AWS Security ChangesHomeSearch

AWS devopsagent high security documentation change

Service: devopsagent · 2026-06-22 · Security-related high

File: devopsagent/latest/userguide/release-management-release-testing.md

Summary

Added warning about release testing executing real write operations (POST/PUT/DELETE) that may modify data. Emphasized using staging environments and avoiding production unless risks are accepted. Removed GitHub Checks permission reference.

Security assessment

Explicitly warns about data mutation risks during testing, including potential for financial transactions (payments) and irreversible deletions. Highlights production environment risks and recommends safeguards. Evidence: warnings about write operations creating/modifying/deleting data and specific risks like customer notifications or payment processing.

Diff

diff --git a/devopsagent/latest/userguide/release-management-release-testing.md b/devopsagent/latest/userguide/release-management-release-testing.md
index 9fe22e25c..e58388ee4 100644
--- a//devopsagent/latest/userguide/release-management-release-testing.md
+++ b//devopsagent/latest/userguide/release-management-release-testing.md
@@ -14,0 +15,4 @@ Release testing generates and executes test plans to validate code changes in re
+###### Important
+
+ __Release testing executes real requests against your target application, including write operations (POST, PUT, DELETE). The agent explores endpoints, submits forms, and tests error handling — these actions may create, modify, or delete data in the target application. Use only where your risk profile can accept mutating actions as part of the exploratory testing. Ensure your applications can tolerate exploratory write operations without unintended consequences such as sending customer notifications, processing payments, or permanently deleting records. We recommend running against staging deployments; production applications should only be targeted when your application's write operations are safe for automated testing.
+
@@ -53 +57 @@ To create a test profile:
-     * **Target URL** — The URL of the deployed application to test against (for example, `https://staging.myapp.com`)
+     * **Target URL** — The URL of a staging or test deployment of your application. The agent sends real HTTP traffic including write operations (POST, PUT, DELETE). Do not use production URLs unless you understand and accept the risk of data modification.
@@ -184 +187,0 @@ Permission | Reason
-checks: write | Create and update GitHub Check Runs on the commit