A newer version of the Gradio SDK is available: 6.20.0
AWS DevOps Agent Security
Multi-layered security
AWS DevOps Agent implements security at multiple layers with internal access controls limiting scope of actions.
Agent Spaces
Primary security boundary. Each Agent Space operates independently with its own configurations, permissions, and data isolation.
Regional processing and data flow
- Data stored in Agent Space region
- Inference processed within geography (EU in EU, US in US, Australia in Australia, Japan in Japan)
- Cross-region inference for Singapore, Mumbai, Sao Paulo routes globally
Identity and access management
- IAM Identity Center (OAuth 2.0, sessions up to 12 hours)
- External IdP (Okta, Microsoft Entra ID)
- IAM authentication link (10-minute sessions)
Data protection
- Encryption at rest with AWS-managed or customer-managed KMS keys
- Encryption in transit for all data
- PII not filtered - recommended to redact before storing in logs
Agent journal and audit logging
- Logs every reasoning step and action
- Immutable once recorded
- CloudTrail integration for all API calls
Prompt injection protection
- Limited write capabilities (only tickets/support cases)
- Account boundary enforcement
- AI safety protections (ASL-3)
- Immutable audit trail
Integration security
- Native bidirectional integrations
- MCP servers (OAuth 2.0, API keys)
- Webhook triggers (HMAC)
- Outbound communication (Slack, ticketing)
Shared responsibility model
AWS: Security of retrieved data, native tools, infrastructure Customer: User access management, trusted data sources, MCP server security, IAM role scoping, PII redaction
Data usage
AWS does not use agent data to train models or improve the product.