View a markdown version of this page

Security for Amazon DevOps Agent activated from Amazon Web Services Support - Amazon Web Services Support
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security for Amazon DevOps Agent activated from Amazon Web Services Support

Amazon DevOps Agent provides the following security controls:

  • Agent spaces are the primary security boundary. Each agent space is isolated to a single Amazon Web Services account.

  • Data is encrypted at rest with Amazon-managed keys and encrypted in transit.

  • Agent activity is captured in an immutable agent journal and in Amazon CloudTrail (CloudTrail).

  • Amazon DevOps Agent enforces account-boundary, limited-write, and prompt-injection protections.

For the full security posture, including regional processing, integration security, network connectivity, and the shared responsibility model, see Amazon DevOps Agent Security in the Amazon DevOps Agent User Guide.