AWS Security ChangesHomeSearch

AWS securityagent medium security documentation change

Service: securityagent · 2026-04-25 · Security-related medium

File: securityagent/latest/userguide/infrastructure-security.md

Summary

Updated to state AWS Security Agent now supports interface VPC endpoints via AWS PrivateLink and clarified resource creation details

Security assessment

This adds documentation about a security feature (VPC endpoints for private access) and clarifies security posture regarding resource creation and network access. It enhances security by enabling private network access options.

Diff

diff --git a/securityagent/latest/userguide/infrastructure-security.md b/securityagent/latest/userguide/infrastructure-security.md
index bc3a7fdc7..82a67bb76 100644
--- a//securityagent/latest/userguide/infrastructure-security.md
+++ b//securityagent/latest/userguide/infrastructure-security.md
@@ -17 +17 @@ AWS Security Agent is a fully managed service accessed through the AWS Console a
-The service does not support VPC endpoints or deployment within customer VPCs, and cannot be restricted to specific subnets through IAM or SCP policies.
+AWS Security Agent supports interface VPC endpoints powered by AWS PrivateLink, enabling you to privately access the service APIs from your VPC without traversing the public internet. For more information, see [AWS Security Agent and interface VPC endpoints (AWS PrivateLink)](./vpc-interface-endpoints.html).
@@ -19 +19 @@ The service does not support VPC endpoints or deployment within customer VPCs, a
-AWS Security Agent requires internet access to perform penetration testing on target applications and for control plane operations. The service does not create customer-owned resources with public IP addresses.
+AWS Security Agent requires internet access to perform penetration testing on target applications and for control plane operations. The service uses AWS-managed infrastructure for testing and does not provision EC2 instances or other compute resources in your account. If you configure VPC access for penetration testing, Security Agent creates an ENI in your subnet, but this ENI does not have a public IP address. For more information, see [Connect agent to private VPC resources](./connect-agent-vpc.html).
@@ -33 +33 @@ Resilience
-Configuration and vulnerability analysis
+Interface VPC endpoints