This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::SecurityAgent::Pentest
<a name="aws-resource-securityagent-pentest"></a>

The `AWS::SecurityAgent::Pentest` resource specifies a penetration test within an agent space. A pentest defines the scope, assets, and configuration for automated security testing.

## Syntax
<a name="aws-resource-securityagent-pentest-syntax"></a>

To declare this entity in your Amazon CloudFormation template, use the following syntax:

### JSON
<a name="aws-resource-securityagent-pentest-syntax.json"></a>

```
{
  "Type" : "AWS::SecurityAgent::Pentest",
  "Properties" : {
      "[AgentSpaceId](#cfn-securityagent-pentest-agentspaceid)" : {{String}},
      "[Assets](#cfn-securityagent-pentest-assets)" : {{Assets}},
      "[CodeRemediationStrategy](#cfn-securityagent-pentest-coderemediationstrategy)" : {{String}},
      "[ExcludeRiskTypes](#cfn-securityagent-pentest-excluderisktypes)" : {{[ String, ... ]}},
      "[LogConfig](#cfn-securityagent-pentest-logconfig)" : {{CloudWatchLog}},
      "[NetworkTrafficConfig](#cfn-securityagent-pentest-networktrafficconfig)" : {{NetworkTrafficConfig}},
      "[ServiceRole](#cfn-securityagent-pentest-servicerole)" : {{String}},
      "[Title](#cfn-securityagent-pentest-title)" : {{String}},
      "[VpcConfig](#cfn-securityagent-pentest-vpcconfig)" : {{VpcConfig}}
    }
}
```

### YAML
<a name="aws-resource-securityagent-pentest-syntax.yaml"></a>

```
Type: AWS::SecurityAgent::Pentest
Properties:
  [AgentSpaceId](#cfn-securityagent-pentest-agentspaceid): {{String}}
  [Assets](#cfn-securityagent-pentest-assets): {{
    Assets}}
  [CodeRemediationStrategy](#cfn-securityagent-pentest-coderemediationstrategy): {{String}}
  [ExcludeRiskTypes](#cfn-securityagent-pentest-excluderisktypes): {{
    - String}}
  [LogConfig](#cfn-securityagent-pentest-logconfig): {{
    CloudWatchLog}}
  [NetworkTrafficConfig](#cfn-securityagent-pentest-networktrafficconfig): {{
    NetworkTrafficConfig}}
  [ServiceRole](#cfn-securityagent-pentest-servicerole): {{String}}
  [Title](#cfn-securityagent-pentest-title): {{String}}
  [VpcConfig](#cfn-securityagent-pentest-vpcconfig): {{
    VpcConfig}}
```

## Properties
<a name="aws-resource-securityagent-pentest-properties"></a>

`AgentSpaceId`  <a name="cfn-securityagent-pentest-agentspaceid"></a>
The unique identifier of the agent space to create the pentest in.  
*Required*: Yes  
*Type*: String  
*Update requires*: [Replacement](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

`Assets`  <a name="cfn-securityagent-pentest-assets"></a>
The assets to include in the pentest, such as endpoints, actors, documents, and source code.  
*Required*: Yes  
*Type*: [Assets](aws-properties-securityagent-pentest-assets.md)  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`CodeRemediationStrategy`  <a name="cfn-securityagent-pentest-coderemediationstrategy"></a>
The code remediation strategy for the pentest. Valid values are AUTOMATIC and DISABLED.  
*Required*: No  
*Type*: String  
*Allowed values*: `AUTOMATIC | DISABLED`  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ExcludeRiskTypes`  <a name="cfn-securityagent-pentest-excluderisktypes"></a>
The list of risk types to exclude from the pentest.  
*Required*: No  
*Type*: Array of String  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`LogConfig`  <a name="cfn-securityagent-pentest-logconfig"></a>
The CloudWatch Logs configuration for the pentest.  
*Required*: No  
*Type*: [CloudWatchLog](aws-properties-securityagent-pentest-cloudwatchlog.md)  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`NetworkTrafficConfig`  <a name="cfn-securityagent-pentest-networktrafficconfig"></a>
The network traffic configuration for the pentest, including custom headers and traffic rules.  
*Required*: No  
*Type*: [NetworkTrafficConfig](aws-properties-securityagent-pentest-networktrafficconfig.md)  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ServiceRole`  <a name="cfn-securityagent-pentest-servicerole"></a>
The IAM service role to use for the pentest.  
*Required*: Yes  
*Type*: String  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Title`  <a name="cfn-securityagent-pentest-title"></a>
The title of the pentest.  
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`VpcConfig`  <a name="cfn-securityagent-pentest-vpcconfig"></a>
The VPC configuration for the pentest.  
*Required*: No  
*Type*: [VpcConfig](aws-properties-securityagent-pentest-vpcconfig.md)  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

## Return values
<a name="aws-resource-securityagent-pentest-return-values"></a>

### Ref
<a name="aws-resource-securityagent-pentest-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns a pipe-delimited combination of the pentest ID and agent space ID. For example:

 `{ "Ref": "MyPentest" }` 

For the pentest `MyPentest`, `Ref` returns a value in the format `pt-0123456789abcdef0|as-0123456789abcdef0`, where the first value is the pentest ID and the second is the agent space ID.

For more information about using the `Ref` function, see [https://docs.amazonaws.cn/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.amazonaws.cn/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html).

### Fn::GetAtt
<a name="aws-resource-securityagent-pentest-return-values-fn--getatt"></a>

The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.amazonaws.cn/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.amazonaws.cn/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html).

#### 
<a name="aws-resource-securityagent-pentest-return-values-fn--getatt-fn--getatt"></a>

`CreatedAt`  <a name="CreatedAt-fn::getatt"></a>
The date and time when the penetration test was created, in ISO 8601 format. For example: `2024-01-01T00:00:00Z`.

`PentestId`  <a name="PentestId-fn::getatt"></a>
The unique identifier of the penetration test. For example: `pt-0123456789abcdef0`.

`UpdatedAt`  <a name="UpdatedAt-fn::getatt"></a>
The date and time when the penetration test was last updated, in ISO 8601 format. For example: `2024-01-01T00:00:00Z`.