AWS devopsagent documentation change
Summary
Added new features: GitHub registration reuse and HMAC/API key authentication for webhooks. Updated private connection capabilities.
Security assessment
The HMAC/API key authentication option directly documents a security feature (authentication methods for webhooks). However, there's no evidence this addresses an existing vulnerability; it appears as a new capability rather than a security fix. The change enhances security documentation by describing authentication choices.
Diff
diff --git a/devopsagent/latest/userguide/whats-new.md b/devopsagent/latest/userguide/whats-new.md index ebfa0765c..6c476fbf5 100644 --- a//devopsagent/latest/userguide/whats-new.md +++ b//devopsagent/latest/userguide/whats-new.md @@ -12,0 +13,2 @@ Date | Change | Description +June 30, 2026 | [Register GitHub.com when the app is already installed](connecting-to-cicd-pipelines-connecting-github.html#for-githubcom) | You can now register GitHub.com even when the AWS DevOps Agent GitHub App is already installed on your account or organization. Registration reuses the existing installation, so you don't need to reinstall the app. You can register a repository that another account member already set up. Registration confirms that the app is installed on the exact account or organization you specified. +June 24, 2026 | [Choose HMAC or API key authentication for Agent Space webhooks](configuring-integrations-and-knowledge-invoking-devops-agent-through-webhook.html) | When you create an Agent Space webhook, you can now choose between HMAC signature authentication and API key (bearer token) authentication. @@ -39 +41 @@ June 3, 2026 | [Export investigations and chat content as Markdown](working-with -June 3, 2026 | [Private connections show DNS resolution and support multiple names](configuring-integrations-and-knowledge-connecting-to-privately-hosted-tools.html) | Configure multiple private connection names for a service and see DNS resolution status for self-hosted integrations. +June 3, 2026 | [Private DNS resolution and per-endpoint private connections](configuring-integrations-and-knowledge-connecting-to-privately-hosted-tools.html) | Choose how a private connection's host address is resolved when you create it: use public DNS, or in-VPC resolution for hostnames that exist only in a private hosted zone. For OAuth-based MCP servers, you can now route the endpoint (target URL) and the OAuth token exchange endpoint through separate private connections using `targetUrlPrivateConnectionName` and `exchangeUrlPrivateConnectionName`.