tech-advisor / training /data /raw /aws-devops-agent-security.md
aslanconfig's picture
Initial commit: Tech Advisor fine-tuned on AWS DevOps Agent docs
975da6d
|
Raw
History Blame Contribute Delete
1.72 kB

A newer version of the Gradio SDK is available: 6.20.0

Upgrade

AWS DevOps Agent Security

Multi-layered security

AWS DevOps Agent implements security at multiple layers with internal access controls limiting scope of actions.

Agent Spaces

Primary security boundary. Each Agent Space operates independently with its own configurations, permissions, and data isolation.

Regional processing and data flow

  • Data stored in Agent Space region
  • Inference processed within geography (EU in EU, US in US, Australia in Australia, Japan in Japan)
  • Cross-region inference for Singapore, Mumbai, Sao Paulo routes globally

Identity and access management

  • IAM Identity Center (OAuth 2.0, sessions up to 12 hours)
  • External IdP (Okta, Microsoft Entra ID)
  • IAM authentication link (10-minute sessions)

Data protection

  • Encryption at rest with AWS-managed or customer-managed KMS keys
  • Encryption in transit for all data
  • PII not filtered - recommended to redact before storing in logs

Agent journal and audit logging

  • Logs every reasoning step and action
  • Immutable once recorded
  • CloudTrail integration for all API calls

Prompt injection protection

  • Limited write capabilities (only tickets/support cases)
  • Account boundary enforcement
  • AI safety protections (ASL-3)
  • Immutable audit trail

Integration security

  • Native bidirectional integrations
  • MCP servers (OAuth 2.0, API keys)
  • Webhook triggers (HMAC)
  • Outbound communication (Slack, ticketing)

Shared responsibility model

AWS: Security of retrieved data, native tools, infrastructure Customer: User access management, trusted data sources, MCP server security, IAM role scoping, PII redaction

Data usage

AWS does not use agent data to train models or improve the product.