

# Security for Amazon DevOps Agent activated from Amazon Web Services Support
<a name="support-devops-agent-security"></a>

Amazon DevOps Agent provides the following security controls:
+ Agent spaces are the primary security boundary. Each agent space is isolated to a single Amazon Web Services account.
+ Data is encrypted at rest with Amazon-managed keys and encrypted in transit.
+ Agent activity is captured in an immutable agent journal and in Amazon CloudTrail (CloudTrail).
+ Amazon DevOps Agent enforces account-boundary, limited-write, and prompt-injection protections.

For the full security posture, including regional processing, integration security, network connectivity, and the shared responsibility model, see [Amazon DevOps Agent Security](https://docs.amazonaws.cn/devopsagent/latest/userguide/aws-devops-agent-security.html) in the *Amazon DevOps Agent User Guide*.