Security for Amazon DevOps Agent activated from Amazon Web Services Support
Amazon DevOps Agent provides the following security controls:
-
Agent spaces are the primary security boundary. Each agent space is isolated to a single Amazon Web Services account.
-
Data is encrypted at rest with Amazon-managed keys and encrypted in transit.
-
Agent activity is captured in an immutable agent journal and in Amazon CloudTrail (CloudTrail).
-
Amazon DevOps Agent enforces account-boundary, limited-write, and prompt-injection protections.
For the full security posture, including regional processing, integration security, network connectivity, and the shared responsibility model, see Amazon DevOps Agent Security in the Amazon DevOps Agent User Guide.