AWS devopsagent documentation change
Summary
Removed compliance section, added IP address to outbound connections list, and removed specific S3 access control example
Security assessment
Added IP address 52.64.174.242 to outbound connections list for firewall configuration. Removed compliance disclaimer suggesting the service may now be compliant. Removed specific example about S3 access controls, which could indicate policy simplification. No evidence of addressing a specific security vulnerability.
Diff
diff --git a/devopsagent/latest/userguide/aws-devops-agent-security.md b/devopsagent/latest/userguide/aws-devops-agent-security.md index 18fe546e3..7be467f20 100644 --- a//devopsagent/latest/userguide/aws-devops-agent-security.md +++ b//devopsagent/latest/userguide/aws-devops-agent-security.md @@ -7 +7 @@ -Multi-layered securityAgent SpacesRegional processing and data flowIdentity and access managementData protectionAgent journal and audit loggingPrompt injection protectionIntegration securityNetwork connectivityShared responsibility modelData usageCompliance +Multi-layered securityAgent SpacesRegional processing and data flowIdentity and access managementData protectionAgent journal and audit loggingPrompt injection protectionIntegration securityNetwork connectivityShared responsibility modelData usage @@ -15 +15 @@ This document provides information about security considerations, data protectio -AWS DevOps Agent implements security at multiple layers. Even if broader permissions are granted to the agent's IAM role, the agent enforces its own internal access controls to limit the scope of its actions. For example, if a customer adds a full Amazon S3 access IAM policy to the agent's IAM role, AWS DevOps Agent will ensure that only logs after the `AWSLogs` prefix are read for troubleshooting purposes. +AWS DevOps Agent implements security at multiple layers. Even if broader permissions are granted to the agent's IAM role, the agent enforces its own internal access controls to limit the scope of its actions. @@ -244,0 +245,2 @@ AWS DevOps Agent initiates outbound connections to your third-party systems and + * `52.64.174.242` + @@ -332,4 +333,0 @@ AWS does not use agent data, chat messages, or data from integrated data sources -## Compliance - -At preview, AWS DevOps Agent is not compliant with standards including SOC 2, PCI-DSS, ISO 27001, or FedRAMP. AWS will announce which compliance certifications will be available at a later time. -