AWS devopsagent documentation change
Summary
Added security best practice for read-only credentials in integrations
Security assessment
Proactive security guidance about credential scoping but no fix for existing vulnerability
Diff
diff --git a/devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-telemetry-sources-index.md b/devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-telemetry-sources-index.md index 7f6e0b6d4..71b5bdde6 100644 --- a//devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-telemetry-sources-index.md +++ b//devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-telemetry-sources-index.md @@ -36,0 +37,2 @@ Currently, AWS DevOps Agent supports AWS CloudWatch, Datadog, New Relic, and Spl +**Security best practice:** When configuring credentials for built-in 1-way integrations, we recommend scoping API keys and tokens to read-only access. AWS DevOps Agent uses these credentials for telemetry introspection only and does not require write access to your telemetry provider. +