AWS Security ChangesHomeSearch

AWS securityagent documentation change

Service: securityagent · 2026-01-28 · Documentation low

File: securityagent/latest/userguide/connect-agent-vpc.md

Summary

Added section 'Running a penetration test against VPC resources in another AWS account' with AWS RAM configuration steps.

Security assessment

Documents new cross-account penetration testing capability using resource sharing. Enhances security testing documentation without addressing specific vulnerabilities.

Diff

diff --git a/securityagent/latest/userguide/connect-agent-vpc.md b/securityagent/latest/userguide/connect-agent-vpc.md
index abf5295e8..694152398 100644
--- a//securityagent/latest/userguide/connect-agent-vpc.md
+++ b//securityagent/latest/userguide/connect-agent-vpc.md
@@ -5 +5 @@
-To select a specific VPC configuration for a penetration test in the Security Agent web app
+To select a specific VPC configuration for a penetration test in the Security Agent web appRunning a penetration test against VPC resources in another AWS account
@@ -38,0 +39,42 @@ You can add up to 5 VPCs.
+## Running a penetration test against VPC resources in another AWS account
+
+You can run penetration tests against VPC resources shared with your account using AWS Resource Access Manager. Both accounts must be part of the same AWS Organization.
+
+  1. (Optional) Enable automatic resource sharing for your AWS organization
+
+
+
+    
+    
+    aws ram enable-sharing-with-aws-organization
+
+  1. Using credentials from the AWS account that owns the VPC resources, share subnet and security group resources with the penetration test owner account
+
+
+
+    
+    
+    aws ram create-resource-share \
+        --name SharePentestResources \
+        --resource-arns <subnet ARN> <security group ARN> \
+        --principals <penetration test owner account ID>
+
+  1. Navigate to the Agent Space overview page
+
+  2. Select **Penetration test** and locate **Service role name**
+
+  3. Verify that the IAM role grants access to the shared VPC resources
+
+  4. Select **Actions** and then **Edit penetration test configuration**
+
+  5. Under the **VPC** heading, specify the shared **VPC** , **Subnets** , and **Security groups** and save the updated configuration.
+
+  6. Navigate to the Penetration Tests overview page on the AWS Security Agent web app
+
+  7. Select the penetration test that you need to add VPC configuration for, and then choose **Modify pentest details**
+
+  8. Update the penetration test to use the shared VPC resources
+
+
+
+