AWS securityagent documentation change
Summary
Clarified domain verification requirements for private VPC endpoints and added note about pentest-time verification attempts.
Security assessment
Refines documentation of security controls (domain verification) for penetration testing feature. Ensures accurate setup of security validation mechanisms.
Diff
diff --git a/securityagent/latest/userguide/enable-penetration-test.md b/securityagent/latest/userguide/enable-penetration-test.md index 16bd6f6c7..3afeb0cf7 100644 --- a//securityagent/latest/userguide/enable-penetration-test.md +++ b//securityagent/latest/userguide/enable-penetration-test.md @@ -78 +78,5 @@ In the second step of the wizard, verify ownership of each domain you configured -Sub-domains of a verified domain do not require individual verification. For private domains inside a VPC, you can proceed even if the domain verification status is UNREACHABLE. AWS Security Agent will attempt domain verification for private endpoints at the start of each pentest run. +Sub-domains of a verified domain do not require individual verification when using DNS TXT or HTTP route verification. For Private VPC verification, the target endpoint domain name must match the full domain name configured for verification. + +###### Note + +For private domains inside a VPC, you can proceed even if the domain verification status is UNREACHABLE. AWS Security Agent will attempt domain verification for private endpoints at the start of each pentest run.