AWS Security Agent

Starts a new threat model job for a threat model configuration.

See also: AWS API Documentation

Request Syntax

client.start_threat_model_job(
    agentSpaceId='string',
    threatModelId='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type threatModelId:

string

param threatModelId:

[REQUIRED]

The unique identifier of the threat model to start a job for.

rtype:

dict

returns:

Response Syntax

{
    'title': 'string',
    'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'threatModelId': 'string',
    'threatModelJobId': 'string',
    'agentSpaceId': 'string'
}

Response Structure

• (dict) --

  Output for the StartThreatModelJob operation.

  • title (string) --

    The title of the threat model job.

  • status (string) --

    The current status of the threat model job.

  • createdAt (datetime) --

    The date and time the threat model job was created, in UTC format.

  • updatedAt (datetime) --

    The date and time the threat model job was last updated, in UTC format.

  • threatModelId (string) --

    The unique identifier of the threat model.

  • threatModelJobId (string) --

    The unique identifier of the started threat model job.

  • agentSpaceId (string) --

    The unique identifier of the agent space.

Lists all security requirement packs in the caller's account.

See also: AWS API Documentation

Request Syntax

client.list_security_requirement_packs(
    filter={
        'managementType': 'AWS_MANAGED'|'CUSTOMER_MANAGED',
        'status': 'ENABLED'|'DISABLED'
    },
    nextToken='string',
    maxResults=123
)

type filter:

dict

param filter:

The filter criteria for listing security requirement packs.

• managementType (string) --

  Filter packs by management type. Valid values are AWS_MANAGED and CUSTOMER_MANAGED.

• status (string) --

  Filter packs by status. Valid values are ENABLED and DISABLED.

type nextToken:

string

param nextToken:

The pagination token from a previous request to retrieve the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single request.

rtype:

dict

returns:

Response Syntax

{
    'securityRequirementPackSummaries': [
        {
            'packId': 'string',
            'name': 'string',
            'description': 'string',
            'vendorName': 'string',
            'managementType': 'AWS_MANAGED'|'CUSTOMER_MANAGED',
            'status': 'ENABLED'|'DISABLED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • securityRequirementPackSummaries (list) --

    The list of security requirement pack summaries.

    • (dict) --

      Contains summary information about a security requirement pack.

      • packId (string) --

        The unique identifier of the security requirement pack.

      • name (string) --

        The name of the security requirement pack.

      • description (string) --

        A description of the security requirement pack.

      • vendorName (string) --

        The vendor name for AWS managed packs.

      • managementType (string) --

        The management type of the pack.

      • status (string) --

        The status of the security requirement pack.

      • createdAt (datetime) --

        The date and time the security requirement pack was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the security requirement pack was last updated, in UTC format.

  • nextToken (string) --

    The pagination token to use in a subsequent request to retrieve the next page of results.

Updates an existing threat model configuration.

See also: AWS API Documentation

Request Syntax

client.update_threat_model(
    threatModelId='string',
    agentSpaceId='string',
    title='string',
    description='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    scopeDocs=[
        {
            's3Location': 'string',
            'artifactId': 'string',
            'integratedDocument': {
                'integrationId': 'string',
                'resourceId': 'string'
            }
        },
    ],
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    }
)

type threatModelId:

string

param threatModelId:

[REQUIRED]

The unique identifier of the threat model to update.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the threat model.

type title:

string

param title:

The updated title of the threat model.

type description:

string

param description:

The updated description of the application or system being threat modeled.

type assets:

dict

param assets:

The updated assets for the threat model.

• endpoints (list) --

  The list of endpoints to test during the pentest.

  • (dict) --

    Represents a target endpoint for penetration testing.

    • uri (string) --

      The URI of the endpoint.

• actors (list) --

  The list of actors used during penetration testing.

  • (dict) --

    Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

    • identifier (string) --

      The unique identifier for the actor.

    • uris (list) --

      The list of URIs that the actor targets during testing.

      • (string) --

    • authentication (dict) --

      The authentication configuration for the actor.

      • providerType (string) --

        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

      • value (string) --

        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

    • description (string) --

      A description of the actor.

• documents (list) --

  The list of documents that provide context for the pentest.

  • (dict) --

    Represents a document that provides context for security testing.

    • s3Location (string) --

      The Amazon S3 location of the document.

    • artifactId (string) --

      The unique identifier of the artifact associated with the document.

    • integratedDocument (dict) --

      A reference to a document in an integrated third-party provider.

      • integrationId (string) -- [REQUIRED]

        The identifier of the integration that provides access to the document.

      • resourceId (string) -- [REQUIRED]

        The provider-specific resource identifier for the document.

• sourceCode (list) --

  The list of source code repositories to analyze during the pentest.

  • (dict) --

    Represents a source code repository used for security analysis during a pentest.

    • s3Location (string) --

      The Amazon S3 location of the source code repository archive.

• integratedRepositories (list) --

  The list of integrated repositories associated with the pentest.

  • (dict) --

    Represents a code repository that is integrated with the service through a third-party provider.

    • integrationId (string) -- [REQUIRED]

      The unique identifier of the integration that provides access to the repository.

    • providerResourceId (string) -- [REQUIRED]

      The provider-specific resource identifier for the repository.

type scopeDocs:

list

param scopeDocs:

The updated scoped documents for the agent to focus on during threat modeling.

• (dict) --

  Represents a document that provides context for security testing.

  • s3Location (string) --

    The Amazon S3 location of the document.

  • artifactId (string) --

    The unique identifier of the artifact associated with the document.

  • integratedDocument (dict) --

    A reference to a document in an integrated third-party provider.

    • integrationId (string) -- [REQUIRED]

      The identifier of the integration that provides access to the document.

    • resourceId (string) -- [REQUIRED]

      The provider-specific resource identifier for the document.

type serviceRole:

string

param serviceRole:

The updated IAM service role for the threat model.

type logConfig:

dict

param logConfig:

The updated CloudWatch Logs configuration for the threat model.

• logGroup (string) --

  The name of the CloudWatch log group.

• logStream (string) --

  The name of the CloudWatch log stream.

rtype:

dict

returns:

Response Syntax

{
    'threatModelId': 'string',
    'title': 'string',
    'agentSpaceId': 'string',
    'description': 'string',
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'scopeDocs': [
        {
            's3Location': 'string',
            'artifactId': 'string',
            'integratedDocument': {
                'integrationId': 'string',
                'resourceId': 'string'
            }
        },
    ],
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

• (dict) --

  Output for the UpdateThreatModel operation.

  • threatModelId (string) --

    The unique identifier of the threat model.

  • title (string) --

    The title of the threat model.

  • agentSpaceId (string) --

    The unique identifier of the agent space that contains the threat model.

  • description (string) --

    A description of the application or system being threat modeled.

  • assets (dict) --

    The assets included in the threat model.

    • endpoints (list) --

      The list of endpoints to test during the pentest.

      • (dict) --

        Represents a target endpoint for penetration testing.

        • uri (string) --

          The URI of the endpoint.

    • actors (list) --

      The list of actors used during penetration testing.

      • (dict) --

        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

        • identifier (string) --

          The unique identifier for the actor.

        • uris (list) --

          The list of URIs that the actor targets during testing.

          • (string) --

        • authentication (dict) --

          The authentication configuration for the actor.

          • providerType (string) --

            The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

          • value (string) --

            The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

        • description (string) --

          A description of the actor.

    • documents (list) --

      The list of documents that provide context for the pentest.

      • (dict) --

        Represents a document that provides context for security testing.

        • s3Location (string) --

          The Amazon S3 location of the document.

        • artifactId (string) --

          The unique identifier of the artifact associated with the document.

        • integratedDocument (dict) --

          A reference to a document in an integrated third-party provider.

          • integrationId (string) --

            The identifier of the integration that provides access to the document.

          • resourceId (string) --

            The provider-specific resource identifier for the document.

    • sourceCode (list) --

      The list of source code repositories to analyze during the pentest.

      • (dict) --

        Represents a source code repository used for security analysis during a pentest.

        • s3Location (string) --

          The Amazon S3 location of the source code repository archive.

    • integratedRepositories (list) --

      The list of integrated repositories associated with the pentest.

      • (dict) --

        Represents a code repository that is integrated with the service through a third-party provider.

        • integrationId (string) --

          The unique identifier of the integration that provides access to the repository.

        • providerResourceId (string) --

          The provider-specific resource identifier for the repository.

  • scopeDocs (list) --

    The scoped documents for the agent to focus on during threat modeling.

    • (dict) --

      Represents a document that provides context for security testing.

      • s3Location (string) --

        The Amazon S3 location of the document.

      • artifactId (string) --

        The unique identifier of the artifact associated with the document.

      • integratedDocument (dict) --

        A reference to a document in an integrated third-party provider.

        • integrationId (string) --

          The identifier of the integration that provides access to the document.

        • resourceId (string) --

          The provider-specific resource identifier for the document.

  • serviceRole (string) --

    The IAM service role used for the threat model.

  • logConfig (dict) --

    The CloudWatch Logs configuration for the threat model.

    • logGroup (string) --

      The name of the CloudWatch log group.

    • logStream (string) --

      The name of the CloudWatch log stream.

  • createdAt (datetime) --

    The date and time the threat model was created, in UTC format.

  • updatedAt (datetime) --

    The date and time the threat model was last updated, in UTC format.

Updates the certificate associated with a private connection. Certificates can be added or replaced but not removed.

See also: AWS API Documentation

Request Syntax

client.update_private_connection_certificate(
    privateConnectionName='string',
    certificate='string'
)

type privateConnectionName:

string

param privateConnectionName:

[REQUIRED]

The name of the private connection to update.

type certificate:

string

param certificate:

[REQUIRED]

The PEM-encoded certificate chain for the private connection.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
    'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
    'resourceGatewayId': 'string',
    'hostAddress': 'string',
    'vpcId': 'string',
    'resourceConfigurationId': 'string',
    'certificateExpiryTime': datetime(2015, 1, 1),
    'dnsResolution': 'PUBLIC'|'IN_VPC',
    'failureMessage': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

• (dict) --

  • name (string) --

    The name of the private connection.

  • type (string) --

    The type of the private connection, indicating whether it is service-managed or self-managed.

  • status (string) --

    The current status of the private connection.

  • resourceGatewayId (string) --

    The identifier or ARN of the VPC Lattice resource gateway.

  • hostAddress (string) --

    The IP address or DNS name of the target resource.

  • vpcId (string) --

    The identifier of the VPC the resource gateway is created in.

  • resourceConfigurationId (string) --

    The identifier or ARN of the VPC Lattice resource configuration.

  • certificateExpiryTime (datetime) --

    The date and time the connection's certificate expires, in UTC format.

  • dnsResolution (string) --

    The DNS resolution mode for the resource gateway.

  • failureMessage (string) --

    A message describing why the private connection entered a failed state, if applicable.

  • tags (dict) --

    The tags attached to the private connection.

    • (string) --

      Key for a resource tag.

      • (string) --

        Value for a resource tag.

Creates a new threat model configuration in an agent space. A threat model defines the parameters for automated threat analysis.

See also: AWS API Documentation

Request Syntax

client.create_threat_model(
    title='string',
    agentSpaceId='string',
    description='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    scopeDocs=[
        {
            's3Location': 'string',
            'artifactId': 'string',
            'integratedDocument': {
                'integrationId': 'string',
                'resourceId': 'string'
            }
        },
    ],
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    reportDestination={
        'integrationId': 'string',
        'containerId': 'string',
        'parentId': 'string',
        'documentId': 'string'
    }
)

type title:

string

param title:

[REQUIRED]

The title of the threat model.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to create the threat model in.

type description:

string

param description:

A description of the application or system being threat modeled.

type assets:

dict

param assets:

The assets to include in the threat model.

• endpoints (list) --

  The list of endpoints to test during the pentest.

  • (dict) --

    Represents a target endpoint for penetration testing.

    • uri (string) --

      The URI of the endpoint.

• actors (list) --

  The list of actors used during penetration testing.

  • (dict) --

    Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

    • identifier (string) --

      The unique identifier for the actor.

    • uris (list) --

      The list of URIs that the actor targets during testing.

      • (string) --

    • authentication (dict) --

      The authentication configuration for the actor.

      • providerType (string) --

        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

      • value (string) --

        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

    • description (string) --

      A description of the actor.

• documents (list) --

  The list of documents that provide context for the pentest.

  • (dict) --

    Represents a document that provides context for security testing.

    • s3Location (string) --

      The Amazon S3 location of the document.

    • artifactId (string) --

      The unique identifier of the artifact associated with the document.

    • integratedDocument (dict) --

      A reference to a document in an integrated third-party provider.

      • integrationId (string) -- [REQUIRED]

        The identifier of the integration that provides access to the document.

      • resourceId (string) -- [REQUIRED]

        The provider-specific resource identifier for the document.

• sourceCode (list) --

  The list of source code repositories to analyze during the pentest.

  • (dict) --

    Represents a source code repository used for security analysis during a pentest.

    • s3Location (string) --

      The Amazon S3 location of the source code repository archive.

• integratedRepositories (list) --

  The list of integrated repositories associated with the pentest.

  • (dict) --

    Represents a code repository that is integrated with the service through a third-party provider.

    • integrationId (string) -- [REQUIRED]

      The unique identifier of the integration that provides access to the repository.

    • providerResourceId (string) -- [REQUIRED]

      The provider-specific resource identifier for the repository.

type scopeDocs:

list

param scopeDocs:

The scoped documents for the agent to focus on during threat modeling.

• (dict) --

  Represents a document that provides context for security testing.

  • s3Location (string) --

    The Amazon S3 location of the document.

  • artifactId (string) --

    The unique identifier of the artifact associated with the document.

  • integratedDocument (dict) --

    A reference to a document in an integrated third-party provider.

    • integrationId (string) -- [REQUIRED]

      The identifier of the integration that provides access to the document.

    • resourceId (string) -- [REQUIRED]

      The provider-specific resource identifier for the document.

type serviceRole:

string

param serviceRole:

[REQUIRED]

The IAM service role to use for the threat model.

type logConfig:

dict

param logConfig:

The CloudWatch Logs configuration for the threat model.

• logGroup (string) --

  The name of the CloudWatch log group.

• logStream (string) --

  The name of the CloudWatch log stream.

type reportDestination:

dict

param reportDestination:

The destination for publishing scan reports to an integrated document provider.

• integrationId (string) -- [REQUIRED]

  The integration identifier for the document provider.

• containerId (string) -- [REQUIRED]

  The container identifier where the report will be published.

• parentId (string) --

  The parent document identifier under which the report will be created.

• documentId (string) --

  The existing document identifier to update instead of creating a new document.

rtype:

dict

returns:

Response Syntax

{
    'threatModelId': 'string',
    'title': 'string',
    'agentSpaceId': 'string',
    'description': 'string',
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'scopeDocs': [
        {
            's3Location': 'string',
            'artifactId': 'string',
            'integratedDocument': {
                'integrationId': 'string',
                'resourceId': 'string'
            }
        },
    ],
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

• (dict) --

  Output for the CreateThreatModel operation.

  • threatModelId (string) --

    The unique identifier of the created threat model.

  • title (string) --

    The title of the threat model.

  • agentSpaceId (string) --

    The unique identifier of the agent space that contains the threat model.

  • description (string) --

    A description of the application or system being threat modeled.

  • assets (dict) --

    The assets included in the threat model.

    • endpoints (list) --

      The list of endpoints to test during the pentest.

      • (dict) --

        Represents a target endpoint for penetration testing.

        • uri (string) --

          The URI of the endpoint.

    • actors (list) --

      The list of actors used during penetration testing.

      • (dict) --

        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

        • identifier (string) --

          The unique identifier for the actor.

        • uris (list) --

          The list of URIs that the actor targets during testing.

          • (string) --

        • authentication (dict) --

          The authentication configuration for the actor.

          • providerType (string) --

            The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

          • value (string) --

            The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

        • description (string) --

          A description of the actor.

    • documents (list) --

      The list of documents that provide context for the pentest.

      • (dict) --

        Represents a document that provides context for security testing.

        • s3Location (string) --

          The Amazon S3 location of the document.

        • artifactId (string) --

          The unique identifier of the artifact associated with the document.

        • integratedDocument (dict) --

          A reference to a document in an integrated third-party provider.

          • integrationId (string) --

            The identifier of the integration that provides access to the document.

          • resourceId (string) --

            The provider-specific resource identifier for the document.

    • sourceCode (list) --

      The list of source code repositories to analyze during the pentest.

      • (dict) --

        Represents a source code repository used for security analysis during a pentest.

        • s3Location (string) --

          The Amazon S3 location of the source code repository archive.

    • integratedRepositories (list) --

      The list of integrated repositories associated with the pentest.

      • (dict) --

        Represents a code repository that is integrated with the service through a third-party provider.

        • integrationId (string) --

          The unique identifier of the integration that provides access to the repository.

        • providerResourceId (string) --

          The provider-specific resource identifier for the repository.

  • scopeDocs (list) --

    The scoped documents for the agent to focus on during threat modeling.

    • (dict) --

      Represents a document that provides context for security testing.

      • s3Location (string) --

        The Amazon S3 location of the document.

      • artifactId (string) --

        The unique identifier of the artifact associated with the document.

      • integratedDocument (dict) --

        A reference to a document in an integrated third-party provider.

        • integrationId (string) --

          The identifier of the integration that provides access to the document.

        • resourceId (string) --

          The provider-specific resource identifier for the document.

  • serviceRole (string) --

    The IAM service role used for the threat model.

  • logConfig (dict) --

    The CloudWatch Logs configuration for the threat model.

    • logGroup (string) --

      The name of the CloudWatch log group.

    • logStream (string) --

      The name of the CloudWatch log stream.

  • createdAt (datetime) --

    The date and time the threat model was created, in UTC format.

  • updatedAt (datetime) --

    The date and time the threat model was last updated, in UTC format.

Batch updates security requirements within a customer managed pack.

See also: AWS API Documentation

Request Syntax

client.batch_update_security_requirements(
    packId='string',
    securityRequirements=[
        {
            'name': 'string',
            'description': 'string',
            'domain': 'string',
            'evaluation': 'string',
            'remediation': 'string'
        },
    ]
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack containing the requirements to update.

type securityRequirements:

list

param securityRequirements:

[REQUIRED]

The list of security requirement updates to apply.

• (dict) --

  Contains the details for updating an existing security requirement within a pack. The name is an immutable identifier used to locate the requirement and cannot be modified.

  • name (string) -- [REQUIRED]

    The name of the security requirement to update. This is an immutable identifier and cannot be changed once the requirement is created.

  • description (string) --

    The updated description of the security requirement.

  • domain (string) --

    The updated security domain the requirement belongs to.

  • evaluation (string) --

    The updated evaluation criteria used to assess compliance with this requirement.

  • remediation (string) --

    The updated remediation steps when the requirement is not met.

rtype:

dict

returns:

Response Syntax

{
    'updatedSecurityRequirementNames': [
        'string',
    ],
    'errors': [
        {
            'securityRequirementName': 'string',
            'code': 'string',
            'message': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • updatedSecurityRequirementNames (list) --

    The list of security requirement names that were successfully updated.

    • (string) --

  • errors (list) --

    The list of errors for security requirements that failed to be updated.

    • (dict) --

      Contains information about an error that occurred for a specific security requirement during a batch operation.

      • securityRequirementName (string) --

        The name of the security requirement that caused the error.

      • code (string) --

        The error code.

      • message (string) --

        The error message.

Deletes one or more threat models from an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_delete_threat_models(
    threatModelIds=[
        'string',
    ],
    agentSpaceId='string'
)

type threatModelIds:

list

param threatModelIds:

[REQUIRED]

The list of threat model identifiers to delete.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the threat models to delete.

rtype:

dict

returns:

Response Syntax

{
    'deleted': [
        'string',
    ],
    'failed': [
        {
            'threatModelId': 'string',
            'reason': 'string'
        },
    ]
}

Response Structure

• (dict) --

  Output for the BatchDeleteThreatModels operation.

  • deleted (list) --

    The list of threat model identifiers that were successfully deleted.

    • (string) --

  • failed (list) --

    The list of threat models that failed to delete, including the reason for each failure.

    • (dict) --

      Contains information about a threat model that failed to delete.

      • threatModelId (string) --

        The unique identifier of the threat model that failed to delete.

      • reason (string) --

        The reason the threat model failed to delete.

Returns a paginated list of task summaries for the specified threat model job.

See also: AWS API Documentation

Request Syntax

client.list_threat_model_job_tasks(
    agentSpaceId='string',
    maxResults=123,
    threatModelJobId='string',
    nextToken='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type threatModelJobId:

string

param threatModelJobId:

[REQUIRED]

The unique identifier of the threat model job to list tasks for.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response.

rtype:

dict

returns:

Response Syntax

{
    'threatModelJobTaskSummaries': [
        {
            'taskId': 'string',
            'threatModelId': 'string',
            'threatModelJobId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  Output for the ListThreatModelJobTasks operation.

  • threatModelJobTaskSummaries (list) --

    The list of threat model job task summaries.

    • (dict) --

      Contains summary information about a threat model job task.

      • taskId (string) --

        The unique identifier of the task.

      • threatModelId (string) --

        The unique identifier of the threat model associated with the task.

      • threatModelJobId (string) --

        The unique identifier of the threat model job that contains the task.

      • agentSpaceId (string) --

        The unique identifier of the agent space.

      • title (string) --

        The title of the task.

      • executionStatus (string) --

        The current execution status of the task.

      • createdAt (datetime) --

        The date and time the task was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the task was last updated, in UTC format.

  • nextToken (string) --

    A token to use for paginating results that are returned in the response.

Imports security requirements from uploaded documents into a customer managed security requirement pack. The import process asynchronously extracts and generates structured security requirements from the provided source files.

See also: AWS API Documentation

Request Syntax

client.import_security_requirements(
    packId='string',
    input={
        'documents': [
            {
                'name': 'string',
                'format': 'MD'|'PDF'|'TXT'|'DOCX'|'DOC',
                'content': b'bytes'
            },
        ]
    }
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to import requirements into.

type input:

dict

param input:

[REQUIRED]

The import source containing the documents to extract security requirements from.

• documents (list) --

  The list of documents to extract security requirements from.

  • (dict) --

    A document used as source material for importing security requirements.

    • name (string) -- [REQUIRED]

      The file name of the document.

    • format (string) -- [REQUIRED]

      The format of the document. Valid values are MD, PDF, TXT, DOCX, and DOC.

    • content (bytes) -- [REQUIRED]

      The binary content of the document.

rtype:

dict

returns:

Response Syntax

{
    'packId': 'string',
    'importStatus': 'PENDING'|'IN_PROGRESS'|'FAILED'|'COMPLETED'
}

Response Structure

• (dict) --

  • packId (string) --

    The unique identifier of the security requirement pack.

  • importStatus (string) --

    The status of the import workflow.

Creates a private connection for reaching a self-hosted provider instance over private networking using Amazon VPC Lattice.

See also: AWS API Documentation

Request Syntax

client.create_private_connection(
    privateConnectionName='string',
    mode={
        'serviceManaged': {
            'hostAddress': 'string',
            'vpcId': 'string',
            'subnetIds': [
                'string',
            ],
            'securityGroupIds': [
                'string',
            ],
            'ipAddressType': 'IPV4'|'IPV6'|'DUAL_STACK',
            'ipv4AddressesPerEni': 123,
            'portRanges': [
                'string',
            ],
            'certificate': 'string',
            'dnsResolution': 'PUBLIC'|'IN_VPC'
        },
        'selfManaged': {
            'resourceConfigurationId': 'string',
            'certificate': 'string'
        }
    },
    tags={
        'string': 'string'
    }
)

type privateConnectionName:

string

param privateConnectionName:

[REQUIRED]

A unique name for the private connection within your account.

type mode:

dict

param mode:

[REQUIRED]

The configuration for the private connection. Specify either a service-managed or a self-managed mode.

• serviceManaged (dict) --

  The configuration for a service-managed private connection, where the service manages the resource gateway lifecycle.

  • hostAddress (string) -- [REQUIRED]

    The IP address or DNS name of the target resource.

  • vpcId (string) -- [REQUIRED]

    The VPC to create the service-managed resource gateway in.

  • subnetIds (list) -- [REQUIRED]

    The subnets that the service-managed resource gateway spans.

    • (string) --

      The identifier of a subnet.

  • securityGroupIds (list) --

    The security groups to attach to the service-managed resource gateway.

    • (string) --

      The identifier of a security group.

  • ipAddressType (string) --

    The IP address type of the service-managed resource gateway.

  • ipv4AddressesPerEni (integer) --

    The number of IPv4 addresses in each elastic network interface for the service-managed resource gateway.

  • portRanges (list) --

    The TCP port ranges that a consumer can use to access the resource.

    • (string) --

      A single TCP port or an inclusive range of TCP ports, for example 443 or 8000-8100.

  • certificate (string) --

    The certificate for the private connection.

  • dnsResolution (string) --

    The DNS resolution mode for the resource gateway. Defaults to PUBLIC when not set.

• selfManaged (dict) --

  The configuration for a self-managed private connection, where you manage your own resource configuration.

  • resourceConfigurationId (string) -- [REQUIRED]

    The identifier or ARN of the resource configuration.

  • certificate (string) --

    The certificate for the private connection.

type tags:

dict

param tags:

The tags to attach to the private connection.

• (string) --

  Key for a resource tag.

  • (string) --

    Value for a resource tag.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
    'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
    'resourceGatewayId': 'string',
    'hostAddress': 'string',
    'vpcId': 'string',
    'resourceConfigurationId': 'string',
    'certificateExpiryTime': datetime(2015, 1, 1),
    'dnsResolution': 'PUBLIC'|'IN_VPC',
    'failureMessage': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

• (dict) --

  • name (string) --

    The name of the private connection.

  • type (string) --

    The type of the private connection, indicating whether it is service-managed or self-managed.

  • status (string) --

    The current status of the private connection.

  • resourceGatewayId (string) --

    The identifier or ARN of the VPC Lattice resource gateway.

  • hostAddress (string) --

    The IP address or DNS name of the target resource.

  • vpcId (string) --

    The identifier of the VPC the resource gateway is created in.

  • resourceConfigurationId (string) --

    The identifier or ARN of the VPC Lattice resource configuration.

  • certificateExpiryTime (datetime) --

    The date and time the connection's certificate expires, in UTC format.

  • dnsResolution (string) --

    The DNS resolution mode for the resource gateway.

  • failureMessage (string) --

    A message describing why the private connection entered a failed state, if applicable.

  • tags (dict) --

    The tags attached to the private connection.

    • (string) --

      Key for a resource tag.

      • (string) --

        Value for a resource tag.

Stops a running threat model job.

See also: AWS API Documentation

Request Syntax

client.stop_threat_model_job(
    agentSpaceId='string',
    threatModelJobId='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type threatModelJobId:

string

param threatModelJobId:

[REQUIRED]

The unique identifier of the threat model job to stop.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

• (dict) --

  Output for the StopThreatModelJob operation.

Batch creates security requirements in a customer managed pack.

See also: AWS API Documentation

Request Syntax

client.batch_create_security_requirements(
    packId='string',
    securityRequirements=[
        {
            'name': 'string',
            'description': 'string',
            'domain': 'string',
            'evaluation': 'string',
            'remediation': 'string'
        },
    ]
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to add requirements to.

type securityRequirements:

list

param securityRequirements:

[REQUIRED]

The list of security requirements to create.

• (dict) --

  Contains the details for a security requirement to create within a pack.

  • name (string) -- [REQUIRED]

    The name of the security requirement.

  • description (string) -- [REQUIRED]

    A description of the security requirement.

  • domain (string) -- [REQUIRED]

    The security domain the requirement belongs to.

  • evaluation (string) -- [REQUIRED]

    The evaluation criteria used to assess compliance with this requirement.

  • remediation (string) --

    The recommended remediation steps when the requirement is not met.

rtype:

dict

returns:

Response Syntax

{
    'securityRequirements': [
        {
            'packId': 'string',
            'name': 'string',
            'description': 'string',
            'domain': 'string',
            'evaluation': 'string',
            'remediation': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'errors': [
        {
            'securityRequirementName': 'string',
            'code': 'string',
            'message': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • securityRequirements (list) --

    The list of security requirements that were successfully created.

    • (dict) --

      Contains information about a successfully created security requirement.

      • packId (string) --

        The unique identifier of the pack containing the security requirement.

      • name (string) --

        The name of the security requirement.

      • description (string) --

        A description of the security requirement.

      • domain (string) --

        The security domain the requirement belongs to.

      • evaluation (string) --

        The evaluation criteria used to assess compliance with this requirement.

      • remediation (string) --

        The recommended remediation steps when the requirement is not met.

      • createdAt (datetime) --

        The date and time the security requirement was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the security requirement was last updated, in UTC format.

  • errors (list) --

    The list of errors for security requirements that failed to be created.

    • (dict) --

      Contains information about an error that occurred for a specific security requirement during a batch operation.

      • securityRequirementName (string) --

        The name of the security requirement that caused the error.

      • code (string) --

        The error code.

      • message (string) --

        The error message.

Retrieves information about one or more threats.

See also: AWS API Documentation

Request Syntax

client.batch_get_threats(
    threatIds=[
        'string',
    ],
    agentSpaceId='string'
)

type threatIds:

list

param threatIds:

[REQUIRED]

The list of threat identifiers to retrieve.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

rtype:

dict

returns:

Response Syntax

{
    'threats': [
        {
            'threatId': 'string',
            'threatJobId': 'string',
            'title': 'string',
            'statement': 'string',
            'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
            'status': 'OPEN'|'RESOLVED'|'DISMISSED',
            'comments': 'string',
            'threatSource': 'string',
            'prerequisites': 'string',
            'threatAction': 'string',
            'threatImpact': 'string',
            'impactedGoal': [
                'string',
            ],
            'impactedAssets': [
                'string',
            ],
            'anchor': {
                'kind': 'string',
                'id': 'string',
                'packageId': 'string'
            },
            'evidence': [
                {
                    'packageId': 'string',
                    'path': 'string'
                },
            ],
            'stride': [
                'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
            ],
            'recommendation': 'string',
            'createdBy': 'CUSTOMER'|'AGENT',
            'updatedBy': 'CUSTOMER'|'AGENT',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetThreats operation.

  • threats (list) --

    The list of threats that were found.

    • (dict) --

      Represents a threat identified during threat modeling.

      • threatId (string) --

        The unique identifier of the threat.

      • threatJobId (string) --

        The unique identifier of the threat model job that produced the threat.

      • title (string) --

        A short title summarizing the threat.

      • statement (string) --

        The natural-language threat statement.

      • severity (string) --

        The severity level of the threat.

      • status (string) --

        The current status of the threat.

      • comments (string) --

        Optional customer comment on the threat.

      • threatSource (string) --

        The actor or origin of the threat.

      • prerequisites (string) --

        The conditions required for the threat to be exploitable.

      • threatAction (string) --

        What the threat source can do.

      • threatImpact (string) --

        The direct consequence of the threat action.

      • impactedGoal (list) --

        The security goals affected by the threat.

        • (string) --

      • impactedAssets (list) --

        The specific assets affected by the threat.

        • (string) --

      • anchor (dict) --

        The DFD element this threat is anchored to.

        • kind (string) --

          The kind of DFD element.

        • id (string) --

          The identifier of the DFD element.

        • packageId (string) --

          The package identifier containing the DFD element.

      • evidence (list) --

        The source code files supporting the threat.

        • (dict) --

          Source code file supporting a threat.

          • packageId (string) --

            The package identifier containing the evidence file.

          • path (string) --

            The file path of the evidence.

      • stride (list) --

        The STRIDE categories applicable to this threat.

        • (string) --

          STRIDE threat classification category.

      • recommendation (string) --

        The recommended mitigation guidance for this threat.

      • createdBy (string) --

        Who created this threat.

      • updatedBy (string) --

        Who last updated this threat.

      • createdAt (datetime) --

        The date and time the threat was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the threat was last updated, in UTC format.

  • notFound (list) --

    The list of threat identifiers that were not found.

    • (string) --

Deletes a customer managed security requirement pack and all its associated security requirements.

See also: AWS API Documentation

Request Syntax

client.delete_security_requirement_pack(
    packId='string'
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to delete.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

• (dict) --

Batch deletes security requirements from a customer managed pack.

See also: AWS API Documentation

Request Syntax

client.batch_delete_security_requirements(
    packId='string',
    securityRequirementNames=[
        'string',
    ]
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to remove requirements from.

type securityRequirementNames:

list

param securityRequirementNames:

[REQUIRED]

The list of security requirement names to delete.

• (string) --

rtype:

dict

returns:

Response Syntax

{
    'deletedSecurityRequirementNames': [
        'string',
    ],
    'errors': [
        {
            'securityRequirementName': 'string',
            'code': 'string',
            'message': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • deletedSecurityRequirementNames (list) --

    The list of security requirement names that were successfully deleted.

    • (string) --

  • errors (list) --

    The list of errors for security requirements that failed to be deleted.

    • (dict) --

      Contains information about an error that occurred for a specific security requirement during a batch operation.

      • securityRequirementName (string) --

        The name of the security requirement that caused the error.

      • code (string) --

        The error code.

      • message (string) --

        The error message.

Returns a paginated list of threats for a threat model job.

See also: AWS API Documentation

Request Syntax

client.list_threats(
    threatJobId='string',
    agentSpaceId='string',
    nextToken='string',
    maxResults=123
)

type threatJobId:

string

param threatJobId:

[REQUIRED]

The unique identifier of the threat model job to list threats for.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

rtype:

dict

returns:

Response Syntax

{
    'threats': [
        {
            'threatId': 'string',
            'threatJobId': 'string',
            'title': 'string',
            'statement': 'string',
            'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
            'status': 'OPEN'|'RESOLVED'|'DISMISSED',
            'stride': [
                'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
            ],
            'createdBy': 'CUSTOMER'|'AGENT',
            'updatedBy': 'CUSTOMER'|'AGENT',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  Output for the ListThreats operation.

  • threats (list) --

    The list of threat summaries.

    • (dict) --

      Contains summary information about a threat.

      • threatId (string) --

        The unique identifier of the threat.

      • threatJobId (string) --

        The unique identifier of the threat model job that produced the threat.

      • title (string) --

        A short title summarizing the threat.

      • statement (string) --

        The natural-language threat statement.

      • severity (string) --

        The severity level of the threat.

      • status (string) --

        The current status of the threat.

      • stride (list) --

        The STRIDE categories applicable to this threat.

        • (string) --

          STRIDE threat classification category.

      • createdBy (string) --

        Who created this threat.

      • updatedBy (string) --

        Who last updated this threat.

      • createdAt (datetime) --

        The date and time the threat was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the threat was last updated, in UTC format.

  • nextToken (string) --

    A token to use for paginating results that are returned in the response.

Creates a customer managed security requirement pack.

See also: AWS API Documentation

Request Syntax

client.create_security_requirement_pack(
    name='string',
    description='string',
    status='ENABLED'|'DISABLED',
    kmsKeyId='string',
    tags={
        'string': 'string'
    }
)

type name:

string

param name:

[REQUIRED]

The name of the security requirement pack.

type description:

string

param description:

A description of the security requirement pack.

type status:

string

param status:

The status of the pack. Defaults to ENABLED if not provided.

type kmsKeyId:

string

param kmsKeyId:

The identifier of the AWS KMS key used to encrypt pack contents.

type tags:

dict

param tags:

The tags to associate with the security requirement pack.

• (string) --

  Key for a resource tag.

  • (string) --

    Value for a resource tag.

rtype:

dict

returns:

Response Syntax

{
    'packId': 'string',
    'status': 'ENABLED'|'DISABLED',
    'kmsKeyId': 'string'
}

Response Structure

• (dict) --

  • packId (string) --

    The unique identifier of the created security requirement pack.

  • status (string) --

    The status of the created security requirement pack.

  • kmsKeyId (string) --

    The identifier of the AWS KMS key used to encrypt pack contents.

Returns a paginated list of threat model summaries for the specified agent space.

See also: AWS API Documentation

Request Syntax

client.list_threat_models(
    maxResults=123,
    nextToken='string',
    agentSpaceId='string'
)

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to list threat models for.

rtype:

dict

returns:

Response Syntax

{
    'threatModelSummaries': [
        {
            'threatModelId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  Output for the ListThreatModels operation.

  • threatModelSummaries (list) --

    The list of threat model summaries.

    • (dict) --

      Contains summary information about a threat model.

      • threatModelId (string) --

        The unique identifier of the threat model.

      • agentSpaceId (string) --

        The unique identifier of the agent space that contains the threat model.

      • title (string) --

        The title of the threat model.

      • createdAt (datetime) --

        The date and time the threat model was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the threat model was last updated, in UTC format.

  • nextToken (string) --

    A token to use for paginating results that are returned in the response.

Creates a new threat under a threat model job.

See also: AWS API Documentation

Request Syntax

client.create_threat(
    agentSpaceId='string',
    threatJobId='string',
    title='string',
    statement='string',
    severity='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
    comments='string',
    stride=[
        'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
    ],
    threatSource='string',
    prerequisites='string',
    threatAction='string',
    threatImpact='string',
    impactedGoal=[
        'string',
    ],
    impactedAssets=[
        'string',
    ],
    anchor={
        'kind': 'string',
        'id': 'string',
        'packageId': 'string'
    },
    evidence=[
        {
            'packageId': 'string',
            'path': 'string'
        },
    ],
    recommendation='string'
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type threatJobId:

string

param threatJobId:

[REQUIRED]

The unique identifier of the threat model job the threat belongs to.

type title:

string

param title:

A short title summarizing the threat.

type statement:

string

param statement:

The natural-language threat statement.

type severity:

string

param severity:

The severity level of the threat.

type comments:

string

param comments:

Optional customer comment on the threat.

type stride:

list

param stride:

The STRIDE categories applicable to this threat.

• (string) --

  STRIDE threat classification category.

type threatSource:

string

param threatSource:

The actor or origin of the threat.

type prerequisites:

string

param prerequisites:

The conditions required for the threat to be exploitable.

type threatAction:

string

param threatAction:

What the threat source can do.

type threatImpact:

string

param threatImpact:

The direct consequence of the threat action.

type impactedGoal:

list

param impactedGoal:

The security goals affected by the threat.

• (string) --

type impactedAssets:

list

param impactedAssets:

The specific assets affected by the threat.

• (string) --

type anchor:

dict

param anchor:

The DFD element this threat is anchored to.

• kind (string) --

  The kind of DFD element.

• id (string) --

  The identifier of the DFD element.

• packageId (string) --

  The package identifier containing the DFD element.

type evidence:

list

param evidence:

The source code files supporting the threat.

• (dict) --

  Source code file supporting a threat.

  • packageId (string) --

    The package identifier containing the evidence file.

  • path (string) --

    The file path of the evidence.

type recommendation:

string

param recommendation:

The recommended mitigation guidance for this threat.

rtype:

dict

returns:

Response Syntax

{
    'threatId': 'string',
    'threatJobId': 'string',
    'title': 'string',
    'statement': 'string',
    'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
    'status': 'OPEN'|'RESOLVED'|'DISMISSED',
    'comments': 'string',
    'stride': [
        'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
    ],
    'threatSource': 'string',
    'prerequisites': 'string',
    'threatAction': 'string',
    'threatImpact': 'string',
    'impactedGoal': [
        'string',
    ],
    'impactedAssets': [
        'string',
    ],
    'anchor': {
        'kind': 'string',
        'id': 'string',
        'packageId': 'string'
    },
    'evidence': [
        {
            'packageId': 'string',
            'path': 'string'
        },
    ],
    'recommendation': 'string',
    'createdBy': 'CUSTOMER'|'AGENT',
    'updatedBy': 'CUSTOMER'|'AGENT',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

• (dict) --

  Output for the CreateThreat operation.

  • threatId (string) --

    The unique identifier of the created threat.

  • threatJobId (string) --

    The unique identifier of the threat model job the threat belongs to.

  • title (string) --

    A short title summarizing the threat.

  • statement (string) --

    The natural-language threat statement.

  • severity (string) --

    The severity level of the threat.

  • status (string) --

    The current status of the threat.

  • comments (string) --

    Optional customer comment on the threat.

  • stride (list) --

    The STRIDE categories applicable to this threat.

    • (string) --

      STRIDE threat classification category.

  • threatSource (string) --

    The actor or origin of the threat.

  • prerequisites (string) --

    The conditions required for the threat to be exploitable.

  • threatAction (string) --

    What the threat source can do.

  • threatImpact (string) --

    The direct consequence of the threat action.

  • impactedGoal (list) --

    The security goals affected by the threat.

    • (string) --

  • impactedAssets (list) --

    The specific assets affected by the threat.

    • (string) --

  • anchor (dict) --

    The DFD element this threat is anchored to.

    • kind (string) --

      The kind of DFD element.

    • id (string) --

      The identifier of the DFD element.

    • packageId (string) --

      The package identifier containing the DFD element.

  • evidence (list) --

    The source code files supporting the threat.

    • (dict) --

      Source code file supporting a threat.

      • packageId (string) --

        The package identifier containing the evidence file.

      • path (string) --

        The file path of the evidence.

  • recommendation (string) --

    The recommended mitigation guidance for this threat.

  • createdBy (string) --

    Who created this threat.

  • updatedBy (string) --

    Who last updated this threat.

  • createdAt (datetime) --

    The date and time the threat was created, in UTC format.

  • updatedAt (datetime) --

    The date and time the threat was last updated, in UTC format.

Retrieves the details of a private connection.

See also: AWS API Documentation

Request Syntax

client.describe_private_connection(
    privateConnectionName='string'
)

type privateConnectionName:

string

param privateConnectionName:

[REQUIRED]

The name of the private connection to describe.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
    'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
    'resourceGatewayId': 'string',
    'hostAddress': 'string',
    'vpcId': 'string',
    'resourceConfigurationId': 'string',
    'certificateExpiryTime': datetime(2015, 1, 1),
    'dnsResolution': 'PUBLIC'|'IN_VPC',
    'failureMessage': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

• (dict) --

  • name (string) --

    The name of the private connection.

  • type (string) --

    The type of the private connection, indicating whether it is service-managed or self-managed.

  • status (string) --

    The current status of the private connection.

  • resourceGatewayId (string) --

    The identifier or ARN of the VPC Lattice resource gateway.

  • hostAddress (string) --

    The IP address or DNS name of the target resource.

  • vpcId (string) --

    The identifier of the VPC the resource gateway is created in.

  • resourceConfigurationId (string) --

    The identifier or ARN of the VPC Lattice resource configuration.

  • certificateExpiryTime (datetime) --

    The date and time the connection's certificate expires, in UTC format.

  • dnsResolution (string) --

    The DNS resolution mode for the resource gateway.

  • failureMessage (string) --

    A message describing why the private connection entered a failed state, if applicable.

  • tags (dict) --

    The tags attached to the private connection.

    • (string) --

      Key for a resource tag.

      • (string) --

        Value for a resource tag.

Batch retrieves security requirements from a pack.

See also: AWS API Documentation

Request Syntax

client.batch_get_security_requirements(
    packId='string',
    securityRequirementNames=[
        'string',
    ]
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to retrieve requirements from.

type securityRequirementNames:

list

param securityRequirementNames:

[REQUIRED]

The list of security requirement names to retrieve.

• (string) --

rtype:

dict

returns:

Response Syntax

{
    'securityRequirements': [
        {
            'packId': 'string',
            'name': 'string',
            'description': 'string',
            'domain': 'string',
            'evaluation': 'string',
            'remediation': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'errors': [
        {
            'securityRequirementName': 'string',
            'code': 'string',
            'message': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • securityRequirements (list) --

    The list of security requirements that were successfully retrieved.

    • (dict) --

      Contains information about a successfully retrieved security requirement.

      • packId (string) --

        The unique identifier of the pack containing the security requirement.

      • name (string) --

        The name of the security requirement.

      • description (string) --

        A description of the security requirement.

      • domain (string) --

        The security domain the requirement belongs to.

      • evaluation (string) --

        The evaluation criteria used to assess compliance with this requirement.

      • remediation (string) --

        The recommended remediation steps when the requirement is not met.

      • createdAt (datetime) --

        The date and time the security requirement was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the security requirement was last updated, in UTC format.

  • errors (list) --

    The list of errors for security requirements that failed to be retrieved.

    • (dict) --

      Contains information about an error that occurred for a specific security requirement during a batch operation.

      • securityRequirementName (string) --

        The name of the security requirement that caused the error.

      • code (string) --

        The error code.

      • message (string) --

        The error message.

Updates a threat.

See also: AWS API Documentation

Request Syntax

client.update_threat(
    threatId='string',
    agentSpaceId='string',
    title='string',
    status='OPEN'|'RESOLVED'|'DISMISSED',
    comments='string',
    statement='string',
    severity='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
    threatSource='string',
    prerequisites='string',
    threatAction='string',
    threatImpact='string',
    impactedGoal=[
        'string',
    ],
    impactedAssets=[
        'string',
    ],
    anchor={
        'kind': 'string',
        'id': 'string',
        'packageId': 'string'
    },
    evidence=[
        {
            'packageId': 'string',
            'path': 'string'
        },
    ],
    recommendation='string'
)

type threatId:

string

param threatId:

[REQUIRED]

The unique identifier of the threat to update.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type title:

string

param title:

A short title summarizing the threat.

type status:

string

param status:

The updated status of the threat.

type comments:

string

param comments:

Optional customer comment.

type statement:

string

param statement:

The updated natural-language threat statement.

type severity:

string

param severity:

The updated severity level of the threat.

type threatSource:

string

param threatSource:

The updated actor or origin of the threat.

type prerequisites:

string

param prerequisites:

The updated conditions required for the threat to be exploitable.

type threatAction:

string

param threatAction:

The updated description of what the threat source can do.

type threatImpact:

string

param threatImpact:

The updated direct consequence of the threat action.

type impactedGoal:

list

param impactedGoal:

The updated security goals affected by the threat.

• (string) --

type impactedAssets:

list

param impactedAssets:

The updated list of specific assets affected by the threat.

• (string) --

type anchor:

dict

param anchor:

The updated DFD element this threat is anchored to.

• kind (string) --

  The kind of DFD element.

• id (string) --

  The identifier of the DFD element.

• packageId (string) --

  The package identifier containing the DFD element.

type evidence:

list

param evidence:

The updated source code files supporting the threat.

• (dict) --

  Source code file supporting a threat.

  • packageId (string) --

    The package identifier containing the evidence file.

  • path (string) --

    The file path of the evidence.

type recommendation:

string

param recommendation:

The updated recommended mitigation guidance for this threat.

rtype:

dict

returns:

Response Syntax

{
    'threatId': 'string',
    'threatJobId': 'string',
    'title': 'string',
    'statement': 'string',
    'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFO',
    'status': 'OPEN'|'RESOLVED'|'DISMISSED',
    'comments': 'string',
    'stride': [
        'SPOOFING'|'TAMPERING'|'REPUDIATION'|'INFORMATION_DISCLOSURE'|'DENIAL_OF_SERVICE'|'ELEVATION_OF_PRIVILEGE',
    ],
    'threatSource': 'string',
    'prerequisites': 'string',
    'threatAction': 'string',
    'threatImpact': 'string',
    'impactedGoal': [
        'string',
    ],
    'impactedAssets': [
        'string',
    ],
    'anchor': {
        'kind': 'string',
        'id': 'string',
        'packageId': 'string'
    },
    'evidence': [
        {
            'packageId': 'string',
            'path': 'string'
        },
    ],
    'recommendation': 'string',
    'createdBy': 'CUSTOMER'|'AGENT',
    'updatedBy': 'CUSTOMER'|'AGENT',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1)
}

Response Structure

• (dict) --

  Output for the UpdateThreat operation.

  • threatId (string) --

    The unique identifier of the threat.

  • threatJobId (string) --

    The unique identifier of the threat model job the threat belongs to.

  • title (string) --

    A short title summarizing the threat.

  • statement (string) --

    The natural-language threat statement.

  • severity (string) --

    The severity level of the threat.

  • status (string) --

    The current status of the threat.

  • comments (string) --

    Optional customer comment on the threat.

  • stride (list) --

    The STRIDE categories applicable to this threat.

    • (string) --

      STRIDE threat classification category.

  • threatSource (string) --

    The actor or origin of the threat.

  • prerequisites (string) --

    The conditions required for the threat to be exploitable.

  • threatAction (string) --

    What the threat source can do.

  • threatImpact (string) --

    The direct consequence of the threat action.

  • impactedGoal (list) --

    The security goals affected by the threat.

    • (string) --

  • impactedAssets (list) --

    The specific assets affected by the threat.

    • (string) --

  • anchor (dict) --

    The DFD element this threat is anchored to.

    • kind (string) --

      The kind of DFD element.

    • id (string) --

      The identifier of the DFD element.

    • packageId (string) --

      The package identifier containing the DFD element.

  • evidence (list) --

    The source code files supporting the threat.

    • (dict) --

      Source code file supporting a threat.

      • packageId (string) --

        The package identifier containing the evidence file.

      • path (string) --

        The file path of the evidence.

  • recommendation (string) --

    The recommended mitigation guidance for this threat.

  • createdBy (string) --

    Who created this threat.

  • updatedBy (string) --

    Who last updated this threat.

  • createdAt (datetime) --

    The date and time the threat was created, in UTC format.

  • updatedAt (datetime) --

    The date and time the threat was last updated, in UTC format.

Updates a security requirement pack. For customer managed packs, both metadata and status can be updated. For AWS managed packs, only status can be updated.

See also: AWS API Documentation

Request Syntax

client.update_security_requirement_pack(
    packId='string',
    name='string',
    description='string',
    status='ENABLED'|'DISABLED'
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to update.

type name:

string

param name:

The updated name of the security requirement pack.

type description:

string

param description:

The updated description of the security requirement pack.

type status:

string

param status:

The updated status of the security requirement pack.

rtype:

dict

returns:

Response Syntax

{
    'packId': 'string',
    'name': 'string',
    'description': 'string',
    'status': 'ENABLED'|'DISABLED'
}

Response Structure

• (dict) --

  • packId (string) --

    The unique identifier of the security requirement pack.

  • name (string) --

    The name of the security requirement pack.

  • description (string) --

    The description of the security requirement pack.

  • status (string) --

    The status of the security requirement pack.

Retrieves information about one or more threat model jobs in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_threat_model_jobs(
    threatModelJobIds=[
        'string',
    ],
    agentSpaceId='string'
)

type threatModelJobIds:

list

param threatModelJobIds:

[REQUIRED]

The list of threat model job identifiers to retrieve.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the threat model jobs.

rtype:

dict

returns:

Response Syntax

{
    'threatModelJobs': [
        {
            'threatModelJobId': 'string',
            'threatModelId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1),
            'executionStartTime': datetime(2015, 1, 1),
            'executionEndTime': datetime(2015, 1, 1),
            'sourceCode': [
                {
                    's3Location': 'string'
                },
            ],
            'integratedRepositories': [
                {
                    'integrationId': 'string',
                    'providerResourceId': 'string'
                },
            ],
            'documents': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'scopeDocs': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'errorInformation': {
                'code': 'CLIENT_ERROR'|'INTERNAL_ERROR'|'STOPPED_BY_USER',
                'message': 'string'
            },
            'systemOverview': 'string'
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetThreatModelJobs operation.

  • threatModelJobs (list) --

    The list of threat model jobs that were found.

    • (dict) --

      Represents a threat model job, which is an execution instance of a threat model.

      • threatModelJobId (string) --

        The unique identifier of the threat model job.

      • threatModelId (string) --

        The unique identifier of the threat model associated with the job.

      • agentSpaceId (string) --

        The unique identifier of the agent space.

      • title (string) --

        The title of the threat model job.

      • status (string) --

        The current status of the threat model job.

      • createdAt (datetime) --

        The date and time the threat model job was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the threat model job was last updated, in UTC format.

      • executionStartTime (datetime) --

        The date and time the threat model job execution started, in UTC format.

      • executionEndTime (datetime) --

        The date and time the threat model job execution ended, in UTC format.

      • sourceCode (list) --

        The list of source code repositories used for threat modeling.

        • (dict) --

          Represents a source code repository used for security analysis during a pentest.

          • s3Location (string) --

            The Amazon S3 location of the source code repository archive.

      • integratedRepositories (list) --

        The list of integrated repositories used for threat modeling.

        • (dict) --

          Represents a code repository that is integrated with the service through a third-party provider.

          • integrationId (string) --

            The unique identifier of the integration that provides access to the repository.

          • providerResourceId (string) --

            The provider-specific resource identifier for the repository.

      • documents (list) --

        The list of documents used for threat modeling.

        • (dict) --

          Represents a document that provides context for security testing.

          • s3Location (string) --

            The Amazon S3 location of the document.

          • artifactId (string) --

            The unique identifier of the artifact associated with the document.

          • integratedDocument (dict) --

            A reference to a document in an integrated third-party provider.

            • integrationId (string) --

              The identifier of the integration that provides access to the document.

            • resourceId (string) --

              The provider-specific resource identifier for the document.

      • scopeDocs (list) --

        The scoped documents for the agent to focus on during threat modeling.

        • (dict) --

          Represents a document that provides context for security testing.

          • s3Location (string) --

            The Amazon S3 location of the document.

          • artifactId (string) --

            The unique identifier of the artifact associated with the document.

          • integratedDocument (dict) --

            A reference to a document in an integrated third-party provider.

            • integrationId (string) --

              The identifier of the integration that provides access to the document.

            • resourceId (string) --

              The provider-specific resource identifier for the document.

      • errorInformation (dict) --

        Error information if the threat model job encountered an error.

        • code (string) --

          The error code. Valid values include CLIENT_ERROR, INTERNAL_ERROR, and STOPPED_BY_USER.

        • message (string) --

          A message describing the error.

      • systemOverview (string) --

        The system overview generated during threat modeling.

  • notFound (list) --

    The list of threat model job identifiers that were not found.

    • (string) --

Lists security requirements within a pack.

See also: AWS API Documentation

Request Syntax

client.list_security_requirements(
    packId='string',
    nextToken='string',
    maxResults=123
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to list requirements for.

type nextToken:

string

param nextToken:

The pagination token from a previous request to retrieve the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single request.

rtype:

dict

returns:

Response Syntax

{
    'securityRequirementSummaries': [
        {
            'packId': 'string',
            'name': 'string',
            'description': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • securityRequirementSummaries (list) --

    The list of security requirement summaries.

    • (dict) --

      Contains summary information about a security requirement.

      • packId (string) --

        The unique identifier of the pack containing the security requirement.

      • name (string) --

        The name of the security requirement.

      • description (string) --

        A description of the security requirement.

      • createdAt (datetime) --

        The date and time the security requirement was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the security requirement was last updated, in UTC format.

  • nextToken (string) --

    The pagination token to use in a subsequent request to retrieve the next page of results.

Retrieves information about one or more threat models in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_threat_models(
    threatModelIds=[
        'string',
    ],
    agentSpaceId='string'
)

type threatModelIds:

list

param threatModelIds:

[REQUIRED]

The list of threat model identifiers to retrieve.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the threat models.

rtype:

dict

returns:

Response Syntax

{
    'threatModels': [
        {
            'threatModelId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'description': 'string',
            'assets': {
                'endpoints': [
                    {
                        'uri': 'string'
                    },
                ],
                'actors': [
                    {
                        'identifier': 'string',
                        'uris': [
                            'string',
                        ],
                        'authentication': {
                            'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                            'value': 'string'
                        },
                        'description': 'string'
                    },
                ],
                'documents': [
                    {
                        's3Location': 'string',
                        'artifactId': 'string',
                        'integratedDocument': {
                            'integrationId': 'string',
                            'resourceId': 'string'
                        }
                    },
                ],
                'sourceCode': [
                    {
                        's3Location': 'string'
                    },
                ],
                'integratedRepositories': [
                    {
                        'integrationId': 'string',
                        'providerResourceId': 'string'
                    },
                ]
            },
            'scopeDocs': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetThreatModels operation.

  • threatModels (list) --

    The list of threat models that were found.

    • (dict) --

      Represents a threat model configuration that defines the parameters for automated threat analysis, including target assets and logging configuration.

      • threatModelId (string) --

        The unique identifier of the threat model.

      • agentSpaceId (string) --

        The unique identifier of the agent space that contains the threat model.

      • title (string) --

        The title of the threat model.

      • description (string) --

        A description of the application or system being threat modeled.

      • assets (dict) --

        The assets included in the threat model.

        • endpoints (list) --

          The list of endpoints to test during the pentest.

          • (dict) --

            Represents a target endpoint for penetration testing.

            • uri (string) --

              The URI of the endpoint.

        • actors (list) --

          The list of actors used during penetration testing.

          • (dict) --

            Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

            • identifier (string) --

              The unique identifier for the actor.

            • uris (list) --

              The list of URIs that the actor targets during testing.

              • (string) --

            • authentication (dict) --

              The authentication configuration for the actor.

              • providerType (string) --

                The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

              • value (string) --

                The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

            • description (string) --

              A description of the actor.

        • documents (list) --

          The list of documents that provide context for the pentest.

          • (dict) --

            Represents a document that provides context for security testing.

            • s3Location (string) --

              The Amazon S3 location of the document.

            • artifactId (string) --

              The unique identifier of the artifact associated with the document.

            • integratedDocument (dict) --

              A reference to a document in an integrated third-party provider.

              • integrationId (string) --

                The identifier of the integration that provides access to the document.

              • resourceId (string) --

                The provider-specific resource identifier for the document.

        • sourceCode (list) --

          The list of source code repositories to analyze during the pentest.

          • (dict) --

            Represents a source code repository used for security analysis during a pentest.

            • s3Location (string) --

              The Amazon S3 location of the source code repository archive.

        • integratedRepositories (list) --

          The list of integrated repositories associated with the pentest.

          • (dict) --

            Represents a code repository that is integrated with the service through a third-party provider.

            • integrationId (string) --

              The unique identifier of the integration that provides access to the repository.

            • providerResourceId (string) --

              The provider-specific resource identifier for the repository.

      • scopeDocs (list) --

        The scoped documents for the agent to focus on during threat modeling.

        • (dict) --

          Represents a document that provides context for security testing.

          • s3Location (string) --

            The Amazon S3 location of the document.

          • artifactId (string) --

            The unique identifier of the artifact associated with the document.

          • integratedDocument (dict) --

            A reference to a document in an integrated third-party provider.

            • integrationId (string) --

              The identifier of the integration that provides access to the document.

            • resourceId (string) --

              The provider-specific resource identifier for the document.

      • serviceRole (string) --

        The IAM service role used for the threat model.

      • logConfig (dict) --

        The CloudWatch Logs configuration for the threat model.

        • logGroup (string) --

          The name of the CloudWatch log group.

        • logStream (string) --

          The name of the CloudWatch log stream.

      • createdAt (datetime) --

        The date and time the threat model was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the threat model was last updated, in UTC format.

  • notFound (list) --

    The list of threat model identifiers that were not found.

    • (string) --

Returns a paginated list of threat model job summaries for the specified threat model.

See also: AWS API Documentation

Request Syntax

client.list_threat_model_jobs(
    maxResults=123,
    threatModelId='string',
    agentSpaceId='string',
    nextToken='string'
)

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call.

type threatModelId:

string

param threatModelId:

[REQUIRED]

The unique identifier of the threat model to list jobs for.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space.

type nextToken:

string

param nextToken:

A token to use for paginating results that are returned in the response.

rtype:

dict

returns:

Response Syntax

{
    'threatModelJobSummaries': [
        {
            'threatModelJobId': 'string',
            'threatModelId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  Output for the ListThreatModelJobs operation.

  • threatModelJobSummaries (list) --

    The list of threat model job summaries.

    • (dict) --

      Contains summary information about a threat model job.

      • threatModelJobId (string) --

        The unique identifier of the threat model job.

      • threatModelId (string) --

        The unique identifier of the threat model associated with the job.

      • agentSpaceId (string) --

        The unique identifier of the agent space.

      • title (string) --

        The title of the threat model job.

      • status (string) --

        The current status of the threat model job.

      • createdAt (datetime) --

        The date and time the threat model job was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the threat model job was last updated, in UTC format.

  • nextToken (string) --

    A token to use for paginating results that are returned in the response.

Retrieves information about one or more tasks within a threat model job.

See also: AWS API Documentation

Request Syntax

client.batch_get_threat_model_job_tasks(
    agentSpaceId='string',
    threatModelJobTaskIds=[
        'string',
    ]
)

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the tasks.

type threatModelJobTaskIds:

list

param threatModelJobTaskIds:

[REQUIRED]

The list of task identifiers to retrieve.

• (string) --

rtype:

dict

returns:

Response Syntax

{
    'threatModelJobTasks': [
        {
            'taskId': 'string',
            'threatModelId': 'string',
            'threatModelJobId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'description': 'string',
            'executionStatus': 'IN_PROGRESS'|'ABORTED'|'COMPLETED'|'INTERNAL_ERROR'|'FAILED',
            'logsLocation': {
                'logType': 'CLOUDWATCH',
                'cloudWatchLog': {
                    'logGroup': 'string',
                    'logStream': 'string'
                }
            },
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetThreatModelJobTasks operation.

  • threatModelJobTasks (list) --

    The list of threat model job tasks that were found.

    • (dict) --

      Represents an individual task within a threat model job.

      • taskId (string) --

        The unique identifier of the task.

      • threatModelId (string) --

        The unique identifier of the threat model associated with the task.

      • threatModelJobId (string) --

        The unique identifier of the threat model job that contains the task.

      • agentSpaceId (string) --

        The unique identifier of the agent space.

      • title (string) --

        The title of the task.

      • description (string) --

        A description of the task.

      • executionStatus (string) --

        The current execution status of the task.

      • logsLocation (dict) --

        The location of the task execution logs.

        • logType (string) --

          The type of log storage. Currently, only CLOUDWATCH is supported.

        • cloudWatchLog (dict) --

          The CloudWatch Logs location for the task logs.

          • logGroup (string) --

            The name of the CloudWatch log group.

          • logStream (string) --

            The name of the CloudWatch log stream.

      • createdAt (datetime) --

        The date and time the task was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the task was last updated, in UTC format.

  • notFound (list) --

    The list of task identifiers that were not found.

    • (string) --

Lists the private connections in your account.

See also: AWS API Documentation

Request Syntax

client.list_private_connections(
    maxResults=123,
    nextToken='string'
)

type maxResults:

integer

param maxResults:

The maximum number of private connections to return in a single response.

type nextToken:

string

param nextToken:

The token for the next page of results.

rtype:

dict

returns:

Response Syntax

{
    'privateConnections': [
        {
            'name': 'string',
            'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
            'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
            'resourceGatewayId': 'string',
            'hostAddress': 'string',
            'vpcId': 'string',
            'resourceConfigurationId': 'string',
            'certificateExpiryTime': datetime(2015, 1, 1),
            'dnsResolution': 'PUBLIC'|'IN_VPC',
            'failureMessage': 'string',
            'tags': {
                'string': 'string'
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • privateConnections (list) --

    The list of private connections.

    • (dict) --

      Summarizes a private connection.

      • name (string) --

        The name of the private connection.

      • type (string) --

        The type of the private connection, indicating whether it is service-managed or self-managed.

      • status (string) --

        The current status of the private connection.

      • resourceGatewayId (string) --

        The identifier or ARN of the VPC Lattice resource gateway.

      • hostAddress (string) --

        The IP address or DNS name of the target resource.

      • vpcId (string) --

        The identifier of the VPC the resource gateway is created in.

      • resourceConfigurationId (string) --

        The identifier or ARN of the VPC Lattice resource configuration.

      • certificateExpiryTime (datetime) --

        The date and time the connection's certificate expires, in UTC format.

      • dnsResolution (string) --

        The DNS resolution mode for the resource gateway.

      • failureMessage (string) --

        A message describing why the private connection entered a failed state, if applicable.

      • tags (dict) --

        The tags attached to the private connection.

        • (string) --

          Key for a resource tag.

          • (string) --

            Value for a resource tag.

  • nextToken (string) --

    The token to use to retrieve the next page of results, if more results are available.

Retrieves information about a security requirement pack.

See also: AWS API Documentation

Request Syntax

client.get_security_requirement_pack(
    packId='string'
)

type packId:

string

param packId:

[REQUIRED]

The unique identifier of the security requirement pack to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'packId': 'string',
    'name': 'string',
    'description': 'string',
    'vendorName': 'string',
    'managementType': 'AWS_MANAGED'|'CUSTOMER_MANAGED',
    'status': 'ENABLED'|'DISABLED',
    'importStatus': 'PENDING'|'IN_PROGRESS'|'FAILED'|'COMPLETED',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'kmsKeyId': 'string'
}

Response Structure

• (dict) --

  • packId (string) --

    The unique identifier of the security requirement pack.

  • name (string) --

    The name of the security requirement pack.

  • description (string) --

    A description of the security requirement pack.

  • vendorName (string) --

    The vendor name for AWS managed packs, such as ISO or NIST.

  • managementType (string) --

    The management type of the pack. Valid values are AWS_MANAGED and CUSTOMER_MANAGED.

  • status (string) --

    The status of the security requirement pack.

  • importStatus (string) --

    The status of the security requirements import workflow for this pack.

  • createdAt (datetime) --

    The date and time the security requirement pack was created, in UTC format.

  • updatedAt (datetime) --

    The date and time the security requirement pack was last updated, in UTC format.

  • kmsKeyId (string) --

    The identifier of the AWS KMS key used to encrypt pack contents.

Deletes a private connection.

See also: AWS API Documentation

Request Syntax

client.delete_private_connection(
    privateConnectionName='string'
)

type privateConnectionName:

string

param privateConnectionName:

[REQUIRED]

The name of the private connection to delete.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'type': 'SERVICE_MANAGED'|'SELF_MANAGED',
    'status': 'ACTIVE'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
    'resourceGatewayId': 'string',
    'hostAddress': 'string',
    'vpcId': 'string',
    'resourceConfigurationId': 'string',
    'certificateExpiryTime': datetime(2015, 1, 1),
    'dnsResolution': 'PUBLIC'|'IN_VPC',
    'failureMessage': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

• (dict) --

  • name (string) --

    The name of the private connection.

  • type (string) --

    The type of the private connection, indicating whether it is service-managed or self-managed.

  • status (string) --

    The current status of the private connection.

  • resourceGatewayId (string) --

    The identifier or ARN of the VPC Lattice resource gateway.

  • hostAddress (string) --

    The IP address or DNS name of the target resource.

  • vpcId (string) --

    The identifier of the VPC the resource gateway is created in.

  • resourceConfigurationId (string) --

    The identifier or ARN of the VPC Lattice resource configuration.

  • certificateExpiryTime (datetime) --

    The date and time the connection's certificate expires, in UTC format.

  • dnsResolution (string) --

    The DNS resolution mode for the resource gateway.

  • failureMessage (string) --

    A message describing why the private connection entered a failed state, if applicable.

  • tags (dict) --

    The tags attached to the private connection.

    • (string) --

      Key for a resource tag.

      • (string) --

        Value for a resource tag.

{'deleted': {'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                             'resourceId': 'string'}}},
             'cleanUpStrategy': 'BEST_EFFORT_DELETE | RETAIN_ALL',
             'disableManagedSkills': ['FINDING_PERSONALIZATION | '
                                      'LOGIN_OPTIMIZATION']}}

Deletes one or more pentests from an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_delete_pentests(
    pentestIds=[
        'string',
    ],
    agentSpaceId='string'
)

type pentestIds:

list

param pentestIds:

[REQUIRED]

The list of pentest identifiers to delete.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the pentests to delete.

rtype:

dict

returns:

Response Syntax

{
    'deleted': [
        {
            'pentestId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'assets': {
                'endpoints': [
                    {
                        'uri': 'string'
                    },
                ],
                'actors': [
                    {
                        'identifier': 'string',
                        'uris': [
                            'string',
                        ],
                        'authentication': {
                            'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                            'value': 'string'
                        },
                        'description': 'string'
                    },
                ],
                'documents': [
                    {
                        's3Location': 'string',
                        'artifactId': 'string',
                        'integratedDocument': {
                            'integrationId': 'string',
                            'resourceId': 'string'
                        }
                    },
                ],
                'sourceCode': [
                    {
                        's3Location': 'string'
                    },
                ],
                'integratedRepositories': [
                    {
                        'integrationId': 'string',
                        'providerResourceId': 'string'
                    },
                ]
            },
            'excludeRiskTypes': [
                'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'vpcConfig': {
                'vpcArn': 'string',
                'securityGroupArns': [
                    'string',
                ],
                'subnetArns': [
                    'string',
                ]
            },
            'networkTrafficConfig': {
                'rules': [
                    {
                        'effect': 'ALLOW'|'DENY',
                        'pattern': 'string',
                        'networkTrafficRuleType': 'URL'
                    },
                ],
                'customHeaders': [
                    {
                        'name': 'string',
                        'value': 'string'
                    },
                ]
            },
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'cleanUpStrategy': 'BEST_EFFORT_DELETE'|'RETAIN_ALL',
            'disableManagedSkills': [
                'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
            ],
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'failed': [
        {
            'pentestId': 'string',
            'reason': 'string'
        },
    ]
}

Response Structure

• (dict) --

  Output for the BatchDeletePentests operation.

  • deleted (list) --

    The list of pentests that were successfully deleted.

    • (dict) --

      Represents a pentest configuration that defines the parameters for security testing, including target assets, risk type exclusions, and infrastructure settings.

      • pentestId (string) --

        The unique identifier of the pentest.

      • agentSpaceId (string) --

        The unique identifier of the agent space that contains the pentest.

      • title (string) --

        The title of the pentest.

      • assets (dict) --

        The assets included in the pentest.

        • endpoints (list) --

          The list of endpoints to test during the pentest.

          • (dict) --

            Represents a target endpoint for penetration testing.

            • uri (string) --

              The URI of the endpoint.

        • actors (list) --

          The list of actors used during penetration testing.

          • (dict) --

            Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

            • identifier (string) --

              The unique identifier for the actor.

            • uris (list) --

              The list of URIs that the actor targets during testing.

              • (string) --

            • authentication (dict) --

              The authentication configuration for the actor.

              • providerType (string) --

                The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

              • value (string) --

                The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

            • description (string) --

              A description of the actor.

        • documents (list) --

          The list of documents that provide context for the pentest.

          • (dict) --

            Represents a document that provides context for security testing.

            • s3Location (string) --

              The Amazon S3 location of the document.

            • artifactId (string) --

              The unique identifier of the artifact associated with the document.

            • integratedDocument (dict) --

              A reference to a document in an integrated third-party provider.

              • integrationId (string) --

                The identifier of the integration that provides access to the document.

              • resourceId (string) --

                The provider-specific resource identifier for the document.

        • sourceCode (list) --

          The list of source code repositories to analyze during the pentest.

          • (dict) --

            Represents a source code repository used for security analysis during a pentest.

            • s3Location (string) --

              The Amazon S3 location of the source code repository archive.

        • integratedRepositories (list) --

          The list of integrated repositories associated with the pentest.

          • (dict) --

            Represents a code repository that is integrated with the service through a third-party provider.

            • integrationId (string) --

              The unique identifier of the integration that provides access to the repository.

            • providerResourceId (string) --

              The provider-specific resource identifier for the repository.

      • excludeRiskTypes (list) --

        The list of risk types excluded from the pentest.

        • (string) --

          Type of security risk.

      • serviceRole (string) --

        The IAM service role used for the pentest.

      • logConfig (dict) --

        The CloudWatch Logs configuration for the pentest.

        • logGroup (string) --

          The name of the CloudWatch log group.

        • logStream (string) --

          The name of the CloudWatch log stream.

      • vpcConfig (dict) --

        The VPC configuration for the pentest.

        • vpcArn (string) --

          The Amazon Resource Name (ARN) of the VPC.

        • securityGroupArns (list) --

          The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.

          • (string) --

            ARN or ID of a security group.

        • subnetArns (list) --

          The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.

          • (string) --

            ARN or ID of a subnet.

      • networkTrafficConfig (dict) --

        The network traffic configuration for the pentest.

        • rules (list) --

          The list of network traffic rules that control which URLs are allowed or denied during testing.

          • (dict) --

            A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.

            • effect (string) --

              The effect of the rule. Valid values are ALLOW and DENY.

            • pattern (string) --

              The URL pattern to match for the rule.

            • networkTrafficRuleType (string) --

              The type of the network traffic rule. Currently, only URL is supported.

        • customHeaders (list) --

          The list of custom HTTP headers to include in network traffic during testing.

          • (dict) --

            A custom HTTP header to include in network traffic during penetration testing.

            • name (string) --

              The name of the custom header.

            • value (string) --

              The value of the custom header.

      • codeRemediationStrategy (string) --

        The code remediation strategy for the pentest.

      • cleanUpStrategy (string) --

        Strategy for cleaning up resources after pentest job completion.

      • disableManagedSkills (list) --

        A list of managed skills to disable for this pentest. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.

        • (string) --

          Type of managed skill that can be enabled or disabled for a pentest.

      • createdAt (datetime) --

        The date and time the pentest was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the pentest was last updated, in UTC format.

  • failed (list) --

    The list of pentests that failed to delete, including the reason for each failure.

    • (dict) --

      Contains information about a pentest that failed to delete.

      • pentestId (string) --

        The unique identifier of the pentest that failed to delete.

      • reason (string) --

        The reason the pentest failed to delete.

{'codeReviewJobs': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                         'resourceId': 'string'}},
                    'steps': {'name': {'VALIDATION'}}}}

Retrieves information about one or more code review jobs in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_code_review_jobs(
    codeReviewJobIds=[
        'string',
    ],
    agentSpaceId='string'
)

type codeReviewJobIds:

list

param codeReviewJobIds:

[REQUIRED]

The list of code review job identifiers to retrieve.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the code review jobs.

rtype:

dict

returns:

Response Syntax

{
    'codeReviewJobs': [
        {
            'codeReviewJobId': 'string',
            'codeReviewId': 'string',
            'title': 'string',
            'overview': 'string',
            'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
            'documents': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'sourceCode': [
                {
                    's3Location': 'string'
                },
            ],
            'steps': [
                {
                    'name': 'PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING'|'VALIDATION',
                    'status': 'NOT_STARTED'|'IN_PROGRESS'|'COMPLETED'|'FAILED'|'STOPPED',
                    'createdAt': datetime(2015, 1, 1),
                    'updatedAt': datetime(2015, 1, 1)
                },
            ],
            'executionContext': [
                {
                    'contextType': 'ERROR'|'CLIENT_ERROR'|'WARNING'|'INFO',
                    'context': 'string',
                    'timestamp': datetime(2015, 1, 1)
                },
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'errorInformation': {
                'code': 'CLIENT_ERROR'|'INTERNAL_ERROR'|'STOPPED_BY_USER',
                'message': 'string'
            },
            'integratedRepositories': [
                {
                    'integrationId': 'string',
                    'providerResourceId': 'string'
                },
            ],
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetCodeReviewJobs operation.

  • codeReviewJobs (list) --

    The list of code review jobs that were found.

    • (dict) --

      Represents a code review job, which is an execution instance of a code review. A code review job progresses through preflight, static analysis, and finalizing steps.

      • codeReviewJobId (string) --

        The unique identifier of the code review job.

      • codeReviewId (string) --

        The unique identifier of the code review associated with the job.

      • title (string) --

        The title of the code review job.

      • overview (string) --

        An overview of the code review job results.

      • status (string) --

        The current status of the code review job.

      • documents (list) --

        The list of documents providing context for the code review job.

        • (dict) --

          Represents a document that provides context for security testing.

          • s3Location (string) --

            The Amazon S3 location of the document.

          • artifactId (string) --

            The unique identifier of the artifact associated with the document.

          • integratedDocument (dict) --

            A reference to a document in an integrated third-party provider.

            • integrationId (string) --

              The identifier of the integration that provides access to the document.

            • resourceId (string) --

              The provider-specific resource identifier for the document.

      • sourceCode (list) --

        The list of source code repositories analyzed during the code review job.

        • (dict) --

          Represents a source code repository used for security analysis during a pentest.

          • s3Location (string) --

            The Amazon S3 location of the source code repository archive.

      • steps (list) --

        The list of steps in the code review job execution.

        • (dict) --

          Represents a step in the pentest job execution pipeline. Steps include preflight, static analysis, pentest, and finalizing.

          • name (string) --

            The name of the step. Valid values include PREFLIGHT, STATIC_ANALYSIS, PENTEST, VALIDATION, and FINALIZING.

          • status (string) --

            The current status of the step.

          • createdAt (datetime) --

            The date and time the step was created, in UTC format.

          • updatedAt (datetime) --

            The date and time the step was last updated, in UTC format.

      • executionContext (list) --

        The execution context messages for the code review job.

        • (dict) --

          Contains contextual information about the execution of a pentest job, such as errors, warnings, or informational messages.

          • contextType (string) --

            The type of context. Valid values include ERROR, CLIENT_ERROR, WARNING, and INFO.

          • context (string) --

            The context message.

          • timestamp (datetime) --

            The date and time the context was recorded, in UTC format.

      • serviceRole (string) --

        The IAM service role used for the code review job.

      • logConfig (dict) --

        The CloudWatch Logs configuration for the code review job.

        • logGroup (string) --

          The name of the CloudWatch log group.

        • logStream (string) --

          The name of the CloudWatch log stream.

      • errorInformation (dict) --

        Error information if the code review job encountered an error.

        • code (string) --

          The error code. Valid values include CLIENT_ERROR, INTERNAL_ERROR, and STOPPED_BY_USER.

        • message (string) --

          A message describing the error.

      • integratedRepositories (list) --

        The list of integrated repositories associated with the code review job.

        • (dict) --

          Represents a code repository that is integrated with the service through a third-party provider.

          • integrationId (string) --

            The unique identifier of the integration that provides access to the repository.

          • providerResourceId (string) --

            The provider-specific resource identifier for the repository.

      • codeRemediationStrategy (string) --

        The code remediation strategy for the code review job.

      • createdAt (datetime) --

        The date and time the code review job was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the code review job was last updated, in UTC format.

  • notFound (list) --

    The list of code review job identifiers that were not found.

    • (string) --

{'codeReviews': {'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                                 'resourceId': 'string'}}},
                 'validationMode': 'DISABLED | SIMULATED'}}

Retrieves information about one or more code reviews in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_code_reviews(
    codeReviewIds=[
        'string',
    ],
    agentSpaceId='string'
)

type codeReviewIds:

list

param codeReviewIds:

[REQUIRED]

The list of code review identifiers to retrieve.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the code reviews.

rtype:

dict

returns:

Response Syntax

{
    'codeReviews': [
        {
            'codeReviewId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'assets': {
                'endpoints': [
                    {
                        'uri': 'string'
                    },
                ],
                'actors': [
                    {
                        'identifier': 'string',
                        'uris': [
                            'string',
                        ],
                        'authentication': {
                            'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                            'value': 'string'
                        },
                        'description': 'string'
                    },
                ],
                'documents': [
                    {
                        's3Location': 'string',
                        'artifactId': 'string',
                        'integratedDocument': {
                            'integrationId': 'string',
                            'resourceId': 'string'
                        }
                    },
                ],
                'sourceCode': [
                    {
                        's3Location': 'string'
                    },
                ],
                'integratedRepositories': [
                    {
                        'integrationId': 'string',
                        'providerResourceId': 'string'
                    },
                ]
            },
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'validationMode': 'DISABLED'|'SIMULATED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetCodeReviews operation.

  • codeReviews (list) --

    The list of code reviews that were found.

    • (dict) --

      Represents a code review configuration that defines the parameters for automated security-focused code analysis, including target assets and logging configuration.

      • codeReviewId (string) --

        The unique identifier of the code review.

      • agentSpaceId (string) --

        The unique identifier of the agent space that contains the code review.

      • title (string) --

        The title of the code review.

      • assets (dict) --

        The assets included in the code review.

        • endpoints (list) --

          The list of endpoints to test during the pentest.

          • (dict) --

            Represents a target endpoint for penetration testing.

            • uri (string) --

              The URI of the endpoint.

        • actors (list) --

          The list of actors used during penetration testing.

          • (dict) --

            Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

            • identifier (string) --

              The unique identifier for the actor.

            • uris (list) --

              The list of URIs that the actor targets during testing.

              • (string) --

            • authentication (dict) --

              The authentication configuration for the actor.

              • providerType (string) --

                The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

              • value (string) --

                The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

            • description (string) --

              A description of the actor.

        • documents (list) --

          The list of documents that provide context for the pentest.

          • (dict) --

            Represents a document that provides context for security testing.

            • s3Location (string) --

              The Amazon S3 location of the document.

            • artifactId (string) --

              The unique identifier of the artifact associated with the document.

            • integratedDocument (dict) --

              A reference to a document in an integrated third-party provider.

              • integrationId (string) --

                The identifier of the integration that provides access to the document.

              • resourceId (string) --

                The provider-specific resource identifier for the document.

        • sourceCode (list) --

          The list of source code repositories to analyze during the pentest.

          • (dict) --

            Represents a source code repository used for security analysis during a pentest.

            • s3Location (string) --

              The Amazon S3 location of the source code repository archive.

        • integratedRepositories (list) --

          The list of integrated repositories associated with the pentest.

          • (dict) --

            Represents a code repository that is integrated with the service through a third-party provider.

            • integrationId (string) --

              The unique identifier of the integration that provides access to the repository.

            • providerResourceId (string) --

              The provider-specific resource identifier for the repository.

      • serviceRole (string) --

        The IAM service role used for the code review.

      • logConfig (dict) --

        The CloudWatch Logs configuration for the code review.

        • logGroup (string) --

          The name of the CloudWatch log group.

        • logStream (string) --

          The name of the CloudWatch log stream.

      • codeRemediationStrategy (string) --

        The code remediation strategy for the code review.

      • validationMode (string) --

        The validation mode for the code review. Valid values are SIMULATED and DISABLED.

      • createdAt (datetime) --

        The date and time the code review was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the code review was last updated, in UTC format.

  • notFound (list) --

    The list of code review identifiers that were not found.

    • (string) --

{'findings': {'alignmentRationale': 'string',
              'customerNote': 'string',
              'validationStatus': 'CONFIRMED | NOT_REPRODUCED | '
                                  'VALIDATION_FAILED | VALIDATING | '
                                  'NOT_VALIDATED'}}

Retrieves information about one or more security findings in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_findings(
    findingIds=[
        'string',
    ],
    agentSpaceId='string'
)

type findingIds:

list

param findingIds:

[REQUIRED]

The list of finding identifiers to retrieve.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the findings.

rtype:

dict

returns:

Response Syntax

{
    'findings': [
        {
            'findingId': 'string',
            'agentSpaceId': 'string',
            'pentestId': 'string',
            'pentestJobId': 'string',
            'codeReviewId': 'string',
            'codeReviewJobId': 'string',
            'taskId': 'string',
            'name': 'string',
            'description': 'string',
            'status': 'ACTIVE'|'RESOLVED'|'ACCEPTED'|'FALSE_POSITIVE',
            'riskType': 'string',
            'riskLevel': 'UNKNOWN'|'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
            'riskScore': 'string',
            'reasoning': 'string',
            'confidence': 'FALSE_POSITIVE'|'UNCONFIRMED'|'LOW'|'MEDIUM'|'HIGH',
            'validationStatus': 'CONFIRMED'|'NOT_REPRODUCED'|'VALIDATION_FAILED'|'VALIDATING'|'NOT_VALIDATED',
            'attackScript': 'string',
            'codeRemediationTask': {
                'status': 'IN_PROGRESS'|'COMPLETED'|'FAILED',
                'statusReason': 'string',
                'taskDetails': [
                    {
                        'repoName': 'string',
                        'codeDiffLink': 'string',
                        'pullRequestLink': 'string'
                    },
                ]
            },
            'lastUpdatedBy': 'string',
            'customerNote': 'string',
            'codeLocations': [
                {
                    'filePath': 'string',
                    'lineStart': 123,
                    'lineEnd': 123,
                    'label': 'string'
                },
            ],
            'verificationScript': {
                'scriptType': 'string',
                'scriptUrl': 'string',
                'instructions': 'string',
                'envVars': [
                    {
                        'name': 'string',
                        'value': 'string'
                    },
                ]
            },
            'alignmentRationale': 'string',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetFindings operation.

  • findings (list) --

    The list of findings that were found.

    • (dict) --

      Represents a security finding discovered during a pentest job. A finding contains details about a vulnerability, including its risk level, confidence, and remediation status.

      • findingId (string) --

        The unique identifier of the finding.

      • agentSpaceId (string) --

        The unique identifier of the agent space associated with the finding.

      • pentestId (string) --

        The unique identifier of the pentest associated with the finding.

      • pentestJobId (string) --

        The unique identifier of the pentest job that produced the finding.

      • codeReviewId (string) --

        The unique identifier of the code review associated with the finding.

      • codeReviewJobId (string) --

        The unique identifier of the code review job that produced the finding.

      • taskId (string) --

        The unique identifier of the task that produced the finding.

      • name (string) --

        The name of the finding.

      • description (string) --

        A description of the finding.

      • status (string) --

        The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.

      • riskType (string) --

        The type of security risk identified by the finding.

      • riskLevel (string) --

        The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.

      • riskScore (string) --

        The numerical risk score of the finding.

      • reasoning (string) --

        The reasoning behind the finding, explaining why it was identified as a vulnerability.

      • confidence (string) --

        The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.

      • validationStatus (string) --

        The simulated validation status of the finding. Valid values are NOT_VALIDATED, VALIDATING, CONFIRMED, NOT_REPRODUCED, and VALIDATION_FAILED.

      • attackScript (string) --

        The attack script used to reproduce the finding.

      • codeRemediationTask (dict) --

        The code remediation task associated with the finding, if code remediation was initiated.

        • status (string) --

          The current status of the code remediation task.

        • statusReason (string) --

          The reason for the current status of the code remediation task.

        • taskDetails (list) --

          The list of details for the code remediation task, including repository name, code diff link, and pull request link.

          • (dict) --

            Contains details about a code remediation task, including links to the code diff and pull request.

            • repoName (string) --

              The name of the repository where the remediation was applied.

            • codeDiffLink (string) --

              The link to the code diff for the remediation.

            • pullRequestLink (string) --

              The link to the pull request created for the remediation.

      • lastUpdatedBy (string) --

        The identifier of the entity that last updated the finding.

      • customerNote (string) --

        A customer-provided note on the finding.

      • codeLocations (list) --

        The file locations involved in the vulnerability, as reported by the code scanner.

        • (dict) --

          Represents a location in source code associated with a security finding.

          • filePath (string) --

            The absolute path to the file containing the code location.

          • lineStart (integer) --

            The starting line number of the code location.

          • lineEnd (integer) --

            The ending line number of the code location.

          • label (string) --

            The role of this location in the vulnerability, such as source or sink.

      • verificationScript (dict) --

        The verification script metadata for reproducing the finding, including download URL, instructions, and required environment variables.

        • scriptType (string) --

          The type of script. Valid values are python and bash.

        • scriptUrl (string) --

          URL to download the verification script.

        • instructions (string) --

          Instructions for running the verification script, including prerequisites and how to interpret results.

        • envVars (list) --

          The list of environment variables required to run the verification script.

          • (dict) --

            Represents an environment variable required to run a verification script.

            • name (string) --

              The name of the environment variable.

            • value (string) --

              The value of the environment variable.

      • alignmentRationale (string) --

        The rationale provided by the alignment agent explaining how the finding was adjusted based on customer preferences.

      • createdAt (datetime) --

        The date and time the finding was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the finding was last updated, in UTC format.

  • notFound (list) --

    The list of finding identifiers that were not found.

    • (string) --

{'pentestJobs': {'cleanUpStrategy': 'BEST_EFFORT_DELETE | RETAIN_ALL',
                 'disableManagedSkills': ['FINDING_PERSONALIZATION | '
                                          'LOGIN_OPTIMIZATION'],
                 'documents': {'integratedDocument': {'integrationId': 'string',
                                                      'resourceId': 'string'}},
                 'steps': {'name': {'VALIDATION'}}}}

Retrieves information about one or more pentest jobs in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_pentest_jobs(
    pentestJobIds=[
        'string',
    ],
    agentSpaceId='string'
)

type pentestJobIds:

list

param pentestJobIds:

[REQUIRED]

The list of pentest job identifiers to retrieve.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the pentest jobs.

rtype:

dict

returns:

Response Syntax

{
    'pentestJobs': [
        {
            'pentestJobId': 'string',
            'pentestId': 'string',
            'title': 'string',
            'overview': 'string',
            'status': 'IN_PROGRESS'|'STOPPING'|'STOPPED'|'FAILED'|'COMPLETED',
            'endpoints': [
                {
                    'uri': 'string'
                },
            ],
            'actors': [
                {
                    'identifier': 'string',
                    'uris': [
                        'string',
                    ],
                    'authentication': {
                        'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                        'value': 'string'
                    },
                    'description': 'string'
                },
            ],
            'documents': [
                {
                    's3Location': 'string',
                    'artifactId': 'string',
                    'integratedDocument': {
                        'integrationId': 'string',
                        'resourceId': 'string'
                    }
                },
            ],
            'sourceCode': [
                {
                    's3Location': 'string'
                },
            ],
            'excludePaths': [
                {
                    'uri': 'string'
                },
            ],
            'allowedDomains': [
                {
                    'uri': 'string'
                },
            ],
            'excludeRiskTypes': [
                'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
            ],
            'steps': [
                {
                    'name': 'PREFLIGHT'|'STATIC_ANALYSIS'|'PENTEST'|'FINALIZING'|'VALIDATION',
                    'status': 'NOT_STARTED'|'IN_PROGRESS'|'COMPLETED'|'FAILED'|'STOPPED',
                    'createdAt': datetime(2015, 1, 1),
                    'updatedAt': datetime(2015, 1, 1)
                },
            ],
            'executionContext': [
                {
                    'contextType': 'ERROR'|'CLIENT_ERROR'|'WARNING'|'INFO',
                    'context': 'string',
                    'timestamp': datetime(2015, 1, 1)
                },
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'vpcConfig': {
                'vpcArn': 'string',
                'securityGroupArns': [
                    'string',
                ],
                'subnetArns': [
                    'string',
                ]
            },
            'networkTrafficConfig': {
                'rules': [
                    {
                        'effect': 'ALLOW'|'DENY',
                        'pattern': 'string',
                        'networkTrafficRuleType': 'URL'
                    },
                ],
                'customHeaders': [
                    {
                        'name': 'string',
                        'value': 'string'
                    },
                ]
            },
            'errorInformation': {
                'code': 'CLIENT_ERROR'|'INTERNAL_ERROR'|'STOPPED_BY_USER',
                'message': 'string'
            },
            'integratedRepositories': [
                {
                    'integrationId': 'string',
                    'providerResourceId': 'string'
                },
            ],
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'cleanUpStrategy': 'BEST_EFFORT_DELETE'|'RETAIN_ALL',
            'disableManagedSkills': [
                'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
            ],
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetPentestJobs operation.

  • pentestJobs (list) --

    The list of pentest jobs that were found.

    • (dict) --

      Represents a pentest job, which is an execution instance of a pentest. A pentest job progresses through preflight, static analysis, pentest, and finalizing steps.

      • pentestJobId (string) --

        The unique identifier of the pentest job.

      • pentestId (string) --

        The unique identifier of the pentest associated with the job.

      • title (string) --

        The title of the pentest job.

      • overview (string) --

        An overview of the pentest job results.

      • status (string) --

        The current status of the pentest job.

      • endpoints (list) --

        The list of endpoints being tested in the pentest job.

        • (dict) --

          Represents a target endpoint for penetration testing.

          • uri (string) --

            The URI of the endpoint.

      • actors (list) --

        The list of actors used during the pentest job.

        • (dict) --

          Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

          • identifier (string) --

            The unique identifier for the actor.

          • uris (list) --

            The list of URIs that the actor targets during testing.

            • (string) --

          • authentication (dict) --

            The authentication configuration for the actor.

            • providerType (string) --

              The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

            • value (string) --

              The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

          • description (string) --

            A description of the actor.

      • documents (list) --

        The list of documents providing context for the pentest job.

        • (dict) --

          Represents a document that provides context for security testing.

          • s3Location (string) --

            The Amazon S3 location of the document.

          • artifactId (string) --

            The unique identifier of the artifact associated with the document.

          • integratedDocument (dict) --

            A reference to a document in an integrated third-party provider.

            • integrationId (string) --

              The identifier of the integration that provides access to the document.

            • resourceId (string) --

              The provider-specific resource identifier for the document.

      • sourceCode (list) --

        The list of source code repositories analyzed during the pentest job.

        • (dict) --

          Represents a source code repository used for security analysis during a pentest.

          • s3Location (string) --

            The Amazon S3 location of the source code repository archive.

      • excludePaths (list) --

        The list of paths excluded from the pentest job.

        • (dict) --

          Represents a target endpoint for penetration testing.

          • uri (string) --

            The URI of the endpoint.

      • allowedDomains (list) --

        The list of domains allowed during the pentest job.

        • (dict) --

          Represents a target endpoint for penetration testing.

          • uri (string) --

            The URI of the endpoint.

      • excludeRiskTypes (list) --

        The list of risk types excluded from the pentest job.

        • (string) --

          Type of security risk.

      • steps (list) --

        The list of steps in the pentest job execution.

        • (dict) --

          Represents a step in the pentest job execution pipeline. Steps include preflight, static analysis, pentest, and finalizing.

          • name (string) --

            The name of the step. Valid values include PREFLIGHT, STATIC_ANALYSIS, PENTEST, VALIDATION, and FINALIZING.

          • status (string) --

            The current status of the step.

          • createdAt (datetime) --

            The date and time the step was created, in UTC format.

          • updatedAt (datetime) --

            The date and time the step was last updated, in UTC format.

      • executionContext (list) --

        The execution context messages for the pentest job.

        • (dict) --

          Contains contextual information about the execution of a pentest job, such as errors, warnings, or informational messages.

          • contextType (string) --

            The type of context. Valid values include ERROR, CLIENT_ERROR, WARNING, and INFO.

          • context (string) --

            The context message.

          • timestamp (datetime) --

            The date and time the context was recorded, in UTC format.

      • serviceRole (string) --

        The IAM service role used for the pentest job.

      • logConfig (dict) --

        The CloudWatch Logs configuration for the pentest job.

        • logGroup (string) --

          The name of the CloudWatch log group.

        • logStream (string) --

          The name of the CloudWatch log stream.

      • vpcConfig (dict) --

        The VPC configuration for the pentest job.

        • vpcArn (string) --

          The Amazon Resource Name (ARN) of the VPC.

        • securityGroupArns (list) --

          The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.

          • (string) --

            ARN or ID of a security group.

        • subnetArns (list) --

          The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.

          • (string) --

            ARN or ID of a subnet.

      • networkTrafficConfig (dict) --

        The network traffic configuration for the pentest job.

        • rules (list) --

          The list of network traffic rules that control which URLs are allowed or denied during testing.

          • (dict) --

            A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.

            • effect (string) --

              The effect of the rule. Valid values are ALLOW and DENY.

            • pattern (string) --

              The URL pattern to match for the rule.

            • networkTrafficRuleType (string) --

              The type of the network traffic rule. Currently, only URL is supported.

        • customHeaders (list) --

          The list of custom HTTP headers to include in network traffic during testing.

          • (dict) --

            A custom HTTP header to include in network traffic during penetration testing.

            • name (string) --

              The name of the custom header.

            • value (string) --

              The value of the custom header.

      • errorInformation (dict) --

        Error information if the pentest job encountered an error.

        • code (string) --

          The error code. Valid values include CLIENT_ERROR, INTERNAL_ERROR, and STOPPED_BY_USER.

        • message (string) --

          A message describing the error.

      • integratedRepositories (list) --

        The list of integrated repositories associated with the pentest job.

        • (dict) --

          Represents a code repository that is integrated with the service through a third-party provider.

          • integrationId (string) --

            The unique identifier of the integration that provides access to the repository.

          • providerResourceId (string) --

            The provider-specific resource identifier for the repository.

      • codeRemediationStrategy (string) --

        The code remediation strategy for the pentest job.

      • cleanUpStrategy (string) --

        Strategy for cleaning up resources after pentest job completion.

      • disableManagedSkills (list) --

        A list of managed skills disabled for this pentest job. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.

        • (string) --

          Type of managed skill that can be enabled or disabled for a pentest.

      • createdAt (datetime) --

        The date and time the pentest job was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the pentest job was last updated, in UTC format.

  • notFound (list) --

    The list of pentest job identifiers that were not found.

    • (string) --

{'pentests': {'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                              'resourceId': 'string'}}},
              'cleanUpStrategy': 'BEST_EFFORT_DELETE | RETAIN_ALL',
              'disableManagedSkills': ['FINDING_PERSONALIZATION | '
                                       'LOGIN_OPTIMIZATION']}}

Retrieves information about one or more pentests in an agent space.

See also: AWS API Documentation

Request Syntax

client.batch_get_pentests(
    pentestIds=[
        'string',
    ],
    agentSpaceId='string'
)

type pentestIds:

list

param pentestIds:

[REQUIRED]

The list of pentest identifiers to retrieve.

• (string) --

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space that contains the pentests.

rtype:

dict

returns:

Response Syntax

{
    'pentests': [
        {
            'pentestId': 'string',
            'agentSpaceId': 'string',
            'title': 'string',
            'assets': {
                'endpoints': [
                    {
                        'uri': 'string'
                    },
                ],
                'actors': [
                    {
                        'identifier': 'string',
                        'uris': [
                            'string',
                        ],
                        'authentication': {
                            'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                            'value': 'string'
                        },
                        'description': 'string'
                    },
                ],
                'documents': [
                    {
                        's3Location': 'string',
                        'artifactId': 'string',
                        'integratedDocument': {
                            'integrationId': 'string',
                            'resourceId': 'string'
                        }
                    },
                ],
                'sourceCode': [
                    {
                        's3Location': 'string'
                    },
                ],
                'integratedRepositories': [
                    {
                        'integrationId': 'string',
                        'providerResourceId': 'string'
                    },
                ]
            },
            'excludeRiskTypes': [
                'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
            ],
            'serviceRole': 'string',
            'logConfig': {
                'logGroup': 'string',
                'logStream': 'string'
            },
            'vpcConfig': {
                'vpcArn': 'string',
                'securityGroupArns': [
                    'string',
                ],
                'subnetArns': [
                    'string',
                ]
            },
            'networkTrafficConfig': {
                'rules': [
                    {
                        'effect': 'ALLOW'|'DENY',
                        'pattern': 'string',
                        'networkTrafficRuleType': 'URL'
                    },
                ],
                'customHeaders': [
                    {
                        'name': 'string',
                        'value': 'string'
                    },
                ]
            },
            'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
            'cleanUpStrategy': 'BEST_EFFORT_DELETE'|'RETAIN_ALL',
            'disableManagedSkills': [
                'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
            ],
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

• (dict) --

  Output for the BatchGetPentests operation.

  • pentests (list) --

    The list of pentests that were found.

    • (dict) --

      Represents a pentest configuration that defines the parameters for security testing, including target assets, risk type exclusions, and infrastructure settings.

      • pentestId (string) --

        The unique identifier of the pentest.

      • agentSpaceId (string) --

        The unique identifier of the agent space that contains the pentest.

      • title (string) --

        The title of the pentest.

      • assets (dict) --

        The assets included in the pentest.

        • endpoints (list) --

          The list of endpoints to test during the pentest.

          • (dict) --

            Represents a target endpoint for penetration testing.

            • uri (string) --

              The URI of the endpoint.

        • actors (list) --

          The list of actors used during penetration testing.

          • (dict) --

            Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

            • identifier (string) --

              The unique identifier for the actor.

            • uris (list) --

              The list of URIs that the actor targets during testing.

              • (string) --

            • authentication (dict) --

              The authentication configuration for the actor.

              • providerType (string) --

                The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

              • value (string) --

                The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

            • description (string) --

              A description of the actor.

        • documents (list) --

          The list of documents that provide context for the pentest.

          • (dict) --

            Represents a document that provides context for security testing.

            • s3Location (string) --

              The Amazon S3 location of the document.

            • artifactId (string) --

              The unique identifier of the artifact associated with the document.

            • integratedDocument (dict) --

              A reference to a document in an integrated third-party provider.

              • integrationId (string) --

                The identifier of the integration that provides access to the document.

              • resourceId (string) --

                The provider-specific resource identifier for the document.

        • sourceCode (list) --

          The list of source code repositories to analyze during the pentest.

          • (dict) --

            Represents a source code repository used for security analysis during a pentest.

            • s3Location (string) --

              The Amazon S3 location of the source code repository archive.

        • integratedRepositories (list) --

          The list of integrated repositories associated with the pentest.

          • (dict) --

            Represents a code repository that is integrated with the service through a third-party provider.

            • integrationId (string) --

              The unique identifier of the integration that provides access to the repository.

            • providerResourceId (string) --

              The provider-specific resource identifier for the repository.

      • excludeRiskTypes (list) --

        The list of risk types excluded from the pentest.

        • (string) --

          Type of security risk.

      • serviceRole (string) --

        The IAM service role used for the pentest.

      • logConfig (dict) --

        The CloudWatch Logs configuration for the pentest.

        • logGroup (string) --

          The name of the CloudWatch log group.

        • logStream (string) --

          The name of the CloudWatch log stream.

      • vpcConfig (dict) --

        The VPC configuration for the pentest.

        • vpcArn (string) --

          The Amazon Resource Name (ARN) of the VPC.

        • securityGroupArns (list) --

          The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.

          • (string) --

            ARN or ID of a security group.

        • subnetArns (list) --

          The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.

          • (string) --

            ARN or ID of a subnet.

      • networkTrafficConfig (dict) --

        The network traffic configuration for the pentest.

        • rules (list) --

          The list of network traffic rules that control which URLs are allowed or denied during testing.

          • (dict) --

            A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.

            • effect (string) --

              The effect of the rule. Valid values are ALLOW and DENY.

            • pattern (string) --

              The URL pattern to match for the rule.

            • networkTrafficRuleType (string) --

              The type of the network traffic rule. Currently, only URL is supported.

        • customHeaders (list) --

          The list of custom HTTP headers to include in network traffic during testing.

          • (dict) --

            A custom HTTP header to include in network traffic during penetration testing.

            • name (string) --

              The name of the custom header.

            • value (string) --

              The value of the custom header.

      • codeRemediationStrategy (string) --

        The code remediation strategy for the pentest.

      • cleanUpStrategy (string) --

        Strategy for cleaning up resources after pentest job completion.

      • disableManagedSkills (list) --

        A list of managed skills to disable for this pentest. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.

        • (string) --

          Type of managed skill that can be enabled or disabled for a pentest.

      • createdAt (datetime) --

        The date and time the pentest was created, in UTC format.

      • updatedAt (datetime) --

        The date and time the pentest was last updated, in UTC format.

  • notFound (list) --

    The list of pentest identifiers that were not found.

    • (string) --

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}},
 'validationMode': 'DISABLED | SIMULATED'}

Creates a new code review configuration in an agent space. A code review defines the parameters for automated security-focused code analysis.

See also: AWS API Documentation

Request Syntax

client.create_code_review(
    title='string',
    agentSpaceId='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    codeRemediationStrategy='AUTOMATIC'|'DISABLED',
    validationMode='DISABLED'|'SIMULATED'
)

type title:

string

param title:

[REQUIRED]

The title of the code review.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to create the code review in.

type assets:

dict

param assets:

[REQUIRED]

The assets to include in the code review, such as documents and source code.

• endpoints (list) --

  The list of endpoints to test during the pentest.

  • (dict) --

    Represents a target endpoint for penetration testing.

    • uri (string) --

      The URI of the endpoint.

• actors (list) --

  The list of actors used during penetration testing.

  • (dict) --

    Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

    • identifier (string) --

      The unique identifier for the actor.

    • uris (list) --

      The list of URIs that the actor targets during testing.

      • (string) --

    • authentication (dict) --

      The authentication configuration for the actor.

      • providerType (string) --

        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

      • value (string) --

        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

    • description (string) --

      A description of the actor.

• documents (list) --

  The list of documents that provide context for the pentest.

  • (dict) --

    Represents a document that provides context for security testing.

    • s3Location (string) --

      The Amazon S3 location of the document.

    • artifactId (string) --

      The unique identifier of the artifact associated with the document.

    • integratedDocument (dict) --

      A reference to a document in an integrated third-party provider.

      • integrationId (string) -- [REQUIRED]

        The identifier of the integration that provides access to the document.

      • resourceId (string) -- [REQUIRED]

        The provider-specific resource identifier for the document.

• sourceCode (list) --

  The list of source code repositories to analyze during the pentest.

  • (dict) --

    Represents a source code repository used for security analysis during a pentest.

    • s3Location (string) --

      The Amazon S3 location of the source code repository archive.

• integratedRepositories (list) --

  The list of integrated repositories associated with the pentest.

  • (dict) --

    Represents a code repository that is integrated with the service through a third-party provider.

    • integrationId (string) -- [REQUIRED]

      The unique identifier of the integration that provides access to the repository.

    • providerResourceId (string) -- [REQUIRED]

      The provider-specific resource identifier for the repository.

type serviceRole:

string

param serviceRole:

The IAM service role to use for the code review.

type logConfig:

dict

param logConfig:

The CloudWatch Logs configuration for the code review.

• logGroup (string) --

  The name of the CloudWatch log group.

• logStream (string) --

  The name of the CloudWatch log stream.

type codeRemediationStrategy:

string

param codeRemediationStrategy:

The code remediation strategy for the code review. Valid values are AUTOMATIC and DISABLED.

type validationMode:

string

param validationMode:

The validation mode for the code review. Valid values are SIMULATED and DISABLED.

rtype:

dict

returns:

Response Syntax

{
    'codeReviewId': 'string',
    'title': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'agentSpaceId': 'string',
    'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED',
    'validationMode': 'DISABLED'|'SIMULATED'
}

Response Structure

• (dict) --

  Output for the CreateCodeReview operation.

  • codeReviewId (string) --

    The unique identifier of the created code review.

  • title (string) --

    The title of the code review.

  • createdAt (datetime) --

    The date and time the code review was created, in UTC format.

  • updatedAt (datetime) --

    The date and time the code review was last updated, in UTC format.

  • assets (dict) --

    The assets included in the code review.

    • endpoints (list) --

      The list of endpoints to test during the pentest.

      • (dict) --

        Represents a target endpoint for penetration testing.

        • uri (string) --

          The URI of the endpoint.

    • actors (list) --

      The list of actors used during penetration testing.

      • (dict) --

        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

        • identifier (string) --

          The unique identifier for the actor.

        • uris (list) --

          The list of URIs that the actor targets during testing.

          • (string) --

        • authentication (dict) --

          The authentication configuration for the actor.

          • providerType (string) --

            The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

          • value (string) --

            The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

        • description (string) --

          A description of the actor.

    • documents (list) --

      The list of documents that provide context for the pentest.

      • (dict) --

        Represents a document that provides context for security testing.

        • s3Location (string) --

          The Amazon S3 location of the document.

        • artifactId (string) --

          The unique identifier of the artifact associated with the document.

        • integratedDocument (dict) --

          A reference to a document in an integrated third-party provider.

          • integrationId (string) --

            The identifier of the integration that provides access to the document.

          • resourceId (string) --

            The provider-specific resource identifier for the document.

    • sourceCode (list) --

      The list of source code repositories to analyze during the pentest.

      • (dict) --

        Represents a source code repository used for security analysis during a pentest.

        • s3Location (string) --

          The Amazon S3 location of the source code repository archive.

    • integratedRepositories (list) --

      The list of integrated repositories associated with the pentest.

      • (dict) --

        Represents a code repository that is integrated with the service through a third-party provider.

        • integrationId (string) --

          The unique identifier of the integration that provides access to the repository.

        • providerResourceId (string) --

          The provider-specific resource identifier for the repository.

  • serviceRole (string) --

    The IAM service role used for the code review.

  • logConfig (dict) --

    The CloudWatch Logs configuration for the code review.

    • logGroup (string) --

      The name of the CloudWatch log group.

    • logStream (string) --

      The name of the CloudWatch log stream.

  • agentSpaceId (string) --

    The unique identifier of the agent space that contains the code review.

  • codeRemediationStrategy (string) --

    The code remediation strategy for the code review.

  • validationMode (string) --

    The validation mode for the code review.

{'input': {'bitbucket': {'code': 'string',
                         'installationId': 'string',
                         'state': 'string',
                         'workspace': 'string'},
           'confluence': {'code': 'string',
                          'installationId': 'string',
                          'siteUrl': 'string',
                          'state': 'string'},
           'github': {'installationId': 'string', 'targetUrl': 'string'},
           'gitlab': {'accessToken': 'string',
                      'groupId': 'string',
                      'targetUrl': 'string',
                      'tokenType': 'PERSONAL | GROUP'}},
 'privateConnectionName': 'string',
 'provider': {'BITBUCKET', 'CONFLUENCE', 'GITLAB'}}

Creates a new integration with a third-party provider, such as GitHub, for code review and remediation.

See also: AWS API Documentation

Request Syntax

client.create_integration(
    provider='GITHUB'|'GITLAB'|'BITBUCKET'|'CONFLUENCE',
    input={
        'github': {
            'code': 'string',
            'state': 'string',
            'organizationName': 'string',
            'targetUrl': 'string',
            'installationId': 'string'
        },
        'gitlab': {
            'accessToken': 'string',
            'targetUrl': 'string',
            'tokenType': 'PERSONAL'|'GROUP',
            'groupId': 'string'
        },
        'bitbucket': {
            'installationId': 'string',
            'workspace': 'string',
            'code': 'string',
            'state': 'string'
        },
        'confluence': {
            'installationId': 'string',
            'code': 'string',
            'state': 'string',
            'siteUrl': 'string'
        }
    },
    integrationDisplayName='string',
    kmsKeyId='string',
    tags={
        'string': 'string'
    },
    privateConnectionName='string'
)

type provider:

string

param provider:

[REQUIRED]

The integration provider. Currently, only GITHUB is supported.

type input:

dict

param input:

[REQUIRED]

The provider-specific input required to create the integration.

• github (dict) --

  The GitHub-specific input for creating an integration.

  • code (string) -- [REQUIRED]

    The OAuth authorization code received from GitHub.

  • state (string) -- [REQUIRED]

    The CSRF state token for validating the OAuth flow.

  • organizationName (string) --

    The name of the GitHub organization to integrate with.

  • targetUrl (string) --

    The HTTPS URL of a self-hosted GitHub Enterprise Server instance. Omit this value for GitHub.com.

  • installationId (string) --

    The installation identifier provided by GitHub Enterprise Server on the install callback. Required for GitHub Enterprise Server integrations and ignored for GitHub.com.

• gitlab (dict) --

  The configuration for a GitLab integration.

  • accessToken (string) -- [REQUIRED]

    The GitLab access token used to authenticate. This can be a personal access token or a group access token.

  • targetUrl (string) --

    The HTTPS URL of a self-managed GitLab instance. Omit this value for GitLab SaaS (gitlab.com).

  • tokenType (string) -- [REQUIRED]

    The type of GitLab access token provided in accessToken.

  • groupId (string) --

    The identifier of the GitLab group. Required when tokenType is group and ignored for personal tokens.

• bitbucket (dict) --

  The configuration for a Bitbucket integration.

  • installationId (string) -- [REQUIRED]

    The Atlassian installation identifier, available from the Atlassian administration console.

  • workspace (string) -- [REQUIRED]

    The Bitbucket workspace slug that identifies the workspace to integrate, for example acme-corp.

  • code (string) -- [REQUIRED]

    The OAuth 2.0 authorization code returned from the consent redirect.

  • state (string) -- [REQUIRED]

    The CSRF state token echoed back from the OAuth redirect.

• confluence (dict) --

  The configuration for a Confluence integration.

  • installationId (string) -- [REQUIRED]

    The Atlassian installation identifier, available from the Atlassian administration console.

  • code (string) -- [REQUIRED]

    The OAuth 2.0 authorization code returned from the consent redirect.

  • state (string) -- [REQUIRED]

    The CSRF state token echoed back from the OAuth redirect.

  • siteUrl (string) -- [REQUIRED]

    The Confluence Cloud site URL, for example https://mysite.atlassian.net.

type integrationDisplayName:

string

param integrationDisplayName:

[REQUIRED]

The display name for the integration.

type kmsKeyId:

string

param kmsKeyId:

The identifier of the AWS KMS key to use for encrypting data associated with the integration.

type tags:

dict

param tags:

The tags to associate with the integration.

• (string) --

  Key for a resource tag.

  • (string) --

    Value for a resource tag.

type privateConnectionName:

string

param privateConnectionName:

The name of an active private connection used to reach a self-hosted provider instance over private networking. Specify this when the instance is not publicly reachable.

rtype:

dict

returns:

Response Syntax

{
    'integrationId': 'string'
}

Response Structure

• (dict) --

  • integrationId (string) --

    The unique identifier of the created integration.

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}},
 'disableManagedSkills': ['FINDING_PERSONALIZATION | LOGIN_OPTIMIZATION']}

{'assets': {'documents': {'integratedDocument': {'integrationId': 'string',
                                                 'resourceId': 'string'}}}}

Creates a new pentest configuration in an agent space. A pentest defines the security test parameters, including target assets, risk type exclusions, and logging configuration.

See also: AWS API Documentation

Request Syntax

client.create_pentest(
    title='string',
    agentSpaceId='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    excludeRiskTypes=[
        'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
    ],
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    vpcConfig={
        'vpcArn': 'string',
        'securityGroupArns': [
            'string',
        ],
        'subnetArns': [
            'string',
        ]
    },
    networkTrafficConfig={
        'rules': [
            {
                'effect': 'ALLOW'|'DENY',
                'pattern': 'string',
                'networkTrafficRuleType': 'URL'
            },
        ],
        'customHeaders': [
            {
                'name': 'string',
                'value': 'string'
            },
        ]
    },
    codeRemediationStrategy='AUTOMATIC'|'DISABLED',
    disableManagedSkills=[
        'FINDING_PERSONALIZATION'|'LOGIN_OPTIMIZATION',
    ]
)

type title:

string

param title:

[REQUIRED]

The title of the pentest.

type agentSpaceId:

string

param agentSpaceId:

[REQUIRED]

The unique identifier of the agent space to create the pentest in.

type assets:

dict

param assets:

The assets to include in the pentest, such as endpoints, actors, documents, and source code.

• endpoints (list) --

  The list of endpoints to test during the pentest.

  • (dict) --

    Represents a target endpoint for penetration testing.

    • uri (string) --

      The URI of the endpoint.

• actors (list) --

  The list of actors used during penetration testing.

  • (dict) --

    Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

    • identifier (string) --

      The unique identifier for the actor.

    • uris (list) --

      The list of URIs that the actor targets during testing.

      • (string) --

    • authentication (dict) --

      The authentication configuration for the actor.

      • providerType (string) --

        The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

      • value (string) --

        The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

    • description (string) --

      A description of the actor.

• documents (list) --

  The list of documents that provide context for the pentest.

  • (dict) --

    Represents a document that provides context for security testing.

    • s3Location (string) --

      The Amazon S3 location of the document.

    • artifactId (string) --

      The unique identifier of the artifact associated with the document.

    • integratedDocument (dict) --

      A reference to a document in an integrated third-party provider.

      • integrationId (string) -- [REQUIRED]

        The identifier of the integration that provides access to the document.

      • resourceId (string) -- [REQUIRED]

        The provider-specific resource identifier for the document.

• sourceCode (list) --

  The list of source code repositories to analyze during the pentest.

  • (dict) --

    Represents a source code repository used for security analysis during a pentest.

    • s3Location (string) --

      The Amazon S3 location of the source code repository archive.

• integratedRepositories (list) --

  The list of integrated repositories associated with the pentest.

  • (dict) --

    Represents a code repository that is integrated with the service through a third-party provider.

    • integrationId (string) -- [REQUIRED]

      The unique identifier of the integration that provides access to the repository.

    • providerResourceId (string) -- [REQUIRED]

      The provider-specific resource identifier for the repository.

type excludeRiskTypes:

list

param excludeRiskTypes:

The list of risk types to exclude from the pentest.

• (string) --

  Type of security risk.

type serviceRole:

string

param serviceRole:

The IAM service role to use for the pentest.

type logConfig:

dict

param logConfig:

The CloudWatch Logs configuration for the pentest.

• logGroup (string) --

  The name of the CloudWatch log group.

• logStream (string) --

  The name of the CloudWatch log stream.

type vpcConfig:

dict

param vpcConfig:

The VPC configuration for the pentest.

• vpcArn (string) --

  The Amazon Resource Name (ARN) of the VPC.

• securityGroupArns (list) --

  The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.

  • (string) --

    ARN or ID of a security group.

• subnetArns (list) --

  The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.

  • (string) --

    ARN or ID of a subnet.

type networkTrafficConfig:

dict

param networkTrafficConfig:

The network traffic configuration for the pentest, including custom headers and traffic rules.

• rules (list) --

  The list of network traffic rules that control which URLs are allowed or denied during testing.

  • (dict) --

    A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.

    • effect (string) --

      The effect of the rule. Valid values are ALLOW and DENY.

    • pattern (string) --

      The URL pattern to match for the rule.

    • networkTrafficRuleType (string) --

      The type of the network traffic rule. Currently, only URL is supported.

• customHeaders (list) --

  The list of custom HTTP headers to include in network traffic during testing.

  • (dict) --

    A custom HTTP header to include in network traffic during penetration testing.

    • name (string) --

      The name of the custom header.

    • value (string) --

      The value of the custom header.

type codeRemediationStrategy:

string

param codeRemediationStrategy:

The code remediation strategy for the pentest. Valid values are AUTOMATIC and DISABLED.

type disableManagedSkills:

list

param disableManagedSkills:

A list of managed skills to disable for this pentest. Valid values include FINDING_PERSONALIZATION and LOGIN_OPTIMIZATION.

• (string) --

  Type of managed skill that can be enabled or disabled for a pentest.

rtype:

dict

returns:

Response Syntax

{
    'pentestId': 'string',
    'title': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string',
                'integratedDocument': {
                    'integrationId': 'string',
                    'resourceId': 'string'
                }
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'excludeRiskTypes': [
        'CROSS_SITE_SCRIPTING'|'DEFAULT_CREDENTIALS'|'INSECURE_DIRECT_OBJECT_REFERENCE'|'PRIVILEGE_ESCALATION'|'SERVER_SIDE_TEMPLATE_INJECTION'|'COMMAND_INJECTION'|'CODE_INJECTION'|'SQL_INJECTION'|'ARBITRARY_FILE_UPLOAD'|'INSECURE_DESERIALIZATION'|'LOCAL_FILE_INCLUSION'|'INFORMATION_DISCLOSURE'|'PATH_TRAVERSAL'|'SERVER_SIDE_REQUEST_FORGERY'|'JSON_WEB_TOKEN_VULNERABILITIES'|'XML_EXTERNAL_ENTITY'|'FILE_DELETION'|'OTHER'|'GRAPHQL_VULNERABILITIES'|'BUSINESS_LOGIC_VULNERABILITIES'|'CRYPTOGRAPHIC_VULNERABILITIES'|'DENIAL_OF_SERVICE'|'FILE_ACCESS'|'FILE_CREATION'|'DATABASE_MODIFICATION'|'DATABASE_ACCESS'|'OUTBOUND_SERVICE_REQUEST'|'UNKNOWN',
    ],
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'agentSpaceId': 'string'
}

Response Structure

• (dict) --

  Output for the CreatePentest operation.

  • pentestId (string) --

    The unique identifier of the created pentest.

  • title (string) --

    The title of the pentest.

  • createdAt (datetime) --

    The date and time the pentest was created, in UTC format.

  • updatedAt (datetime) --

    The date and time the pentest was last updated, in UTC format.

  • assets (dict) --

    The assets included in the pentest.

    • endpoints (list) --

      The list of endpoints to test during the pentest.

      • (dict) --

        Represents a target endpoint for penetration testing.

        • uri (string) --

          The URI of the endpoint.

    • actors (list) --

      The list of actors used during penetration testing.

      • (dict) --

        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

        • identifier (string) --

          The unique identifier for the actor.

        • uris (list) --

          The list of URIs that the actor targets during testing.

          • (string) --

        • authentication (dict) --

          The authentication configuration for the actor.

          • providerType (string) --

            The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

          • value (string) --

            The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

        • description (string) --

          A description of the actor.

    • documents (list) --

      The list of documents that provide context for the pentest.

      • (dict) --

        Represents a document that provides context for security testing.

        • s3Location (string) --

          The Amazon S3 location of the document.

        • artifactId (string) --

          The unique identifier of the artifact associated with the document.

        • integratedDocument (dict) --

          A reference to a document in an integrated third-party provider.

          • integrationId (string) --

            The identifier of the integration that provides access to the document.

          • resourceId (string) --

            The provider-specific resource identifier for the document.

    • sourceCode (list) --

      The list of source code repositories to analyze during the pentest.

      • (dict) --

        Represents a source code repository used for security analysis during a pentest.

        • s3Location (string) --

          The Amazon S3 location of the source code repository archive.

    • integratedRepositories (list) --

      The list of integrated repositories associated with the pentest.

      • (dict) --

        Represents a code repository that is integrated with the service through a third-party provider.

        • integrationId (string) --

          The unique identifier of the integration that provides access to the repository.

        • providerResourceId (string) --

          The provider-specific resource identifier for the repository.

  • excludeRiskTypes (list) --

    The list of risk types excluded from the pentest.

    • (string) --

      Type of security risk.

  • serviceRole (string) --

    The IAM service role used for the pentest.

  • logConfig (dict) --

    The CloudWatch Logs configuration for the pentest.

    • logGroup (string) --

      The name of the CloudWatch log group.

    • logStream (string) --

      The name of the CloudWatch log stream.

  • agentSpaceId (string) --

    The unique identifier of the agent space that contains the pentest.