This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::SecurityAgent::Pentest
<a name="aws-resource-securityagent-pentest"></a>

The `AWS::SecurityAgent::Pentest` resource specifies a penetration test within an agent space. A pentest defines the scope, assets, and configuration for automated security testing.

## Syntax
<a name="aws-resource-securityagent-pentest-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-resource-securityagent-pentest-syntax.json"></a>

```
{
  "Type" : "AWS::SecurityAgent::Pentest",
  "Properties" : {
      "[AgentSpaceId](#cfn-securityagent-pentest-agentspaceid)" : String,
      "[Assets](#cfn-securityagent-pentest-assets)" : Assets,
      "[CodeRemediationStrategy](#cfn-securityagent-pentest-coderemediationstrategy)" : String,
      "[ExcludeRiskTypes](#cfn-securityagent-pentest-excluderisktypes)" : [ String, ... ],
      "[LogConfig](#cfn-securityagent-pentest-logconfig)" : CloudWatchLog,
      "[NetworkTrafficConfig](#cfn-securityagent-pentest-networktrafficconfig)" : NetworkTrafficConfig,
      "[ServiceRole](#cfn-securityagent-pentest-servicerole)" : String,
      "[Title](#cfn-securityagent-pentest-title)" : String,
      "[VpcConfig](#cfn-securityagent-pentest-vpcconfig)" : VpcConfig
    }
}
```

### YAML
<a name="aws-resource-securityagent-pentest-syntax.yaml"></a>

```
Type: AWS::SecurityAgent::Pentest
Properties:
  [AgentSpaceId](#cfn-securityagent-pentest-agentspaceid): String
  [Assets](#cfn-securityagent-pentest-assets): 
    Assets
  [CodeRemediationStrategy](#cfn-securityagent-pentest-coderemediationstrategy): String
  [ExcludeRiskTypes](#cfn-securityagent-pentest-excluderisktypes): 
    - String
  [LogConfig](#cfn-securityagent-pentest-logconfig): 
    CloudWatchLog
  [NetworkTrafficConfig](#cfn-securityagent-pentest-networktrafficconfig): 
    NetworkTrafficConfig
  [ServiceRole](#cfn-securityagent-pentest-servicerole): String
  [Title](#cfn-securityagent-pentest-title): String
  [VpcConfig](#cfn-securityagent-pentest-vpcconfig): 
    VpcConfig
```

## Properties
<a name="aws-resource-securityagent-pentest-properties"></a>

`AgentSpaceId`  <a name="cfn-securityagent-pentest-agentspaceid"></a>
The unique identifier of the agent space to create the pentest in.  
*Required*: Yes  
*Type*: String  
*Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

`Assets`  <a name="cfn-securityagent-pentest-assets"></a>
The assets to include in the pentest, such as endpoints, actors, documents, and source code.  
*Required*: Yes  
*Type*: [Assets](aws-properties-securityagent-pentest-assets.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`CodeRemediationStrategy`  <a name="cfn-securityagent-pentest-coderemediationstrategy"></a>
The code remediation strategy for the pentest. Valid values are AUTOMATIC and DISABLED.  
*Required*: No  
*Type*: String  
*Allowed values*: `AUTOMATIC | DISABLED`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ExcludeRiskTypes`  <a name="cfn-securityagent-pentest-excluderisktypes"></a>
The list of risk types to exclude from the pentest.  
*Required*: No  
*Type*: Array of String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`LogConfig`  <a name="cfn-securityagent-pentest-logconfig"></a>
The CloudWatch Logs configuration for the pentest.  
*Required*: No  
*Type*: [CloudWatchLog](aws-properties-securityagent-pentest-cloudwatchlog.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`NetworkTrafficConfig`  <a name="cfn-securityagent-pentest-networktrafficconfig"></a>
The network traffic configuration for the pentest, including custom headers and traffic rules.  
*Required*: No  
*Type*: [NetworkTrafficConfig](aws-properties-securityagent-pentest-networktrafficconfig.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ServiceRole`  <a name="cfn-securityagent-pentest-servicerole"></a>
The IAM service role to use for the pentest.  
*Required*: Yes  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Title`  <a name="cfn-securityagent-pentest-title"></a>
The title of the pentest.  
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`VpcConfig`  <a name="cfn-securityagent-pentest-vpcconfig"></a>
The VPC configuration for the pentest.  
*Required*: No  
*Type*: [VpcConfig](aws-properties-securityagent-pentest-vpcconfig.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

## Return values
<a name="aws-resource-securityagent-pentest-return-values"></a>

### Ref
<a name="aws-resource-securityagent-pentest-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns a pipe-delimited combination of the pentest ID and agent space ID. For example:

 `{ "Ref": "MyPentest" }` 

For the pentest `MyPentest`, `Ref` returns a value in the format `pt-0123456789abcdef0|as-0123456789abcdef0`, where the first value is the pentest ID and the second is the agent space ID.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html).

### Fn::GetAtt
<a name="aws-resource-securityagent-pentest-return-values-fn--getatt"></a>

The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html).

#### 
<a name="aws-resource-securityagent-pentest-return-values-fn--getatt-fn--getatt"></a>

`CreatedAt`  <a name="CreatedAt-fn::getatt"></a>
The date and time when the penetration test was created, in ISO 8601 format. For example: `2024-01-01T00:00:00Z`.

`PentestId`  <a name="PentestId-fn::getatt"></a>
The unique identifier of the penetration test. For example: `pt-0123456789abcdef0`.

`UpdatedAt`  <a name="UpdatedAt-fn::getatt"></a>
The date and time when the penetration test was last updated, in ISO 8601 format. For example: `2024-01-01T00:00:00Z`.