AWS::SecurityAgent::Pentest - AWS CloudFormation
SyntaxPropertiesReturn values
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::SecurityAgent::Pentest

The AWS::SecurityAgent::Pentest resource specifies a penetration test within an agent space. A pentest defines the scope, assets, and configuration for automated security testing.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::SecurityAgent::Pentest",
  "Properties" : {
      "AgentSpaceId" : String,
      "Assets" : Assets,
      "CodeRemediationStrategy" : String,
      "ExcludeRiskTypes" : [ String, ... ],
      "LogConfig" : CloudWatchLog,
      "NetworkTrafficConfig" : NetworkTrafficConfig,
      "ServiceRole" : String,
      "Title" : String,
      "VpcConfig" : VpcConfig
    }
}

YAML

Type: AWS::SecurityAgent::Pentest
Properties:
  AgentSpaceId: String
  Assets: 
    Assets
  CodeRemediationStrategy: String
  ExcludeRiskTypes: 
    - String
  LogConfig: 
    CloudWatchLog
  NetworkTrafficConfig: 
    NetworkTrafficConfig
  ServiceRole: String
  Title: String
  VpcConfig: 
    VpcConfig

Properties

AgentSpaceId

The unique identifier of the agent space to create the pentest in.

Required: Yes

Type: String

Update requires: Replacement

Assets

The assets to include in the pentest, such as endpoints, actors, documents, and source code.

Required: Yes

Type: Assets

Update requires: No interruption

CodeRemediationStrategy

The code remediation strategy for the pentest. Valid values are AUTOMATIC and DISABLED.

Required: No

Type: String

Allowed values: AUTOMATIC | DISABLED

Update requires: No interruption

ExcludeRiskTypes

The list of risk types to exclude from the pentest.

Required: No

Type: Array of String

Update requires: No interruption

LogConfig

The CloudWatch Logs configuration for the pentest.

Required: No

Type: CloudWatchLog

Update requires: No interruption

NetworkTrafficConfig

The network traffic configuration for the pentest, including custom headers and traffic rules.

Required: No

Type: NetworkTrafficConfig

Update requires: No interruption

ServiceRole

The IAM service role to use for the pentest.

Required: Yes

Type: String

Update requires: No interruption

Title

The title of the pentest.

Required: No

Type: String

Update requires: No interruption

VpcConfig

The VPC configuration for the pentest.

Required: No

Type: VpcConfig

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a pipe-delimited combination of the pentest ID and agent space ID. For example:

{ "Ref": "MyPentest" }

For the pentest MyPentest, Ref returns a value in the format pt-0123456789abcdef0|as-0123456789abcdef0, where the first value is the pentest ID and the second is the agent space ID.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

CreatedAt

The date and time when the penetration test was created, in ISO 8601 format. For example: 2024-01-01T00:00:00Z.

PentestId

The unique identifier of the penetration test. For example: pt-0123456789abcdef0.

UpdatedAt

The date and time when the penetration test was last updated, in ISO 8601 format. For example: 2024-01-01T00:00:00Z.