AWS Security ChangesHomeSearch

AWS securityagent documentation change

Service: securityagent · 2026-01-28 · Documentation low

File: securityagent/latest/userguide/troubleshooting.md

Summary

Added troubleshooting guidance for penetration testing connectivity issues and domain configuration

Security assessment

The change documents proper configuration for penetration testing (a security feature), specifically around domain allowlisting and protocol/port requirements. It provides operational guidance but doesn't address any specific vulnerability or security incident.

Diff

diff --git a/securityagent/latest/userguide/troubleshooting.md b/securityagent/latest/userguide/troubleshooting.md
index 9f5cbca9e..b930de027 100644
--- a//securityagent/latest/userguide/troubleshooting.md
+++ b//securityagent/latest/userguide/troubleshooting.md
@@ -5 +5 @@
-Access Denied: Incorrect GitHub account type selected or incorrect organization name specifiedAccess Denied: Insufficient permissions to install GitHub App into organizationGetting additional help
+Access Denied: Incorrect GitHub account type selected or incorrect organization name specifiedAccess Denied: Insufficient permissions to install GitHub App into organizationAgent cannot connect to endpoint during a penetration testGetting additional help
@@ -9 +9 @@ Access Denied: Incorrect GitHub account type selected or incorrect organization
-Find solutions to commonly seen errors when using AWS Security Agent for code reviews.
+Find solutions to commonly seen errors when using AWS Security Agent.
@@ -67,0 +68,11 @@ Possible solutions:
+## Agent cannot connect to endpoint during a penetration test
+
+If the penetration test agent is unable to make calls to the configured target URL or fails to successfully navigate the target endpoint:
+
+  * If your endpoint makes calls to domains outside the configured target URL, verify the additional domains are added as **Additional allowed domains** in your pentest configuration
+
+  * Penetration testing is currently only available for HTTP/HTTPS endpoints serving traffic on ports 80 or 443
+
+
+
+