        
        The unique identifier for the actor.
        
        uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
        
        authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
        
        description (string) --
        
        A description of the actor.
      - documents (list) --
        
        The list of documents that provide context for the pentest.
        
        (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
      - sourceCode (list) --
        
        The list of source code repositories to analyze during the pentest.
        
        (dict) --
        
        Represents a source code repository used for security analysis during a pentest.
        
        s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
      - integratedRepositories (list) --
        
        The list of integrated repositories associated with the pentest.
        
        (dict) --
        
        Represents a code repository that is integrated with the service through a third-party provider.
        
        integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
        
        providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
    - serviceRole (string) --
      
      The IAM service role used for the code review.
    - logConfig (dict) --
      
      The CloudWatch Logs configuration for the code review.
      - logGroup (string) --
        
        The name of the CloudWatch log group.
      - logStream (string) --
        
        The name of the CloudWatch log stream.
    - codeRemediationStrategy (string) --
      
      The code remediation strategy for the code review.
    - validationMode (string) --
      
      The validation mode for the code review. Valid values are SIMULATED and DISABLED.
    - createdAt (datetime) --
      
      The date and time the code review was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the code review was last updated, in UTC format.
- notFound (list) --
  
  The list of code review identifiers that were not found.
  - (string) --

BatchGetFindings (updated)

Link ¶
Changes (response)

{'findings': {'alignmentRationale': 'string',
              'customerNote': 'string',
              'validationStatus': 'CONFIRMED | NOT_REPRODUCED | '
                                  'VALIDATION_FAILED | VALIDATING | '
                                  'NOT_VALIDATED'}}

Retrieves information about one or more security findings in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_findings(
    findingIds=[
        'string',
    ],
    agentSpaceId='string'
)

type findingIds:

list

param findingIds:

[REQUIRED]

The list of finding identifiers to retrieve.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the findings.

rtype:

dict

returns:

Response Syntax

{
    'findings': [
        {
            'findingId': 'string',
            'agentSpaceId': 'string',
            'pentestId': 'string',
            'pentestJobId': 'string',
            'codeReviewId': 'string',
            'codeReviewJobId': 'string',
            'taskId': 'string',
            'name': 'string',
            'description': 'string',
            'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
            'riskType': 'string',
            'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
            'riskScore': 'string',
            'reasoning': 'string',
            'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
            'validationStatus': 'CONFIRMED'|'NOT_REPRODUCED'|'VALIDATION_FAILED'|'VALIDATING'|'NOT_VALIDATED',
            'attackScript': 'string',
            'codeRemediationTask': {
                'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED',
                'statusReason': 'string',
                'taskDetails': [
                    {
                        'repoName': 'string',
                        'codeDiffLink': 'string',
                        'pullRequestLink': 'string'
                    },
                ]
            },
            'lastUpdatedBy': 'string',
            'customerNote': 'string',
            'codeLocations': [
                {
                    'filePath': 'string',
                    'lineStart': 123,
                    'lineEnd': 123,
                    'label': 'string'
                },
            ],
            'verificationScript': {
                'scriptType': 'string',
                'scriptUrl': 'string',
                'instructions': 'string',
                'envVars': [
                    {
                        'name': 'string',
                        'value': 'string'
                    },
                ]
            },
            'alignmentRationale': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetFindings operation.
- findings (list) --
  
  The list of findings that were found.
  - (dict) --
    
    Represents a security finding discovered during a pentest job. A finding contains details about a vulnerability, including its risk level, confidence, and remediation status.
    - findingId (string) --
      
      The unique identifier of the finding.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space associated with the finding.
    - pentestId (string) --
      
      The unique identifier of the pentest associated with the finding.
    - pentestJobId (string) --
      
      The unique identifier of the pentest job that produced the finding.
    - codeReviewId (string) --
      
      The unique identifier of the code review associated with the finding.
    - codeReviewJobId (string) --
      
      The unique identifier of the code review job that produced the finding.
    - taskId (string) --
      
      The unique identifier of the task that produced the finding.
    - name (string) --
      
      The name of the finding.
    - description (string) --
      
      A description of the finding.
    - status (string) --
      
      The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.
    - riskType (string) --
      
      The type of security risk identified by the finding.
    - riskLevel (string) --
      
      The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.
    - riskScore (string) --
      
      The numerical risk score of the finding.
    - reasoning (string) --
      
      The reasoning behind the finding, explaining why it was identified as a vulnerability.
    - confidence (string) --
      
      The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.
    - validationStatus (string) --
      
      The simulated validation status of the finding. Valid values are NOT_VALIDATED, VALIDATING, CONFIRMED, NOT_REPRODUCED, and VALIDATION_FAILED.
    - attackScript (string) --
      
      The attack script used to reproduce the finding.
    - codeRemediationTask (dict) --
      
      The code remediation task associated with the finding, if code remediation was initiated.
      - status (string) --
        
        The current status of the code remediation task.
      - statusReason (string) --
        
        The reason for the current status of the code remediation task.
      - taskDetails (list) --
        
        The list of details for the code remediation task, including repository name, code diff link, and pull request link.
        
        (dict) --
        
        Contains details about a code remediation task, including links to the code diff and pull request.
        
        repoName (string) --
        
        The name of the repository where the remediation was applied.
        
        codeDiffLink (string) --
        
        The link to the code diff for the remediation.
        
        pullRequestLink (string) --
        
        The link to the pull request created for the remediation.
    - lastUpdatedBy (string) --
      
      The identifier of the entity that last updated the finding.
    - customerNote (string) --
      
      A customer-provided note on the finding.
    - codeLocations (list) --
      
      The file locations involved in the vulnerability, as reported by the code scanner.
      - (dict) --
        
        Represents a location in source code associated with a security finding.
        
        filePath (string) --
        
        The absolute path to the file containing the code location.
        
        lineStart (integer) --
        
        The starting line number of the code location.
        
        lineEnd (integer) --
        
        The ending line number of the code location.
        
        label (string) --
        
        The role of this location in the vulnerability, such as source or sink.
    - verificationScript (dict) --
      
      The verification script metadata for reproducing the finding, including download URL, instructions, and required environment variables.
      - scriptType (string) --
        
        The type of script. Valid values are python and bash.
      - scriptUrl (string) --
        
        URL to download the verification script.
      - instructions (string) --
        
        Instructions for running the verification script, including prerequisites and how to interpret results.
      - envVars (list) --
        
        The list of environment variables required to run the verification script.
        
        (dict) --
        
        Represents an environment variable required to run a verification script.
        
        name (string) --
        
        The name of the environment variable.
        
        value (string) --
        
        The value of the environment variable.
    - alignmentRationale (string) --
      
      The rationale provided by the alignment agent explaining how the finding was adjusted based on customer preferences.
    - createdAt (datetime) --
      
      The date and time the finding was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the finding was last updated, in UTC format.
- notFound (list) --
  
  The list of finding identifiers that were not found.
  - (string) --

BatchGetPentestJobs (updated)

Link ¶
Changes (response)

{'pentestJobs': {'cleanUpStrategy': 'BEST_EFFORT_DELETE | RETAIN_ALL',
                 'disableManagedSkills': ['FINDING_PERSONALIZATION | '
                                          'LOGIN_OPTIMIZATION'],
                 'documents': {'integratedDocument': {'integrationId': 'string',
                                                      'resourceId': 'string'}},
                 'steps': {'name': {'VALIDATION'}}}}

Retrieves information about one or more pentest jobs in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_pentest_jobs(
    pentestJobIds=[
        'string',
    ],
    agentSpaceId='string'
)

type pentestJobIds:

list

param pentestJobIds:

[REQUIRED]

The list of pentest job identifiers to retrieve.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the pentest jobs.

rtype:

dict

returns:

Response Syntax

{
    'pentestJobs': [
        {
            'pentestJobId': 'string',
            'pentestId': 'string',
            'title': 'string',
            'overview': 'string',
            'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
            'endpoints': [
                {
                    'uri': 'string'
                },
            ],
            'actors': [
                {
                    'identifier': 'string',
                    'uris': [
                        'string',
                    ],
                    'authentication': {
                        'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                        'value': 'string'
                    },
                    'description': 'string'
                },
            ],
            'documents': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'sourceCode': [
                {
                    's3Location': 'string'
                },
            ],
            'excludePaths': [
                {
                    'uri': 'string'
                },
            ],
            'allowedDomains': [
                {
                    'uri': 'string'
                },
            ],
            'excludeRiskTypes': [
                'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
            ],
            'steps': [
                {
                    'name': 'PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING'|'VALIDATION',
                    'status': 'NOT_STARTED'|'IN_PROGRESS'|'COMPLETED'|'FAILED'|'STOPPED',
                    'createdAt': datetime(2015, 1, 1),
                    'updatedAt': datetime(2015, 1, 1)
                },
            ],
            'executionContext': [
                {
                    'contextType': 'ERROR'|'CLIENT_ERROR'|'WARNING'|'INFO',
                    'context': 'string',
                    'timestamp': datetime(2015, 1, 1)
                },
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'vpcConfig': {
                'vpcArn': 'string',
                'securityGroupArns': [
                    'string',
                ],
                'subnetArns': [
                    'string',
                ]
            },
            'networkTrafficConfig': {
                'rules': [
                    {
                        'effect': 'ALLOW'|'DENY',
                        'pattern': 'string',
                        'networkTrafficRuleType': 'URL'
                    },
                ],
                'customHeaders': [
                    {
                        'name': 'string',
                        'value': 'string'
                    },
                ]
            },
            'errorInformation': {
                'code': 'CLIENT_ERROR'|'INTERNAL_ERROR'|'STOPPED_BY_USER',
                'message': 'string'
            },
            'integratedRepositories': [
                {
                    'integrationId': 'string',
                    'providerResourceId': 'string'
                },
            ],
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'cleanUpStrategy': 'BEST_EFFORT_DELETE'|'RETAIN_ALL',
            'disableManagedSkills': [
                'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
            ],
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetPentestJobs operation.
- pentestJobs (list) --
  
  The list of pentest jobs that were found.
  - (dict) --
    
    Represents a pentest job, which is an execution instance of a pentest. A pentest job progresses through preflight, static analysis, pentest, and finalizing steps.
    - pentestJobId (string) --
      
      The unique identifier of the pentest job.
    - pentestId (string) --
      
      The unique identifier of the pentest associated with the job.
    - title (string) --
      
      The title of the pentest job.
    - overview (string) --
      
      An overview of the pentest job results.
    - status (string) --
      
      The current status of the pentest job.
    - endpoints (list) --
      
      The list of endpoints being tested in the pentest job.
      - (dict) --
        
        Represents a target endpoint for penetration testing.
        
        uri (string) --
        
        The URI of the endpoint.
    - actors (list) --
      
      The list of actors used during the pentest job.
      - (dict) --
        
        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
        
        identifier (string) --
        
        The unique identifier for the actor.
        
        uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
        
        authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
        
        description (string) --
        
        A description of the actor.
    - documents (list) --
      
      The list of documents providing context for the pentest job.
      - (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
    - sourceCode (list) --
      
      The list of source code repositories analyzed during the pentest job.
      - (dict) --
        
        Represents a source code repository used for security analysis during a pentest.
        
        s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
    - excludePaths (list) --
      
      The list of paths excluded from the pentest job.
      - (dict) --
        
        Represents a target endpoint for penetration testing.
        
        uri (string) --
        
        The URI of the endpoint.
    - allowedDomains (list) --
      
      The list of domains allowed during the pentest job.
      - (dict) --
        
        Represents a target endpoint for penetration testing.
        
        uri (string) --
        
        The URI of the endpoint.
    - excludeRiskTypes (list) --
      
      The list of risk types excluded from the pentest job.
      - (string) --
        
        Type of security risk.
    - steps (list) --
      
      The list of steps in the pentest job execution.
      - (dict) --
        
        Represents a step in the pentest job execution pipeline. Steps include preflight, static analysis, pentest, and finalizing.
        
        name (string) --
        
        The name of the step. Valid values include PREFLIGHT, STATIC_ANALYSIS, PENTEST, VALIDATION, and FINALIZING.
        
        status (string) --
        
        The current status of the step.
        
        createdAt (datetime) --
        
        The date and time the step was created, in UTC format.
        
        updatedAt (datetime) --
        
        The date and time the step was last updated, in UTC format.
    - executionContext (list) --
      
      The execution context messages for the pentest job.
      - (dict) --
        
        Contains contextual information about the execution of a pentest job, such as errors, warnings, or informational messages.
        
        contextType (string) --
        
        The type of context. Valid values include ERROR, CLIENT_ERROR, WARNING, and INFO.
        
        context (string) --
        
        The context message.
        
        timestamp (datetime) --
        
        The date and time the context was recorded, in UTC format.
    - serviceRole (string) --
      
      The IAM service role used for the pentest job.
    - logConfig (dict) --
      
      The CloudWatch Logs configuration for the pentest job.
      - logGroup (string) --
        
        The name of the CloudWatch log group.
      - logStream (string) --
        
        The name of the CloudWatch log stream.
    - vpcConfig (dict) --
      
      The VPC configuration for the pentest job.
      - vpcArn (string) --
        
        The Amazon Resource Name (ARN) of the VPC.
      - securityGroupArns (list) --
        
        The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.
        
        (string) --
        
        ARN or ID of a security group.
      - subnetArns (list) --
        
        The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.
        
        (string) --
        
        ARN or ID of a subnet.
    - networkTrafficConfig (dict) --
      
      The network traffic configuration for the pentest job.
      - rules (list) --
        
        The list of network traffic rules that control which URLs are allowed or denied during testing.
        
        (dict) --
        
        A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.
        
        effect (string) --
        
        The effect of the rule. Valid values are ALLOW and DENY.
        
        pattern (string) --
        
        The URL pattern to match for the rule.
        
        networkTrafficRuleType (string) --
        
        The type of the network traffic rule. Currently, only URL is supported.
      - customHeaders (list) --
        
        The list of custom HTTP headers to include in network traffic during testing.
        
        (dict) --
        
        A custom HTTP header to include in network traffic during penetration testing.
        
        name (string) --
        
        The name of the custom header.
        
        value (string) --
        
        The value of the custom header.
    - errorInformation (dict) --
      
      Error information if the pentest job encountered an error.
      - code (string) --
        
        The error code. Valid values include CLIENT_ERROR, INTERNAL_ERROR, and STOPPED_BY_USER.
      - message (string) --
        
        A message describing the error.
    - integratedRepositories (list) --
      
      The list of integrated repositories associated with the pentest job.
      - (dict) --
        
        Represents a code repository that is integrated with the service through a third-party provider.
        
        integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
        
        providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
    - codeRemediationStrategy (string) --
      
      The code remediation strategy for the pentest job.
    - cleanUpStrategy (string) --
      
      Strategy for cleaning up resources after pentest job completion.
    - disableManagedSkills (list) --
      
      A list of managed skills disabled for this pentest job. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.
      - (string) --
        
        Type of managed skill that can be enabled or disabled for a pentest.
    - createdAt (datetime) --
      
      The date and time the pentest job was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the pentest job was last updated, in UTC format.
- notFound (list) --
  
  The list of pentest job identifiers that were not found.
  - (string) --

BatchGetPentests (updated)

Link ¶
Changes (response)

{'pentests': {'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                              'resourceId': 'string'}}},
              'cleanUpStrategy': 'BEST_EFFORT_DELETE | RETAIN_ALL',
              'disableManagedSkills': ['FINDING_PERSONALIZATION | '
                                       'LOGIN_OPTIMIZATION']}}

Retrieves information about one or more pentests in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_pentests(
    pentestIds=[
        'string',
    ],
    agentSpaceId='string'
)

type pentestIds:

list

param pentestIds:

[REQUIRED]

The list of pentest identifiers to retrieve.

(string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the pentests.

rtype:

dict

returns:

Response Syntax

{
    'pentests': [
        {
            'pentestId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'assets': {
                'endpoints': [
                    {
                        'uri': 'string'
                    },
                ],
                'actors': [
                    {
                        'identifier': 'string',
                        'uris': [
                            'string',
                        ],
                        'authentication': {
                            'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                            'value': 'string'
                        },
                        'description': 'string'
                    },
                ],
                'documents': [
                    {
                        's3Location': 'string',
                        'artifactId': 'string',
                        'integratedDocument': {
                            'integrationId': 'string',
                            'resourceId': 'string'
                        }
                    },
                ],
                'sourceCode': [
                    {
                        's3Location': 'string'
                    },
                ],
                'integratedRepositories': [
                    {
                        'integrationId': 'string',
                        'providerResourceId': 'string'
                    },
                ]
            },
            'excludeRiskTypes': [
                'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'vpcConfig': {
                'vpcArn': 'string',
                'securityGroupArns': [
                    'string',
                ],
                'subnetArns': [
                    'string',
                ]
            },
            'networkTrafficConfig': {
                'rules': [
                    {
                        'effect': 'ALLOW'|'DENY',
                        'pattern': 'string',
                        'networkTrafficRuleType': 'URL'
                    },
                ],
                'customHeaders': [
                    {
                        'name': 'string',
                        'value': 'string'
                    },
                ]
            },
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'cleanUpStrategy': 'BEST_EFFORT_DELETE'|'RETAIN_ALL',
            'disableManagedSkills': [
                'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
            ],
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

(dict) --

Output for the BatchGetPentests operation.
- pentests (list) --
  
  The list of pentests that were found.
  - (dict) --
    
    Represents a pentest configuration that defines the parameters for security testing, including target assets, risk type exclusions, and infrastructure settings.
    - pentestId (string) --
      
      The unique identifier of the pentest.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space that contains the pentest.
    - title (string) --
      
      The title of the pentest.
    - assets (dict) --
      
      The assets included in the pentest.
      - endpoints (list) --
        
        The list of endpoints to test during the pentest.
        
        (dict) --
        
        Represents a target endpoint for penetration testing.
        
        uri (string) --
        
        The URI of the endpoint.
      - actors (list) --
        
        The list of actors used during penetration testing.
        
        (dict) --
        
        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
        
        identifier (string) --
        
        The unique identifier for the actor.
        
        uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
        
        authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
        
        description (string) --
        
        A description of the actor.
      - documents (list) --
        
        The list of documents that provide context for the pentest.
        
        (dict) --
        
        Represents a document that provides context for security testing.
        
        s3Location (string) --
        
        The Amazon S3 location of the document.
        
        artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
        
        integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
      - sourceCode (list) --
        
        The list of source code repositories to analyze during the pentest.
        
        (dict) --
        
        Represents a source code repository used for security analysis during a pentest.
        
        s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
      - integratedRepositories (list) --
        
        The list of integrated repositories associated with the pentest.
        
        (dict) --
        
        Represents a code repository that is integrated with the service through a third-party provider.
        
        integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
        
        providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
    - excludeRiskTypes (list) --
      
      The list of risk types excluded from the pentest.
      - (string) --
        
        Type of security risk.
    - serviceRole (string) --
      
      The IAM service role used for the pentest.
    - logConfig (dict) --
      
      The CloudWatch Logs configuration for the pentest.
      - logGroup (string) --
        
        The name of the CloudWatch log group.
      - logStream (string) --
        
        The name of the CloudWatch log stream.
    - vpcConfig (dict) --
      
      The VPC configuration for the pentest.
      - vpcArn (string) --
        
        The Amazon Resource Name (ARN) of the VPC.
      - securityGroupArns (list) --
        
        The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.
        
        (string) --
        
        ARN or ID of a security group.
      - subnetArns (list) --
        
        The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.
        
        (string) --
        
        ARN or ID of a subnet.
    - networkTrafficConfig (dict) --
      
      The network traffic configuration for the pentest.
      - rules (list) --
        
        The list of network traffic rules that control which URLs are allowed or denied during testing.
        
        (dict) --
        
        A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.
        
        effect (string) --
        
        The effect of the rule. Valid values are ALLOW and DENY.
        
        pattern (string) --
        
        The URL pattern to match for the rule.
        
        networkTrafficRuleType (string) --
        
        The type of the network traffic rule. Currently, only URL is supported.
      - customHeaders (list) --
        
        The list of custom HTTP headers to include in network traffic during testing.
        
        (dict) --
        
        A custom HTTP header to include in network traffic during penetration testing.
        
        name (string) --
        
        The name of the custom header.
        
        value (string) --
        
        The value of the custom header.
    - codeRemediationStrategy (string) --
      
      The code remediation strategy for the pentest.
    - cleanUpStrategy (string) --
      
      Strategy for cleaning up resources after pentest job completion.
    - disableManagedSkills (list) --
      
      A list of managed skills to disable for this pentest. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.
      - (string) --
        
        Type of managed skill that can be enabled or disabled for a pentest.
    - createdAt (datetime) --
      
      The date and time the pentest was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the pentest was last updated, in UTC format.
- notFound (list) --
  
  The list of pentest identifiers that were not found.
  - (string) --

CreateCodeReview (updated)

Link ¶
Changes (both)

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}},
 'validationMode': 'DISABLED | SIMULATED'}

Creates a new code review configuration in an agent space. A code review defines the parameters for automated security-focused code analysis.

See also: AWS API Documentation

Request Syntax

client.create_code_review(
    title='string',
    agentSpaceId='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    codeRemediationStrategy='AUTOMATIC'|'DISABLED',
    validationMode='DISABLED'|'SIMULATED'
)

type title:

string

param title:

[REQUIRED]

The title of the code review.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to create the code review in.

type assets:

dict

param assets:

[REQUIRED]

The assets to include in the code review, such as documents and source code.

endpoints (list) --

The list of endpoints to test during the pentest.
- (dict) --
  
  Represents a target endpoint for penetration testing.
  - uri (string) --
    
    The URI of the endpoint.
actors (list) --

The list of actors used during penetration testing.
- (dict) --
  
  Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
  - identifier (string) --
    
    The unique identifier for the actor.
  - uris (list) --
    
    The list of URIs that the actor targets during testing.
    - (string) --
  - authentication (dict) --
    
    The authentication configuration for the actor.
    - providerType (string) --
      
      The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
    - value (string) --
      
      The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
  - description (string) --
    
    A description of the actor.
documents (list) --

The list of documents that provide context for the pentest.
- (dict) --
  
  Represents a document that provides context for security testing.
  - s3Location (string) --
    
    The Amazon S3 location of the document.
  - artifactId (string) --
    
    The unique identifier of the artifact associated with the document.
  - integratedDocument (dict) --
    
    A reference to a document in an integrated third-party provider.
    - integrationId (string) -- [REQUIRED]
      
      The identifier of the integration that provides access to the document.
    - resourceId (string) -- [REQUIRED]
      
      The provider-specific resource identifier for the document.
sourceCode (list) --

The list of source code repositories to analyze during the pentest.
- (dict) --
  
  Represents a source code repository used for security analysis during a pentest.
  - s3Location (string) --
    
    The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --

The list of integrated repositories associated with the pentest.
- (dict) --
  
  Represents a code repository that is integrated with the service through a third-party provider.
  - integrationId (string) -- [REQUIRED]
    
    The unique identifier of the integration that provides access to the repository.
  - providerResourceId (string) -- [REQUIRED]
    
    The provider-specific resource identifier for the repository.

type serviceRole:

string

param serviceRole:

The IAM service role to use for the code review.

type logConfig:

dict

param logConfig:

The CloudWatch Logs configuration for the code review.

logGroup (string) --

The name of the CloudWatch log group.
logStream (string) --

The name of the CloudWatch log stream.

type codeRemediationStrategy:

string

param codeRemediationStrategy:

The code remediation strategy for the code review. Valid values are AUTOMATIC and DISABLED.

type validationMode:

string

param validationMode:

The validation mode for the code review. Valid values are SIMULATED and DISABLED.

rtype:

dict

returns:

Response Syntax

{
    'codeReviewId': 'string',
    'title': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'agentSpaceId': 'string',
    'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
    'validationMode': 'DISABLED'|'SIMULATED'
}

Response Structure

(dict) --

Output for the CreateCodeReview operation.
- codeReviewId (string) --
  
  The unique identifier of the created code review.
- title (string) --
  
  The title of the code review.
- createdAt (datetime) --
  
  The date and time the code review was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the code review was last updated, in UTC format.
- assets (dict) --
  
  The assets included in the code review.
  - endpoints (list) --
    
    The list of endpoints to test during the pentest.
    - (dict) --
      
      Represents a target endpoint for penetration testing.
      - uri (string) --
        
        The URI of the endpoint.
  - actors (list) --
    
    The list of actors used during penetration testing.
    - (dict) --
      
      Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
      - identifier (string) --
        
        The unique identifier for the actor.
      - uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
      - authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
      - description (string) --
        
        A description of the actor.
  - documents (list) --
    
    The list of documents that provide context for the pentest.
    - (dict) --
      
      Represents a document that provides context for security testing.
      - s3Location (string) --
        
        The Amazon S3 location of the document.
      - artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
      - integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
  - sourceCode (list) --
    
    The list of source code repositories to analyze during the pentest.
    - (dict) --
      
      Represents a source code repository used for security analysis during a pentest.
      - s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
  - integratedRepositories (list) --
    
    The list of integrated repositories associated with the pentest.
    - (dict) --
      
      Represents a code repository that is integrated with the service through a third-party provider.
      - integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
      - providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
- serviceRole (string) --
  
  The IAM service role used for the code review.
- logConfig (dict) --
  
  The CloudWatch Logs configuration for the code review.
  - logGroup (string) --
    
    The name of the CloudWatch log group.
  - logStream (string) --
    
    The name of the CloudWatch log stream.
- agentSpaceId (string) --
  
  The unique identifier of the agent space that contains the code review.
- codeRemediationStrategy (string) --
  
  The code remediation strategy for the code review.
- validationMode (string) --
  
  The validation mode for the code review.

CreateIntegration (updated)

Link ¶
Changes (request)

{'input': {'bitbucket': {'code': 'string',
                         'installationId': 'string',
                         'state': 'string',
                         'workspace': 'string'},
           'confluence': {'code': 'string',
                          'installationId': 'string',
                          'siteUrl': 'string',
                          'state': 'string'},
           'github': {'installationId': 'string', 'targetUrl': 'string'},
           'gitlab': {'accessToken': 'string',
                      'groupId': 'string',
                      'targetUrl': 'string',
                      'tokenType': 'PERSONAL | GROUP'}},
 'privateConnectionName': 'string',
 'provider': {'BITBUCKET', 'GITLAB', 'CONFLUENCE'}}

Creates a new integration with a third-party provider, such as GitHub, for code review and remediation.

See also: AWS API Documentation

Request Syntax

client.create_integration(
    provider='GITHUB'|'GITLAB'|'BITBUCKET'|'CONFLUENCE',
    input={
        'github': {
            'code': 'string',
            'state': 'string',
            'organizationName': 'string',
            'targetUrl': 'string',
            'installationId': 'string'
        },
        'gitlab': {
            'accessToken': 'string',
            'targetUrl': 'string',
            'tokenType': 'PERSONAL'|'GROUP',
            'groupId': 'string'
        },
        'bitbucket': {
            'installationId': 'string',
            'workspace': 'string',
            'code': 'string',
            'state': 'string'
        },
        'confluence': {
            'installationId': 'string',
            'code': 'string',
            'state': 'string',
            'siteUrl': 'string'
        }
    },
    integrationDisplayName='string',
    kmsKeyId='string',
    tags={
        'string': 'string'
    },
    privateConnectionName='string'
)

type provider:

string

param provider:

[REQUIRED]

The integration provider. Currently, only GITHUB is supported.

type input:

dict

param input:

[REQUIRED]

The provider-specific input required to create the integration.

github (dict) --

The GitHub-specific input for creating an integration.
- code (string) -- [REQUIRED]
  
  The OAuth authorization code received from GitHub.
- state (string) -- [REQUIRED]
  
  The CSRF state token for validating the OAuth flow.
- organizationName (string) --
  
  The name of the GitHub organization to integrate with.
- targetUrl (string) --
  
  The HTTPS URL of a self-hosted GitHub Enterprise Server instance. Omit this value for GitHub.com.
- installationId (string) --
  
  The installation identifier provided by GitHub Enterprise Server on the install callback. Required for GitHub Enterprise Server integrations and ignored for GitHub.com.
gitlab (dict) --

The configuration for a GitLab integration.
- accessToken (string) -- [REQUIRED]
  
  The GitLab access token used to authenticate. This can be a personal access token or a group access token.
- targetUrl (string) --
  
  The HTTPS URL of a self-managed GitLab instance. Omit this value for GitLab SaaS (gitlab.com).
- tokenType (string) -- [REQUIRED]
  
  The type of GitLab access token provided in accessToken.
- groupId (string) --
  
  The identifier of the GitLab group. Required when tokenType is group and ignored for personal tokens.
bitbucket (dict) --

The configuration for a Bitbucket integration.
- installationId (string) -- [REQUIRED]
  
  The Atlassian installation identifier, available from the Atlassian administration console.
- workspace (string) -- [REQUIRED]
  
  The Bitbucket workspace slug that identifies the workspace to integrate, for example acme-corp.
- code (string) -- [REQUIRED]
  
  The OAuth 2.0 authorization code returned from the consent redirect.
- state (string) -- [REQUIRED]
  
  The CSRF state token echoed back from the OAuth redirect.
confluence (dict) --

The configuration for a Confluence integration.
- installationId (string) -- [REQUIRED]
  
  The Atlassian installation identifier, available from the Atlassian administration console.
- code (string) -- [REQUIRED]
  
  The OAuth 2.0 authorization code returned from the consent redirect.
- state (string) -- [REQUIRED]
  
  The CSRF state token echoed back from the OAuth redirect.
- siteUrl (string) -- [REQUIRED]
  
  The Confluence Cloud site URL, for example https://mysite.atlassian.net.

type integrationDisplayName:

string

param integrationDisplayName:

[REQUIRED]

The display name for the integration.

type kmsKeyId:

string

param kmsKeyId:

The identifier of the AWS KMS key to use for encrypting data associated with the integration.

type tags:

dict

param tags:

The tags to associate with the integration.

(string) --

Key for a resource tag.
- (string) --
  
  Value for a resource tag.

type privateConnectionName:

string

param privateConnectionName:

The name of an active private connection used to reach a self-hosted provider instance over private networking. Specify this when the instance is not publicly reachable.

rtype:

dict

returns:

Response Syntax

{
    'integrationId': 'string'
}

Response Structure

(dict) --
- integrationId (string) --
  
  The unique identifier of the created integration.

CreatePentest (updated)

Link ¶
Changes (request, response)
Request

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}},
 'disableManagedSkills': ['FINDING_PERSONALIZATION | LOGIN_OPTIMIZATION']}

Response

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}}}

Creates a new pentest configuration in an agent space. A pentest defines the security test parameters, including target assets, risk type exclusions, and logging configuration.

See also: AWS API Documentation

Request Syntax

client.create_pentest(
    title='string',
    agentSpaceId='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    excludeRiskTypes=[
        'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
    ],
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    vpcConfig={
        'vpcArn': 'string',
        'securityGroupArns': [
            'string',
        ],
        'subnetArns': [
            'string',
        ]
    },
    networkTrafficConfig={
        'rules': [
            {
                'effect': 'ALLOW'|'DENY',
                'pattern': 'string',
                'networkTrafficRuleType': 'URL'
            },
        ],
        'customHeaders': [
            {
                'name': 'string',
                'value': 'string'
            },
        ]
    },
    codeRemediationStrategy='AUTOMATIC'|'DISABLED',
    disableManagedSkills=[
        'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
    ]
)

type title:

string

param title:

[REQUIRED]

The title of the pentest.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to create the pentest in.

type assets:

dict

param assets:

The assets to include in the pentest, such as endpoints, actors, documents, and source code.

endpoints (list) --

The list of endpoints to test during the pentest.
- (dict) --
  
  Represents a target endpoint for penetration testing.
  - uri (string) --
    
    The URI of the endpoint.
actors (list) --

The list of actors used during penetration testing.
- (dict) --
  
  Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
  - identifier (string) --
    
    The unique identifier for the actor.
  - uris (list) --
    
    The list of URIs that the actor targets during testing.
    - (string) --
  - authentication (dict) --
    
    The authentication configuration for the actor.
    - providerType (string) --
      
      The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
    - value (string) --
      
      The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
  - description (string) --
    
    A description of the actor.
documents (list) --

The list of documents that provide context for the pentest.
- (dict) --
  
  Represents a document that provides context for security testing.
  - s3Location (string) --
    
    The Amazon S3 location of the document.
  - artifactId (string) --
    
    The unique identifier of the artifact associated with the document.
  - integratedDocument (dict) --
    
    A reference to a document in an integrated third-party provider.
    - integrationId (string) -- [REQUIRED]
      
      The identifier of the integration that provides access to the document.
    - resourceId (string) -- [REQUIRED]
      
      The provider-specific resource identifier for the document.
sourceCode (list) --

The list of source code repositories to analyze during the pentest.
- (dict) --
  
  Represents a source code repository used for security analysis during a pentest.
  - s3Location (string) --
    
    The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --

The list of integrated repositories associated with the pentest.
- (dict) --
  
  Represents a code repository that is integrated with the service through a third-party provider.
  - integrationId (string) -- [REQUIRED]
    
    The unique identifier of the integration that provides access to the repository.
  - providerResourceId (string) -- [REQUIRED]
    
    The provider-specific resource identifier for the repository.

type excludeRiskTypes:

list

param excludeRiskTypes:

The list of risk types to exclude from the pentest.

(string) --

Type of security risk.

type serviceRole:

string

param serviceRole:

The IAM service role to use for the pentest.

type logConfig:

dict

param logConfig:

The CloudWatch Logs configuration for the pentest.

logGroup (string) --

The name of the CloudWatch log group.
logStream (string) --

The name of the CloudWatch log stream.

type vpcConfig:

dict

param vpcConfig:

The VPC configuration for the pentest.

vpcArn (string) --

The Amazon Resource Name (ARN) of the VPC.
securityGroupArns (list) --

The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.
- (string) --
  
  ARN or ID of a security group.
subnetArns (list) --

The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.
- (string) --
  
  ARN or ID of a subnet.

type networkTrafficConfig:

dict

param networkTrafficConfig:

The network traffic configuration for the pentest, including custom headers and traffic rules.

rules (list) --

The list of network traffic rules that control which URLs are allowed or denied during testing.
- (dict) --
  
  A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.
  - effect (string) --
    
    The effect of the rule. Valid values are ALLOW and DENY.
  - pattern (string) --
    
    The URL pattern to match for the rule.
  - networkTrafficRuleType (string) --
    
    The type of the network traffic rule. Currently, only URL is supported.
customHeaders (list) --

The list of custom HTTP headers to include in network traffic during testing.
- (dict) --
  
  A custom HTTP header to include in network traffic during penetration testing.
  - name (string) --
    
    The name of the custom header.
  - value (string) --
    
    The value of the custom header.

type codeRemediationStrategy:

string

param codeRemediationStrategy:

The code remediation strategy for the pentest. Valid values are AUTOMATIC and DISABLED.

type disableManagedSkills:

list

param disableManagedSkills:

A list of managed skills to disable for this pentest. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.

(string) --

Type of managed skill that can be enabled or disabled for a pentest.

rtype:

dict

returns:

Response Syntax

{
    'pentestId': 'string',
    'title': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'excludeRiskTypes': [
        'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
    ],
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'agentSpaceId': 'string'
}

Response Structure

(dict) --

Output for the CreatePentest operation.
- pentestId (string) --
  
  The unique identifier of the created pentest.
- title (string) --
  
  The title of the pentest.
- createdAt (datetime) --
  
  The date and time the pentest was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the pentest was last updated, in UTC format.
- assets (dict) --
  
  The assets included in the pentest.
  - endpoints (list) --
    
    The list of endpoints to test during the pentest.
    - (dict) --
      
      Represents a target endpoint for penetration testing.
      - uri (string) --
        
        The URI of the endpoint.
  - actors (list) --
    
    The list of actors used during penetration testing.
    - (dict) --
      
      Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
      - identifier (string) --
        
        The unique identifier for the actor.
      - uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
      - authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
      - description (string) --
        
        A description of the actor.
  - documents (list) --
    
    The list of documents that provide context for the pentest.
    - (dict) --
      
      Represents a document that provides context for security testing.
      - s3Location (string) --
        
        The Amazon S3 location of the document.
      - artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
      - integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
  - sourceCode (list) --
    
    The list of source code repositories to analyze during the pentest.
    - (dict) --
      
      Represents a source code repository used for security analysis during a pentest.
      - s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
  - integratedRepositories (list) --
    
    The list of integrated repositories associated with the pentest.
    - (dict) --
      
      Represents a code repository that is integrated with the service through a third-party provider.
      - integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
      - providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
- excludeRiskTypes (list) --
  
  The list of risk types excluded from the pentest.
  - (string) --
    
    Type of security risk.
- serviceRole (string) --
  
  The IAM service role used for the pentest.
- logConfig (dict) --
  
  The CloudWatch Logs configuration for the pentest.
  - logGroup (string) --
    
    The name of the CloudWatch log group.
  - logStream (string) --
    
    The name of the CloudWatch log stream.
- agentSpaceId (string) --
  
  The unique identifier of the agent space that contains the pentest.

GetIntegration (updated)

Link ¶
Changes (response)

{'privateConnectionName': 'string',
 'provider': {'BITBUCKET', 'GITLAB', 'CONFLUENCE'},
 'targetUrl': 'string'}

Retrieves information about an integration.

See also: AWS API Documentation

Request Syntax

client.get_integration(
    integrationId='string'
)

type integrationId:

string

param integrationId:

[REQUIRED]

The unique identifier of the integration to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'integrationId': 'string',
    'installationId': 'string',
    'provider': 'GITHUB'|'GITLAB'|'BITBUCKET'|'CONFLUENCE',
    'providerType': 'SOURCE_CODE'|'DOCUMENTATION',
    'displayName': 'string',
    'kmsKeyId': 'string',
    'targetUrl': 'string',
    'privateConnectionName': 'string'
}

Response Structure

(dict) --
- integrationId (string) --
  
  The unique identifier of the integration.
- installationId (string) --
  
  The installation identifier from the integration provider.
- provider (string) --
  
  The integration provider.
- providerType (string) --
  
  The type of the integration provider.
- displayName (string) --
  
  The display name of the integration.
- kmsKeyId (string) --
  
  The identifier of the AWS KMS key used to encrypt data associated with the integration.
- targetUrl (string) --
  
  The HTTPS URL of the customer self-hosted instance, such as a GitHub Enterprise Server or self-managed GitLab instance. This value is absent for SaaS integrations.
- privateConnectionName (string) --
  
  The name of the private connection used to reach the integration's self-hosted instance over private networking, if one is configured.

InitiateProviderRegistration (updated)

Link ¶
Changes (request)

{'provider': {'BITBUCKET', 'GITLAB', 'CONFLUENCE'}}

Initiates the OAuth registration flow with a third-party provider. Returns a redirect URL and CSRF state token for completing the authorization.

See also: AWS API Documentation

Request Syntax

client.initiate_provider_registration(
    provider='GITHUB'|'GITLAB'|'BITBUCKET'|'CONFLUENCE'
)

type provider:

string

param provider:

[REQUIRED]

The provider to initiate registration with. Currently, only GITHUB is supported.

rtype:

dict

returns:

Response Syntax

{
    'redirectTo': 'string',
    'csrfState': 'string'
}

Response Structure

(dict) --
- redirectTo (string) --
  
  The URL to redirect the user to for completing the OAuth authorization.
- csrfState (string) --
  
  The CSRF state token to use when completing the OAuth flow.

ListCodeReviewJobTasks (updated)

Link ¶
Changes (request)

{'stepName': {'VALIDATION'}}

Returns a paginated list of task summaries for the specified code review job, optionally filtered by step name or category.

See also: AWS API Documentation

Request Syntax

client.list_code_review_job_tasks(
    agentSpaceId='string',
    maxResults=123,
    codeReviewJobId='string',
    stepName='PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING'|'VALIDATION',
    categoryName='string',
    nextToken='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type codeReviewJobId:

string

param codeReviewJobId:

The unique identifier of the code review job to list tasks for.

type stepName:

string

param stepName:

Filter tasks by step name.

type categoryName:

string

param categoryName:

Filter tasks by category name.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.

rtype:

dict

returns:

Response Syntax

{
    'codeReviewJobTaskSummaries': [
        {
            'taskId': 'string',
            'codeReviewId': 'string',
            'codeReviewJobId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'riskType': 'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
            'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --

Output for the ListCodeReviewJobTasks operation.
- codeReviewJobTaskSummaries (list) --
  
  The list of code review job task summaries.
  - (dict) --
    
    Contains summary information about a code review job task.
    - taskId (string) --
      
      The unique identifier of the task.
    - codeReviewId (string) --
      
      The unique identifier of the code review associated with the task.
    - codeReviewJobId (string) --
      
      The unique identifier of the code review job that contains the task.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space.
    - title (string) --
      
      The title of the task.
    - riskType (string) --
      
      The type of security risk the task is testing for.
    - executionStatus (string) --
      
      The current execution status of the task.
    - createdAt (datetime) --
      
      The date and time the task was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the task was last updated, in UTC format.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.

ListFindings (updated)

Link ¶
Changes (response)

{'findingsSummaries': {'validationStatus': 'CONFIRMED | NOT_REPRODUCED | '
                                           'VALIDATION_FAILED | VALIDATING | '
                                           'NOT_VALIDATED'}}

Lists the security findings for a pentest job.

See also: AWS API Documentation

Request Syntax

client.list_findings(
    maxResults=123,
    pentestJobId='string',
    codeReviewJobId='string',
    agentSpaceId='string',
    nextToken='string',
    riskType='string',
    riskLevel='UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
    status='ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
    confidence='FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
    name='string'
)

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type pentestJobId:

string

param pentestJobId:

The unique identifier of the pentest job to list findings for.

type codeReviewJobId:

string

param codeReviewJobId:

The unique identifier of the code review job to list findings for. Mutually exclusive with pentestJobId.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type nextToken:

string

param nextToken:

type riskType:

string

param riskType:

Filter findings by risk type.

type riskLevel:

string

param riskLevel:

Filter findings by risk level.

type status:

string

param status:

Filter findings by status.

type confidence:

string

param confidence:

Filter findings by confidence level.

type name:

string

param name:

Filter findings by name.

rtype:

dict

returns:

Response Syntax

{
    'findingsSummaries': [
        {
            'findingId': 'string',
            'agentSpaceId': 'string',
            'pentestId': 'string',
            'pentestJobId': 'string',
            'codeReviewId': 'string',
            'codeReviewJobId': 'string',
            'name': 'string',
            'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
            'riskType': 'string',
            'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
            'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
            'validationStatus': 'CONFIRMED'|'NOT_REPRODUCED'|'VALIDATION_FAILED'|'VALIDATING'|'NOT_VALIDATED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --

Output for the ListFindings operation.
- findingsSummaries (list) --
  
  The list of finding summaries.
  - (dict) --
    
    Contains summary information about a security finding.
    - findingId (string) --
      
      The unique identifier of the finding.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space associated with the finding.
    - pentestId (string) --
      
      The unique identifier of the pentest associated with the finding.
    - pentestJobId (string) --
      
      The unique identifier of the pentest job that produced the finding.
    - codeReviewId (string) --
      
      The unique identifier of the code review associated with the finding.
    - codeReviewJobId (string) --
      
      The unique identifier of the code review job that produced the finding.
    - name (string) --
      
      The name of the finding.
    - status (string) --
      
      The current status of the finding.
    - riskType (string) --
      
      The type of security risk identified by the finding.
    - riskLevel (string) --
      
      The risk level of the finding.
    - confidence (string) --
      
      The confidence level of the finding.
    - validationStatus (string) --
      
      The simulated validation status of the finding.
    - createdAt (datetime) --
      
      The date and time the finding was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the finding was last updated, in UTC format.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.

ListIntegratedResources (updated)

Link ¶
Changes (request, response)
Request

{'resourceType': {'DOCUMENT'}}

Response

{'integratedResourceSummaries': {'capabilities': {'bitbucket': {'leaveComments': 'boolean',
                                                                'remediateCode': 'boolean'},
                                                  'confluence': {'createDocument': 'boolean',
                                                                 'fetchDocument': 'boolean',
                                                                 'updateDocument': 'boolean'},
                                                  'gitlab': {'leaveComments': 'boolean',
                                                             'remediateCode': 'boolean'}},
                                 'resource': {'bitbucketRepository': {'accessType': 'PRIVATE '
                                                                                    '| '
                                                                                    'PUBLIC',
                                                                      'name': 'string',
                                                                      'providerResourceId': 'string',
                                                                      'workspace': 'string'},
                                              'confluenceDocument': {'name': 'string',
                                                                     'pageId': 'string',
                                                                     'providerResourceId': 'string',
                                                                     'spaceKey': 'string',
                                                                     'spaceTitle': 'string',
                                                                     'title': 'string'},
                                              'gitlabRepository': {'accessType': 'PRIVATE '
                                                                                 '| '
                                                                                 'PUBLIC',
                                                                   'name': 'string',
                                                                   'namespace': 'string',
                                                                   'providerResourceId': 'string'}}}}

Lists the integrated resources for an agent space, optionally filtered by integration or resource type.

See also: AWS API Documentation

Request Syntax

client.list_integrated_resources(
    agentSpaceId='string',
    integrationId='string',
    resourceType='CODE_REPOSITORY'|'DOCUMENT',
    nextToken='string',
    maxResults=123
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to list integrated resources for.

type integrationId:

string

param integrationId:

The unique identifier of the integration to filter by.

type resourceType:

string

param resourceType:

The type of resource to filter by.

type nextToken:

string

param nextToken:

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

rtype:

dict

returns:

Response Syntax

{
    'integratedResourceSummaries': [
        {
            'integrationId': 'string',
            'resource': {
                'githubRepository': {
                    'name': 'string',
                    'providerResourceId': 'string',
                    'owner': 'string',
                    'accessType': 'PRIVATE'|'PUBLIC'
                },
                'gitlabRepository': {
                    'name': 'string',
                    'providerResourceId': 'string',
                    'namespace': 'string',
                    'accessType': 'PRIVATE'|'PUBLIC'
                },
                'bitbucketRepository': {
                    'name': 'string',
                    'providerResourceId': 'string',
                    'workspace': 'string',
                    'accessType': 'PRIVATE'|'PUBLIC'
                },
                'confluenceDocument': {
                    'name': 'string',
                    'providerResourceId': 'string',
                    'spaceKey': 'string',
                    'pageId': 'string',
                    'title': 'string',
                    'spaceTitle': 'string'
                }
            },
            'capabilities': {
                'github': {
                    'leaveComments': True|False,
                    'remediateCode': True|False
                },
                'gitlab': {
                    'leaveComments': True|False,
                    'remediateCode': True|False
                },
                'bitbucket': {
                    'leaveComments': True|False,
                    'remediateCode': True|False
                },
                'confluence': {
                    'fetchDocument': True|False,
                    'createDocument': True|False,
                    'updateDocument': True|False
                }
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --
- integratedResourceSummaries (list) --
  
  The list of integrated resource summaries.
  - (dict) --
    
    Contains summary information about an integrated resource.
    - integrationId (string) --
      
      The unique identifier of the integration that provides access to the resource.
    - resource (dict) --
      
      The metadata for the integrated resource.
      Note
      
      This is a Tagged Union structure. Only one of the following top level keys will be set: githubRepository, gitlabRepository, bitbucketRepository, confluenceDocument. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
      
      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
      - githubRepository (dict) --
        
        The GitHub repository metadata.
        
        name (string) --
        
        The name of the GitHub repository.
        
        providerResourceId (string) --
        
        The provider-specific resource identifier for the GitHub repository.
        
        owner (string) --
        
        The owner of the GitHub repository.
        
        accessType (string) --
        
        The access type of the GitHub repository. Valid values are PRIVATE and PUBLIC.
      - gitlabRepository (dict) --
        
        Metadata for an integrated GitLab repository.
        
        name (string) --
        
        Name of the resource e.g. repository name, etc.
        
        providerResourceId (string) --
        
        Provider Id of the resource e.g. GitHub repository id, etc.
        
        namespace (string) --
        
        The namespace (group or user path) that owns the project.
        
        accessType (string) --
        
        Defines the visibility level of provider resources. PRIVATE indicates restricted access, while PUBLIC indicates open access.
      - bitbucketRepository (dict) --
        
        Metadata for an integrated Bitbucket repository.
        
        name (string) --
        
        Name of the resource e.g. repository name, etc.
        
        providerResourceId (string) --
        
        Provider Id of the resource e.g. GitHub repository id, etc.
        
        workspace (string) --
        
        The workspace slug that owns the repository.
        
        accessType (string) --
        
        Defines the visibility level of provider resources. PRIVATE indicates restricted access, while PUBLIC indicates open access.
      - confluenceDocument (dict) --
        
        Metadata for an integrated Confluence document.
        
        name (string) --
        
        Name of the resource e.g. repository name, etc.
        
        providerResourceId (string) --
        
        Provider Id of the resource e.g. GitHub repository id, etc.
        
        spaceKey (string) --
        
        The Confluence space key containing the document.
        
        pageId (string) --
        
        The Confluence page identifier.
        
        title (string) --
        
        The display title of the Confluence page.
        
        spaceTitle (string) --
        
        The display title of the Confluence space.
    - capabilities (dict) --
      
      The capabilities enabled for the integrated resource.
      Note
      
      This is a Tagged Union structure. Only one of the following top level keys will be set: github, gitlab, bitbucket, confluence. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
      
      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
      - github (dict) --
        
        The GitHub-specific resource capabilities.
        
        leaveComments (boolean) --
        
        Indicates whether the integration can leave comments on pull requests.
        
        remediateCode (boolean) --
        
        Indicates whether the integration can create code remediation pull requests.
      - gitlab (dict) --
        
        Capabilities for an integrated GitLab repository.
        
        leaveComments (boolean) --
        
        Whether to post code review comments on merge request discussions.
        
        remediateCode (boolean) --
        
        Whether to create merge requests with automated fixes.
      - bitbucket (dict) --
        
        Capabilities for an integrated Bitbucket repository.
        
        leaveComments (boolean) --
        
        Whether to post code review comments on pull requests.
        
        remediateCode (boolean) --
        
        Whether to create pull requests with automated fixes.
      - confluence (dict) --
        
        Capabilities for an integrated Confluence space.
        
        fetchDocument (boolean) --
        
        Whether to fetch documents from this space.
        
        createDocument (boolean) --
        
        Whether to create documents in this space.
        
        updateDocument (boolean) --
        
        Whether to update documents in this space.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.

ListIntegrations (updated)

Link ¶
Changes (request, response)
Request

{'filter': {'provider': {'BITBUCKET', 'GITLAB', 'CONFLUENCE'}}}

Response

{'integrationSummaries': {'privateConnectionName': 'string',
                          'provider': {'BITBUCKET', 'GITLAB', 'CONFLUENCE'},
                          'targetUrl': 'string'}}

Lists the integrations in your account, optionally filtered by provider or provider type.

See also: AWS API Documentation

Request Syntax

client.list_integrations(
    filter={
        'provider': 'GITHUB'|'GITLAB'|'BITBUCKET'|'CONFLUENCE',
        'providerType': 'SOURCE_CODE'|'DOCUMENTATION'
    },
    nextToken='string',
    maxResults=123
)

type filter:

dict

param filter:

A filter to apply to the list of integrations.

provider (string) --

Filter integrations by provider.
providerType (string) --

Filter integrations by provider type.

type nextToken:

string

param nextToken:

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

rtype:

dict

returns:

Response Syntax

{
    'integrationSummaries': [
        {
            'integrationId': 'string',
            'installationId': 'string',
            'provider': 'GITHUB'|'GITLAB'|'BITBUCKET'|'CONFLUENCE',
            'providerType': 'SOURCE_CODE'|'DOCUMENTATION',
            'displayName': 'string',
            'targetUrl': 'string',
            'privateConnectionName': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --
- integrationSummaries (list) --
  
  The list of integration summaries.
  - (dict) --
    
    Contains summary information about an integration.
    - integrationId (string) --
      
      The unique identifier of the integration.
    - installationId (string) --
      
      The installation identifier from the integration provider.
    - provider (string) --
      
      The integration provider.
    - providerType (string) --
      
      The type of the integration provider.
    - displayName (string) --
      
      The display name of the integration.
    - targetUrl (string) --
      
      The HTTPS URL of the customer self-hosted instance, such as a GitHub Enterprise Server or self-managed GitLab instance. This value is absent for SaaS integrations.
    - privateConnectionName (string) --
      
      The name of the private connection used to reach the integration's self-hosted instance over private networking, if one is configured.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.

ListPentestJobTasks (updated)

Link ¶
Changes (request)

{'stepName': {'VALIDATION'}}

Returns a paginated list of task summaries for the specified pentest job, optionally filtered by step name or category.

See also: AWS API Documentation

Request Syntax

client.list_pentest_job_tasks(
    agentSpaceId='string',
    maxResults=123,
    pentestJobId='string',
    stepName='PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING'|'VALIDATION',
    categoryName='string',
    nextToken='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type pentestJobId:

string

param pentestJobId:

The unique identifier of the pentest job to list tasks for.

type stepName:

string

param stepName:

Filter tasks by step name. Valid values include PREFLIGHT, STATIC_ANALYSIS, PENTEST, VALIDATION, and FINALIZING.

type categoryName:

string

param categoryName:

Filter tasks by category name.

type nextToken:

string

param nextToken:

rtype:

dict

returns:

Response Syntax

{
    'taskSummaries': [
        {
            'taskId': 'string',
            'pentestId': 'string',
            'pentestJobId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'riskType': 'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
            'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --

Output for the ListPentestJobTasks operation.
- taskSummaries (list) --
  
  The list of task summaries.
  - (dict) --
    
    Contains summary information about a task.
    - taskId (string) --
      
      The unique identifier of the task.
    - pentestId (string) --
      
      The unique identifier of the pentest associated with the task.
    - pentestJobId (string) --
      
      The unique identifier of the pentest job that contains the task.
    - agentSpaceId (string) --
      
      The unique identifier of the agent space.
    - title (string) --
      
      The title of the task.
    - riskType (string) --
      
      The type of security risk the task is testing for.
    - executionStatus (string) --
      
      The current execution status of the task.
    - createdAt (datetime) --
      
      The date and time the task was created, in UTC format.
    - updatedAt (datetime) --
      
      The date and time the task was last updated, in UTC format.
- nextToken (string) --
  
  A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.

StartCodeReviewJob (updated)

Link ¶
Changes (request)

{'diffSource': {'s3Uri': 'string'}}

Starts a new code review job for a code review configuration. The job executes the security-focused code analysis defined in the code review.

See also: AWS API Documentation

Request Syntax

client.start_code_review_job(
    agentSpaceId='string',
    codeReviewId='string',
    diffSource={
        's3Uri': 'string'
    }
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type codeReviewId:

string

param codeReviewId:

[REQUIRED]

The unique identifier of the code review to start a job for.

type diffSource:

dict

param diffSource:

Source of the diff for a differential scan. When present, the job analyzes only the changed lines instead of performing a full scan.

s3Uri (string) --

S3 URI pointing to a unified diff file. The file must be in standard unified diff format and stored in an S3 bucket connected to your Agent Space.

rtype:

dict

returns:

Response Syntax

{
    'title': 'string',
    'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'codeReviewId': 'string',
    'codeReviewJobId': 'string',
    'agentSpaceId': 'string'
}

Response Structure

(dict) --

Output for the StartCodeReviewJob operation.
- title (string) --
  
  The title of the code review job.
- status (string) --
  
  The current status of the code review job.
- createdAt (datetime) --
  
  The date and time the code review job was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the code review job was last updated, in UTC format.
- codeReviewId (string) --
  
  The unique identifier of the code review.
- codeReviewJobId (string) --
  
  The unique identifier of the started code review job.
- agentSpaceId (string) --
  
  The unique identifier of the agent space.

UpdateCodeReview (updated)

Link ¶
Changes (both)

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}},
 'validationMode': 'DISABLED | SIMULATED'}

Updates an existing code review configuration.

See also: AWS API Documentation

Request Syntax

client.update_code_review(
    codeReviewId='string',
    agentSpaceId='string',
    title='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    codeRemediationStrategy='AUTOMATIC'|'DISABLED',
    validationMode='DISABLED'|'SIMULATED'
)

type codeReviewId:

string

param codeReviewId:

[REQUIRED]

The unique identifier of the code review to update.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the code review.

type title:

string

param title:

The updated title of the code review.

type assets:

dict

param assets:

The updated assets for the code review.

endpoints (list) --

The list of endpoints to test during the pentest.
- (dict) --
  
  Represents a target endpoint for penetration testing.
  - uri (string) --
    
    The URI of the endpoint.
actors (list) --

The list of actors used during penetration testing.
- (dict) --
  
  Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
  - identifier (string) --
    
    The unique identifier for the actor.
  - uris (list) --
    
    The list of URIs that the actor targets during testing.
    - (string) --
  - authentication (dict) --
    
    The authentication configuration for the actor.
    - providerType (string) --
      
      The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
    - value (string) --
      
      The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
  - description (string) --
    
    A description of the actor.
documents (list) --

The list of documents that provide context for the pentest.
- (dict) --
  
  Represents a document that provides context for security testing.
  - s3Location (string) --
    
    The Amazon S3 location of the document.
  - artifactId (string) --
    
    The unique identifier of the artifact associated with the document.
  - integratedDocument (dict) --
    
    A reference to a document in an integrated third-party provider.
    - integrationId (string) -- [REQUIRED]
      
      The identifier of the integration that provides access to the document.
    - resourceId (string) -- [REQUIRED]
      
      The provider-specific resource identifier for the document.
sourceCode (list) --

The list of source code repositories to analyze during the pentest.
- (dict) --
  
  Represents a source code repository used for security analysis during a pentest.
  - s3Location (string) --
    
    The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --

The list of integrated repositories associated with the pentest.
- (dict) --
  
  Represents a code repository that is integrated with the service through a third-party provider.
  - integrationId (string) -- [REQUIRED]
    
    The unique identifier of the integration that provides access to the repository.
  - providerResourceId (string) -- [REQUIRED]
    
    The provider-specific resource identifier for the repository.

type serviceRole:

string

param serviceRole:

The updated IAM service role for the code review.

type logConfig:

dict

param logConfig:

The updated CloudWatch Logs configuration for the code review.

logGroup (string) --

The name of the CloudWatch log group.
logStream (string) --

The name of the CloudWatch log stream.

type codeRemediationStrategy:

string

param codeRemediationStrategy:

The updated code remediation strategy for the code review.

type validationMode:

string

param validationMode:

The updated validation mode for the code review. Valid values are SIMULATED and DISABLED.

rtype:

dict

returns:

Response Syntax

{
    'codeReviewId': 'string',
    'title': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'agentSpaceId': 'string',
    'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
    'validationMode': 'DISABLED'|'SIMULATED'
}

Response Structure

(dict) --

Output for the UpdateCodeReview operation.
- codeReviewId (string) --
  
  The unique identifier of the code review.
- title (string) --
  
  The title of the code review.
- createdAt (datetime) --
  
  The date and time the code review was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the code review was last updated, in UTC format.
- assets (dict) --
  
  The assets included in the code review.
  - endpoints (list) --
    
    The list of endpoints to test during the pentest.
    - (dict) --
      
      Represents a target endpoint for penetration testing.
      - uri (string) --
        
        The URI of the endpoint.
  - actors (list) --
    
    The list of actors used during penetration testing.
    - (dict) --
      
      Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
      - identifier (string) --
        
        The unique identifier for the actor.
      - uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
      - authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
      - description (string) --
        
        A description of the actor.
  - documents (list) --
    
    The list of documents that provide context for the pentest.
    - (dict) --
      
      Represents a document that provides context for security testing.
      - s3Location (string) --
        
        The Amazon S3 location of the document.
      - artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
      - integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
  - sourceCode (list) --
    
    The list of source code repositories to analyze during the pentest.
    - (dict) --
      
      Represents a source code repository used for security analysis during a pentest.
      - s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
  - integratedRepositories (list) --
    
    The list of integrated repositories associated with the pentest.
    - (dict) --
      
      Represents a code repository that is integrated with the service through a third-party provider.
      - integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
      - providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
- serviceRole (string) --
  
  The IAM service role used for the code review.
- logConfig (dict) --
  
  The CloudWatch Logs configuration for the code review.
  - logGroup (string) --
    
    The name of the CloudWatch log group.
  - logStream (string) --
    
    The name of the CloudWatch log stream.
- agentSpaceId (string) --
  
  The unique identifier of the agent space that contains the code review.
- codeRemediationStrategy (string) --
  
  The code remediation strategy for the code review.
- validationMode (string) --
  
  The validation mode for the code review.

UpdateFinding (updated)

Link ¶
Changes (request)

{'attackScript': 'string',
 'customerNote': 'string',
 'description': 'string',
 'name': 'string',
 'reasoning': 'string',
 'riskScore': 'string',
 'riskType': 'string'}

Updates the status or risk level of a security finding.

See also: AWS API Documentation

Request Syntax

client.update_finding(
    findingId='string',
    agentSpaceId='string',
    name='string',
    description='string',
    riskType='string',
    riskLevel='UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
    riskScore='string',
    attackScript='string',
    reasoning='string',
    status='ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
    customerNote='string'
)

type findingId:

string

param findingId:

[REQUIRED]

The unique identifier of the finding to update.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the finding.

type name:

string

param name:

The updated name for the finding.

type description:

string

param description:

The updated description for the finding.

type riskType:

string

param riskType:

The updated risk type for the finding.

type riskLevel:

string

param riskLevel:

The updated risk level for the finding.

type riskScore:

string

param riskScore:

The updated numerical risk score for the finding.

type attackScript:

string

param attackScript:

The updated attack script for the finding.

type reasoning:

string

param reasoning:

The updated reasoning for the finding.

type status:

string

param status:

The updated status for the finding.

type customerNote:

string

param customerNote:

A customer-provided note on the finding.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

Output for the UpdateFinding operation.

UpdateIntegratedResources (updated)

Link ¶
Changes (request)

{'items': {'capabilities': {'bitbucket': {'leaveComments': 'boolean',
                                          'remediateCode': 'boolean'},
                            'confluence': {'createDocument': 'boolean',
                                           'fetchDocument': 'boolean',
                                           'updateDocument': 'boolean'},
                            'gitlab': {'leaveComments': 'boolean',
                                       'remediateCode': 'boolean'}},
           'resource': {'bitbucketRepository': {'name': 'string',
                                                'workspace': 'string'},
                        'confluenceDocument': {'name': 'string',
                                               'pageId': 'string',
                                               'spaceKey': 'string',
                                               'spaceTitle': 'string',
                                               'title': 'string'},
                        'gitlabRepository': {'name': 'string',
                                             'namespace': 'string'}}}}

Updates the integrated resources for an agent space, including their capabilities.

See also: AWS API Documentation

Request Syntax

client.update_integrated_resources(
    agentSpaceId='string',
    integrationId='string',
    items=[
        {
            'resource': {
                'githubRepository': {
                    'name': 'string',
                    'owner': 'string'
                },
                'gitlabRepository': {
                    'name': 'string',
                    'namespace': 'string'
                },
                'bitbucketRepository': {
                    'name': 'string',
                    'workspace': 'string'
                },
                'confluenceDocument': {
                    'name': 'string',
                    'spaceKey': 'string',
                    'pageId': 'string',
                    'title': 'string',
                    'spaceTitle': 'string'
                }
            },
            'capabilities': {
                'github': {
                    'leaveComments': True|False,
                    'remediateCode': True|False
                },
                'gitlab': {
                    'leaveComments': True|False,
                    'remediateCode': True|False
                },
                'bitbucket': {
                    'leaveComments': True|False,
                    'remediateCode': True|False
                },
                'confluence': {
                    'fetchDocument': True|False,
                    'createDocument': True|False,
                    'updateDocument': True|False
                }
            }
        },
    ]
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type integrationId:

string

param integrationId:

[REQUIRED]

The unique identifier of the integration.

type items:

list

param items:

[REQUIRED]

The list of integrated resource items to update.

(dict) --

Represents an input item for updating integrated resources, including the resource and its capabilities.
- resource (dict) -- [REQUIRED]
  
  The integrated resource to update.
  
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys can be set: githubRepository, gitlabRepository, bitbucketRepository, confluenceDocument.
  - githubRepository (dict) --
    
    The GitHub repository resource information.
    - name (string) -- [REQUIRED]
      
      The name of the GitHub repository.
    - owner (string) -- [REQUIRED]
      
      The owner of the GitHub repository.
  - gitlabRepository (dict) --
    
    A GitLab repository integrated as a resource.
    - name (string) -- [REQUIRED]
      
      Name of the resource e.g. repository name, etc.
    - namespace (string) -- [REQUIRED]
      
      The namespace (group or user path) that owns the project.
  - bitbucketRepository (dict) --
    
    A Bitbucket repository integrated as a resource.
    - name (string) -- [REQUIRED]
      
      Name of the resource e.g. repository name, etc.
    - workspace (string) -- [REQUIRED]
      
      The workspace slug that owns the repository.
  - confluenceDocument (dict) --
    
    A Confluence document (page) integrated as a resource.
    - name (string) -- [REQUIRED]
      
      Name of the resource e.g. repository name, etc.
    - spaceKey (string) -- [REQUIRED]
      
      The Confluence space key containing the document.
    - pageId (string) -- [REQUIRED]
      
      The Confluence page identifier.
    - title (string) --
      
      The display title of the Confluence page.
    - spaceTitle (string) --
      
      The display title of the Confluence space.
- capabilities (dict) --
  
  The capabilities to enable for the integrated resource.
  
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys can be set: github, gitlab, bitbucket, confluence.
  - github (dict) --
    
    The GitHub-specific resource capabilities.
    - leaveComments (boolean) --
      
      Indicates whether the integration can leave comments on pull requests.
    - remediateCode (boolean) --
      
      Indicates whether the integration can create code remediation pull requests.
  - gitlab (dict) --
    
    Capabilities for an integrated GitLab repository.
    - leaveComments (boolean) --
      
      Whether to post code review comments on merge request discussions.
    - remediateCode (boolean) --
      
      Whether to create merge requests with automated fixes.
  - bitbucket (dict) --
    
    Capabilities for an integrated Bitbucket repository.
    - leaveComments (boolean) --
      
      Whether to post code review comments on pull requests.
    - remediateCode (boolean) --
      
      Whether to create pull requests with automated fixes.
  - confluence (dict) --
    
    Capabilities for an integrated Confluence space.
    - fetchDocument (boolean) --
      
      Whether to fetch documents from this space.
    - createDocument (boolean) --
      
      Whether to create documents in this space.
    - updateDocument (boolean) --
      
      Whether to update documents in this space.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

UpdatePentest (updated)

Link ¶
Changes (request, response)
Request

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}},
 'disableManagedSkills': ['FINDING_PERSONALIZATION | LOGIN_OPTIMIZATION']}

Response

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}}}

Updates an existing pentest configuration.

See also: AWS API Documentation

Request Syntax

client.update_pentest(
    pentestId='string',
    agentSpaceId='string',
    title='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    excludeRiskTypes=[
        'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
    ],
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    vpcConfig={
        'vpcArn': 'string',
        'securityGroupArns': [
            'string',
        ],
        'subnetArns': [
            'string',
        ]
    },
    networkTrafficConfig={
        'rules': [
            {
                'effect': 'ALLOW'|'DENY',
                'pattern': 'string',
                'networkTrafficRuleType': 'URL'
            },
        ],
        'customHeaders': [
            {
                'name': 'string',
                'value': 'string'
            },
        ]
    },
    codeRemediationStrategy='AUTOMATIC'|'DISABLED',
    disableManagedSkills=[
        'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
    ]
)

type pentestId:

string

param pentestId:

[REQUIRED]

The unique identifier of the pentest to update.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the pentest.

type title:

string

param title:

The updated title of the pentest.

type assets:

dict

param assets:

The updated assets for the pentest.

endpoints (list) --

The list of endpoints to test during the pentest.
- (dict) --
  
  Represents a target endpoint for penetration testing.
  - uri (string) --
    
    The URI of the endpoint.
actors (list) --

The list of actors used during penetration testing.
- (dict) --
  
  Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
  - identifier (string) --
    
    The unique identifier for the actor.
  - uris (list) --
    
    The list of URIs that the actor targets during testing.
    - (string) --
  - authentication (dict) --
    
    The authentication configuration for the actor.
    - providerType (string) --
      
      The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
    - value (string) --
      
      The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
  - description (string) --
    
    A description of the actor.
documents (list) --

The list of documents that provide context for the pentest.
- (dict) --
  
  Represents a document that provides context for security testing.
  - s3Location (string) --
    
    The Amazon S3 location of the document.
  - artifactId (string) --
    
    The unique identifier of the artifact associated with the document.
  - integratedDocument (dict) --
    
    A reference to a document in an integrated third-party provider.
    - integrationId (string) -- [REQUIRED]
      
      The identifier of the integration that provides access to the document.
    - resourceId (string) -- [REQUIRED]
      
      The provider-specific resource identifier for the document.
sourceCode (list) --

The list of source code repositories to analyze during the pentest.
- (dict) --
  
  Represents a source code repository used for security analysis during a pentest.
  - s3Location (string) --
    
    The Amazon S3 location of the source code repository archive.
integratedRepositories (list) --

The list of integrated repositories associated with the pentest.
- (dict) --
  
  Represents a code repository that is integrated with the service through a third-party provider.
  - integrationId (string) -- [REQUIRED]
    
    The unique identifier of the integration that provides access to the repository.
  - providerResourceId (string) -- [REQUIRED]
    
    The provider-specific resource identifier for the repository.

type excludeRiskTypes:

list

param excludeRiskTypes:

The updated list of risk types to exclude from the pentest.

(string) --

Type of security risk.

type serviceRole:

string

param serviceRole:

The updated IAM service role for the pentest.

type logConfig:

dict

param logConfig:

The updated CloudWatch Logs configuration for the pentest.

logGroup (string) --

The name of the CloudWatch log group.
logStream (string) --

The name of the CloudWatch log stream.

type vpcConfig:

dict

param vpcConfig:

The updated VPC configuration for the pentest.

vpcArn (string) --

The Amazon Resource Name (ARN) of the VPC.
securityGroupArns (list) --

The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.
- (string) --
  
  ARN or ID of a security group.
subnetArns (list) --

The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.
- (string) --
  
  ARN or ID of a subnet.

type networkTrafficConfig:

dict

param networkTrafficConfig:

The updated network traffic configuration for the pentest.

rules (list) --

The list of network traffic rules that control which URLs are allowed or denied during testing.
- (dict) --
  
  A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.
  - effect (string) --
    
    The effect of the rule. Valid values are ALLOW and DENY.
  - pattern (string) --
    
    The URL pattern to match for the rule.
  - networkTrafficRuleType (string) --
    
    The type of the network traffic rule. Currently, only URL is supported.
customHeaders (list) --

The list of custom HTTP headers to include in network traffic during testing.
- (dict) --
  
  A custom HTTP header to include in network traffic during penetration testing.
  - name (string) --
    
    The name of the custom header.
  - value (string) --
    
    The value of the custom header.

type codeRemediationStrategy:

string

param codeRemediationStrategy:

The updated code remediation strategy for the pentest.

type disableManagedSkills:

list

param disableManagedSkills:

The updated list of managed skills to disable for this pentest. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.

(string) --

Type of managed skill that can be enabled or disabled for a pentest.

rtype:

dict

returns:

Response Syntax

{
    'pentestId': 'string',
    'title': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'excludeRiskTypes': [
        'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
    ],
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'agentSpaceId': 'string'
}

Response Structure

(dict) --

Output for the UpdatePentest operation.
- pentestId (string) --
  
  The unique identifier of the pentest.
- title (string) --
  
  The title of the pentest.
- createdAt (datetime) --
  
  The date and time the pentest was created, in UTC format.
- updatedAt (datetime) --
  
  The date and time the pentest was last updated, in UTC format.
- assets (dict) --
  
  The assets included in the pentest.
  - endpoints (list) --
    
    The list of endpoints to test during the pentest.
    - (dict) --
      
      Represents a target endpoint for penetration testing.
      - uri (string) --
        
        The URI of the endpoint.
  - actors (list) --
    
    The list of actors used during penetration testing.
    - (dict) --
      
      Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
      - identifier (string) --
        
        The unique identifier for the actor.
      - uris (list) --
        
        The list of URIs that the actor targets during testing.
        
        (string) --
      - authentication (dict) --
        
        The authentication configuration for the actor.
        
        providerType (string) --
        
        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
        
        value (string) --
        
        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
      - description (string) --
        
        A description of the actor.
  - documents (list) --
    
    The list of documents that provide context for the pentest.
    - (dict) --
      
      Represents a document that provides context for security testing.
      - s3Location (string) --
        
        The Amazon S3 location of the document.
      - artifactId (string) --
        
        The unique identifier of the artifact associated with the document.
      - integratedDocument (dict) --
        
        A reference to a document in an integrated third-party provider.
        
        integrationId (string) --
        
        The identifier of the integration that provides access to the document.
        
        resourceId (string) --
        
        The provider-specific resource identifier for the document.
  - sourceCode (list) --
    
    The list of source code repositories to analyze during the pentest.
    - (dict) --
      
      Represents a source code repository used for security analysis during a pentest.
      - s3Location (string) --
        
        The Amazon S3 location of the source code repository archive.
  - integratedRepositories (list) --
    
    The list of integrated repositories associated with the pentest.
    - (dict) --
      
      Represents a code repository that is integrated with the service through a third-party provider.
      - integrationId (string) --
        
        The unique identifier of the integration that provides access to the repository.
      - providerResourceId (string) --
        
        The provider-specific resource identifier for the repository.
- excludeRiskTypes (list) --
  
  The list of risk types excluded from the pentest.
  - (string) --
    
    Type of security risk.
- serviceRole (string) --
  
  The IAM service role used for the pentest.
- logConfig (dict) --
  
  The CloudWatch Logs configuration for the pentest.
  - logGroup (string) --
    
    The name of the CloudWatch log group.
  - logStream (string) --
    
    The name of the CloudWatch log stream.
- agentSpaceId (string) --
  
  The unique identifier of the agent space that contains the pentest.