SDK for PHP V3
AWS Security Agent 2025-09-06
- Client: Aws\SecurityAgent\SecurityAgentClient
- Service ID: securityagent
- Version: 2025-09-06
This page describes the parameters and results for the operations of the AWS Security Agent (2025-09-06), and shows how to use the Aws\SecurityAgent\SecurityAgentClient object to call the described operations. This documentation is specific to the 2025-09-06 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AddArtifact ( array $params = [] )
- Uploads an artifact to an agent space.
- BatchDeletePentests ( array $params = [] )
- Deletes one or more pentests from an agent space.
- BatchGetAgentSpaces ( array $params = [] )
- Retrieves information about one or more agent spaces.
- BatchGetArtifactMetadata ( array $params = [] )
- Retrieves metadata for one or more artifacts in an agent space.
- BatchGetFindings ( array $params = [] )
- Retrieves information about one or more security findings in an agent space.
- BatchGetPentestJobTasks ( array $params = [] )
- Retrieves information about one or more tasks within a pentest job.
- BatchGetPentestJobs ( array $params = [] )
- Retrieves information about one or more pentest jobs in an agent space.
- BatchGetPentests ( array $params = [] )
- Retrieves information about one or more pentests in an agent space.
- BatchGetTargetDomains ( array $params = [] )
- Retrieves information about one or more target domains.
- CreateAgentSpace ( array $params = [] )
- Creates a new agent space.
- CreateApplication ( array $params = [] )
- Creates a new application.
- CreateIntegration ( array $params = [] )
- Creates a new integration with a third-party provider, such as GitHub, for code review and remediation.
- CreateMembership ( array $params = [] )
- Creates a new membership, granting a user access to an agent space within an application.
- CreatePentest ( array $params = [] )
- Creates a new pentest configuration in an agent space.
- CreateTargetDomain ( array $params = [] )
- Creates a new target domain for penetration testing.
- DeleteAgentSpace ( array $params = [] )
- Deletes an agent space and all of its associated resources, including pentests, findings, and artifacts.
- DeleteApplication ( array $params = [] )
- Deletes an application and its associated configuration, including IAM Identity Center settings.
- DeleteArtifact ( array $params = [] )
- Deletes an artifact from an agent space.
- DeleteIntegration ( array $params = [] )
- Deletes an integration with a third-party provider.
- DeleteMembership ( array $params = [] )
- Deletes a membership, revoking a user's access to an agent space.
- DeleteTargetDomain ( array $params = [] )
- Deletes a target domain registration.
- GetApplication ( array $params = [] )
- Retrieves information about an application.
- GetArtifact ( array $params = [] )
- Retrieves an artifact from an agent space.
- GetIntegration ( array $params = [] )
- Retrieves information about an integration.
- InitiateProviderRegistration ( array $params = [] )
- Initiates the OAuth registration flow with a third-party provider.
- ListAgentSpaces ( array $params = [] )
- Returns a paginated list of agent space summaries in your account.
- ListApplications ( array $params = [] )
- Returns a paginated list of application summaries in your account.
- ListArtifacts ( array $params = [] )
- Returns a paginated list of artifact summaries for the specified agent space.
- ListDiscoveredEndpoints ( array $params = [] )
- Returns a paginated list of endpoints discovered during a pentest job execution.
- ListFindings ( array $params = [] )
- Lists the security findings for a pentest job.
- ListIntegratedResources ( array $params = [] )
- Lists the integrated resources for an agent space, optionally filtered by integration or resource type.
- ListIntegrations ( array $params = [] )
- Lists the integrations in your account, optionally filtered by provider or provider type.
- ListMemberships ( array $params = [] )
- Returns a paginated list of membership summaries for the specified agent space within an application.
- ListPentestJobTasks ( array $params = [] )
- Returns a paginated list of task summaries for the specified pentest job, optionally filtered by step name or category.
- ListPentestJobsForPentest ( array $params = [] )
- Returns a paginated list of pentest job summaries for the specified pentest configuration.
- ListPentests ( array $params = [] )
- Returns a paginated list of pentest summaries for the specified agent space.
- ListTagsForResource ( array $params = [] )
- Returns the tags associated with the specified resource.
- ListTargetDomains ( array $params = [] )
- Returns a paginated list of target domain summaries in your account.
- StartCodeRemediation ( array $params = [] )
- Initiates code remediation for one or more security findings.
- StartPentestJob ( array $params = [] )
- Starts a new pentest job for a pentest configuration.
- StopPentestJob ( array $params = [] )
- Stops a running pentest job.
- TagResource ( array $params = [] )
- Adds tags to a resource.
- UntagResource ( array $params = [] )
- Removes tags from a resource.
- UpdateAgentSpace ( array $params = [] )
- Updates the configuration of an existing agent space, including its name, description, AWS resources, target domains, and code review settings.
- UpdateApplication ( array $params = [] )
- Updates the configuration of an existing application, including the IAM role and default KMS key.
- UpdateFinding ( array $params = [] )
- Updates the status or risk level of a security finding.
- UpdateIntegratedResources ( array $params = [] )
- Updates the integrated resources for an agent space, including their capabilities.
- UpdatePentest ( array $params = [] )
- Updates an existing pentest configuration.
- UpdateTargetDomain ( array $params = [] )
- Updates the verification method for a target domain.
- VerifyTargetDomain ( array $params = [] )
- Initiates verification of a target domain.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- ListAgentSpaces
- ListApplications
- ListArtifacts
- ListDiscoveredEndpoints
- ListFindings
- ListIntegratedResources
- ListIntegrations
- ListMemberships
- ListPentestJobTasks
- ListPentestJobsForPentest
- ListPentests
- ListTargetDomains
Operations
AddArtifact
$result = $client->addArtifact([/* ... */]); $promise = $client->addArtifactAsync([/* ... */]);
Uploads an artifact to an agent space. Artifacts provide additional context for security testing, such as architecture diagrams, API specifications, or configuration files.
Parameter Syntax
$result = $client->addArtifact([
'agentSpaceId' => '<string>', // REQUIRED
'artifactContent' => <string || resource || Psr\Http\Message\StreamInterface>, // REQUIRED
'artifactType' => 'TXT|PNG|JPEG|MD|PDF|DOCX|DOC|JSON|YAML', // REQUIRED
'fileName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to add the artifact to.
- artifactContent
-
- Required: Yes
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
The binary content of the artifact to upload.
- artifactType
-
- Required: Yes
- Type: string
The file type of the artifact. Valid values include TXT, PNG, JPEG, MD, PDF, DOCX, DOC, JSON, and YAML.
- fileName
-
- Required: Yes
- Type: string
The file name of the artifact.
Result Syntax
[
'artifactId' => '<string>',
]
Result Details
Members
- artifactId
-
- Required: Yes
- Type: string
The unique identifier assigned to the uploaded artifact.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
BatchDeletePentests
$result = $client->batchDeletePentests([/* ... */]); $promise = $client->batchDeletePentestsAsync([/* ... */]);
Deletes one or more pentests from an agent space.
Parameter Syntax
$result = $client->batchDeletePentests([
'agentSpaceId' => '<string>', // REQUIRED
'pentestIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the pentests to delete.
- pentestIds
-
- Required: Yes
- Type: Array of strings
The list of pentest identifiers to delete.
Result Syntax
[
'deleted' => [
[
'agentSpaceId' => '<string>',
'assets' => [
'actors' => [
[
'authentication' => [
'providerType' => 'SECRETS_MANAGER|AWS_LAMBDA|AWS_IAM_ROLE|AWS_INTERNAL',
'value' => '<string>',
],
'description' => '<string>',
'identifier' => '<string>',
'uris' => ['<string>', ...],
],
// ...
],
'documents' => [
[
'artifactId' => '<string>',
's3Location' => '<string>',
],
// ...
],
'endpoints' => [
[
'uri' => '<string>',
],
// ...
],
'integratedRepositories' => [
[
'integrationId' => '<string>',
'providerResourceId' => '<string>',
],
// ...
],
'sourceCode' => [
[
's3Location' => '<string>',
],
// ...
],
],
'codeRemediationStrategy' => 'AUTOMATIC|DISABLED',
'createdAt' => <DateTime>,
'excludeRiskTypes' => ['<string>', ...],
'logConfig' => [
'logGroup' => '<string>',
'logStream' => '<string>',
],
'networkTrafficConfig' => [
'customHeaders' => [
[
'name' => '<string>',
'value' => '<string>',
],
// ...
],
'rules' => [
[
'effect' => 'ALLOW|DENY',
'networkTrafficRuleType' => 'URL',
'pattern' => '<string>',
],
// ...
],
],
'pentestId' => '<string>',
'serviceRole' => '<string>',
'title' => '<string>',
'updatedAt' => <DateTime>,
'vpcConfig' => [
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
],
// ...
],
'failed' => [
[
'pentestId' => '<string>',
'reason' => '<string>',
],
// ...
],
]
Result Details
Members
- deleted
-
- Type: Array of Pentest structures
The list of pentests that were successfully deleted.
- failed
-
- Type: Array of DeletePentestFailure structures
The list of pentests that failed to delete, including the reason for each failure.
Errors
There are no errors described for this operation.
BatchGetAgentSpaces
$result = $client->batchGetAgentSpaces([/* ... */]); $promise = $client->batchGetAgentSpacesAsync([/* ... */]);
Retrieves information about one or more agent spaces.
Parameter Syntax
$result = $client->batchGetAgentSpaces([
'agentSpaceIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- agentSpaceIds
-
- Required: Yes
- Type: Array of strings
The list of agent space identifiers to retrieve.
Result Syntax
[
'agentSpaces' => [
[
'agentSpaceId' => '<string>',
'awsResources' => [
'iamRoles' => ['<string>', ...],
'lambdaFunctionArns' => ['<string>', ...],
'logGroups' => ['<string>', ...],
's3Buckets' => ['<string>', ...],
'secretArns' => ['<string>', ...],
'vpcs' => [
[
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
// ...
],
],
'codeReviewSettings' => [
'controlsScanning' => true || false,
'generalPurposeScanning' => true || false,
],
'createdAt' => <DateTime>,
'description' => '<string>',
'kmsKeyId' => '<string>',
'name' => '<string>',
'targetDomainIds' => ['<string>', ...],
'updatedAt' => <DateTime>,
],
// ...
],
'notFound' => ['<string>', ...],
]
Result Details
Members
- agentSpaces
-
- Type: Array of AgentSpace structures
The list of agent spaces that were found.
- notFound
-
- Type: Array of strings
The list of agent space identifiers that were not found.
Errors
There are no errors described for this operation.
BatchGetArtifactMetadata
$result = $client->batchGetArtifactMetadata([/* ... */]); $promise = $client->batchGetArtifactMetadataAsync([/* ... */]);
Retrieves metadata for one or more artifacts in an agent space.
Parameter Syntax
$result = $client->batchGetArtifactMetadata([
'agentSpaceId' => '<string>', // REQUIRED
'artifactIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the artifacts.
- artifactIds
-
- Required: Yes
- Type: Array of strings
The list of artifact identifiers to retrieve metadata for.
Result Syntax
[
'artifactMetadataList' => [
[
'agentSpaceId' => '<string>',
'artifactId' => '<string>',
'fileName' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- artifactMetadataList
-
- Required: Yes
- Type: Array of ArtifactMetadataItem structures
The list of artifact metadata items that were found.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
BatchGetFindings
$result = $client->batchGetFindings([/* ... */]); $promise = $client->batchGetFindingsAsync([/* ... */]);
Retrieves information about one or more security findings in an agent space.
Parameter Syntax
$result = $client->batchGetFindings([
'agentSpaceId' => '<string>', // REQUIRED
'findingIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the findings.
- findingIds
-
- Required: Yes
- Type: Array of strings
The list of finding identifiers to retrieve.
Result Syntax
[
'findings' => [
[
'agentSpaceId' => '<string>',
'attackScript' => '<string>',
'codeRemediationTask' => [
'status' => 'IN_PROGRESS|COMPLETED|FAILED',
'statusReason' => '<string>',
'taskDetails' => [
[
'codeDiffLink' => '<string>',
'pullRequestLink' => '<string>',
'repoName' => '<string>',
],
// ...
],
],
'confidence' => 'FALSE_POSITIVE|UNCONFIRMED|LOW|MEDIUM|HIGH',
'createdAt' => <DateTime>,
'description' => '<string>',
'findingId' => '<string>',
'lastUpdatedBy' => '<string>',
'name' => '<string>',
'pentestId' => '<string>',
'pentestJobId' => '<string>',
'reasoning' => '<string>',
'riskLevel' => 'UNKNOWN|INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
'riskScore' => '<string>',
'riskType' => '<string>',
'status' => 'ACTIVE|RESOLVED|ACCEPTED|FALSE_POSITIVE',
'taskId' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
'notFound' => ['<string>', ...],
]
Result Details
Members
- findings
-
- Type: Array of Finding structures
The list of findings that were found.
- notFound
-
- Type: Array of strings
The list of finding identifiers that were not found.
Errors
There are no errors described for this operation.
BatchGetPentestJobTasks
$result = $client->batchGetPentestJobTasks([/* ... */]); $promise = $client->batchGetPentestJobTasksAsync([/* ... */]);
Retrieves information about one or more tasks within a pentest job.
Parameter Syntax
$result = $client->batchGetPentestJobTasks([
'agentSpaceId' => '<string>', // REQUIRED
'taskIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the tasks.
- taskIds
-
- Required: Yes
- Type: Array of strings
The list of task identifiers to retrieve.
Result Syntax
[
'notFound' => ['<string>', ...],
'tasks' => [
[
'agentSpaceId' => '<string>',
'categories' => [
[
'isPrimary' => true || false,
'name' => '<string>',
],
// ...
],
'createdAt' => <DateTime>,
'description' => '<string>',
'executionStatus' => 'IN_PROGRESS|ABORTED|COMPLETED|INTERNAL_ERROR|FAILED',
'logsLocation' => [
'cloudWatchLog' => [
'logGroup' => '<string>',
'logStream' => '<string>',
],
'logType' => 'CLOUDWATCH',
],
'pentestId' => '<string>',
'pentestJobId' => '<string>',
'riskType' => 'CROSS_SITE_SCRIPTING|DEFAULT_CREDENTIALS|INSECURE_DIRECT_OBJECT_REFERENCE|PRIVILEGE_ESCALATION|SERVER_SIDE_TEMPLATE_INJECTION|COMMAND_INJECTION|CODE_INJECTION|SQL_INJECTION|ARBITRARY_FILE_UPLOAD|INSECURE_DESERIALIZATION|LOCAL_FILE_INCLUSION|INFORMATION_DISCLOSURE|PATH_TRAVERSAL|SERVER_SIDE_REQUEST_FORGERY|JSON_WEB_TOKEN_VULNERABILITIES|XML_EXTERNAL_ENTITY|FILE_DELETION|OTHER|GRAPHQL_VULNERABILITIES|BUSINESS_LOGIC_VULNERABILITIES|CRYPTOGRAPHIC_VULNERABILITIES|DENIAL_OF_SERVICE|FILE_ACCESS|FILE_CREATION|DATABASE_MODIFICATION|DATABASE_ACCESS|OUTBOUND_SERVICE_REQUEST|UNKNOWN',
'targetEndpoint' => [
'uri' => '<string>',
],
'taskId' => '<string>',
'title' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- notFound
-
- Type: Array of strings
The list of task identifiers that were not found.
- tasks
-
- Type: Array of Task structures
The list of tasks that were found.
Errors
There are no errors described for this operation.
BatchGetPentestJobs
$result = $client->batchGetPentestJobs([/* ... */]); $promise = $client->batchGetPentestJobsAsync([/* ... */]);
Retrieves information about one or more pentest jobs in an agent space.
Parameter Syntax
$result = $client->batchGetPentestJobs([
'agentSpaceId' => '<string>', // REQUIRED
'pentestJobIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the pentest jobs.
- pentestJobIds
-
- Required: Yes
- Type: Array of strings
The list of pentest job identifiers to retrieve.
Result Syntax
[
'notFound' => ['<string>', ...],
'pentestJobs' => [
[
'actors' => [
[
'authentication' => [
'providerType' => 'SECRETS_MANAGER|AWS_LAMBDA|AWS_IAM_ROLE|AWS_INTERNAL',
'value' => '<string>',
],
'description' => '<string>',
'identifier' => '<string>',
'uris' => ['<string>', ...],
],
// ...
],
'allowedDomains' => [
[
'uri' => '<string>',
],
// ...
],
'codeRemediationStrategy' => 'AUTOMATIC|DISABLED',
'createdAt' => <DateTime>,
'documents' => [
[
'artifactId' => '<string>',
's3Location' => '<string>',
],
// ...
],
'endpoints' => [
[
'uri' => '<string>',
],
// ...
],
'errorInformation' => [
'code' => 'CLIENT_ERROR|INTERNAL_ERROR|STOPPED_BY_USER',
'message' => '<string>',
],
'excludePaths' => [
[
'uri' => '<string>',
],
// ...
],
'excludeRiskTypes' => ['<string>', ...],
'executionContext' => [
[
'context' => '<string>',
'contextType' => 'ERROR|CLIENT_ERROR|WARNING|INFO',
'timestamp' => <DateTime>,
],
// ...
],
'integratedRepositories' => [
[
'integrationId' => '<string>',
'providerResourceId' => '<string>',
],
// ...
],
'logConfig' => [
'logGroup' => '<string>',
'logStream' => '<string>',
],
'networkTrafficConfig' => [
'customHeaders' => [
[
'name' => '<string>',
'value' => '<string>',
],
// ...
],
'rules' => [
[
'effect' => 'ALLOW|DENY',
'networkTrafficRuleType' => 'URL',
'pattern' => '<string>',
],
// ...
],
],
'overview' => '<string>',
'pentestId' => '<string>',
'pentestJobId' => '<string>',
'serviceRole' => '<string>',
'sourceCode' => [
[
's3Location' => '<string>',
],
// ...
],
'status' => 'IN_PROGRESS|STOPPING|STOPPED|FAILED|COMPLETED',
'steps' => [
[
'createdAt' => <DateTime>,
'name' => 'PREFLIGHT|STATIC_ANALYSIS|PENTEST|FINALIZING',
'status' => 'NOT_STARTED|IN_PROGRESS|COMPLETED|FAILED|STOPPED',
'updatedAt' => <DateTime>,
],
// ...
],
'title' => '<string>',
'updatedAt' => <DateTime>,
'vpcConfig' => [
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
],
// ...
],
]
Result Details
Members
- notFound
-
- Type: Array of strings
The list of pentest job identifiers that were not found.
- pentestJobs
-
- Type: Array of PentestJob structures
The list of pentest jobs that were found.
Errors
There are no errors described for this operation.
BatchGetPentests
$result = $client->batchGetPentests([/* ... */]); $promise = $client->batchGetPentestsAsync([/* ... */]);
Retrieves information about one or more pentests in an agent space.
Parameter Syntax
$result = $client->batchGetPentests([
'agentSpaceId' => '<string>', // REQUIRED
'pentestIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the pentests.
- pentestIds
-
- Required: Yes
- Type: Array of strings
The list of pentest identifiers to retrieve.
Result Syntax
[
'notFound' => ['<string>', ...],
'pentests' => [
[
'agentSpaceId' => '<string>',
'assets' => [
'actors' => [
[
'authentication' => [
'providerType' => 'SECRETS_MANAGER|AWS_LAMBDA|AWS_IAM_ROLE|AWS_INTERNAL',
'value' => '<string>',
],
'description' => '<string>',
'identifier' => '<string>',
'uris' => ['<string>', ...],
],
// ...
],
'documents' => [
[
'artifactId' => '<string>',
's3Location' => '<string>',
],
// ...
],
'endpoints' => [
[
'uri' => '<string>',
],
// ...
],
'integratedRepositories' => [
[
'integrationId' => '<string>',
'providerResourceId' => '<string>',
],
// ...
],
'sourceCode' => [
[
's3Location' => '<string>',
],
// ...
],
],
'codeRemediationStrategy' => 'AUTOMATIC|DISABLED',
'createdAt' => <DateTime>,
'excludeRiskTypes' => ['<string>', ...],
'logConfig' => [
'logGroup' => '<string>',
'logStream' => '<string>',
],
'networkTrafficConfig' => [
'customHeaders' => [
[
'name' => '<string>',
'value' => '<string>',
],
// ...
],
'rules' => [
[
'effect' => 'ALLOW|DENY',
'networkTrafficRuleType' => 'URL',
'pattern' => '<string>',
],
// ...
],
],
'pentestId' => '<string>',
'serviceRole' => '<string>',
'title' => '<string>',
'updatedAt' => <DateTime>,
'vpcConfig' => [
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
],
// ...
],
]
Result Details
Members
- notFound
-
- Type: Array of strings
The list of pentest identifiers that were not found.
- pentests
-
- Type: Array of Pentest structures
The list of pentests that were found.
Errors
There are no errors described for this operation.
BatchGetTargetDomains
$result = $client->batchGetTargetDomains([/* ... */]); $promise = $client->batchGetTargetDomainsAsync([/* ... */]);
Retrieves information about one or more target domains.
Parameter Syntax
$result = $client->batchGetTargetDomains([
'targetDomainIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- targetDomainIds
-
- Required: Yes
- Type: Array of strings
The list of target domain identifiers to retrieve.
Result Syntax
[
'notFound' => ['<string>', ...],
'targetDomains' => [
[
'createdAt' => <DateTime>,
'domainName' => '<string>',
'targetDomainId' => '<string>',
'verificationDetails' => [
'dnsTxt' => [
'dnsRecordName' => '<string>',
'dnsRecordType' => 'TXT',
'token' => '<string>',
],
'httpRoute' => [
'routePath' => '<string>',
'token' => '<string>',
],
'method' => 'DNS_TXT|HTTP_ROUTE|PRIVATE_VPC',
],
'verificationStatus' => 'PENDING|VERIFIED|FAILED|UNREACHABLE',
'verificationStatusReason' => '<string>',
'verifiedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- notFound
-
- Type: Array of strings
The list of target domain identifiers that were not found.
- targetDomains
-
- Type: Array of TargetDomain structures
The list of target domains that were found.
Errors
There are no errors described for this operation.
CreateAgentSpace
$result = $client->createAgentSpace([/* ... */]); $promise = $client->createAgentSpaceAsync([/* ... */]);
Creates a new agent space. An agent space is a dedicated workspace for securing a specific application.
Parameter Syntax
$result = $client->createAgentSpace([
'awsResources' => [
'iamRoles' => ['<string>', ...],
'lambdaFunctionArns' => ['<string>', ...],
'logGroups' => ['<string>', ...],
's3Buckets' => ['<string>', ...],
'secretArns' => ['<string>', ...],
'vpcs' => [
[
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
// ...
],
],
'codeReviewSettings' => [
'controlsScanning' => true || false, // REQUIRED
'generalPurposeScanning' => true || false, // REQUIRED
],
'description' => '<string>',
'kmsKeyId' => '<string>',
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
'targetDomainIds' => ['<string>', ...],
]);
Parameter Details
Members
- awsResources
-
- Type: AWSResources structure
The AWS resources to associate with the agent space.
- codeReviewSettings
-
- Type: CodeReviewSettings structure
The code review settings for the agent space.
- description
-
- Type: string
A description of the agent space.
- kmsKeyId
-
- Type: string
The identifier of the AWS KMS key to use for encrypting data in the agent space.
- name
-
- Required: Yes
- Type: string
The name of the agent space.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to associate with the agent space.
- targetDomainIds
-
- Type: Array of strings
The list of target domain identifiers to associate with the agent space.
Result Syntax
[
'agentSpaceId' => '<string>',
'awsResources' => [
'iamRoles' => ['<string>', ...],
'lambdaFunctionArns' => ['<string>', ...],
'logGroups' => ['<string>', ...],
's3Buckets' => ['<string>', ...],
'secretArns' => ['<string>', ...],
'vpcs' => [
[
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
// ...
],
],
'codeReviewSettings' => [
'controlsScanning' => true || false,
'generalPurposeScanning' => true || false,
],
'createdAt' => <DateTime>,
'description' => '<string>',
'kmsKeyId' => '<string>',
'name' => '<string>',
'targetDomainIds' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the created agent space.
- awsResources
-
- Type: AWSResources structure
The AWS resources associated with the agent space.
- codeReviewSettings
-
- Type: CodeReviewSettings structure
The code review settings for the agent space.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the agent space was created, in UTC format.
- description
-
- Type: string
The description of the agent space.
- kmsKeyId
-
- Type: string
The identifier of the AWS KMS key used to encrypt data in the agent space.
- name
-
- Required: Yes
- Type: string
The name of the agent space.
- targetDomainIds
-
- Type: Array of strings
The list of target domain identifiers associated with the agent space.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the agent space was last updated, in UTC format.
Errors
There are no errors described for this operation.
CreateApplication
$result = $client->createApplication([/* ... */]); $promise = $client->createApplicationAsync([/* ... */]);
Creates a new application. An application is the top-level organizational unit that supports IAM Identity Center integration.
Parameter Syntax
$result = $client->createApplication([
'defaultKmsKeyId' => '<string>',
'idcInstanceArn' => '<string>',
'roleArn' => '<string>',
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- defaultKmsKeyId
-
- Type: string
The identifier of the default AWS KMS key to use for encrypting data in the application.
- idcInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM Identity Center instance to associate with the application.
- roleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role to associate with the application.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to associate with the application.
Result Syntax
[
'applicationId' => '<string>',
]
Result Details
Members
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the created application.
Errors
There are no errors described for this operation.
CreateIntegration
$result = $client->createIntegration([/* ... */]); $promise = $client->createIntegrationAsync([/* ... */]);
Creates a new integration with a third-party provider, such as GitHub, for code review and remediation.
Parameter Syntax
$result = $client->createIntegration([
'input' => [ // REQUIRED
'github' => [
'code' => '<string>', // REQUIRED
'organizationName' => '<string>',
'state' => '<string>', // REQUIRED
],
],
'integrationDisplayName' => '<string>', // REQUIRED
'kmsKeyId' => '<string>',
'provider' => 'GITHUB', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- input
-
- Required: Yes
- Type: ProviderInput structure
The provider-specific input required to create the integration.
- integrationDisplayName
-
- Required: Yes
- Type: string
The display name for the integration.
- kmsKeyId
-
- Type: string
The identifier of the AWS KMS key to use for encrypting data associated with the integration.
- provider
-
- Required: Yes
- Type: string
The integration provider. Currently, only GITHUB is supported.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to associate with the integration.
Result Syntax
[
'integrationId' => '<string>',
]
Result Details
Members
- integrationId
-
- Required: Yes
- Type: string
The unique identifier of the created integration.
Errors
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ConflictException:
The request could not be completed due to a conflict with the current state of the resource.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
CreateMembership
$result = $client->createMembership([/* ... */]); $promise = $client->createMembershipAsync([/* ... */]);
Creates a new membership, granting a user access to an agent space within an application.
Parameter Syntax
$result = $client->createMembership([
'agentSpaceId' => '<string>', // REQUIRED
'applicationId' => '<string>', // REQUIRED
'config' => [
'user' => [
'role' => 'MEMBER',
],
],
'memberType' => 'USER', // REQUIRED
'membershipId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to grant access to.
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application that contains the agent space.
- config
-
- Type: MembershipConfig structure
The configuration for the membership, such as the user role.
- memberType
-
- Required: Yes
- Type: string
The type of member. Currently, only USER is supported.
- membershipId
-
- Required: Yes
- Type: string
The unique identifier for the membership.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
CreatePentest
$result = $client->createPentest([/* ... */]); $promise = $client->createPentestAsync([/* ... */]);
Creates a new pentest configuration in an agent space. A pentest defines the security test parameters, including target assets, risk type exclusions, and logging configuration.
Parameter Syntax
$result = $client->createPentest([
'agentSpaceId' => '<string>', // REQUIRED
'assets' => [
'actors' => [
[
'authentication' => [
'providerType' => 'SECRETS_MANAGER|AWS_LAMBDA|AWS_IAM_ROLE|AWS_INTERNAL',
'value' => '<string>',
],
'description' => '<string>',
'identifier' => '<string>',
'uris' => ['<string>', ...],
],
// ...
],
'documents' => [
[
'artifactId' => '<string>',
's3Location' => '<string>',
],
// ...
],
'endpoints' => [
[
'uri' => '<string>',
],
// ...
],
'integratedRepositories' => [
[
'integrationId' => '<string>', // REQUIRED
'providerResourceId' => '<string>', // REQUIRED
],
// ...
],
'sourceCode' => [
[
's3Location' => '<string>',
],
// ...
],
],
'codeRemediationStrategy' => 'AUTOMATIC|DISABLED',
'excludeRiskTypes' => ['<string>', ...],
'logConfig' => [
'logGroup' => '<string>',
'logStream' => '<string>',
],
'networkTrafficConfig' => [
'customHeaders' => [
[
'name' => '<string>',
'value' => '<string>',
],
// ...
],
'rules' => [
[
'effect' => 'ALLOW|DENY',
'networkTrafficRuleType' => 'URL',
'pattern' => '<string>',
],
// ...
],
],
'serviceRole' => '<string>',
'title' => '<string>', // REQUIRED
'vpcConfig' => [
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to create the pentest in.
- assets
-
- Type: Assets structure
The assets to include in the pentest, such as endpoints, actors, documents, and source code.
- codeRemediationStrategy
-
- Type: string
The code remediation strategy for the pentest. Valid values are AUTOMATIC and DISABLED.
- excludeRiskTypes
-
- Type: Array of strings
The list of risk types to exclude from the pentest.
- logConfig
-
- Type: CloudWatchLog structure
The CloudWatch Logs configuration for the pentest.
- networkTrafficConfig
-
- Type: NetworkTrafficConfig structure
The network traffic configuration for the pentest, including custom headers and traffic rules.
- serviceRole
-
- Type: string
The IAM service role to use for the pentest.
- title
-
- Required: Yes
- Type: string
The title of the pentest.
- vpcConfig
-
- Type: VpcConfig structure
The VPC configuration for the pentest.
Result Syntax
[
'agentSpaceId' => '<string>',
'assets' => [
'actors' => [
[
'authentication' => [
'providerType' => 'SECRETS_MANAGER|AWS_LAMBDA|AWS_IAM_ROLE|AWS_INTERNAL',
'value' => '<string>',
],
'description' => '<string>',
'identifier' => '<string>',
'uris' => ['<string>', ...],
],
// ...
],
'documents' => [
[
'artifactId' => '<string>',
's3Location' => '<string>',
],
// ...
],
'endpoints' => [
[
'uri' => '<string>',
],
// ...
],
'integratedRepositories' => [
[
'integrationId' => '<string>',
'providerResourceId' => '<string>',
],
// ...
],
'sourceCode' => [
[
's3Location' => '<string>',
],
// ...
],
],
'createdAt' => <DateTime>,
'excludeRiskTypes' => ['<string>', ...],
'logConfig' => [
'logGroup' => '<string>',
'logStream' => '<string>',
],
'pentestId' => '<string>',
'serviceRole' => '<string>',
'title' => '<string>',
'updatedAt' => <DateTime>,
]
Result Details
Members
- agentSpaceId
-
- Type: string
The unique identifier of the agent space that contains the pentest.
- assets
-
- Type: Assets structure
The assets included in the pentest.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest was created, in UTC format.
- excludeRiskTypes
-
- Type: Array of strings
The list of risk types excluded from the pentest.
- logConfig
-
- Type: CloudWatchLog structure
The CloudWatch Logs configuration for the pentest.
- pentestId
-
- Type: string
The unique identifier of the created pentest.
- serviceRole
-
- Type: string
The IAM service role used for the pentest.
- title
-
- Type: string
The title of the pentest.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest was last updated, in UTC format.
Errors
There are no errors described for this operation.
CreateTargetDomain
$result = $client->createTargetDomain([/* ... */]); $promise = $client->createTargetDomainAsync([/* ... */]);
Creates a new target domain for penetration testing. A target domain is a web domain that must be registered and verified before it can be tested.
Parameter Syntax
$result = $client->createTargetDomain([
'tags' => ['<string>', ...],
'targetDomainName' => '<string>', // REQUIRED
'verificationMethod' => 'DNS_TXT|HTTP_ROUTE|PRIVATE_VPC', // REQUIRED
]);
Parameter Details
Members
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to associate with the target domain.
- targetDomainName
-
- Required: Yes
- Type: string
The domain name to register as a target domain.
- verificationMethod
-
- Required: Yes
- Type: string
The method to use for verifying domain ownership. Valid values are DNS_TXT, HTTP_ROUTE, and PRIVATE_VPC.
Result Syntax
[
'createdAt' => <DateTime>,
'domainName' => '<string>',
'targetDomainId' => '<string>',
'verificationDetails' => [
'dnsTxt' => [
'dnsRecordName' => '<string>',
'dnsRecordType' => 'TXT',
'token' => '<string>',
],
'httpRoute' => [
'routePath' => '<string>',
'token' => '<string>',
],
'method' => 'DNS_TXT|HTTP_ROUTE|PRIVATE_VPC',
],
'verificationStatus' => 'PENDING|VERIFIED|FAILED|UNREACHABLE',
'verificationStatusReason' => '<string>',
'verifiedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was created, in UTC format.
- domainName
-
- Required: Yes
- Type: string
The domain name of the target domain.
- targetDomainId
-
- Required: Yes
- Type: string
The unique identifier of the created target domain.
- verificationDetails
-
- Type: VerificationDetails structure
The verification details for the target domain, including the verification token and instructions.
- verificationStatus
-
- Required: Yes
- Type: string
The current verification status of the target domain.
- verificationStatusReason
-
- Type: string
The reason for the current target domain verification status.
- verifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was verified, in UTC format.
Errors
There are no errors described for this operation.
DeleteAgentSpace
$result = $client->deleteAgentSpace([/* ... */]); $promise = $client->deleteAgentSpaceAsync([/* ... */]);
Deletes an agent space and all of its associated resources, including pentests, findings, and artifacts.
Parameter Syntax
$result = $client->deleteAgentSpace([
'agentSpaceId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to delete.
Result Syntax
[
'agentSpaceId' => '<string>',
]
Result Details
Members
- agentSpaceId
-
- Type: string
The unique identifier of the deleted agent space.
Errors
There are no errors described for this operation.
DeleteApplication
$result = $client->deleteApplication([/* ... */]); $promise = $client->deleteApplicationAsync([/* ... */]);
Deletes an application and its associated configuration, including IAM Identity Center settings.
Parameter Syntax
$result = $client->deleteApplication([
'applicationId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application to delete.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteArtifact
$result = $client->deleteArtifact([/* ... */]); $promise = $client->deleteArtifactAsync([/* ... */]);
Deletes an artifact from an agent space.
Parameter Syntax
$result = $client->deleteArtifact([
'agentSpaceId' => '<string>', // REQUIRED
'artifactId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the artifact.
- artifactId
-
- Required: Yes
- Type: string
The unique identifier of the artifact to delete.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
DeleteIntegration
$result = $client->deleteIntegration([/* ... */]); $promise = $client->deleteIntegrationAsync([/* ... */]);
Deletes an integration with a third-party provider.
Parameter Syntax
$result = $client->deleteIntegration([
'integrationId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- integrationId
-
- Required: Yes
- Type: string
The unique identifier of the integration to delete.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ConflictException:
The request could not be completed due to a conflict with the current state of the resource.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
DeleteMembership
$result = $client->deleteMembership([/* ... */]); $promise = $client->deleteMembershipAsync([/* ... */]);
Deletes a membership, revoking a user's access to an agent space.
Parameter Syntax
$result = $client->deleteMembership([
'agentSpaceId' => '<string>', // REQUIRED
'applicationId' => '<string>', // REQUIRED
'memberType' => 'USER',
'membershipId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to revoke access from.
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application that contains the agent space.
- memberType
-
- Type: string
The type of member to remove.
- membershipId
-
- Required: Yes
- Type: string
The unique identifier of the membership to delete.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteTargetDomain
$result = $client->deleteTargetDomain([/* ... */]); $promise = $client->deleteTargetDomainAsync([/* ... */]);
Deletes a target domain registration. After deletion, the domain can no longer be used for penetration testing.
Parameter Syntax
$result = $client->deleteTargetDomain([
'targetDomainId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- targetDomainId
-
- Required: Yes
- Type: string
The unique identifier of the target domain to delete.
Result Syntax
[
'targetDomainId' => '<string>',
]
Result Details
Members
- targetDomainId
-
- Type: string
The unique identifier of the deleted target domain.
Errors
There are no errors described for this operation.
GetApplication
$result = $client->getApplication([/* ... */]); $promise = $client->getApplicationAsync([/* ... */]);
Retrieves information about an application.
Parameter Syntax
$result = $client->getApplication([
'applicationId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application to retrieve.
Result Syntax
[
'applicationId' => '<string>',
'applicationName' => '<string>',
'defaultKmsKeyId' => '<string>',
'domain' => '<string>',
'idcConfiguration' => [
'idcApplicationArn' => '<string>',
'idcInstanceArn' => '<string>',
],
'roleArn' => '<string>',
]
Result Details
Members
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application.
- applicationName
-
- Type: string
The name of the application.
- defaultKmsKeyId
-
- Type: string
The identifier of the default AWS KMS key used to encrypt data for the application.
- domain
-
- Required: Yes
- Type: string
The domain associated with the application.
- idcConfiguration
-
- Type: IdCConfiguration structure
The IAM Identity Center configuration for the application.
- roleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role associated with the application.
Errors
There are no errors described for this operation.
GetArtifact
$result = $client->getArtifact([/* ... */]); $promise = $client->getArtifactAsync([/* ... */]);
Retrieves an artifact from an agent space.
Parameter Syntax
$result = $client->getArtifact([
'agentSpaceId' => '<string>', // REQUIRED
'artifactId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the artifact.
- artifactId
-
- Required: Yes
- Type: string
The unique identifier of the artifact to retrieve.
Result Syntax
[
'agentSpaceId' => '<string>',
'artifact' => [
'contents' => '<string>',
'type' => 'TXT|PNG|JPEG|MD|PDF|DOCX|DOC|JSON|YAML',
],
'artifactId' => '<string>',
'fileName' => '<string>',
'updatedAt' => <DateTime>,
]
Result Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the artifact.
- artifact
-
- Required: Yes
- Type: Artifact structure
The artifact content and type.
- artifactId
-
- Required: Yes
- Type: string
The unique identifier of the artifact.
- fileName
-
- Required: Yes
- Type: string
The file name of the artifact.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the artifact was last updated, in UTC format.
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
GetIntegration
$result = $client->getIntegration([/* ... */]); $promise = $client->getIntegrationAsync([/* ... */]);
Retrieves information about an integration.
Parameter Syntax
$result = $client->getIntegration([
'integrationId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- integrationId
-
- Required: Yes
- Type: string
The unique identifier of the integration to retrieve.
Result Syntax
[
'displayName' => '<string>',
'installationId' => '<string>',
'integrationId' => '<string>',
'kmsKeyId' => '<string>',
'provider' => 'GITHUB',
'providerType' => 'SOURCE_CODE|DOCUMENTATION',
]
Result Details
Members
- displayName
-
- Type: string
The display name of the integration.
- installationId
-
- Required: Yes
- Type: string
The installation identifier from the integration provider.
- integrationId
-
- Required: Yes
- Type: string
The unique identifier of the integration.
- kmsKeyId
-
- Type: string
The identifier of the AWS KMS key used to encrypt data associated with the integration.
- provider
-
- Required: Yes
- Type: string
The integration provider.
- providerType
-
- Required: Yes
- Type: string
The type of the integration provider.
Errors
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
InitiateProviderRegistration
$result = $client->initiateProviderRegistration([/* ... */]); $promise = $client->initiateProviderRegistrationAsync([/* ... */]);
Initiates the OAuth registration flow with a third-party provider. Returns a redirect URL and CSRF state token for completing the authorization.
Parameter Syntax
$result = $client->initiateProviderRegistration([
'provider' => 'GITHUB', // REQUIRED
]);
Parameter Details
Members
- provider
-
- Required: Yes
- Type: string
The provider to initiate registration with. Currently, only GITHUB is supported.
Result Syntax
[
'csrfState' => '<string>',
'redirectTo' => '<string>',
]
Result Details
Members
- csrfState
-
- Required: Yes
- Type: string
The CSRF state token to use when completing the OAuth flow.
- redirectTo
-
- Required: Yes
- Type: string
The URL to redirect the user to for completing the OAuth authorization.
Errors
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ConflictException:
The request could not be completed due to a conflict with the current state of the resource.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
ListAgentSpaces
$result = $client->listAgentSpaces([/* ... */]); $promise = $client->listAgentSpacesAsync([/* ... */]);
Returns a paginated list of agent space summaries in your account.
Parameter Syntax
$result = $client->listAgentSpaces([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Result Syntax
[
'agentSpaceSummaries' => [
[
'agentSpaceId' => '<string>',
'createdAt' => <DateTime>,
'name' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- agentSpaceSummaries
-
- Type: Array of AgentSpaceSummary structures
The list of agent space summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Errors
There are no errors described for this operation.
ListApplications
$result = $client->listApplications([/* ... */]); $promise = $client->listApplicationsAsync([/* ... */]);
Returns a paginated list of application summaries in your account.
Parameter Syntax
$result = $client->listApplications([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Result Syntax
[
'applicationSummaries' => [
[
'applicationId' => '<string>',
'applicationName' => '<string>',
'defaultKmsKeyId' => '<string>',
'domain' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- applicationSummaries
-
- Required: Yes
- Type: Array of ApplicationSummary structures
The list of application summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Errors
There are no errors described for this operation.
ListArtifacts
$result = $client->listArtifacts([/* ... */]); $promise = $client->listArtifactsAsync([/* ... */]);
Returns a paginated list of artifact summaries for the specified agent space.
Parameter Syntax
$result = $client->listArtifacts([
'agentSpaceId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to list artifacts for.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Result Syntax
[
'artifactSummaries' => [
[
'artifactId' => '<string>',
'artifactType' => 'TXT|PNG|JPEG|MD|PDF|DOCX|DOC|JSON|YAML',
'fileName' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- artifactSummaries
-
- Required: Yes
- Type: Array of ArtifactSummary structures
The list of artifact summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Errors
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
ListDiscoveredEndpoints
$result = $client->listDiscoveredEndpoints([/* ... */]); $promise = $client->listDiscoveredEndpointsAsync([/* ... */]);
Returns a paginated list of endpoints discovered during a pentest job execution.
Parameter Syntax
$result = $client->listDiscoveredEndpoints([
'agentSpaceId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
'pentestJobId' => '<string>', // REQUIRED
'prefix' => '<string>',
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- pentestJobId
-
- Required: Yes
- Type: string
The unique identifier of the pentest job to list discovered endpoints for.
- prefix
-
- Type: string
A prefix to filter discovered endpoints by URI.
Result Syntax
[
'discoveredEndpoints' => [
[
'agentSpaceId' => '<string>',
'description' => '<string>',
'evidence' => '<string>',
'operation' => '<string>',
'pentestJobId' => '<string>',
'taskId' => '<string>',
'uri' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- discoveredEndpoints
-
- Type: Array of DiscoveredEndpoint structures
The list of discovered endpoints.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Errors
There are no errors described for this operation.
ListFindings
$result = $client->listFindings([/* ... */]); $promise = $client->listFindingsAsync([/* ... */]);
Lists the security findings for a pentest job.
Parameter Syntax
$result = $client->listFindings([
'agentSpaceId' => '<string>', // REQUIRED
'confidence' => 'FALSE_POSITIVE|UNCONFIRMED|LOW|MEDIUM|HIGH',
'maxResults' => <integer>,
'name' => '<string>',
'nextToken' => '<string>',
'pentestJobId' => '<string>', // REQUIRED
'riskLevel' => 'UNKNOWN|INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
'riskType' => '<string>',
'status' => 'ACTIVE|RESOLVED|ACCEPTED|FALSE_POSITIVE',
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- confidence
-
- Type: string
Filter findings by confidence level.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- name
-
- Type: string
Filter findings by name.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- pentestJobId
-
- Required: Yes
- Type: string
The unique identifier of the pentest job to list findings for.
- riskLevel
-
- Type: string
Filter findings by risk level.
- riskType
-
- Type: string
Filter findings by risk type.
- status
-
- Type: string
Filter findings by status.
Result Syntax
[
'findingsSummaries' => [
[
'agentSpaceId' => '<string>',
'confidence' => 'FALSE_POSITIVE|UNCONFIRMED|LOW|MEDIUM|HIGH',
'createdAt' => <DateTime>,
'findingId' => '<string>',
'name' => '<string>',
'pentestId' => '<string>',
'pentestJobId' => '<string>',
'riskLevel' => 'UNKNOWN|INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
'riskType' => '<string>',
'status' => 'ACTIVE|RESOLVED|ACCEPTED|FALSE_POSITIVE',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- findingsSummaries
-
- Type: Array of FindingSummary structures
The list of finding summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Errors
There are no errors described for this operation.
ListIntegratedResources
$result = $client->listIntegratedResources([/* ... */]); $promise = $client->listIntegratedResourcesAsync([/* ... */]);
Lists the integrated resources for an agent space, optionally filtered by integration or resource type.
Parameter Syntax
$result = $client->listIntegratedResources([
'agentSpaceId' => '<string>', // REQUIRED
'integrationId' => '<string>',
'maxResults' => <integer>,
'nextToken' => '<string>',
'resourceType' => 'CODE_REPOSITORY',
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to list integrated resources for.
- integrationId
-
- Type: string
The unique identifier of the integration to filter by.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- resourceType
-
- Type: string
The type of resource to filter by.
Result Syntax
[
'integratedResourceSummaries' => [
[
'capabilities' => [
'github' => [
'leaveComments' => true || false,
'remediateCode' => true || false,
],
],
'integrationId' => '<string>',
'resource' => [
'githubRepository' => [
'accessType' => 'PRIVATE|PUBLIC',
'name' => '<string>',
'owner' => '<string>',
'providerResourceId' => '<string>',
],
],
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- integratedResourceSummaries
-
- Required: Yes
- Type: Array of IntegratedResourceSummary structures
The list of integrated resource summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Errors
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
ListIntegrations
$result = $client->listIntegrations([/* ... */]); $promise = $client->listIntegrationsAsync([/* ... */]);
Lists the integrations in your account, optionally filtered by provider or provider type.
Parameter Syntax
$result = $client->listIntegrations([
'filter' => [
'provider' => 'GITHUB',
'providerType' => 'SOURCE_CODE|DOCUMENTATION',
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- filter
-
- Type: IntegrationFilter structure
A filter to apply to the list of integrations.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Result Syntax
[
'integrationSummaries' => [
[
'displayName' => '<string>',
'installationId' => '<string>',
'integrationId' => '<string>',
'provider' => 'GITHUB',
'providerType' => 'SOURCE_CODE|DOCUMENTATION',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- integrationSummaries
-
- Required: Yes
- Type: Array of IntegrationSummary structures
The list of integration summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Errors
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
ListMemberships
$result = $client->listMemberships([/* ... */]); $promise = $client->listMembershipsAsync([/* ... */]);
Returns a paginated list of membership summaries for the specified agent space within an application.
Parameter Syntax
$result = $client->listMemberships([
'agentSpaceId' => '<string>', // REQUIRED
'applicationId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'memberType' => 'USER|ALL',
'nextToken' => '<string>',
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to list memberships for.
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application that contains the agent space.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- memberType
-
- Type: string
Filter memberships by member type.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Result Syntax
[
'membershipSummaries' => [
[
'agentSpaceId' => '<string>',
'applicationId' => '<string>',
'config' => [
'user' => [
'role' => 'MEMBER',
],
],
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'memberType' => 'USER',
'membershipId' => '<string>',
'metadata' => [
'user' => [
'email' => '<string>',
'username' => '<string>',
],
],
'updatedAt' => <DateTime>,
'updatedBy' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- membershipSummaries
-
- Required: Yes
- Type: Array of MembershipSummary structures
The list of membership summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Errors
There are no errors described for this operation.
ListPentestJobTasks
$result = $client->listPentestJobTasks([/* ... */]); $promise = $client->listPentestJobTasksAsync([/* ... */]);
Returns a paginated list of task summaries for the specified pentest job, optionally filtered by step name or category.
Parameter Syntax
$result = $client->listPentestJobTasks([
'agentSpaceId' => '<string>', // REQUIRED
'categoryName' => '<string>',
'maxResults' => <integer>,
'nextToken' => '<string>',
'pentestJobId' => '<string>',
'stepName' => 'PREFLIGHT|STATIC_ANALYSIS|PENTEST|FINALIZING',
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- categoryName
-
- Type: string
Filter tasks by category name.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- pentestJobId
-
- Type: string
The unique identifier of the pentest job to list tasks for.
- stepName
-
- Type: string
Filter tasks by step name. Valid values include PREFLIGHT, STATIC_ANALYSIS, PENTEST, and FINALIZING.
Result Syntax
[
'nextToken' => '<string>',
'taskSummaries' => [
[
'agentSpaceId' => '<string>',
'createdAt' => <DateTime>,
'executionStatus' => 'IN_PROGRESS|ABORTED|COMPLETED|INTERNAL_ERROR|FAILED',
'pentestId' => '<string>',
'pentestJobId' => '<string>',
'riskType' => 'CROSS_SITE_SCRIPTING|DEFAULT_CREDENTIALS|INSECURE_DIRECT_OBJECT_REFERENCE|PRIVILEGE_ESCALATION|SERVER_SIDE_TEMPLATE_INJECTION|COMMAND_INJECTION|CODE_INJECTION|SQL_INJECTION|ARBITRARY_FILE_UPLOAD|INSECURE_DESERIALIZATION|LOCAL_FILE_INCLUSION|INFORMATION_DISCLOSURE|PATH_TRAVERSAL|SERVER_SIDE_REQUEST_FORGERY|JSON_WEB_TOKEN_VULNERABILITIES|XML_EXTERNAL_ENTITY|FILE_DELETION|OTHER|GRAPHQL_VULNERABILITIES|BUSINESS_LOGIC_VULNERABILITIES|CRYPTOGRAPHIC_VULNERABILITIES|DENIAL_OF_SERVICE|FILE_ACCESS|FILE_CREATION|DATABASE_MODIFICATION|DATABASE_ACCESS|OUTBOUND_SERVICE_REQUEST|UNKNOWN',
'taskId' => '<string>',
'title' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- taskSummaries
-
- Type: Array of TaskSummary structures
The list of task summaries.
Errors
There are no errors described for this operation.
ListPentestJobsForPentest
$result = $client->listPentestJobsForPentest([/* ... */]); $promise = $client->listPentestJobsForPentestAsync([/* ... */]);
Returns a paginated list of pentest job summaries for the specified pentest configuration.
Parameter Syntax
$result = $client->listPentestJobsForPentest([
'agentSpaceId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
'pentestId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- pentestId
-
- Required: Yes
- Type: string
The unique identifier of the pentest to list jobs for.
Result Syntax
[
'nextToken' => '<string>',
'pentestJobSummaries' => [
[
'createdAt' => <DateTime>,
'pentestId' => '<string>',
'pentestJobId' => '<string>',
'status' => 'IN_PROGRESS|STOPPING|STOPPED|FAILED|COMPLETED',
'title' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- pentestJobSummaries
-
- Type: Array of PentestJobSummary structures
The list of pentest job summaries.
Errors
There are no errors described for this operation.
ListPentests
$result = $client->listPentests([/* ... */]); $promise = $client->listPentestsAsync([/* ... */]);
Returns a paginated list of pentest summaries for the specified agent space.
Parameter Syntax
$result = $client->listPentests([
'agentSpaceId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to list pentests for.
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Result Syntax
[
'nextToken' => '<string>',
'pentestSummaries' => [
[
'agentSpaceId' => '<string>',
'createdAt' => <DateTime>,
'pentestId' => '<string>',
'title' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- pentestSummaries
-
- Type: Array of PentestSummary structures
The list of pentest summaries.
Errors
There are no errors described for this operation.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Returns the tags associated with the specified resource.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource to list tags for.
Result Syntax
[
'tags' => ['<string>', ...],
]
Result Details
Members
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags associated with the resource.
Errors
There are no errors described for this operation.
ListTargetDomains
$result = $client->listTargetDomains([/* ... */]); $promise = $client->listTargetDomainsAsync([/* ... */]);
Returns a paginated list of target domain summaries in your account.
Parameter Syntax
$result = $client->listTargetDomains([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
Result Syntax
[
'nextToken' => '<string>',
'targetDomainSummaries' => [
[
'domainName' => '<string>',
'targetDomainId' => '<string>',
'verificationStatus' => 'PENDING|VERIFIED|FAILED|UNREACHABLE',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request.
- targetDomainSummaries
-
- Type: Array of TargetDomainSummary structures
The list of target domain summaries.
Errors
There are no errors described for this operation.
StartCodeRemediation
$result = $client->startCodeRemediation([/* ... */]); $promise = $client->startCodeRemediationAsync([/* ... */]);
Initiates code remediation for one or more security findings. This creates pull requests in integrated repositories to fix the identified vulnerabilities.
Parameter Syntax
$result = $client->startCodeRemediation([
'agentSpaceId' => '<string>', // REQUIRED
'findingIds' => ['<string>', ...], // REQUIRED
'pentestJobId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- findingIds
-
- Required: Yes
- Type: Array of strings
The list of finding identifiers to initiate code remediation for.
- pentestJobId
-
- Required: Yes
- Type: string
The unique identifier of the pentest job that produced the findings.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
StartPentestJob
$result = $client->startPentestJob([/* ... */]); $promise = $client->startPentestJobAsync([/* ... */]);
Starts a new pentest job for a pentest configuration. The job executes the security tests defined in the pentest.
Parameter Syntax
$result = $client->startPentestJob([
'agentSpaceId' => '<string>', // REQUIRED
'pentestId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- pentestId
-
- Required: Yes
- Type: string
The unique identifier of the pentest to start a job for.
Result Syntax
[
'agentSpaceId' => '<string>',
'createdAt' => <DateTime>,
'pentestId' => '<string>',
'pentestJobId' => '<string>',
'status' => 'IN_PROGRESS|STOPPING|STOPPED|FAILED|COMPLETED',
'title' => '<string>',
'updatedAt' => <DateTime>,
]
Result Details
Members
- agentSpaceId
-
- Type: string
The unique identifier of the agent space.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest job was created, in UTC format.
- pentestId
-
- Type: string
The unique identifier of the pentest.
- pentestJobId
-
- Type: string
The unique identifier of the started pentest job.
- status
-
- Type: string
The current status of the pentest job.
- title
-
- Type: string
The title of the pentest job.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest job was last updated, in UTC format.
Errors
There are no errors described for this operation.
StopPentestJob
$result = $client->stopPentestJob([/* ... */]); $promise = $client->stopPentestJobAsync([/* ... */]);
Stops a running pentest job. The job transitions to a stopping state and then to stopped after cleanup completes.
Parameter Syntax
$result = $client->stopPentestJob([
'agentSpaceId' => '<string>', // REQUIRED
'pentestJobId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- pentestJobId
-
- Required: Yes
- Type: string
The unique identifier of the pentest job to stop.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Adds tags to a resource.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource to tag.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to add to the resource.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes tags from a resource.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource to remove tags from.
- tagKeys
-
- Required: Yes
- Type: Array of strings
The list of tag keys to remove from the resource.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
UpdateAgentSpace
$result = $client->updateAgentSpace([/* ... */]); $promise = $client->updateAgentSpaceAsync([/* ... */]);
Updates the configuration of an existing agent space, including its name, description, AWS resources, target domains, and code review settings.
Parameter Syntax
$result = $client->updateAgentSpace([
'agentSpaceId' => '<string>', // REQUIRED
'awsResources' => [
'iamRoles' => ['<string>', ...],
'lambdaFunctionArns' => ['<string>', ...],
'logGroups' => ['<string>', ...],
's3Buckets' => ['<string>', ...],
'secretArns' => ['<string>', ...],
'vpcs' => [
[
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
// ...
],
],
'codeReviewSettings' => [
'controlsScanning' => true || false, // REQUIRED
'generalPurposeScanning' => true || false, // REQUIRED
],
'description' => '<string>',
'name' => '<string>',
'targetDomainIds' => ['<string>', ...],
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space to update.
- awsResources
-
- Type: AWSResources structure
The updated AWS resources to associate with the agent space.
- codeReviewSettings
-
- Type: CodeReviewSettings structure
The updated code review settings for the agent space.
- description
-
- Type: string
The updated description of the agent space.
- name
-
- Type: string
The updated name of the agent space.
- targetDomainIds
-
- Type: Array of strings
The updated list of target domain identifiers to associate with the agent space.
Result Syntax
[
'agentSpaceId' => '<string>',
'awsResources' => [
'iamRoles' => ['<string>', ...],
'lambdaFunctionArns' => ['<string>', ...],
'logGroups' => ['<string>', ...],
's3Buckets' => ['<string>', ...],
'secretArns' => ['<string>', ...],
'vpcs' => [
[
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
// ...
],
],
'codeReviewSettings' => [
'controlsScanning' => true || false,
'generalPurposeScanning' => true || false,
],
'createdAt' => <DateTime>,
'description' => '<string>',
'name' => '<string>',
'targetDomainIds' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the updated agent space.
- awsResources
-
- Type: AWSResources structure
The AWS resources associated with the agent space.
- codeReviewSettings
-
- Type: CodeReviewSettings structure
The code review settings for the agent space.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the agent space was created, in UTC format.
- description
-
- Type: string
The description of the agent space.
- name
-
- Required: Yes
- Type: string
The name of the agent space.
- targetDomainIds
-
- Type: Array of strings
The list of target domain identifiers associated with the agent space.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the agent space was last updated, in UTC format.
Errors
There are no errors described for this operation.
UpdateApplication
$result = $client->updateApplication([/* ... */]); $promise = $client->updateApplicationAsync([/* ... */]);
Updates the configuration of an existing application, including the IAM role and default KMS key.
Parameter Syntax
$result = $client->updateApplication([
'applicationId' => '<string>', // REQUIRED
'defaultKmsKeyId' => '<string>',
'roleArn' => '<string>',
]);
Parameter Details
Members
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application to update.
- defaultKmsKeyId
-
- Type: string
The updated identifier of the default AWS KMS key for the application.
- roleArn
-
- Type: string
The updated Amazon Resource Name (ARN) of the IAM role for the application.
Result Syntax
[
'applicationId' => '<string>',
]
Result Details
Members
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the updated application.
Errors
There are no errors described for this operation.
UpdateFinding
$result = $client->updateFinding([/* ... */]); $promise = $client->updateFindingAsync([/* ... */]);
Updates the status or risk level of a security finding.
Parameter Syntax
$result = $client->updateFinding([
'agentSpaceId' => '<string>', // REQUIRED
'findingId' => '<string>', // REQUIRED
'riskLevel' => 'UNKNOWN|INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
'status' => 'ACTIVE|RESOLVED|ACCEPTED|FALSE_POSITIVE',
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the finding.
- findingId
-
- Required: Yes
- Type: string
The unique identifier of the finding to update.
- riskLevel
-
- Type: string
The updated risk level for the finding.
- status
-
- Type: string
The updated status for the finding.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
UpdateIntegratedResources
$result = $client->updateIntegratedResources([/* ... */]); $promise = $client->updateIntegratedResourcesAsync([/* ... */]);
Updates the integrated resources for an agent space, including their capabilities.
Parameter Syntax
$result = $client->updateIntegratedResources([
'agentSpaceId' => '<string>', // REQUIRED
'integrationId' => '<string>', // REQUIRED
'items' => [ // REQUIRED
[
'capabilities' => [
'github' => [
'leaveComments' => true || false,
'remediateCode' => true || false,
],
],
'resource' => [ // REQUIRED
'githubRepository' => [
'name' => '<string>', // REQUIRED
'owner' => '<string>', // REQUIRED
],
],
],
// ...
],
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- integrationId
-
- Required: Yes
- Type: string
The unique identifier of the integration.
- items
-
- Required: Yes
- Type: Array of IntegratedResourceInputItem structures
The list of integrated resource items to update.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The input fails to satisfy the constraints specified by the service.
- ResourceNotFoundException:
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
- InternalServerException:
An unexpected error occurred during the processing of your request.
- ConflictException:
The request could not be completed due to a conflict with the current state of the resource.
- ThrottlingException:
The request was denied due to request throttling.
- AccessDeniedException:
You do not have sufficient access to perform this action.
UpdatePentest
$result = $client->updatePentest([/* ... */]); $promise = $client->updatePentestAsync([/* ... */]);
Updates an existing pentest configuration.
Parameter Syntax
$result = $client->updatePentest([
'agentSpaceId' => '<string>', // REQUIRED
'assets' => [
'actors' => [
[
'authentication' => [
'providerType' => 'SECRETS_MANAGER|AWS_LAMBDA|AWS_IAM_ROLE|AWS_INTERNAL',
'value' => '<string>',
],
'description' => '<string>',
'identifier' => '<string>',
'uris' => ['<string>', ...],
],
// ...
],
'documents' => [
[
'artifactId' => '<string>',
's3Location' => '<string>',
],
// ...
],
'endpoints' => [
[
'uri' => '<string>',
],
// ...
],
'integratedRepositories' => [
[
'integrationId' => '<string>', // REQUIRED
'providerResourceId' => '<string>', // REQUIRED
],
// ...
],
'sourceCode' => [
[
's3Location' => '<string>',
],
// ...
],
],
'codeRemediationStrategy' => 'AUTOMATIC|DISABLED',
'excludeRiskTypes' => ['<string>', ...],
'logConfig' => [
'logGroup' => '<string>',
'logStream' => '<string>',
],
'networkTrafficConfig' => [
'customHeaders' => [
[
'name' => '<string>',
'value' => '<string>',
],
// ...
],
'rules' => [
[
'effect' => 'ALLOW|DENY',
'networkTrafficRuleType' => 'URL',
'pattern' => '<string>',
],
// ...
],
],
'pentestId' => '<string>', // REQUIRED
'serviceRole' => '<string>',
'title' => '<string>',
'vpcConfig' => [
'securityGroupArns' => ['<string>', ...],
'subnetArns' => ['<string>', ...],
'vpcArn' => '<string>',
],
]);
Parameter Details
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the pentest.
- assets
-
- Type: Assets structure
The updated assets for the pentest.
- codeRemediationStrategy
-
- Type: string
The updated code remediation strategy for the pentest.
- excludeRiskTypes
-
- Type: Array of strings
The updated list of risk types to exclude from the pentest.
- logConfig
-
- Type: CloudWatchLog structure
The updated CloudWatch Logs configuration for the pentest.
- networkTrafficConfig
-
- Type: NetworkTrafficConfig structure
The updated network traffic configuration for the pentest.
- pentestId
-
- Required: Yes
- Type: string
The unique identifier of the pentest to update.
- serviceRole
-
- Type: string
The updated IAM service role for the pentest.
- title
-
- Type: string
The updated title of the pentest.
- vpcConfig
-
- Type: VpcConfig structure
The updated VPC configuration for the pentest.
Result Syntax
[
'agentSpaceId' => '<string>',
'assets' => [
'actors' => [
[
'authentication' => [
'providerType' => 'SECRETS_MANAGER|AWS_LAMBDA|AWS_IAM_ROLE|AWS_INTERNAL',
'value' => '<string>',
],
'description' => '<string>',
'identifier' => '<string>',
'uris' => ['<string>', ...],
],
// ...
],
'documents' => [
[
'artifactId' => '<string>',
's3Location' => '<string>',
],
// ...
],
'endpoints' => [
[
'uri' => '<string>',
],
// ...
],
'integratedRepositories' => [
[
'integrationId' => '<string>',
'providerResourceId' => '<string>',
],
// ...
],
'sourceCode' => [
[
's3Location' => '<string>',
],
// ...
],
],
'createdAt' => <DateTime>,
'excludeRiskTypes' => ['<string>', ...],
'logConfig' => [
'logGroup' => '<string>',
'logStream' => '<string>',
],
'pentestId' => '<string>',
'serviceRole' => '<string>',
'title' => '<string>',
'updatedAt' => <DateTime>,
]
Result Details
Members
- agentSpaceId
-
- Type: string
The unique identifier of the agent space that contains the pentest.
- assets
-
- Type: Assets structure
The assets included in the pentest.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest was created, in UTC format.
- excludeRiskTypes
-
- Type: Array of strings
The list of risk types excluded from the pentest.
- logConfig
-
- Type: CloudWatchLog structure
The CloudWatch Logs configuration for the pentest.
- pentestId
-
- Type: string
The unique identifier of the pentest.
- serviceRole
-
- Type: string
The IAM service role used for the pentest.
- title
-
- Type: string
The title of the pentest.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest was last updated, in UTC format.
Errors
There are no errors described for this operation.
UpdateTargetDomain
$result = $client->updateTargetDomain([/* ... */]); $promise = $client->updateTargetDomainAsync([/* ... */]);
Updates the verification method for a target domain.
Parameter Syntax
$result = $client->updateTargetDomain([
'targetDomainId' => '<string>', // REQUIRED
'verificationMethod' => 'DNS_TXT|HTTP_ROUTE|PRIVATE_VPC', // REQUIRED
]);
Parameter Details
Members
- targetDomainId
-
- Required: Yes
- Type: string
The unique identifier of the target domain to update.
- verificationMethod
-
- Required: Yes
- Type: string
The updated verification method for the target domain.
Result Syntax
[
'createdAt' => <DateTime>,
'domainName' => '<string>',
'targetDomainId' => '<string>',
'verificationDetails' => [
'dnsTxt' => [
'dnsRecordName' => '<string>',
'dnsRecordType' => 'TXT',
'token' => '<string>',
],
'httpRoute' => [
'routePath' => '<string>',
'token' => '<string>',
],
'method' => 'DNS_TXT|HTTP_ROUTE|PRIVATE_VPC',
],
'verificationStatus' => 'PENDING|VERIFIED|FAILED|UNREACHABLE',
'verificationStatusReason' => '<string>',
'verifiedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was created, in UTC format.
- domainName
-
- Required: Yes
- Type: string
The domain name of the target domain.
- targetDomainId
-
- Required: Yes
- Type: string
The unique identifier of the target domain.
- verificationDetails
-
- Type: VerificationDetails structure
The updated verification details for the target domain.
- verificationStatus
-
- Required: Yes
- Type: string
The current verification status of the target domain.
- verificationStatusReason
-
- Type: string
The reason for the current target domain verification status.
- verifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was verified, in UTC format.
Errors
There are no errors described for this operation.
VerifyTargetDomain
$result = $client->verifyTargetDomain([/* ... */]); $promise = $client->verifyTargetDomainAsync([/* ... */]);
Initiates verification of a target domain. This checks whether the domain ownership verification token has been properly configured.
Parameter Syntax
$result = $client->verifyTargetDomain([
'targetDomainId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- targetDomainId
-
- Required: Yes
- Type: string
The unique identifier of the target domain to verify.
Result Syntax
[
'createdAt' => <DateTime>,
'domainName' => '<string>',
'status' => 'PENDING|VERIFIED|FAILED|UNREACHABLE',
'targetDomainId' => '<string>',
'updatedAt' => <DateTime>,
'verificationStatusReason' => '<string>',
'verifiedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was created, in UTC format.
- domainName
-
- Type: string
The domain name of the target domain.
- status
-
- Type: string
The verification status of the target domain.
- targetDomainId
-
- Type: string
The unique identifier of the target domain.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was last updated, in UTC format.
- verificationStatusReason
-
- Type: string
The reason for the current target domain verification status.
- verifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was verified, in UTC format.
Errors
There are no errors described for this operation.
Shapes
AWSResources
Description
The AWS resources associated with an agent space, including VPCs, log groups, S3 buckets, secrets, Lambda functions, and IAM roles.
Members
- iamRoles
-
- Type: Array of strings
The IAM roles associated with the agent space.
- lambdaFunctionArns
-
- Type: Array of strings
The Amazon Resource Names (ARNs) of the Lambda functions associated with the agent space.
- logGroups
-
- Type: Array of strings
The Amazon Resource Names (ARNs) of the CloudWatch log groups associated with the agent space.
- s3Buckets
-
- Type: Array of strings
The Amazon Resource Names (ARNs) of the S3 buckets associated with the agent space.
- secretArns
-
- Type: Array of strings
The Amazon Resource Names (ARNs) of the Secrets Manager secrets associated with the agent space.
- vpcs
-
- Type: Array of VpcConfig structures
The VPC configurations associated with the agent space.
AccessDeniedException
Description
You do not have sufficient access to perform this action.
Members
- message
-
- Required: Yes
- Type: string
Error description.
Actor
Description
Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.
Members
- authentication
-
- Type: Authentication structure
The authentication configuration for the actor.
- description
-
- Type: string
A description of the actor.
- identifier
-
- Type: string
The unique identifier for the actor.
- uris
-
- Type: Array of strings
The list of URIs that the actor targets during testing.
AgentSpace
Description
Represents an agent space, which is a dedicated workspace for securing a specific application. An agent space contains the configuration, resources, and settings needed for security testing.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- awsResources
-
- Type: AWSResources structure
The AWS resources associated with the agent space.
- codeReviewSettings
-
- Type: CodeReviewSettings structure
The code review settings for the agent space.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the agent space was created, in UTC format.
- description
-
- Type: string
A description of the agent space.
- kmsKeyId
-
- Type: string
The identifier of the AWS KMS key used to encrypt data in the agent space.
- name
-
- Required: Yes
- Type: string
The name of the agent space.
- targetDomainIds
-
- Type: Array of strings
The list of target domain identifiers associated with the agent space.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the agent space was last updated, in UTC format.
AgentSpaceSummary
Description
Contains summary information about an agent space.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the agent space was created, in UTC format.
- name
-
- Required: Yes
- Type: string
The name of the agent space.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the agent space was last updated, in UTC format.
ApplicationSummary
Description
Contains summary information about an application.
Members
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application.
- applicationName
-
- Required: Yes
- Type: string
The name of the application.
- defaultKmsKeyId
-
- Type: string
The identifier of the default AWS KMS key used to encrypt data for the application.
- domain
-
- Required: Yes
- Type: string
The domain associated with the application.
Artifact
Description
Represents an artifact that provides context for security testing, such as documentation, diagrams, or configuration files.
Members
- contents
-
- Required: Yes
- Type: string
The content of the artifact.
- type
-
- Required: Yes
- Type: string
The file type of the artifact.
ArtifactMetadataItem
Description
Contains metadata about an artifact.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the artifact.
- artifactId
-
- Required: Yes
- Type: string
The unique identifier of the artifact.
- fileName
-
- Required: Yes
- Type: string
The file name of the artifact.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the artifact was last updated, in UTC format.
ArtifactSummary
Description
Contains summary information about an artifact.
Members
- artifactId
-
- Required: Yes
- Type: string
The unique identifier of the artifact.
- artifactType
-
- Required: Yes
- Type: string
The file type of the artifact.
- fileName
-
- Required: Yes
- Type: string
The file name of the artifact.
Assets
Description
The collection of assets used in a pentest configuration, including endpoints, actors, documents, source code repositories, and integrated repositories.
Members
- actors
-
- Type: Array of Actor structures
The list of actors used during penetration testing.
- documents
-
- Type: Array of DocumentInfo structures
The list of documents that provide context for the pentest.
- endpoints
-
- Type: Array of Endpoint structures
The list of endpoints to test during the pentest.
- integratedRepositories
-
- Type: Array of IntegratedRepository structures
The list of integrated repositories associated with the pentest.
- sourceCode
-
- Type: Array of SourceCodeRepository structures
The list of source code repositories to analyze during the pentest.
Authentication
Description
The authentication configuration for an actor, specifying the provider type and credentials.
Members
- providerType
-
- Type: string
The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.
- value
-
- Type: string
The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.
Category
Description
Represents a category assigned to a security testing task.
Members
- isPrimary
-
- Type: boolean
Indicates whether this is the primary category for the task.
- name
-
- Type: string
The name of the category.
CloudWatchLog
Description
The Amazon CloudWatch Logs configuration for pentest job logging.
Members
- logGroup
-
- Type: string
The name of the CloudWatch log group.
- logStream
-
- Type: string
The name of the CloudWatch log stream.
CodeRemediationTask
Description
Represents a code remediation task that was initiated to fix a security finding.
Members
- status
-
- Required: Yes
- Type: string
The current status of the code remediation task.
- statusReason
-
- Type: string
The reason for the current status of the code remediation task.
- taskDetails
-
- Type: Array of CodeRemediationTaskDetails structures
The list of details for the code remediation task, including repository name, code diff link, and pull request link.
CodeRemediationTaskDetails
Description
Contains details about a code remediation task, including links to the code diff and pull request.
Members
- codeDiffLink
-
- Type: string
The link to the code diff for the remediation.
- pullRequestLink
-
- Type: string
The link to the pull request created for the remediation.
- repoName
-
- Type: string
The name of the repository where the remediation was applied.
CodeReviewSettings
Description
The code review settings for an agent space, controlling which types of scanning are enabled.
Members
- controlsScanning
-
- Required: Yes
- Type: boolean
Indicates whether controls scanning is enabled for code reviews.
- generalPurposeScanning
-
- Required: Yes
- Type: boolean
Indicates whether general-purpose scanning is enabled for code reviews.
ConflictException
Description
The request could not be completed due to a conflict with the current state of the resource.
Members
- message
-
- Required: Yes
- Type: string
Error description.
CustomHeader
Description
A custom HTTP header to include in network traffic during penetration testing.
Members
- name
-
- Type: string
The name of the custom header.
- value
-
- Type: string
The value of the custom header.
DeletePentestFailure
Description
Contains information about a pentest that failed to delete.
Members
- pentestId
-
- Type: string
The unique identifier of the pentest that failed to delete.
- reason
-
- Type: string
The reason the pentest failed to delete.
DiscoveredEndpoint
Description
Represents an endpoint discovered during a pentest job.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space associated with the discovered endpoint.
- description
-
- Type: string
A description of the discovered endpoint.
- evidence
-
- Type: string
The evidence that led to the discovery of the endpoint.
- operation
-
- Type: string
The HTTP operation associated with the discovered endpoint.
- pentestJobId
-
- Required: Yes
- Type: string
The unique identifier of the pentest job that discovered the endpoint.
- taskId
-
- Required: Yes
- Type: string
The unique identifier of the task that discovered the endpoint.
- uri
-
- Required: Yes
- Type: string
The URI of the discovered endpoint.
DnsVerification
Description
Contains DNS verification details for a target domain, including the DNS record to create for domain ownership verification.
Members
- dnsRecordName
-
- Type: string
The name of the DNS record to create for verification.
- dnsRecordType
-
- Type: string
The type of DNS record to create. Currently, only TXT is supported.
- token
-
- Type: string
The verification token to include in the DNS record value.
DocumentInfo
Description
Represents a document that provides context for security testing.
Members
- artifactId
-
- Type: string
The unique identifier of the artifact associated with the document.
- s3Location
-
- Type: string
The Amazon S3 location of the document.
Endpoint
Description
Represents a target endpoint for penetration testing.
Members
- uri
-
- Type: string
The URI of the endpoint.
ErrorInformation
Description
Contains error information for a pentest job that encountered an error.
Members
- code
-
- Type: string
The error code. Valid values include CLIENT_ERROR, INTERNAL_ERROR, and STOPPED_BY_USER.
- message
-
- Type: string
A message describing the error.
ExecutionContext
Description
Contains contextual information about the execution of a pentest job, such as errors, warnings, or informational messages.
Members
- context
-
- Type: string
The context message.
- contextType
-
- Type: string
The type of context. Valid values include ERROR, CLIENT_ERROR, WARNING, and INFO.
- timestamp
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the context was recorded, in UTC format.
Finding
Description
Represents a security finding discovered during a pentest job. A finding contains details about a vulnerability, including its risk level, confidence, and remediation status.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space associated with the finding.
- attackScript
-
- Type: string
The attack script used to reproduce the finding.
- codeRemediationTask
-
- Type: CodeRemediationTask structure
The code remediation task associated with the finding, if code remediation was initiated.
- confidence
-
- Type: string
The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was created, in UTC format.
- description
-
- Type: string
A description of the finding.
- findingId
-
- Required: Yes
- Type: string
The unique identifier of the finding.
- lastUpdatedBy
-
- Type: string
The identifier of the entity that last updated the finding.
- name
-
- Type: string
The name of the finding.
- pentestId
-
- Type: string
The unique identifier of the pentest associated with the finding.
- pentestJobId
-
- Type: string
The unique identifier of the pentest job that produced the finding.
- reasoning
-
- Type: string
The reasoning behind the finding, explaining why it was identified as a vulnerability.
- riskLevel
-
- Type: string
The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.
- riskScore
-
- Type: string
The numerical risk score of the finding.
- riskType
-
- Type: string
The type of security risk identified by the finding.
- status
-
- Type: string
The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.
- taskId
-
- Type: string
The unique identifier of the task that produced the finding.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was last updated, in UTC format.
FindingSummary
Description
Contains summary information about a security finding.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space associated with the finding.
- confidence
-
- Type: string
The confidence level of the finding.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was created, in UTC format.
- findingId
-
- Required: Yes
- Type: string
The unique identifier of the finding.
- name
-
- Type: string
The name of the finding.
- pentestId
-
- Type: string
The unique identifier of the pentest associated with the finding.
- pentestJobId
-
- Type: string
The unique identifier of the pentest job that produced the finding.
- riskLevel
-
- Type: string
The risk level of the finding.
- riskType
-
- Type: string
The type of security risk identified by the finding.
- status
-
- Type: string
The current status of the finding.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was last updated, in UTC format.
GitHubIntegrationInput
Description
The input required to create a GitHub integration, including the OAuth authorization code and CSRF state.
Members
- code
-
- Required: Yes
- Type: string
The OAuth authorization code received from GitHub.
- organizationName
-
- Type: string
The name of the GitHub organization to integrate with.
- state
-
- Required: Yes
- Type: string
The CSRF state token for validating the OAuth flow.
GitHubRepositoryMetadata
Description
Contains metadata about a GitHub repository that is integrated with the service.
Members
- accessType
-
- Type: string
The access type of the GitHub repository. Valid values are PRIVATE and PUBLIC.
- name
-
- Required: Yes
- Type: string
The name of the GitHub repository.
- owner
-
- Required: Yes
- Type: string
The owner of the GitHub repository.
- providerResourceId
-
- Required: Yes
- Type: string
The provider-specific resource identifier for the GitHub repository.
GitHubRepositoryResource
Description
Represents a GitHub repository resource used in an integration.
Members
- name
-
- Required: Yes
- Type: string
The name of the GitHub repository.
- owner
-
- Required: Yes
- Type: string
The owner of the GitHub repository.
GitHubResourceCapabilities
Description
The capabilities enabled for a GitHub resource integration.
Members
- leaveComments
-
- Type: boolean
Indicates whether the integration can leave comments on pull requests.
- remediateCode
-
- Type: boolean
Indicates whether the integration can create code remediation pull requests.
HttpVerification
Description
Contains HTTP route verification details for a target domain, including the route path and token to serve for domain ownership verification.
Members
- routePath
-
- Type: string
The HTTP route path where the verification token must be served.
- token
-
- Type: string
The verification token to serve at the specified route path.
IdCConfiguration
Description
The IAM Identity Center configuration for an application.
Members
- idcApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM Identity Center application.
- idcInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM Identity Center instance.
IntegratedRepository
Description
Represents a code repository that is integrated with the service through a third-party provider.
Members
- integrationId
-
- Required: Yes
- Type: string
The unique identifier of the integration that provides access to the repository.
- providerResourceId
-
- Required: Yes
- Type: string
The provider-specific resource identifier for the repository.
IntegratedResource
Description
Represents an integrated resource from a third-party provider. This is a union type that contains provider-specific resource information.
Members
- githubRepository
-
- Type: GitHubRepositoryResource structure
The GitHub repository resource information.
IntegratedResourceInputItem
Description
Represents an input item for updating integrated resources, including the resource and its capabilities.
Members
- capabilities
-
- Type: ProviderResourceCapabilities structure
The capabilities to enable for the integrated resource.
- resource
-
- Required: Yes
- Type: IntegratedResource structure
The integrated resource to update.
IntegratedResourceMetadata
Description
Contains metadata about an integrated resource. This is a union type that contains provider-specific metadata.
Members
- githubRepository
-
- Type: GitHubRepositoryMetadata structure
The GitHub repository metadata.
IntegratedResourceSummary
Description
Contains summary information about an integrated resource.
Members
- capabilities
-
- Type: ProviderResourceCapabilities structure
The capabilities enabled for the integrated resource.
- integrationId
-
- Required: Yes
- Type: string
The unique identifier of the integration that provides access to the resource.
- resource
-
- Required: Yes
- Type: IntegratedResourceMetadata structure
The metadata for the integrated resource.
IntegrationFilter
Description
A filter for listing integrations. This is a union type where you can filter by provider or provider type.
Members
- provider
-
- Type: string
Filter integrations by provider.
- providerType
-
- Type: string
Filter integrations by provider type.
IntegrationSummary
Description
Contains summary information about an integration.
Members
- displayName
-
- Required: Yes
- Type: string
The display name of the integration.
- installationId
-
- Required: Yes
- Type: string
The installation identifier from the integration provider.
- integrationId
-
- Required: Yes
- Type: string
The unique identifier of the integration.
- provider
-
- Required: Yes
- Type: string
The integration provider.
- providerType
-
- Required: Yes
- Type: string
The type of the integration provider.
InternalServerException
Description
An unexpected error occurred during the processing of your request.
Members
- message
-
- Required: Yes
- Type: string
Error description.
LogLocation
Description
The log location for a task, specifying where task execution logs are stored.
Members
- cloudWatchLog
-
- Type: CloudWatchLog structure
The CloudWatch Logs location for the task logs.
- logType
-
- Type: string
The type of log storage. Currently, only CLOUDWATCH is supported.
MemberMetadata
Description
Contains metadata about a member. This is a union type that contains member-type-specific metadata.
Members
- user
-
- Type: UserMetadata structure
The user metadata for the member.
MembershipConfig
Description
The configuration for a membership. This is a union type that contains member-type-specific configuration.
Members
- user
-
- Type: UserConfig structure
The user configuration for the membership.
MembershipSummary
Description
Contains summary information about a membership.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space.
- applicationId
-
- Required: Yes
- Type: string
The unique identifier of the application.
- config
-
- Type: MembershipConfig structure
The configuration for the membership.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the membership was created, in UTC format.
- createdBy
-
- Required: Yes
- Type: string
The identifier of the entity that created the membership.
- memberType
-
- Required: Yes
- Type: string
The type of member.
- membershipId
-
- Required: Yes
- Type: string
The unique identifier of the membership.
- metadata
-
- Type: MemberMetadata structure
The metadata for the member.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the membership was last updated, in UTC format.
- updatedBy
-
- Required: Yes
- Type: string
The identifier of the entity that last updated the membership.
NetworkTrafficConfig
Description
The network traffic configuration for a pentest, including custom headers and traffic rules.
Members
- customHeaders
-
- Type: Array of CustomHeader structures
The list of custom HTTP headers to include in network traffic during testing.
- rules
-
- Type: Array of NetworkTrafficRule structures
The list of network traffic rules that control which URLs are allowed or denied during testing.
NetworkTrafficRule
Description
A rule that controls network traffic during penetration testing by allowing or denying traffic to specific URL patterns.
Members
- effect
-
- Type: string
The effect of the rule. Valid values are ALLOW and DENY.
- networkTrafficRuleType
-
- Type: string
The type of the network traffic rule. Currently, only URL is supported.
- pattern
-
- Type: string
The URL pattern to match for the rule.
Pentest
Description
Represents a pentest configuration that defines the parameters for security testing, including target assets, risk type exclusions, and infrastructure settings.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the pentest.
- assets
-
- Required: Yes
- Type: Assets structure
The assets included in the pentest.
- codeRemediationStrategy
-
- Type: string
The code remediation strategy for the pentest.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest was created, in UTC format.
- excludeRiskTypes
-
- Type: Array of strings
The list of risk types excluded from the pentest.
- logConfig
-
- Type: CloudWatchLog structure
The CloudWatch Logs configuration for the pentest.
- networkTrafficConfig
-
- Type: NetworkTrafficConfig structure
The network traffic configuration for the pentest.
- pentestId
-
- Required: Yes
- Type: string
The unique identifier of the pentest.
- serviceRole
-
- Type: string
The IAM service role used for the pentest.
- title
-
- Required: Yes
- Type: string
The title of the pentest.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest was last updated, in UTC format.
- vpcConfig
-
- Type: VpcConfig structure
The VPC configuration for the pentest.
PentestJob
Description
Represents a pentest job, which is an execution instance of a pentest. A pentest job progresses through preflight, static analysis, pentest, and finalizing steps.
Members
- actors
-
- Type: Array of Actor structures
The list of actors used during the pentest job.
- allowedDomains
-
- Type: Array of Endpoint structures
The list of domains allowed during the pentest job.
- codeRemediationStrategy
-
- Type: string
The code remediation strategy for the pentest job.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest job was created, in UTC format.
- documents
-
- Type: Array of DocumentInfo structures
The list of documents providing context for the pentest job.
- endpoints
-
- Type: Array of Endpoint structures
The list of endpoints being tested in the pentest job.
- errorInformation
-
- Type: ErrorInformation structure
Error information if the pentest job encountered an error.
- excludePaths
-
- Type: Array of Endpoint structures
The list of paths excluded from the pentest job.
- excludeRiskTypes
-
- Type: Array of strings
The list of risk types excluded from the pentest job.
- executionContext
-
- Type: Array of ExecutionContext structures
The execution context messages for the pentest job.
- integratedRepositories
-
- Type: Array of IntegratedRepository structures
The list of integrated repositories associated with the pentest job.
- logConfig
-
- Type: CloudWatchLog structure
The CloudWatch Logs configuration for the pentest job.
- networkTrafficConfig
-
- Type: NetworkTrafficConfig structure
The network traffic configuration for the pentest job.
- overview
-
- Type: string
An overview of the pentest job results.
- pentestId
-
- Type: string
The unique identifier of the pentest associated with the job.
- pentestJobId
-
- Type: string
The unique identifier of the pentest job.
- serviceRole
-
- Type: string
The IAM service role used for the pentest job.
- sourceCode
-
- Type: Array of SourceCodeRepository structures
The list of source code repositories analyzed during the pentest job.
- status
-
- Type: string
The current status of the pentest job.
- steps
-
- Type: Array of Step structures
The list of steps in the pentest job execution.
- title
-
- Type: string
The title of the pentest job.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest job was last updated, in UTC format.
- vpcConfig
-
- Type: VpcConfig structure
The VPC configuration for the pentest job.
PentestJobSummary
Description
Contains summary information about a pentest job.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest job was created, in UTC format.
- pentestId
-
- Required: Yes
- Type: string
The unique identifier of the pentest associated with the job.
- pentestJobId
-
- Required: Yes
- Type: string
The unique identifier of the pentest job.
- status
-
- Type: string
The current status of the pentest job.
- title
-
- Type: string
The title of the pentest job.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest job was last updated, in UTC format.
PentestSummary
Description
Contains summary information about a pentest.
Members
- agentSpaceId
-
- Required: Yes
- Type: string
The unique identifier of the agent space that contains the pentest.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest was created, in UTC format.
- pentestId
-
- Required: Yes
- Type: string
The unique identifier of the pentest.
- title
-
- Required: Yes
- Type: string
The title of the pentest.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the pentest was last updated, in UTC format.
ProviderInput
Description
The provider-specific input for creating an integration. This is a union type that contains provider-specific configuration.
Members
- github
-
- Type: GitHubIntegrationInput structure
The GitHub-specific input for creating an integration.
ProviderResourceCapabilities
Description
The capabilities for an integrated resource from a third-party provider. This is a union type that contains provider-specific capabilities.
Members
- github
-
- Type: GitHubResourceCapabilities structure
The GitHub-specific resource capabilities.
ResourceNotFoundException
Description
The specified resource was not found. Verify that the resource identifier is correct and that the resource exists in the specified agent space or account.
Members
- message
-
- Required: Yes
- Type: string
Error description.
SourceCodeRepository
Description
Represents a source code repository used for security analysis during a pentest.
Members
- s3Location
-
- Type: string
The Amazon S3 location of the source code repository archive.
Step
Description
Represents a step in the pentest job execution pipeline. Steps include preflight, static analysis, pentest, and finalizing.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the step was created, in UTC format.
- name
-
- Type: string
The name of the step. Valid values include PREFLIGHT, STATIC_ANALYSIS, PENTEST, and FINALIZING.
- status
-
- Type: string
The current status of the step.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the step was last updated, in UTC format.
TargetDomain
Description
Represents a target domain registered for penetration testing. A target domain must be verified through DNS TXT or HTTP route verification before it can be used in pentests.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was created, in UTC format.
- domainName
-
- Required: Yes
- Type: string
The domain name of the target domain.
- targetDomainId
-
- Required: Yes
- Type: string
The unique identifier of the target domain.
- verificationDetails
-
- Type: VerificationDetails structure
The verification details for the target domain.
- verificationStatus
-
- Type: string
The current verification status of the target domain.
- verificationStatusReason
-
- Type: string
The reason for the current target domain verification status.
- verifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the target domain was verified, in UTC format.
TargetDomainSummary
Description
Contains summary information about a target domain.
Members
- domainName
-
- Required: Yes
- Type: string
The domain name of the target domain.
- targetDomainId
-
- Required: Yes
- Type: string
The unique identifier of the target domain.
- verificationStatus
-
- Type: string
The current verification status of the target domain.
Task
Description
Represents an individual security test task within a pentest job. Each task targets a specific risk type or endpoint and executes independently.
Members
- agentSpaceId
-
- Type: string
The unique identifier of the agent space.
- categories
-
- Type: Array of Category structures
The list of categories assigned to the task.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the task was created, in UTC format.
- description
-
- Type: string
A description of the task.
- executionStatus
-
- Type: string
The current execution status of the task.
- logsLocation
-
- Type: LogLocation structure
The location of the task execution logs.
- pentestId
-
- Type: string
The unique identifier of the pentest associated with the task.
- pentestJobId
-
- Type: string
The unique identifier of the pentest job that contains the task.
- riskType
-
- Type: string
The type of security risk the task is testing for.
- targetEndpoint
-
- Type: Endpoint structure
The target endpoint being tested by the task.
- taskId
-
- Required: Yes
- Type: string
The unique identifier of the task.
- title
-
- Type: string
The title of the task.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the task was last updated, in UTC format.
TaskSummary
Description
Contains summary information about a task.
Members
- agentSpaceId
-
- Type: string
The unique identifier of the agent space.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the task was created, in UTC format.
- executionStatus
-
- Type: string
The current execution status of the task.
- pentestId
-
- Type: string
The unique identifier of the pentest associated with the task.
- pentestJobId
-
- Type: string
The unique identifier of the pentest job that contains the task.
- riskType
-
- Type: string
The type of security risk the task is testing for.
- taskId
-
- Required: Yes
- Type: string
The unique identifier of the task.
- title
-
- Type: string
The title of the task.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the task was last updated, in UTC format.
ThrottlingException
Description
The request was denied due to request throttling.
Members
- message
-
- Required: Yes
- Type: string
Error description.
- quotaCode
-
- Type: string
Quota code for throttling limit.
- serviceCode
-
- Type: string
Service code for throttling limit.
UserConfig
Description
The configuration for a user membership, including the role assigned to the user within the agent space.
Members
- role
-
- Type: string
The role assigned to the user. Currently, only MEMBER is supported.
UserMetadata
Description
Contains metadata about a user member, including the username and email address.
Members
-
- Required: Yes
- Type: string
The email address of the user.
- username
-
- Required: Yes
- Type: string
The username of the user.
ValidationException
Description
The input fails to satisfy the constraints specified by the service.
Members
- fieldList
-
- Type: Array of ValidationExceptionField structures
A list of specific failures encountered during validation.
- message
-
- Required: Yes
- Type: string
A summary of the validation failure.
ValidationExceptionField
Description
Describes one specific validation failure for an input member.
Members
- message
-
- Required: Yes
- Type: string
A detailed description of the validation failure.
- path
-
- Required: Yes
- Type: string
A JSONPointer expression to the structure member whose value failed to satisfy the modeled constraint.
VerificationDetails
Description
Contains the verification details for a target domain, including the verification method and provider-specific details.
Members
- dnsTxt
-
- Type: DnsVerification structure
The DNS TXT verification details.
- httpRoute
-
- Type: HttpVerification structure
The HTTP route verification details.
- method
-
- Type: string
The verification method used for the target domain.
VpcConfig
Description
The VPC configuration for a pentest, specifying the VPC, security groups, and subnets to use during testing.
Members
- securityGroupArns
-
- Type: Array of strings
The Amazon Resource Names (ARNs) of the security groups for the VPC configuration.
- subnetArns
-
- Type: Array of strings
The Amazon Resource Names (ARNs) of the subnets for the VPC configuration.
- vpcArn
-
- Type: string
The Amazon Resource Name (ARN) of the VPC.