AWS cli documentation change
Summary
Updated CLI version references and expanded documentation for the 'create-pentest' command, including detailed descriptions of parameters, assets, authentication configurations, risk exclusions, logging, VPC settings, network traffic rules, and response fields.
Security assessment
The changes enhance documentation for penetration testing (pentest) configuration, including security-relevant details about authentication methods (SECRETS_MANAGER, AWS_IAM_ROLE), risk type exclusions, VPC security groups, and network traffic filtering rules. While this improves security feature documentation, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/cli/latest/reference/securityagent/create-pentest.md b/cli/latest/reference/securityagent/create-pentest.md index 6e1ec6b78..2e91af5e5 100644 --- a//cli/latest/reference/securityagent/create-pentest.md +++ b//cli/latest/reference/securityagent/create-pentest.md @@ -15 +15 @@ - * [AWS CLI 2.34.41 Command Reference](../../index.html) » + * [AWS CLI 2.34.44 Command Reference](../../index.html) » @@ -59 +59 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c -Creates a new pentest configuration +Creates a new pentest configuration in an agent space. A pentest defines the security test parameters, including target assets, risk type exclusions, and logging configuration. @@ -103 +103 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi -> Title of the pentest +> The title of the pentest. @@ -107 +107 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi -> ID of the agent space where the pentest should be created +> The unique identifier of the agent space to create the pentest in. @@ -111 +111 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi -> Assets to be tested during the pentest +> The assets to include in the pentest, such as endpoints, actors, documents, and source code. @@ -115 +115 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->> List of web application endpoints to test +>> The list of endpoints to test during the pentest. @@ -119 +119 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>> Represents a web application endpoint to be tested +>>> Represents a target endpoint for penetration testing. @@ -123 +123 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> URI of the endpoint to test +>>>> The URI of the endpoint. @@ -127 +127 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->> List of actors that interact with the system +>> The list of actors used during penetration testing. @@ -131 +131 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>> Represents an entity that interacts with the system during security testing +>>> Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs. @@ -135 +135 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> Unique identifier for the actor (case-insensitive) +>>>> The unique identifier for the actor. @@ -139 +139 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> List of URIs accessible with the actor’s credentials +>>>> The list of URIs that the actor targets during testing. @@ -145 +145 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> Authentication information used by the actor to access resources +>>>> The authentication configuration for the actor. @@ -149 +149 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>>> Provider type for the authentication credentials +>>>>> The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL. @@ -162 +162 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>>> Authentication credential value or reference +>>>>> The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type. @@ -166 +166 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> Additional description or details about the actor +>>>> A description of the actor. @@ -170 +170 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->> List of documents providing context for testing +>> The list of documents that provide context for the pentest. @@ -174 +174 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>> Information about a document relevant to security testing +>>> Represents a document that provides context for security testing. @@ -178 +178 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> S3 storage location of the document +>>>> The Amazon S3 location of the document. @@ -182 +182 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> Artifact ID of the document +>>>> The unique identifier of the artifact associated with the document. @@ -186 +186 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->> List of source code repositories for static analysis +>> The list of source code repositories to analyze during the pentest. @@ -190 +190 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>> Information about a source code repository for static analysis +>>> Represents a source code repository used for security analysis during a pentest. @@ -194 +194 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> S3 storage location of the repository +>>>> The Amazon S3 location of the source code repository archive. @@ -198 +198 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->> List of integrated code repositories +>> The list of integrated repositories associated with the pentest. @@ -202 +202 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>> Information about an integrated repository +>>> Represents a code repository that is integrated with the service through a third-party provider. @@ -206 +206 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> Integration identifier +>>>> The unique identifier of the integration that provides access to the repository. @@ -210 +210 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>> External provider resource identifier, e.g., Github repository identifier +>>>> The provider-specific resource identifier for the repository. @@ -259 +259 @@ JSON Syntax: -> A list of risk types excluded from the pentest execution +> The list of risk types to exclude from the pentest. @@ -263 +263 @@ JSON Syntax: ->> Type of security risk +>> Type of security risk. @@ -306 +306 @@ Syntax: -> Service role ARN for accessing customer resources +> The IAM service role to use for the pentest. @@ -310 +310 @@ Syntax: -> CloudWatch log group and stream prefix where pentest execution logs are stored +> The CloudWatch Logs configuration for the pentest. @@ -314 +314 @@ Syntax: ->> Name of the CloudWatch log group +>> The name of the CloudWatch log group. @@ -318 +318 @@ Syntax: ->> Name of the CloudWatch log stream +>> The name of the CloudWatch log stream. @@ -337 +337 @@ JSON Syntax: -> VPC configuration that the Security Agent accesses +> The VPC configuration for the pentest. @@ -341 +341 @@ JSON Syntax: ->> ARN or ID of the customer VPC +>> The Amazon Resource Name (ARN) of the VPC. @@ -345 +345 @@ JSON Syntax: ->> List of security group ARNs or IDs in the customer VPC +>> The Amazon Resource Names (ARNs) of the security groups for the VPC configuration. @@ -349 +349 @@ JSON Syntax: ->>> ARN or ID of a security group +>>> ARN or ID of a security group. @@ -353 +353 @@ JSON Syntax: ->> List of subnet ARNs or IDs in the customer VPC +>> The Amazon Resource Names (ARNs) of the subnets for the VPC configuration. @@ -357 +357 @@ JSON Syntax: ->>> ARN or ID of a subnet +>>> ARN or ID of a subnet. @@ -377 +377 @@ JSON Syntax: -> Configuration for network traffic filtering +> The network traffic configuration for the pentest, including custom headers and traffic rules. @@ -381 +381 @@ JSON Syntax: ->> Traffic filtering rules +>> The list of network traffic rules that control which URLs are allowed or denied during testing. @@ -385 +385 @@ JSON Syntax: ->>> Network traffic filtering rule +>>> A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns. @@ -389 +389 @@ JSON Syntax: ->>>> Action to take when the rule matches +>>>> The effect of the rule. Valid values are ALLOW and DENY. @@ -400 +400 @@ JSON Syntax: ->>>> Pattern to match against +>>>> The URL pattern to match for the rule. @@ -404 +404 @@ JSON Syntax: ->>>> Type of network traffic rule +>>>> The type of the network traffic rule. Currently, only URL is supported. @@ -414 +414 @@ JSON Syntax: ->> Custom headers for requests +>> The list of custom HTTP headers to include in network traffic during testing. @@ -418 +418 @@ JSON Syntax: ->>> Custom headers to be set for network requests +>>> A custom HTTP header to include in network traffic during penetration testing. @@ -422 +422 @@ JSON Syntax: ->>>> Name of header to set value for +>>>> The name of the custom header. @@ -426 +426 @@ JSON Syntax: ->>>> Value to set for header +>>>> The value of the custom header. @@ -458 +458 @@ JSON Syntax: -> Strategy for code remediation on findings +> The code remediation strategy for the pentest. Valid values are AUTOMATIC and DISABLED. @@ -582 +582 @@ pentestId -> (string) -> Unique identifier of the created pentest +> The unique identifier of the created pentest. @@ -586 +586 @@ title -> (string) -> Title of the created pentest +> The title of the pentest. @@ -590 +590 @@ createdAt -> (timestamp) -> Timestamp when the pentest was created +> The date and time the pentest was created, in UTC format. @@ -594 +594 @@ updatedAt -> (timestamp) -> Timestamp when the pentest was last updated +> The date and time the pentest was last updated, in UTC format. @@ -598 +598 @@ assets -> (structure) -> Assets to be tested in the created pentest +> The assets included in the pentest. @@ -602 +602 @@ assets -> (structure) ->> List of web application endpoints to test +>> The list of endpoints to test during the pentest. @@ -606 +606 @@ assets -> (structure) ->>> Represents a web application endpoint to be tested +>>> Represents a target endpoint for penetration testing. @@ -610 +610 @@ assets -> (structure) ->>>> URI of the endpoint to test +>>>> The URI of the endpoint. @@ -614 +614 @@ assets -> (structure) ->> List of actors that interact with the system +>> The list of actors used during penetration testing. @@ -618 +618 @@ assets -> (structure) ->>> Represents an entity that interacts with the system during security testing +>>> Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs. @@ -622 +622 @@ assets -> (structure) ->>>> Unique identifier for the actor (case-insensitive) +>>>> The unique identifier for the actor. @@ -626 +626 @@ assets -> (structure) ->>>> List of URIs accessible with the actor’s credentials +>>>> The list of URIs that the actor targets during testing. @@ -632 +632 @@ assets -> (structure) ->>>> Authentication information used by the actor to access resources +>>>> The authentication configuration for the actor. @@ -636 +636 @@ assets -> (structure) ->>>>> Provider type for the authentication credentials +>>>>> The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL. @@ -649 +649 @@ assets -> (structure) ->>>>> Authentication credential value or reference +>>>>> The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type. @@ -653 +653 @@ assets -> (structure)