Security for AWS DevOps Agent activated from AWS Support - AWS Support
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

Security for AWS DevOps Agent activated from AWS Support

AWS DevOps Agent provides the following security controls:

  • Agent spaces are the primary security boundary. Each agent space is isolated to a single AWS account.

  • Data is encrypted at rest with AWS-managed keys and encrypted in transit.

  • Agent activity is captured in an immutable agent journal and in AWS CloudTrail (CloudTrail).

  • AWS DevOps Agent enforces account-boundary, limited-write, and prompt-injection protections.

For the full security posture, including regional processing, integration security, network connectivity, and the shared responsibility model, see AWS DevOps Agent Security in the AWS DevOps Agent User Guide.