AWS securityagent documentation change
Summary
Added section 'Running a penetration test against VPC resources in another AWS account' with AWS RAM configuration steps.
Security assessment
Documents new cross-account penetration testing capability using resource sharing. Enhances security testing documentation without addressing specific vulnerabilities.
Diff
diff --git a/securityagent/latest/userguide/connect-agent-vpc.md b/securityagent/latest/userguide/connect-agent-vpc.md index abf5295e8..694152398 100644 --- a//securityagent/latest/userguide/connect-agent-vpc.md +++ b//securityagent/latest/userguide/connect-agent-vpc.md @@ -5 +5 @@ -To select a specific VPC configuration for a penetration test in the Security Agent web app +To select a specific VPC configuration for a penetration test in the Security Agent web appRunning a penetration test against VPC resources in another AWS account @@ -38,0 +39,42 @@ You can add up to 5 VPCs. +## Running a penetration test against VPC resources in another AWS account + +You can run penetration tests against VPC resources shared with your account using AWS Resource Access Manager. Both accounts must be part of the same AWS Organization. + + 1. (Optional) Enable automatic resource sharing for your AWS organization + + + + + + aws ram enable-sharing-with-aws-organization + + 1. Using credentials from the AWS account that owns the VPC resources, share subnet and security group resources with the penetration test owner account + + + + + + aws ram create-resource-share \ + --name SharePentestResources \ + --resource-arns <subnet ARN> <security group ARN> \ + --principals <penetration test owner account ID> + + 1. Navigate to the Agent Space overview page + + 2. Select **Penetration test** and locate **Service role name** + + 3. Verify that the IAM role grants access to the shared VPC resources + + 4. Select **Actions** and then **Edit penetration test configuration** + + 5. Under the **VPC** heading, specify the shared **VPC** , **Subnets** , and **Security groups** and save the updated configuration. + + 6. Navigate to the Penetration Tests overview page on the AWS Security Agent web app + + 7. Select the penetration test that you need to add VPC configuration for, and then choose **Modify pentest details** + + 8. Update the penetration test to use the shared VPC resources + + + +