| # AWS DevOps Agent Security |
|
|
| ## Multi-layered security |
| AWS DevOps Agent implements security at multiple layers with internal access controls limiting scope of actions. |
|
|
| ## Agent Spaces |
| Primary security boundary. Each Agent Space operates independently with its own configurations, permissions, and data isolation. |
|
|
| ## Regional processing and data flow |
| + Data stored in Agent Space region |
| + Inference processed within geography (EU in EU, US in US, Australia in Australia, Japan in Japan) |
| + Cross-region inference for Singapore, Mumbai, Sao Paulo routes globally |
|
|
| ## Identity and access management |
| + IAM Identity Center (OAuth 2.0, sessions up to 12 hours) |
| + External IdP (Okta, Microsoft Entra ID) |
| + IAM authentication link (10-minute sessions) |
|
|
| ## Data protection |
| + Encryption at rest with AWS-managed or customer-managed KMS keys |
| + Encryption in transit for all data |
| + PII not filtered - recommended to redact before storing in logs |
|
|
| ## Agent journal and audit logging |
| + Logs every reasoning step and action |
| + Immutable once recorded |
| + CloudTrail integration for all API calls |
|
|
| ## Prompt injection protection |
| + Limited write capabilities (only tickets/support cases) |
| + Account boundary enforcement |
| + AI safety protections (ASL-3) |
| + Immutable audit trail |
|
|
| ## Integration security |
| + Native bidirectional integrations |
| + MCP servers (OAuth 2.0, API keys) |
| + Webhook triggers (HMAC) |
| + Outbound communication (Slack, ticketing) |
|
|
| ## Shared responsibility model |
| **AWS:** Security of retrieved data, native tools, infrastructure |
| **Customer:** User access management, trusted data sources, MCP server security, IAM role scoping, PII redaction |
|
|
| ## Data usage |
| AWS does not use agent data to train models or improve the product. |
|
|