AWS Security Agent

2026/05/04 - AWS Security Agent - 4 updated api methods

Changes  AWS Security Agent is adding a new target domain verification method for private VPC penetration testing. Additionally, the target domain resource will now have a verification status reason field to surface additional details about domain verification

BatchGetTargetDomains (updated) Link ¶
Changes (response) 
{'targetDomains': {'verificationDetails': {'method': {'PRIVATE_VPC'}},
                   'verificationStatusReason': 'string'}}

Retrieves information about one or more target domains.

See also: AWS API Documentation

Request Syntax

client.batch_get_target_domains(
    targetDomainIds=[
        'string',
    ]
)
type targetDomainIds:

list

param targetDomainIds:

[REQUIRED]

The list of target domain identifiers to retrieve.

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'targetDomains': [
        {
            'targetDomainId': 'string',
            'domainName': 'string',
            'verificationStatus': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE',
            'verificationStatusReason': 'string',
            'verificationDetails': {
                'method': 'DNS_TXT'|'HTTP_ROUTE'|'PRIVATE_VPC',
                'dnsTxt': {
                    'token': 'string',
                    'dnsRecordName': 'string',
                    'dnsRecordType': 'TXT'
                },
                'httpRoute': {
                    'token': 'string',
                    'routePath': 'string'
                }
            },
            'createdAt': datetime(2015, 1, 1),
            'verifiedAt': datetime(2015, 1, 1)
        },
    ],
    'notFound': [
        'string',
    ]
}

Response Structure

  • (dict) --

    Output for the BatchGetTargetDomains operation.

    • targetDomains (list) --

      The list of target domains that were found.

      • (dict) --

        Represents a target domain registered for penetration testing. A target domain must be verified through DNS TXT or HTTP route verification before it can be used in pentests.

        • targetDomainId (string) --

          The unique identifier of the target domain.

        • domainName (string) --

          The domain name of the target domain.

        • verificationStatus (string) --

          The current verification status of the target domain.

        • verificationStatusReason (string) --

          The reason for the current target domain verification status.

        • verificationDetails (dict) --

          The verification details for the target domain.

          • method (string) --

            The verification method used for the target domain.

          • dnsTxt (dict) --

            The DNS TXT verification details.

            • token (string) --

              The verification token to include in the DNS record value.

            • dnsRecordName (string) --

              The name of the DNS record to create for verification.

            • dnsRecordType (string) --

              The type of DNS record to create. Currently, only TXT is supported.

          • httpRoute (dict) --

            The HTTP route verification details.

            • token (string) --

              The verification token to serve at the specified route path.

            • routePath (string) --

              The HTTP route path where the verification token must be served.

        • createdAt (datetime) --

          The date and time the target domain was created, in UTC format.

        • verifiedAt (datetime) --

          The date and time the target domain was verified, in UTC format.

    • notFound (list) --

      The list of target domain identifiers that were not found.

      • (string) --

CreateTargetDomain (updated) Link ¶
Changes (request, response)
Request 
{'verificationMethod': {'PRIVATE_VPC'}}
Response 
{'verificationDetails': {'method': {'PRIVATE_VPC'}},
 'verificationStatusReason': 'string'}

Creates a new target domain for penetration testing. A target domain is a web domain that must be registered and verified before it can be tested.

See also: AWS API Documentation

Request Syntax

client.create_target_domain(
    targetDomainName='string',
    verificationMethod='DNS_TXT'|'HTTP_ROUTE'|'PRIVATE_VPC',
    tags={
        'string': 'string'
    }
)
type targetDomainName:

string

param targetDomainName:

[REQUIRED]

The domain name to register as a target domain.

type verificationMethod:

string

param verificationMethod:

[REQUIRED]

The method to use for verifying domain ownership. Valid values are DNS_TXT, HTTP_ROUTE, and PRIVATE_VPC.

type tags:

dict

param tags:

The tags to associate with the target domain.

  • (string) --

    Key for a resource tag.

    • (string) --

      Value for a resource tag.

rtype:

dict

returns:

Response Syntax

{
    'targetDomainId': 'string',
    'domainName': 'string',
    'verificationStatus': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE',
    'verificationStatusReason': 'string',
    'verificationDetails': {
        'method': 'DNS_TXT'|'HTTP_ROUTE'|'PRIVATE_VPC',
        'dnsTxt': {
            'token': 'string',
            'dnsRecordName': 'string',
            'dnsRecordType': 'TXT'
        },
        'httpRoute': {
            'token': 'string',
            'routePath': 'string'
        }
    },
    'createdAt': datetime(2015, 1, 1),
    'verifiedAt': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    Output for the CreateTargetDomain operation.

    • targetDomainId (string) --

      The unique identifier of the created target domain.

    • domainName (string) --

      The domain name of the target domain.

    • verificationStatus (string) --

      The current verification status of the target domain.

    • verificationStatusReason (string) --

      The reason for the current target domain verification status.

    • verificationDetails (dict) --

      The verification details for the target domain, including the verification token and instructions.

      • method (string) --

        The verification method used for the target domain.

      • dnsTxt (dict) --

        The DNS TXT verification details.

        • token (string) --

          The verification token to include in the DNS record value.

        • dnsRecordName (string) --

          The name of the DNS record to create for verification.

        • dnsRecordType (string) --

          The type of DNS record to create. Currently, only TXT is supported.

      • httpRoute (dict) --

        The HTTP route verification details.

        • token (string) --

          The verification token to serve at the specified route path.

        • routePath (string) --

          The HTTP route path where the verification token must be served.

    • createdAt (datetime) --

      The date and time the target domain was created, in UTC format.

    • verifiedAt (datetime) --

      The date and time the target domain was verified, in UTC format.

UpdateTargetDomain (updated) Link ¶
Changes (request, response)
Request 
{'verificationMethod': {'PRIVATE_VPC'}}
Response 
{'verificationDetails': {'method': {'PRIVATE_VPC'}},
 'verificationStatusReason': 'string'}

Updates the verification method for a target domain.

See also: AWS API Documentation

Request Syntax

client.update_target_domain(
    targetDomainId='string',
    verificationMethod='DNS_TXT'|'HTTP_ROUTE'|'PRIVATE_VPC'
)
type targetDomainId:

string

param targetDomainId:

[REQUIRED]

The unique identifier of the target domain to update.

type verificationMethod:

string

param verificationMethod:

[REQUIRED]

The updated verification method for the target domain.

rtype:

dict

returns:

Response Syntax

{
    'targetDomainId': 'string',
    'domainName': 'string',
    'verificationStatus': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE',
    'verificationStatusReason': 'string',
    'verificationDetails': {
        'method': 'DNS_TXT'|'HTTP_ROUTE'|'PRIVATE_VPC',
        'dnsTxt': {
            'token': 'string',
            'dnsRecordName': 'string',
            'dnsRecordType': 'TXT'
        },
        'httpRoute': {
            'token': 'string',
            'routePath': 'string'
        }
    },
    'createdAt': datetime(2015, 1, 1),
    'verifiedAt': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    Output for the UpdateTargetDomain operation.

    • targetDomainId (string) --

      The unique identifier of the target domain.

    • domainName (string) --

      The domain name of the target domain.

    • verificationStatus (string) --

      The current verification status of the target domain.

    • verificationStatusReason (string) --

      The reason for the current target domain verification status.

    • verificationDetails (dict) --

      The updated verification details for the target domain.

      • method (string) --

        The verification method used for the target domain.

      • dnsTxt (dict) --

        The DNS TXT verification details.

        • token (string) --

          The verification token to include in the DNS record value.

        • dnsRecordName (string) --

          The name of the DNS record to create for verification.

        • dnsRecordType (string) --

          The type of DNS record to create. Currently, only TXT is supported.

      • httpRoute (dict) --

        The HTTP route verification details.

        • token (string) --

          The verification token to serve at the specified route path.

        • routePath (string) --

          The HTTP route path where the verification token must be served.

    • createdAt (datetime) --

      The date and time the target domain was created, in UTC format.

    • verifiedAt (datetime) --

      The date and time the target domain was verified, in UTC format.

VerifyTargetDomain (updated) Link ¶
Changes (response) 
{'verificationStatusReason': 'string'}

Initiates verification of a target domain. This checks whether the domain ownership verification token has been properly configured.

See also: AWS API Documentation

Request Syntax

client.verify_target_domain(
    targetDomainId='string'
)
type targetDomainId:

string

param targetDomainId:

[REQUIRED]

The unique identifier of the target domain to verify.

rtype:

dict

returns:

Response Syntax

{
    'targetDomainId': 'string',
    'domainName': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'verifiedAt': datetime(2015, 1, 1),
    'status': 'PENDING'|'VERIFIED'|'FAILED'|'UNREACHABLE',
    'verificationStatusReason': 'string'
}

Response Structure

  • (dict) --

    Output for verifying ownership for a registered target domain in an agent space.

    • targetDomainId (string) --

      The unique identifier of the target domain.

    • domainName (string) --

      The domain name of the target domain.

    • createdAt (datetime) --

      The date and time the target domain was created, in UTC format.

    • updatedAt (datetime) --

      The date and time the target domain was last updated, in UTC format.

    • verifiedAt (datetime) --

      The date and time the target domain was verified, in UTC format.

    • status (string) --

      The verification status of the target domain.

    • verificationStatusReason (string) --

      The reason for the current target domain verification status.