# AWS DevOps Agent Security This document provides information about security considerations, data protection, access controls, and compliance capabilities for AWS DevOps Agent. Use this information to understand how AWS DevOps Agent is designed to meet your security and compliance requirements. ## Multi-layered security AWS DevOps Agent implements security at multiple layers. Even if broader permissions are granted to the agent's IAM role, the agent enforces its own internal access controls to limit the scope of its actions. For example, if a customer adds a full Amazon S3 access IAM policy to the agent's IAM role, AWS DevOps Agent will ensure that only logs after the `AWSLogs` prefix are read for troubleshooting purposes. We recommend following the principle of least privilege when configuring IAM permissions for AWS DevOps Agent, and implementing security at multiple layers. Defense in depth ensures that no single misconfiguration can compromise the security of your environment. ## Agent Spaces Agent Spaces serve as the primary security boundary in AWS DevOps Agent. Each Agent Space: + Operates independently with its own configurations and permissions + Defines which AWS accounts and resources the agent can access + Establishes connections to third-party platforms Agent Spaces maintain strict isolation to ensure security and prevent unintended access across different environments or teams. ## Regional processing and data flow AWS DevOps Agent operates globally with regional processing capabilities. The agent retrieves operational data from AWS regions across all AWS accounts granted access within the configured Agent Space. This multi-region cross-account data collection ensures comprehensive incident analysis while respecting geographical boundaries for inference processing. ### Amazon Bedrock usage and cross-region inference AWS DevOps Agent will automatically select the optimal region within your geography to process your inference requests. This maximizes available compute resources, model availability, and delivers the best customer experience. Your data will remain stored only in the region where your Agent Space is created, however, input prompts and output results may be processed outside that region as described in the following list. All data will be transmitted encrypted across Amazon's secure network. AWS DevOps Agent will securely route your inference requests to available compute resources within the geographic area where the request originated, as follows: + Inference requests originating in the European Union will be processed within the European Union. + Inference requests originating in the United States will be processed within the United States. + Inference requests originating in Australia will be processed within Australia. + Inference requests originating within Japan will be processed within Japan. + If an inference request originates in an area not listed, it will be processed by default within the United States. + DevOps Agent and Bedrock are not impacted by customer policies in Service Control Policies (SCPs) or Control Tower that restrict customer content to specific regions + Bedrock may use regions other than the originating region within your geography to perform stateless inference to optimize performance and availability ## Identity and access management ### Authentication methods AWS DevOps Agent provides two authentication methods to log into the AWS DevOps Agent Space web app: + **AWS Identity Center integration** – The primary authentication method uses OAuth 2.0 with session-based authentication using HTTP-only cookies. AWS Identity Center can federate with external identity providers through standard OIDC and SAML protocols, including providers like Okta, Ping Identity, and Microsoft Entra ID. This method supports multi-factor authentication through your identity provider. AWS Identity Center defaults to session durations of up to 12 hours and can be configured to a desired duration. + **IAM authentication link** – An alternative method provides direct access to the web app from the AWS Management Console using JWT-based tokens derived from an existing AWS Management Console session. This option is useful for evaluating AWS DevOps Agent before implementing full Identity Center integration as well as gaining administrative access if the AWS DevOps Agent web app becomes inaccessible through Identity Center based authentication. Sessions are limited to 10 minutes. ### IAM roles AWS DevOps Agent uses IAM roles to define access permissions: + **Primary account role** – Grants the agent access to resources in the AWS account where you create the Agent Space as well as access to secondary account roles. + **Secondary account roles** – Grants the agent access to resources in additional AWS accounts connected to the Agent Space. + **Web app role** – Grants users access to AWS DevOps Agent investigation data and findings in the web app. These roles should be configured following the principle of least privilege, granting only the necessary read-only permissions required for investigations. ## Data protection ### Data encryption AWS DevOps Agent encrypts all customer data: + **Encryption at rest** – All data is encrypted with AWS-managed keys. + **Encryption in transit** – All retrieved logs, metrics, knowledge items, ticket metadata, and other data are encrypted in transit inside the agent's private network and to outside networks. ### Data storage and retention Data is stored in the region where your Agent Space is created, while inference processing may occur within your geography as described in the Amazon Bedrock usage section above. ### Personal identifiable information (PII) AWS DevOps Agent does not filter PII information when summarizing data gathered during investigations, recommendation evaluations, or chat responses. It is recommended that PII data be redacted before storing in observability logs. ## Agent journal and audit logging ### Agent journal Both the Incident Investigation and Prevention capabilities maintain detailed journals that: + Log every reasoning step and action taken + Create complete transparency into agent decision-making processes + Cannot be modified by the agents once recorded, minimizing attacks such as prompt injection from hiding important actions + Include all chat messages from the Investigation page ### AWS CloudTrail integration All AWS DevOps Agent API calls are automatically captured by AWS CloudTrail within the hosting AWS account. Using the information collected by CloudTrail, you can determine: + The request that was made to the agent + The IP address from which the request was made + Who made the request + When it was made ## Prompt injection protection A prompt injection attack occurs when an attacker embeds malicious instructions into external data, such as a webpage or document, that a generative AI system will later process. AWS DevOps Agent natively consumes many data sources as part of its normal operations, including logs, resource tags, and other operational data. AWS DevOps Agent protects against prompt injection attacks through the safeguards below, but it is important to ensure all connected data sources and user access to those data sources are trusted. See [Shared responsibility model](#aws-devops-agent-security) section for more. Prompt injection safeguards: + **Limited write capabilities** – The tools available to the agent are not able to mutate resources, with the exception of opening tickets and support cases. This prevents malicious instructions from modifying your infrastructure or applications. + **Account boundary enforcement** – AWS DevOps Agent only operates within the boundary permitted by the roles assigned to the agent in the primary and connected secondary AWS accounts. The agent cannot access or modify resources outside of its configured scope. + **AI safety protections** – AWS DevOps Agent uses models with AI Safety Level 3 (ASL-3) protections. These protections include classifiers that detect and prevent prompt injection attacks before they can affect agent behavior. + **Immutable audit trail** – The agent journal logs every reasoning step and action taken. Journal entries cannot be modified by the agent once recorded, preventing prompt injection attacks from hiding malicious actions. While AWS DevOps Agent provides multiple layers of protection against prompt injection attacks, certain configurations can increase risk: + **Custom MCP server tools** – The bring-your-own MCP feature allows you to introduce custom tools to the agent, which can present additional opportunities for prompt injection. Custom tools may not have the same security controls as native AWS DevOps Agent tools, and malicious instructions could potentially leverage these tools in unintended ways. See [Shared responsibility model](#aws-devops-agent-security) section for more. + **Authorized user attacks** – Users who are authorized to operate within the AWS account boundary or connected tools have a higher chance of attempting an attack against the agent. These users may have the ability to modify data sources that the agent consumes, such as logs or resource tags, making it easier to embed malicious instructions that the agent will process. To mitigate these risks: 1. Carefully review and test custom MCP servers before deploying them in Agent Spaces. 1. Ensure they are only permitted to perform read-only actions 1. Verify that users of external tools accessed by MCP servers are trusted entities, as AWS DevOps Agents interfacing with MCP rely on the implicit trust relationship established between these tool users and the AWS DevOps Agent 1. Apply the principle of least privilege when granting users access to systems that provide data to the agent 1. Regularly audit which MCP servers are connected to your Agent Spaces 1. Since any content retrieved from allowlisted URLs could attempt to manipulate the agent's behavior, only include trusted sources in your allowlist. ## Integration security AWS DevOps Agent supports several integration types, each with its own security model: + **Native bidirectional integrations** – Built-in integrations that can send data to the agent and receive updates from the agent. This uses the vendor’s authentication methods + **MCP servers** – Remote Model Context Protocol servers that utilize OAuth 2.0 authentication flows and API keys to securely communicate with external systems. + **Webhook triggers** – Investigation triggers from remote services such as tickets or observability systems. Webhooks use Hash-based Message Authentication Code (HMAC) for security. + **Outbound communication** – Integrations like Slack and ticketing systems receive updates from the agent but do not yet support bidirectional communication. ### Registration providers Some external tools are authenticated at the account level and shared among all Agent Spaces in the account. When you register these tools, you authenticate once at the account level, and then each Agent Space can connect to specific resources within that registered connection. The following tools use account-level registration: + **GitHub** – Uses OAuth flow for authentication. After registering GitHub at the account level, each Agent Space can connect to specific repositories within your GitHub organization. + **Dynatrace** – Uses OAuth token authentication. After registering Dynatrace at the account level, each Agent Space can connect to specific Dynatrace environments or monitoring configurations. + **Slack** – Uses OAuth token authentication. After registering Slack at the account level, each Agent Space can connect to specific Slack channels channels. + **Datadog** – Uses MCP with OAuth flow for authentication. After registering Datadog at the account level, each Agent Space can connect to specific Datadog monitoring resources. + **New Relic** – Uses API key authentication. After registering New Relic at the account level, each Agent Space can connect to specific New Relic monitoring configurations. + **Splunk** – Uses bearer token authentication. After registering Splunk at the account level, each Agent Space can connect to specific Splunk data sources. + **GitLab** – Uses access token authentication. After registering GitLab at the account level, each Agent Space can connect to specific GitLab repositories. + **ServiceNow** – Uses OAuth client key/token authentication. After registering ServiceNow at the account level, each Agent Space can connect to specific ServiceNow instances or ticket queues. + **General public accessible remote MCP servers** – Use OAuth flow for authentication. After registering a remote MCP server at the account level, each Agent Space can connect to specific resources exposed by that server. ## Network connectivity AWS DevOps Agent connects to your third-party systems and remote MCP servers to perform investigations and other operations. ### Inbound traffic from AWS DevOps Agent to your systems AWS DevOps Agent initiates outbound connections to your third-party systems and remote MCP servers, which arrive as inbound traffic to your infrastructure. How you secure this traffic depends on how your tools are hosted: + **Privately hosted tools** – If your tools are reachable from within an AWS VPC, you can use AWS DevOps Agent *private connections* to keep traffic isolated to AWS networks, and off of the public internet. For more information, see [Connecting to privately hosted tools](configuring-capabilities-for-aws-devops-agent-connecting-to-privately-hosted-tools.md). + **Publicly hosted tools** – If your tools are reachable over the public internet and use IP allowlisting or firewall rules, you must allow inbound traffic from the following AWS DevOps Agent source IP addresses: + Asia Pacific (Sydney) (ap-southeast-2) + `13.237.95.197` + `13.238.84.102` + Asia Pacific (Tokyo) (ap-northeast-1) + `13.192.12.233` + `35.74.181.230` + `57.183.50.158` + Europe (Frankfurt) (eu-central-1) + `18.158.110.140` + `52.57.96.160` + `52.59.55.56` + Europe (Ireland) (eu-west-1) + `34.251.85.24` + `52.30.157.157` + `52.51.192.222` + US East (N. Virginia) (us-east-1) + `34.228.181.128` + `44.219.176.187` + `54.226.244.221` + US West (Oregon) (us-west-2) + `34.212.16.133` + `52.89.67.212` + `54.187.135.61` ### Outbound traffic from your VPC to AWS DevOps Agent For outbound traffic from your AWS VPC to AWS DevOps Agent (for example, using [Invoking DevOps Agent through Webhook](configuring-capabilities-for-aws-devops-agent-invoking-devops-agent-through-webhook.md)), you can use VPC Endpoints to keep this network traffic isolated to AWS networks. For more information, see [VPC Endpoints (AWS PrivateLink)](aws-devops-agent-security-vpc-endpoints-aws-privatelink.md). ## Shared responsibility model ### AWS responsibilities AWS is responsible for: + Maintaining the security of data retrieved by the agent + Securing native tools available for use by the agent + Protecting the infrastructure that runs AWS DevOps Agent ### Customer responsibilities Customers are responsible for: + Managing user access to the agent space + Limiting access to trusted users of external systems that provide inputs to the agent, such as services and resources that produce logs, CloudTrail events, tickets, and more – that may be used to attempt malicious prompt injection. + Ensure all connected data sources have trusted data that is unlikely to be used to attempt prompt injection attacks + Ensuring bring-your-own MCP server integrations operate securely + Ensuring IAM roles assigned to the agent are properly scoped + Redacting PII data before storing in observability logs and other agent data sources + Following the recommended practice of granting only read-only permissions to connected data sources, including bring-your-own MCP servers ## Data usage AWS does not use agent data, chat messages, or data from integrated data sources to train models or improve the product. The AWS DevOps Agent Space uses customer in-product feedback to improve the agent’s responses and investigations, but AWS does not use it to improve the service itself. ## Compliance At preview, AWS DevOps Agent is not compliant with standards including SOC 2, PCI-DSS, ISO 27001, or FedRAMP. AWS will announce which compliance certifications will be available at a later time. # DevOps Agent IAM permissions AWS DevOps Agent uses service-specific AWS Identity and Access Management (IAM) actions to control access to its features and capabilities. These actions determine what users can do within the AWS DevOps Agent console and Operator Web App. This is separate from the AWS service API permissions that the agent itself uses to investigate your resources. For more information about limiting agent access, see [Limiting Agent Access in an AWS Account.](https://docs.aws.amazon.com/devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.html) ## Agent Space management actions These actions control access to Agent Space configuration and management: + **aidevops:GetAgentSpace** – Allows users to view details about an Agent Space, including its configuration, status, and associated accounts. Users need this permission to access an Agent Space in the AWS Management Console. + **aidevops:GetAssociation** – Allows users to view details about a specific account association, including the IAM role configuration and connection status. + **aidevops:ListAssociations** – Allows users to list all AWS account associations configured for an Agent Space, including both primary and secondary accounts. ## Investigation and execution actions These actions control access to incident investigation features: + **aidevops:ListExecutions** – Allows users to view execution metadata—including ID, status, and more—for investigations, mitigations, evaluations, and chat conversations associated with a task. + **aidevops:ListJournalRecords** – Allows users to access detailed logs that show the agent's reasoning steps, actions taken, and data sources consulted during an investigation, mitigation, evaluation, and chat conversation. This is useful for understanding how the agent reached its conclusions. ## Chat management actions Chat requires the following IAM permissions to function: + **aidevops:ListChats** – Allows users to list and access chat conversation history. + **aidevops:CreateChat** – Allows users to create new chat conversations. + **aidevops:SendMessage** – Allows users to submit queries and receive streaming responses. ## Topology and discovery actions These actions control access to application resource mapping features: + **aidevops:DiscoverTopology** – Allows users to trigger topology discovery and mapping for an Agent Space. This action initiates the process of scanning AWS accounts and building the application resource topology. ## Prevention and recommendation actions These actions control access to the Prevention feature: + **aidevops:ListGoals** – Allows users to view prevention goals and objectives that the agent is working toward based on recent incident patterns. + **aidevops:ListRecommendations** – Allows users to view all recommendations generated by the Prevention feature, including their priority and category. + **aidevops:GetRecommendation** – Allows users to view detailed information about a specific recommendation, including the incidents it would have prevented and implementation guidance. ## Backlog task management actions These actions control the ability to manage recommendations as backlog tasks: + **aidevops:CreateBacklogTask** – Allows users to create an incident investigation or prevention evaluation task. + **aidevops:UpdateBacklogTask** – Allows users to approve a mitigation plan or cancel an active investigation or evaluation. + **aidevops:GetBacklogTask** – Allows users to retrieve details about a specific task. + **aidevops:ListBacklogTasks** – Allows users to list tasks for an Agent Space, filtered by task type, status, priority, or creation time. ## Knowledge management actions These actions control the ability to add and manage custom knowledge that the agent can use during investigations: + **aidevops:CreateKnowledgeItem** – Allows users to add custom knowledge items, such as skills, troubleshooting guides, or application-specific information that the agent should reference. + **aidevops:ListKnowledgeItems** – Allows users to view all knowledge items configured for an Agent Space. + **aidevops:GetKnowledgeItem** – Allows users to retrieve the details of a specific knowledge item. + **aidevops:UpdateKnowledgeItem** – Allows users to modify existing knowledge items to keep information current. + **aidevops:DeleteKnowledgeItem** – Allows users to remove knowledge items that are no longer relevant. ## AWS Support integration actions These actions control integration with AWS Support cases: + **aidevops:InitiateChatForCase** – Allows users to start a chat session with AWS Support directly from an investigation, automatically providing context about the incident. + **aidevops:EndChatForCase** – Allows users to end an active AWS Support case chat session. + **aidevops:DescribeSupportLevel** – Allows users to check the AWS Support plan level for the account to determine available support options. ## Usage and monitoring actions These actions control access to usage information: + **aidevops:GetAccountUsage** – Allows users to view the AWS DevOps Agent monthly quota for investigation hours, prevention evaluation hours, and chat requests, as well as the current month's usage. ## Common IAM policy examples ### Administrator policy This policy grants full access to all AWS DevOps Agent features: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "aidevops:*", "Resource": "*" } ] } ``` ### Operator policy This policy grants access to investigation and prevention features without administrative capabilities: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aidevops:GetAgentSpace", "aidevops:InvokeAgent", "aidevops:ListExecutions", "aidevops:ListJournalRecords", "aidevops:ListAssociations", "aidevops:GetAssociation", "aidevops:DiscoverTopology", "aidevops:ListRecommendations", "aidevops:GetRecommendation", "aidevops:CreateBacklogTask", "aidevops:UpdateBacklogTask", "aidevops:GetBacklogTask", "aidevops:ListBacklogTasks", "aidevops:ListKnowledgeItems", "aidevops:GetKnowledgeItem", "aidevops:InitiateChatForCase", "aidevops:EndChatForCase", "aidevops:ListChats", "aidevops:CreateChat", "aidevops:SendMessage", "aidevops:ListGoals", "aidevops:CreateKnowledgeItem", "aidevops:UpdateKnowledgeItem", "aidevops:DescribeSupportLevel", "aidevops:ListPendingMessages" ], "Resource": "*" } ] } ``` ### Read-only policy This policy grants view-only access to investigations and recommendations: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aidevops:GetAgentSpace", "aidevops:ListAssociations", "aidevops:GetAssociation", "aidevops:ListExecutions", "aidevops:ListJournalRecords", "aidevops:ListRecommendations", "aidevops:GetRecommendation", "aidevops:ListBacklogTasks", "aidevops:GetBacklogTask", "aidevops:ListKnowledgeItems", "aidevops:GetKnowledgeItem", "aidevops:GetAccountUsage" ], "Resource": "*" } ] } ``` ## Using service-linked roles for AWS DevOps Agent AWS DevOps Agent uses AWS Identity and Access Management (IAM) [service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html). A service-linked role is a unique type of IAM role that is linked directly to AWS DevOps Agent. Service-linked roles are predefined by AWS DevOps Agent and include all the permissions that the service requires to call other AWS services on your behalf. ### Service-linked role permissions The `AWSServiceRoleForAIDevOps` service-linked role trusts the `aidevops.amazonaws.com` service principal to assume the role. The role uses the managed policy `AWSServiceRoleForAIDevOpsPolicy` with the following permissions: + `cloudwatch:PutMetricData` – Publish usage metrics to the `AWS/AIDevOps` CloudWatch namespace. Scoped by a `cloudwatch:namespace` condition to only allow the `AWS/AIDevOps` namespace. + `vpc-lattice:CreateResourceGateway` – Create VPC Lattice resource gateways for private connections. Scoped by an `aws:RequestTag/AWSAIDevOpsManaged` condition so the service can only create resource gateways that carry the `AWSAIDevOpsManaged` tag. + `vpc-lattice:TagResource` – Tag VPC Lattice resource gateways. Scoped by an `aws:RequestTag/AWSAIDevOpsManaged` condition. + `vpc-lattice:DeleteResourceGateway` – Delete VPC Lattice resource gateways. Scoped by an `aws:ResourceTag/AWSAIDevOpsManaged` condition so the service can only delete resource gateways it created. + `vpc-lattice:GetResourceGateway` – Retrieve information about VPC Lattice resource gateways. Scoped by an `aws:ResourceTag/AWSAIDevOpsManaged` condition so the service can only read resource gateways it created. + `ec2:DescribeVpcs`, `ec2:DescribeSubnets`, `ec2:DescribeSecurityGroups` – Retrieve information about VPC networking resources required to configure resource gateways. These read-only actions apply to all VPC resources because the EC2 API does not support resource-level permissions for Describe calls. + `iam:CreateServiceLinkedRole` – Create the VPC Lattice service-linked role required for resource gateway operations. This permission is scoped to the `vpc-lattice.amazonaws.com` service principal only and cannot be used to create service-linked roles for any other service. ### Creating the service-linked role You don't need to manually create the `AWSServiceRoleForAIDevOps` service-linked role. When you start using AWS DevOps Agent, the service creates the service-linked role for you. To allow the service to create the role on your behalf, you must have the `iam:CreateServiceLinkedRole` permission. We recommend scoping this permission with an `iam:AWSServiceName` condition for `aidevops.amazonaws.com` to follow the principle of least privilege. For more information, see [Service-linked role permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#service-linked-role-permissions). ### Editing the service-linked role You cannot edit the `AWSServiceRoleForAIDevOps` service-linked role. After the role is created, you cannot change the name of the role because various entities might reference the role by name. However, you can edit the description of the role using IAM. For more information, see [Editing a service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#edit-service-linked-role). ### Deleting the service-linked role If you no longer need to use AWS DevOps Agent, we recommend that you delete the `AWSServiceRoleForAIDevOps` service-linked role. Before you can delete the role, you must first remove any private connections configured in your Agent Space. Deleting the service-linked role does not automatically remove VPC Lattice resource gateways tagged with `AWSAIDevOpsManaged` that were previously created by the service. You should delete these resource gateways manually if they are no longer needed. For more information, see [Deleting a service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#delete-service-linked-role). ## AWS Managed policies for AWS DevOps Agent AWS addresses many common use cases by providing standalone IAM policies that are created and administered by AWS. These AWS managed policies grant necessary permissions for common use cases so that you can avoid having to investigate what permissions are needed. For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) in the \$1IAM User Guide\$1. The following AWS managed policies, which you can attach to users in your account, are specific to AWS DevOps Agent. ### AIDevOpsAgentReadOnlyAccess Provides read only access to Amazon DevOps Agent via the AWS Management Console ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AIDevOpsAgentReadOnlyAccess", "Effect": "Allow", "Action": [ "aidevops:Get*", "aidevops:List*", "aidevops:SearchServiceAccessibleResource" ], "Resource": "*" } ] } ``` ### AIDevOpsAgentFullAccess Provides full access to Amazon DevOps Agent via the AWS Management Console ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AIDevOpsAgentSpaceAccess", "Effect": "Allow", "Action": [ "aidevops:CreateAgentSpace", "aidevops:DeleteAgentSpace", "aidevops:GetAgentSpace", "aidevops:ListAgentSpaces", "aidevops:UpdateAgentSpace" ], "Resource": "*" }, { "Sid": "AIDevOpsServiceAccess", "Effect": "Allow", "Action": [ "aidevops:DeregisterService", "aidevops:GetService", "aidevops:ListServices", "aidevops:RegisterService", "aidevops:SearchServiceAccessibleResource" ], "Resource": "*" }, { "Sid": "AIDevOpsAssociationAccess", "Effect": "Allow", "Action": [ "aidevops:AssociateService", "aidevops:DisassociateService", "aidevops:GetAssociation", "aidevops:ListAssociations", "aidevops:UpdateAssociation", "aidevops:ValidateAwsAssociations" ], "Resource": "*" }, { "Sid": "AIDevOpsWebhookAccess", "Effect": "Allow", "Action": [ "aidevops:ListWebhooks" ], "Resource": "*" }, { "Sid": "AIDevOpsOperatorAppAccess", "Effect": "Allow", "Action": [ "aidevops:DisableOperatorApp", "aidevops:EnableOperatorApp", "aidevops:GetOperatorApp", "aidevops:UpdateOperatorAppIdpConfig" ], "Resource": "*" }, { "Sid": "AIDevOpsKnowledgeAccess", "Effect": "Allow", "Action": [ "aidevops:CreateKnowledgeItem", "aidevops:DeleteKnowledgeItem", "aidevops:GetKnowledgeItem", "aidevops:ListKnowledgeItems", "aidevops:ListKnowledgeItemVersions", "aidevops:UpdateKnowledgeItem" ], "Resource": "*" }, { "Sid": "AIDevOpsBacklogAccess", "Effect": "Allow", "Action": [ "aidevops:CreateBacklogTask", "aidevops:GetBacklogTask", "aidevops:ListBacklogTasks", "aidevops:ListGoals", "aidevops:UpdateBacklogTask", "aidevops:UpdateGoal" ], "Resource": "*" }, { "Sid": "AIDevOpsRecommendationAccess", "Effect": "Allow", "Action": [ "aidevops:GetRecommendation", "aidevops:ListRecommendations", "aidevops:UpdateRecommendation" ], "Resource": "*" }, { "Sid": "AIDevOpsAgentChatAccess", "Effect": "Allow", "Action": [ "aidevops:CreateChat", "aidevops:ListChats", "aidevops:ListPendingMessages", "aidevops:SendMessage" ], "Resource": "*" }, { "Sid": "AIDevOpsJournalAccess", "Effect": "Allow", "Action": [ "aidevops:ListExecutions", "aidevops:ListJournalRecords" ], "Resource": "*" }, { "Sid": "AIDevOpsTopologyAccess", "Effect": "Allow", "Action": [ "aidevops:DiscoverTopology" ], "Resource": "*" }, { "Sid": "AIDevOpsSupportAccess", "Effect": "Allow", "Action": [ "aidevops:DescribeSupportLevel", "aidevops:EndChatForCase", "aidevops:InitiateChatForCase" ], "Resource": "*" }, { "Sid": "AIDevOpsUsageAccess", "Effect": "Allow", "Action": [ "aidevops:GetAccountUsage" ], "Resource": "*" }, { "Sid": "AIDevOpsTaggingAccess", "Effect": "Allow", "Action": [ "aidevops:ListTagsForResource", "aidevops:TagResource", "aidevops:UntagResource" ], "Resource": "*" }, { "Sid": "AIDevOpsVendedLogs", "Effect": "Allow", "Action": [ "aidevops:AllowVendedLogDeliveryForResource" ], "Resource": "*" } ] } ``` ### AIDevOpsOperatorAppAccessPolicy Provides access to use the AWS DevOps operator web app for an Agent Space. ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowOperatorAgentSpaceActions", "Effect": "Allow", "Action": [ "aidevops:GetAgentSpace", "aidevops:GetAssociation", "aidevops:ListAssociations", "aidevops:CreateBacklogTask", "aidevops:GetBacklogTask", "aidevops:UpdateBacklogTask", "aidevops:ListBacklogTasks", "aidevops:ListJournalRecords", "aidevops:DiscoverTopology", "aidevops:ListGoals", "aidevops:ListRecommendations", "aidevops:ListExecutions", "aidevops:GetRecommendation", "aidevops:UpdateRecommendation", "aidevops:CreateKnowledgeItem", "aidevops:ListKnowledgeItems", "aidevops:ListKnowledgeItemVersions", "aidevops:GetKnowledgeItem", "aidevops:UpdateKnowledgeItem", "aidevops:DeleteKnowledgeItem", "aidevops:ListPendingMessages", "aidevops:InitiateChatForCase", "aidevops:EndChatForCase", "aidevops:DescribeSupportLevel", "aidevops:ListChats", "aidevops:CreateChat", "aidevops:SendMessage" ], "Resource": "arn:aws:aidevops:*:*:agentspace/${aws:PrincipalTag/AgentSpaceId}", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "AllowOperatorAccountActions", "Effect": "Allow", "Action": [ "aidevops:GetAccountUsage" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "AllowSupportOperatorActions", "Effect": "Allow", "Action": [ "support:DescribeCases", "support:InitiateChatForCase", "support:DescribeSupportLevel" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } } ] } ``` ### AIDevOpsAgentAccessPolicy Provides permissions required by the AWS DevOps Agent to conduct investigations and perform analysis on customer AWS resources. ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AIOPSServiceAccess", "Effect": "Allow", "Action": [ "access-analyzer:GetAnalyzer", "access-analyzer:List*", "acm-pca:Describe*", "acm-pca:GetCertificate", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:List*", "acm:DescribeCertificate", "acm:GetAccountConfiguration", "aidevops:GetKnowledgeItem", "aidevops:ListKnowledgeItems", "airflow:List*", "amplify:GetApp", "amplify:GetBranch", "amplify:GetDomainAssociation", "amplify:List*", "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "aoss:BatchGetVpcEndpoint", "aoss:GetAccessPolicy", "aoss:GetSecurityConfig", "aoss:GetSecurityPolicy", "aoss:List*", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetEnvironment", "appconfig:GetHostedConfigurationVersion", "appconfig:List*", "appflow:Describe*", "appflow:List*", "application-autoscaling:Describe*", "application-signals:BatchGetServiceLevelObjectiveBudgetReport", "application-signals:GetService", "application-signals:GetServiceLevelObjective", "application-signals:List*", "applicationinsights:Describe*", "applicationinsights:List*", "apprunner:Describe*", "apprunner:List*", "appstream:Describe*", "appstream:List*", "appsync:GetApiAssociation", "appsync:GetDataSource", "appsync:GetDomainName", "appsync:GetFunction", "appsync:GetGraphqlApi", "appsync:GetGraphqlApiEnvironmentVariables", "appsync:GetIntrospectionSchema", "appsync:GetResolver", "appsync:GetSourceApiAssociation", "appsync:List*", "aps:Describe*", "aps:List*", "arc-zonal-shift:GetManagedResource", "arc-zonal-shift:List*", "athena:GetCapacityAssignmentConfiguration", "athena:GetCapacityReservation", "athena:GetDataCatalog", "athena:GetNamedQuery", "athena:GetPreparedStatement", "athena:GetWorkGroup", "athena:List*", "auditmanager:GetAssessment", "auditmanager:List*", "autoscaling:Describe*", "backup-gateway:GetHypervisor", "backup-gateway:List*", "backup:Describe*", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:GetRestoreTestingPlan", "backup:GetRestoreTestingSelection", "backup:List*", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:DescribeSchedulingPolicies", "batch:List*", "bedrock:GetAgent", "bedrock:GetAgentActionGroup", "bedrock:GetAgentAlias", "bedrock:GetAgentKnowledgeBase", "bedrock:GetDataSource", "bedrock:GetGuardrail", "bedrock:GetKnowledgeBase", "bedrock:List*", "budgets:Describe*", "budgets:List*", "ce:Describe*", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "ce:List*", "chatbot:Describe*", "chatbot:GetMicrosoftTeamsChannelConfiguration", "chatbot:List*", "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:List*", "cleanrooms:GetAnalysisTemplate", "cleanrooms:GetCollaboration", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetConfiguredTableAssociation", "cleanrooms:GetMembership", "cleanrooms:List*", "cloudformation:Describe*", "cloudformation:GetResource", "cloudformation:GetStackPolicy", "cloudformation:GetTemplate", "cloudformation:List*", "cloudfront:Describe*", "cloudfront:GetCachePolicy", "cloudfront:GetCloudFrontOriginAccessIdentity", "cloudfront:GetContinuousDeploymentPolicy", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:GetFunction", "cloudfront:GetKeyGroup", "cloudfront:GetMonitoringSubscription", "cloudfront:GetOriginAccessControl", "cloudfront:GetOriginRequestPolicy", "cloudfront:GetPublicKey", "cloudfront:GetRealtimeLogConfig", "cloudfront:GetResponseHeadersPolicy", "cloudfront:List*", "cloudtrail:Describe*", "cloudtrail:GetChannel", "cloudtrail:GetEventConfiguration", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", "cloudtrail:GetInsightSelectors", "cloudtrail:GetQueryResults", "cloudtrail:GetResourcePolicy", "cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:List*", "cloudtrail:LookupEvents", "cloudtrail:StartQuery", "cloudwatch:Describe*", "cloudwatch:GenerateQuery", "cloudwatch:GetDashboard", "cloudwatch:GetInsightRuleReport", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:GetMetricStream", "cloudwatch:GetService", "cloudwatch:GetServiceLevelObjective", "cloudwatch:List*", "codeartifact:Describe*", "codeartifact:GetDomainPermissionsPolicy", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:List*", "codebuild:BatchGetFleets", "codebuild:List*", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codedeploy:BatchGetDeployments", "codedeploy:BatchGetDeploymentTargets", "codedeploy:GetApplication", "codedeploy:GetDeploymentConfig", "codedeploy:GetDeploymentTarget", "codedeploy:List*", "codeguru-profiler:Describe*", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:List*", "codeguru-reviewer:Describe*", "codeguru-reviewer:List*", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:List*", "codestar-connections:GetConnection", "codestar-connections:GetRepositoryLink", "codestar-connections:GetSyncConfiguration", "codestar-connections:List*", "codestar-notifications:Describe*", "codestar-notifications:List*", "cognito-identity:DescribeIdentityPool", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:ListIdentityPools", "cognito-identity:ListTagsForResource", "cognito-idp:AdminListGroupsForUser", "cognito-idp:DescribeIdentityProvider", "cognito-idp:DescribeResourceServer", "cognito-idp:DescribeRiskConfiguration", "cognito-idp:DescribeUserImportJob", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:GetGroup", "cognito-idp:GetLogDeliveryConfiguration", "cognito-idp:GetUICustomization", "cognito-idp:GetUserPoolMfaConfig", "cognito-idp:GetWebACLForResource", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListResourceServers", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "cognito-idp:ListTagsForResource", "comprehend:Describe*", "comprehend:List*", "config:Describe*", "config:GetStoredQuery", "config:List*", "connect:Describe*", "connect:GetTaskTemplate", "connect:List*", "databrew:Describe*", "databrew:List*", "datapipeline:Describe*", "datapipeline:GetPipelineDefinition", "datapipeline:List*", "datasync:Describe*", "datasync:List*", "deadline:GetFarm", "deadline:GetFleet", "deadline:GetLicenseEndpoint", "deadline:GetMonitor", "deadline:GetQueue", "deadline:GetQueueEnvironment", "deadline:GetQueueFleetAssociation", "deadline:GetStorageProfile", "deadline:List*", "detective:GetMembers", "detective:List*", "devicefarm:GetDevicePool", "devicefarm:GetInstanceProfile", "devicefarm:GetNetworkProfile", "devicefarm:GetProject", "devicefarm:GetTestGridProject", "devicefarm:GetVPCEConfiguration", "devicefarm:List*", "devops-guru:Describe*", "devops-guru:GetResourceCollection", "devops-guru:List*", "dms:Describe*", "dms:List*", "ds:Describe*", "dynamodb:Describe*", "dynamodb:GetResourcePolicy", "dynamodb:List*", "ec2:Describe*", "ec2:GetAssociatedEnclaveCertificateIamRoles", "ec2:GetIpamPoolAllocations", "ec2:GetIpamPoolCidrs", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetSnapshotBlockPublicAccessState", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:GetVerifiedAccessEndpointPolicy", "ec2:GetVerifiedAccessGroupPolicy", "ec2:GetVerifiedAccessInstanceWebAcl", "ec2:SearchLocalGatewayRoutes", "ec2:SearchTransitGatewayRoutes", "ecr:Describe*", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:List*", "ecs:Describe*", "ecs:List*", "eks:AccessKubernetesApi", "eks:Describe*", "eks:List*", "elasticache:Describe*", "elasticache:List*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticfilesystem:Describe*", "elasticloadbalancing:GetResourcePolicy", "elasticloadbalancing:GetTrustStoreCaCertificatesBundle", "elasticloadbalancing:GetTrustStoreRevocationContent", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:List*", "emr-containers:Describe*", "emr-containers:List*", "emr-serverless:GetApplication", "emr-serverless:List*", "es:Describe*", "es:List*", "events:Describe*", "events:List*", "evidently:GetExperiment", "evidently:GetFeature", "evidently:GetLaunch", "evidently:GetProject", "evidently:GetSegment", "evidently:List*", "firehose:Describe*", "firehose:List*", "fis:GetExperimentTemplate", "fis:GetTargetAccountConfiguration", "fis:List*", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:List*", "forecast:Describe*", "forecast:List*", "frauddetector:BatchGetVariable", "frauddetector:Describe*", "frauddetector:GetDetectors", "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetLabels", "frauddetector:GetListElements", "frauddetector:GetListsMetadata", "frauddetector:GetModelVersion", "frauddetector:GetOutcomes", "frauddetector:GetRules", "frauddetector:GetVariables", "frauddetector:List*", "fsx:Describe*", "gamelift:Describe*", "gamelift:List*", "globalaccelerator:Describe*", "globalaccelerator:List*", "glue:GetDatabase", "glue:GetDatabases", "glue:GetJob", "glue:GetRegistry", "glue:GetSchema", "glue:GetSchemaVersion", "glue:GetTable", "glue:GetTags", "glue:GetTrigger", "glue:List*", "glue:querySchemaVersionMetadata", "grafana:Describe*", "grafana:List*", "greengrass:Describe*", "greengrass:GetDeployment", "greengrass:List*", "groundstation:GetConfig", "groundstation:GetDataflowEndpointGroup", "groundstation:GetMissionProfile", "groundstation:List*", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetIPSet", "guardduty:GetMalwareProtectionPlan", "guardduty:GetMasterAccount", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:List*", "health:DescribeEvents", "health:DescribeEventDetails", "healthlake:Describe*", "healthlake:List*", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetInstanceProfile", "iam:GetLoginProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetServiceLinkedRoleDeletionStatus", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAttachedRolePolicies", "iam:ListOpenIDConnectProviders", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListServerCertificates", "iam:ListVirtualMFADevices", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership", "identitystore:ListGroupMemberships", "identitystore:ListGroups", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", "imagebuilder:GetImage", "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:GetLifecyclePolicy", "imagebuilder:GetWorkflow", "imagebuilder:List*", "inspector2:List*", "inspector:Describe*", "inspector:List*", "internetmonitor:GetMonitor", "internetmonitor:List*", "iot:Describe*", "iot:GetPackage", "iot:GetPackageVersion", "iot:GetPolicy", "iot:GetThingShadow", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:GetV2LoggingOptions", "iot:List*", "iotanalytics:Describe*", "iotanalytics:List*", "iotevents:Describe*", "iotevents:List*", "iotsitewise:Describe*", "iotsitewise:List*", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:GetNetworkAnalyzerConfiguration", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:List*", "ivs:GetChannel", "ivs:GetEncoderConfiguration", "ivs:GetPlaybackRestrictionPolicy", "ivs:GetRecordingConfiguration", "ivs:GetStage", "ivs:List*", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom", "ivschat:List*", "kafka:Describe*", "kafka:GetClusterPolicy", "kafka:List*", "kafkaconnect:Describe*", "kafkaconnect:List*", "kendra:Describe*", "kendra:List*", "kinesis:Describe*", "kinesis:GetResourcePolicy", "kinesis:List*", "kinesisanalytics:Describe*", "kinesisanalytics:List*", "kinesisvideo:Describe*", "kms:DescribeKey", "kms:ListResourceTags", "kms:ListKeys", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeyRotations", "lakeformation:Describe*", "lakeformation:GetLFTag", "lakeformation:GetResourceLFTags", "lakeformation:List*", "lambda:GetAlias", "lambda:GetCodeSigningConfig", "lambda:GetEventSourceMapping", "lambda:GetFunctionCodeSigningConfig", "lambda:GetFunctionConfiguration", "lambda:GetFunctionEventInvokeConfig", "lambda:GetFunctionRecursionConfig", "lambda:GetFunctionUrlConfig", "lambda:GetLayerVersion", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:GetProvisionedConcurrencyConfig", "lambda:GetRuntimeManagementConfig", "lambda:List*", "launchwizard:GetDeployment", "launchwizard:List*", "license-manager:GetLicense", "license-manager:List*", "lightsail:GetAlarms", "lightsail:GetBuckets", "lightsail:GetCertificates", "lightsail:GetContainerServices", "lightsail:GetDisk", "lightsail:GetDisks", "lightsail:GetInstance", "lightsail:GetInstances", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancers", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "logs:Describe*", "logs:FilterLogEvents", "logs:GetDataProtectionPolicy", "logs:GetDelivery", "logs:GetDeliveryDestination", "logs:GetDeliveryDestinationPolicy", "logs:GetDeliverySource", "logs:GetLogAnomalyDetector", "logs:GetLogDelivery", "logs:GetLogGroupFields", "logs:GetQueryResults", "logs:List*", "logs:StartQuery", "logs:StopLiveTail", "logs:StopQuery", "logs:TestMetricFilter", "m2:GetApplication", "m2:GetEnvironment", "m2:List*", "macie2:GetAllowList", "macie2:GetCustomDataIdentifier", "macie2:GetFindingsFilter", "macie2:GetMacieSession", "macie2:List*", "mediaconnect:Describe*", "mediaconnect:List*", "medialive:Describe*", "medialive:GetCloudWatchAlarmTemplate", "medialive:GetCloudWatchAlarmTemplateGroup", "medialive:GetEventBridgeRuleTemplate", "medialive:GetEventBridgeRuleTemplateGroup", "medialive:GetSignalMap", "medialive:List*", "mediapackage-vod:Describe*", "mediapackage-vod:List*", "mediapackage:Describe*", "mediapackage:List*", "mediapackagev2:GetChannel", "mediapackagev2:GetChannelGroup", "mediapackagev2:GetChannelPolicy", "mediapackagev2:GetOriginEndpoint", "mediapackagev2:GetOriginEndpointPolicy", "mediapackagev2:List*", "memorydb:Describe*", "memorydb:List*", "mobiletargeting:GetInAppTemplate", "mobiletargeting:List*", "mq:Describe*", "mq:List*", "network-firewall:Describe*", "network-firewall:List*", "networkmanager:Describe*", "networkmanager:GetConnectAttachment", "networkmanager:GetConnectPeer", "networkmanager:GetCoreNetwork", "networkmanager:GetCoreNetworkPolicy", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetDevices", "networkmanager:GetLinkAssociations", "networkmanager:GetLinks", "networkmanager:GetSites", "networkmanager:GetSiteToSiteVpnAttachment", "networkmanager:GetTransitGatewayPeering", "networkmanager:GetTransitGatewayRegistrations", "networkmanager:GetTransitGatewayRouteTableAttachment", "networkmanager:GetVpcAttachment", "networkmanager:List*", "oam:GetLink", "oam:GetSink", "oam:GetSinkPolicy", "oam:List*", "omics:GetAnnotationStore", "omics:GetReferenceStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:GetWorkflow", "omics:List*", "organizations:Describe*", "organizations:List*", "osis:GetPipeline", "osis:List*", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:List*", "pca-connector-ad:GetConnector", "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:GetServicePrincipalName", "pca-connector-ad:GetTemplate", "pca-connector-ad:GetTemplateGroupAccessControlEntry", "pca-connector-ad:List*", "pca-connector-scep:GetChallengeMetadata", "pca-connector-scep:GetConnector", "pca-connector-scep:List*", "personalize:Describe*", "personalize:List*", "pi:DescribeDimensionKeys", "pi:GetResourceMetadata", "pi:GetResourceMetrics", "pi:ListAvailableResourceDimensions", "pi:ListAvailableResourceMetrics", "pipes:Describe*", "pipes:List*", "proton:GetEnvironmentTemplate", "proton:GetServiceTemplate", "proton:List*", "qbusiness:GetApplication", "qbusiness:GetDataSource", "qbusiness:GetIndex", "qbusiness:GetPlugin", "qbusiness:GetRetriever", "qbusiness:GetWebExperience", "qbusiness:List*", "ram:GetPermission", "ram:GetResourceShares", "ram:List*", "rds:Describe*", "rds:List*", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:List*", "redshift:Describe*", "refactor-spaces:GetApplication", "refactor-spaces:GetEnvironment", "refactor-spaces:GetRoute", "refactor-spaces:List*", "rekognition:Describe*", "rekognition:List*", "resiliencehub:Describe*", "resiliencehub:List*", "resource-explorer-2:GetDefaultView", "resource-explorer-2:GetIndex", "resource-explorer-2:GetView", "resource-explorer-2:List*", "resource-explorer-2:Search", "resource-groups:GetGroup", "resource-groups:GetGroupConfiguration", "resource-groups:GetGroupQuery", "resource-groups:GetTags", "resource-groups:List*", "route53-recovery-control-config:Describe*", "route53-recovery-control-config:List*", "route53-recovery-readiness:GetCell", "route53-recovery-readiness:GetReadinessCheck", "route53-recovery-readiness:GetRecoveryGroup", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:List*", "route53:GetDNSSEC", "route53:GetHealthCheck", "route53:GetHealthCheckStatus", "route53:GetHostedZone", "route53:List*", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:GetProfileResourceAssociation", "route53profiles:List*", "route53resolver:GetFirewallDomainList", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetOutpostResolver", "route53resolver:GetResolverConfig", "route53resolver:GetResolverQueryLogConfig", "route53resolver:GetResolverQueryLogConfigAssociation", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:List*", "rum:GetAppMonitor", "rum:List*", "s3-outposts:ListEndpoints", "s3-outposts:ListOutpostsWithS3", "s3:GetAccessGrant", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:GetAccessPoint", "s3:GetAccessPointConfigurationForObjectLambda", "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetBucketAbac", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketMetadataTableConfiguration", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketOwnershipControls", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMultiRegionAccessPoint", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:GetStorageLensGroup", "s3:ListAllMyBuckets", "sagemaker:Describe*", "sagemaker:List*", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:List*", "schemas:Describe*", "schemas:GetResourcePolicy", "schemas:List*", "secretsmanager:Describe*", "secretsmanager:GetResourcePolicy", "secretsmanager:List*", "securityhub:BatchGetAutomationRules", "securityhub:BatchGetSecurityControls", "securityhub:Describe*", "securityhub:GetConfigurationPolicy", "securityhub:GetConfigurationPolicyAssociation", "securityhub:GetEnabledStandards", "securityhub:GetFindingAggregator", "securityhub:GetInsights", "securityhub:List*", "securitylake:GetSubscriber", "securitylake:List*", "servicecatalog:Describe*", "servicecatalog:GetApplication", "servicecatalog:GetAttributeGroup", "servicecatalog:List*", "servicequotas:GetServiceQuota", "ses:Describe*", "ses:GetAccount", "ses:GetAddonInstance", "ses:GetAddonSubscription", "ses:GetArchive", "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", "ses:GetEmailIdentity", "ses:GetEmailTemplate", "ses:GetIngressPoint", "ses:GetRelay", "ses:GetRuleSet", "ses:GetTemplate", "ses:GetTrafficPolicy", "ses:List*", "shield:Describe*", "shield:List*", "signer:GetSigningProfile", "signer:List*", "sns:GetDataProtectionPolicy", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:List*", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:List*", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:List*", "ssm-incidents:GetReplicationSet", "ssm-incidents:GetResponsePlan", "ssm-incidents:List*", "ssm-sap:GetApplication", "ssm-sap:List*", "ssm:Describe*", "ssm:GetDefaultPatchBaseline", "ssm:GetDocument", "ssm:GetParameters", "ssm:GetPatchBaseline", "ssm:GetResourcePolicies", "ssm:List*", "sso:GetInlinePolicyForPermissionSet", "sso:GetManagedApplicationInstance", "sso:GetPermissionsBoundaryForPermissionSet", "sso:GetSharedSsoConfiguration", "sso:ListAccountAssignments", "sso:ListApplicationAssignments", "sso:ListApplications", "sso:ListCustomerManagedPolicyReferencesInPermissionSet", "sso:ListInstances", "sso:ListManagedPoliciesInPermissionSet", "sso:ListTagsForResource", "states:GetExecutionHistory", "states:Describe*", "states:List*", "support:CreateCase", "support:DescribeCases", "synthetics:Describe*", "synthetics:GetCanary", "synthetics:GetCanaryRuns", "synthetics:GetGroup", "synthetics:List*", "tag:GetResources", "timestream:Describe*", "timestream:List*", "transfer:Describe*", "transfer:List*", "verifiedpermissions:GetIdentitySource", "verifiedpermissions:GetPolicy", "verifiedpermissions:GetPolicyStore", "verifiedpermissions:GetPolicyTemplate", "verifiedpermissions:GetSchema", "verifiedpermissions:List*", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetAuthPolicy", "vpc-lattice:GetListener", "vpc-lattice:GetResourcePolicy", "vpc-lattice:GetRule", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetServiceNetworkServiceAssociation", "vpc-lattice:GetServiceNetworkVpcAssociation", "vpc-lattice:GetTargetGroup", "vpc-lattice:List*", "wafv2:GetIPSet", "wafv2:GetLoggingConfiguration", "wafv2:GetRegexPatternSet", "wafv2:GetRuleGroup", "wafv2:GetWebACL", "wafv2:GetWebACLForResource", "wafv2:List*", "workspaces-web:GetBrowserSettings", "workspaces-web:GetIdentityProvider", "workspaces-web:GetNetworkSettings", "workspaces-web:GetPortal", "workspaces-web:GetPortalServiceProviderMetadata", "workspaces-web:GetTrustStore", "workspaces-web:GetUserAccessLoggingSettings", "workspaces-web:GetUserSettings", "workspaces-web:List*", "workspaces:Describe*", "xray:BatchGetTraces", "xray:GetGroup", "xray:GetGroups", "xray:GetSamplingRules", "xray:GetServiceGraph", "xray:GetTraceSummaries", "xray:List*" ], "Resource": "*" }, { "Sid": "AIOPSAPIGatewayAccess", "Effect": "Allow", "Action": [ "apigateway:GET" ], "Resource": [ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/restapis/*/deployments", "arn:aws:apigateway:*::/restapis/*/deployments/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integrations", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integrations/*", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*", "arn:aws:apigateway:*::/apis/*/deployments", "arn:aws:apigateway:*::/apis/*/deployments/*", "arn:aws:apigateway:*::/apis/*/integrations", "arn:aws:apigateway:*::/apis/*/integrations/*", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/domainnames/*" ] } ] } ``` # Limiting Agent Access in an AWS Account AWS DevOps Agent uses IAM roles to discover and describe AWS resources during incident investigations and preventative evaluations. You can control the level of access the agent has by configuring IAM policies attached to these roles. The application topology doesn't show everything the agent has access to—IAM policies are the only way to truly limit what AWS service APIs and resources the agent can access. ## Understanding IAM roles for AWS DevOps Agent AWS DevOps Agent uses IAM roles to access resources in two types of accounts: + **Primary account role** – Grants the agent access to resources in the AWS account where you create the Agent Space. + **Secondary account roles** – Grants the agent access to resources in additional AWS accounts that you connect to the Agent Space. For either type of account, you can restrict which AWS services the agent can access, limit access to specific resources within those services, and control which regions the agent can operate in. ## Choosing your resource boundaries When limiting resource access, you need to include enough permissions for the agent to successfully investigate application incidents. This includes: + All resources for in-scope applications that the agent should monitor and investigate + All supporting infrastructure that those applications depend on Supporting infrastructure may include: + Networking components (VPCs, subnets, load balancers, API gateways) + Data stores (databases, caches, object storage) + Compute resources (EC2 instances, Lambda functions, containers) + Monitoring and logging services (CloudWatch, CloudTrail) + Identity and access management resources needed to understand permissions If you restrict access too narrowly, the agent may not be able to identify root causes that originate in supporting infrastructure outside your defined boundaries. ## Restricting service access You can limit which AWS services the agent can access by modifying the IAM policies attached to the agent's roles. When creating custom policies, follow these best practices: + **Grant only read-only permissions** – The agent needs to read resource configurations, metrics, and logs during investigations. Avoid granting permissions that allow the agent to modify or delete resources. + **Limit to necessary services** – Include only the AWS services that contain resources relevant to your applications. For example, if your application doesn't use Amazon RDS, don't include RDS permissions in the policy. + **Use specific actions instead of wildcards** – Instead of granting `service:*` permissions, specify individual actions like `cloudwatch:GetMetricData` or `ec2:DescribeInstances`. Example policy restricting to specific services: ``` json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:DescribeAlarms", "logs:GetLogEvents", "logs:FilterLogEvents", "ec2:DescribeInstances", "lambda:GetFunction", "lambda:GetFunctionConfiguration" ], "Resource": "*" } ] } ``` ## Restricting resource access To limit the agent to specific resources within a service, use resource-level permissions in your IAM policies. This allows you to grant access only to resources that match specific patterns. **Using resource ARN patterns:** ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:GetFunction", "lambda:GetFunctionConfiguration" ], "Resource": "arn:aws:lambda:*:*:function:production-*" } ] } ``` This example limits the agent to accessing only Lambda functions with names that begin with "production-". **Using tag-based restrictions:** ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeInstanceStatus" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/Environment": "production" } } } ] } ``` This example limits the agent to accessing only EC2 instances tagged with `Environment=production`. ## Restricting regional access To limit which AWS regions the agent can access, use the `aws:RequestedRegion` condition key in your IAM policies: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:Describe*", "lambda:Get*", "cloudwatch:Get*" ], "Resource": "*", "Condition": { "StringEquals": { "aws:RequestedRegion": [ "us-east-1", "us-west-2" ] } } } ] } ``` This example limits the agent to accessing resources only in the us-east-1 and us-west-2 regions. ## Creating custom IAM policies When you create an Agent Space or add secondary accounts, you have the option to create a custom IAM role using a policy template. This allows you to implement the principle of least privilege. **When creating an Agent Space** From the DevOps Agent console in the AWS Management Console... + Choose **Create a new DevOps Agent role using a policy document** and follow the instructions **When editing an Agent Space** From the DevOps Agent console in the AWS Management Console... + Select the **Capabilities** tab + Select the secondary account you want to edit from the **Cloud** section and click Edit + Chose **Create a new DevOps Agent policy using a template** and follow the instructions ## Custom policy best practices + **Grant only read-only permissions** – Avoid permissions that allow resource modification or deletion + **Use resource-level permissions when possible** – Restrict access to specific resources using ARN patterns or tags + **Regularly review and audit permissions** – Periodically review the agent's IAM policies to ensure they still align with your security requirements # Setting Up IAM Identity Center Authentication IAM Identity Center authentication provides a centralized way to manage user access to the AWS DevOps Agent Space web application. This guide explains how to configure IAM Identity Center authentication and manage users. ## Prerequisites Before setting up IAM Identity Center authentication, ensure you have: + IAM Identity Center enabled in your organization or account + Administrator permissions in AWS DevOps Agent + An Agent Space configured or ready to create ## Authentication options AWS DevOps Agent offers two authentication methods for accessing the Agent Space web app: **IAM Identity Center authentication** – Recommended for production environments. Provides centralized user management, integration with external identity providers, and sessions up to 12 hours. **Admin access (IAM authentication)** – Provides quick access for administrators during initial setup and configuration. Sessions are limited to 30 minutes. ## Configuring IAM Identity Center during Agent Space creation When you create an Agent Space, you can configure IAM Identity Center authentication on the **Access** tab: ### Step 1: Navigate to the Web app configuration 1. After configuring your Agent Space details and AWS account access, proceed to the **Access** tab 1. You'll see two sections: "Connect IAM Identity Center" and "Admin access" ### Step 2: Configure IAM Identity Center integration In the **Connect [Agent Space] to IAM Identity Center** section: 1. **Verify the IAM Identity Center instance** – The console displays which Identity Center instance will manage Web App user access (for example, `ssoins-7223a9580931edbe`). Your closest IAM Identity Center instance will automatically be pre-populated. 1. **Select the IAM Identity Center Application Role Name option** – Choose one of three options: **Auto-create a new DevOps Agent role** (recommended): + The system automatically creates a new service role with appropriate permissions + This is the simplest option and works for most use cases **Assign an existing role**: + Use an existing IAM role that you've already created + The system will verify the role has the required permissions + Choose this option if your organization has pre-created roles for AWS DevOps Agent **Create a new DevOps Agent role using a policy template**: + Use the provided policy details to create your own custom role in the IAM Console + Choose this option if you need to customize the role permissions After clicking Connect, the system automatically: + Creates or configures the specified IAM role + Sets up an IAM Identity Center application for your Agent Space + Establishes trust relationships between IAM Identity Center and the Agent Space web app + Configures OAuth 2.0 authentication flows for secure user access ### Alternative: Using admin access If you want to access the Agent Space web app immediately without setting up IAM Identity Center: 1. In the **Admin access** section, note the IAM Role ARN that provides administrator access (for example, `arn:aws:iam::440491339484:role/service-role/DevOpsAgentRole-WebappAdmin-15ppoc42`) 1. Click the blue **Admin access** button to launch the Agent Space web app with IAM authentication 1. Sessions using this method are limited to 30 minutes **Note** ** Admin access is intended for initial setup and configuration. For production use and ongoing operations, configure IAM Identity Center authentication. ## Adding users and groups After configuring IAM Identity Center authentication, you need to grant specific users and groups access to the Agent Space web app: ### Step 1: Access user management 1. In the AWS DevOps Agent console, select your Agent Space 1. Go to the **Access** tab 1. Under **User Access**, click **Manage Users and Groups** ### Step 2: Add users or groups 1. Choose **Add Users or Groups** 1. Search for users or groups in your IAM Identity Center directory 1. Select the checkboxes next to the users or groups you want to add 1. Click **Add** to grant them access The selected users can now access the Agent Space web app using their IAM Identity Center credentials. ### Working with external identity providers If you're using an external identity provider (such as Okta, Microsoft Entra ID, or Ping Identity) with IAM Identity Center: + Users and groups are synchronized from your external identity provider to IAM Identity Center + When you add users and groups to the Agent Space web app, you're selecting from the synchronized directory + User attributes and group memberships are maintained by your external identity provider + Changes in your identity provider are automatically reflected in IAM Identity Center after synchronization ## How users access the Agent Space web app After you've added users to your Agent Space: 1. Share the Agent Space web app URL with authorized users 1. When users navigate to the URL, they're redirected to the IAM Identity Center login page 1. After entering their credentials (and completing MFA if configured), they're redirected back to the Agent Space web app 1. Their session is valid for 8 hours by default (configurable by the Identity Center administrator) ## Managing user access You can update user access at any time: **Adding more users or groups:** + Follow the same steps described above to add additional users or groups **Removing access:** 1. In the **User Access** section, find the user or group to remove 1. Click the **Remove** button next to their name 1. Confirm the removal Removed users will lose access immediately, but active sessions may continue until they expire. ## Session management IAM Identity Center sessions for the Agent Space web app have the following characteristics: + **Default session duration** – 8 hours + **Session security** – HTTP-only cookies for enhanced protection + **Multi-factor authentication** – Supported when configured in IAM Identity Center + **API credentials** – Short-duration (15-minute) SigV4 credentials are issued for API calls and renewed automatically To configure session duration: 1. Navigate to the IAM Identity Center console 1. Go to **Settings** > **Authentication** 1. Under **Session duration**, configure your preferred duration (from 1 hour to 12 hours) 1. Choose **Save changes** ## Disconnecting Identity Center 1. In your Agent Space’s console, click **Actions** in the top-right and select **Disconnect from IAM Identity Center** 1. Confirm in confirmation dialog # Setting Up External Identity Provider (IdP) Authentication External identity provider (IdP) authentication allows your organization to use an existing OIDC-compatible identity provider, such as Okta or Microsoft Entra ID, to manage user access to the AWS DevOps Agent Space web application. Users sign in with their corporate credentials directly through your IdP, without requiring AWS IAM Identity Center. ## Prerequisites Before setting up external IdP authentication, ensure you have: + An OIDC-compatible identity provider (Okta or Microsoft Entra ID) + Administrator access to your identity provider + Administrator permissions to access AWS DevOps Agent console + An Agent Space configured or ready to create ## How it works When you configure external IdP authentication: + Users navigate to the Agent Space web app URL + They are redirected to your identity provider's login page + After authenticating with their corporate credentials, they are redirected back to the web app + The web app exchanges the authentication token for short-lived AWS credentials scoped to the Agent Space Sessions are valid for up to 8 hours. Credentials are automatically refreshed using OIDC refresh tokens without requiring users to re-authenticate. ## Configuring external IdP authentication ### Step 1: Register an application in your identity provider Choose your identity provider and follow the corresponding setup instructions. #### Option A: Okta 1. In the Okta Admin Console, navigate to **Applications** > **Applications** and choose **Create App Integration** 1. Select **OIDC - OpenID Connect** as the sign-in method and **Web Application** as the application type. Choose **Next** 1. Set a descriptive name for the application (for example, `AWS DevOps Agent`) 1. Under **Grant type**, ensure the following are checked: + **Authorization Code** (default) + **Refresh Token** — This is required for session refresh. If not enabled, users will be unable to maintain sessions. **Note** ** Okta does not enable the Refresh Token grant type by default. You must explicitly enable it. 1. Leave the **Sign-in redirect URIs** as the default value for now — you will update it after configuring the Agent Space 1. Under **Assignments**, assign the users or groups that should have access 1. Choose **Save** 1. On the application's **General** tab, note the following values: + **Client ID** + **Client secret** — Choose **Copy** to save this value securely 1. Note your **Okta domain** — this is your Issuer URL (for example, `https://dev-12345678.okta.com`). **Note** ** On the ** Sign On ** tab, verify the ** Issuer ** is set to ** Okta URL ** (not Dynamic). This ensures a stable issuer URL. **Note** ** Do not add a ** groups ** claim to the ID token in your authorization server's Claims tab. AWS DevOps Agent does not use group membership from your IdP. #### Option B: Microsoft Entra ID 1. In the Azure portal, navigate to **Microsoft Entra ID** > **App registrations** > **New registration** 1. Set a descriptive name (for example, `AWS DevOps Agent`) 1. Under **Supported account types**, select the option appropriate for your organization (typically **Accounts in this organizational directory only**) 1. Leave the **Redirect URI** blank for now. Choose **Register** 1. On the application **Overview** page, note the following values: + **Application (client) ID** — used as the Client ID when configuring the Agent Space + **Directory (tenant) ID** — used to construct the Issuer URL 1. Navigate to **Certificates & secrets** > **New client secret** + Set a description and expiration period + Choose **Add** and copy the secret **Value** immediately — it will not be shown again 1. The Issuer URL for Entra ID follows this format. Replace `{tenant-id}` with your Directory (tenant) ID from step 5: + `https://login.microsoftonline.com/{tenant-id}/v2.0` **Note** ** Do not enable the ** groups ** optional claim in ** Token configuration **. AWS DevOps Agent does not use group membership from your IdP. ### Step 2: Enable the Operator App with IdP authentication 1. In the AWS DevOps Agent console, select your Agent Space 1. Go to the **Access** tab 1. Under **User access**, choose **External identity provider** 1. In the configuration form, configure the following: + **Identity Provider** — Select your identity provider (Okta or Microsoft Entra ID) + **Issuer URL** — The OIDC issuer URL from your identity provider + **Client ID** — The client ID from the OIDC application you created + **Client Secret** — The client secret from your OIDC application 1. Under **Identity Provider Application Role Name**, choose one of three options: + **Auto-create a new DevOps Agent role** (recommended) — Creates a new service role with appropriate permissions + **Assign an existing role** — Use an existing IAM role that you've already created + **Create a new DevOps Agent role using a policy template** — Use the provided details to create your own role in the IAM Console 1. Review the **Callback URL** warning alert displayed at the bottom of the form. Copy this URL — you will need to add it to your identity provider's allowed redirect URIs before users can sign in. 1. Choose **Connect** After choosing **Connect**, the console displays the **External Identity Provider Configuration** with the following details: + **Provider** — The identity provider you selected + **Issuer URL** — The configured OIDC issuer URL + **Client ID** — The configured client ID + **IAM Role ARN** — The IAM role used for user access + **Callback URL** — Configure this URL in your identity provider as an allowed redirect URI + **Login URL** — Use this URL to access the web app through your identity provider ### Step 3: Add the callback URL to your identity provider #### Okta 1. In the Okta Admin Console, navigate to your application's **General** tab 1. Under **Login**, choose **Edit** 1. Add the callback URL as a **Sign-in redirect URI**: + `https://{agentSpaceId}.aidevops.global.app.aws/authorizer/idp/callback` 1. (Optional) Set the **Initiate login URI** to enable IdP-initiated login from the Okta dashboard: + `https://{agentSpaceId}.aidevops.global.app.aws/authorizer/idp/login` 1. (Recommended) Add a **Sign-out redirect URI** to redirect users back to the web app after logout. Without this, users may see an error page when logging out: + `https://{agentSpaceId}.aidevops.global.app.aws/authorizer/welcome` 1. Choose **Save** #### Microsoft Entra ID 1. In the Azure portal, navigate to your application's **Authentication** page 1. Under **Platform configurations**, choose **Add a platform** > **Web** 1. Enter the callback URL as the **Redirect URI**: + `https://{agentSpaceId}.aidevops.global.app.aws/authorizer/idp/callback` 1. (Optional) Add a sign-out redirect URI to redirect users back to the web app after logout: + `https://{agentSpaceId}.aidevops.global.app.aws/authorizer/welcome` 1. Choose **Configure** ### Step 4: Verify the configuration 1. Navigate to the **Login URL** shown in the console: + `https://{agentSpaceId}.aidevops.global.app.aws/authorizer/idp/login` 1. You should be redirected to your identity provider's login page 1. Sign in with your corporate credentials 1. After successful authentication, you are redirected back to the Agent Space web app ## Updating IdP configuration You can rotate the client secret without disconnecting: 1. In the AWS DevOps Agent console, select your Agent Space 1. Go to the **Access** tab 1. Under **External Identity Provider Configuration**, choose **Rotate client secret** 1. Enter the new **Client Secret** 1. Choose **Save** To change any other IdP configuration field (such as Issuer URL, Client ID, or identity provider), you must disconnect the existing IdP and configure a new one. ## How users access the Agent Space web app After configuring external IdP authentication: + Share the Agent Space web app URL with authorized users + When users navigate to the URL, they are redirected to your identity provider's login page + After entering their credentials (and completing MFA if configured by your IdP), they are redirected back to the Agent Space web app + Sessions refresh automatically — see [Session management](#session-management) for details ## Session management External IdP sessions for the Agent Space web app have the following characteristics: + **Session duration** — Browser sessions last up to 8 hours. This is not configurable in AWS DevOps Agent. If your IdP's session lifetime exceeds 8 hours, users may be re-authenticated automatically on their next visit without entering credentials. Configure your IdP's session and token lifetimes according to your organization's security requirements. + **Credential refresh** — Sessions are automatically refreshed using OIDC refresh tokens without requiring users to re-authenticate + **Multi-factor authentication** — Supported when configured in your identity provider. The IdP handles MFA during login — no additional configuration is needed in AWS DevOps Agent ### Logout behavior When a user clicks **Logout** in the web app: 1. All session cookies are cleared immediately 1. The user is redirected to the identity provider's OIDC logout endpoint to terminate the SSO session 1. If a sign-out redirect URI is configured, the user is redirected back to the web app welcome page ### Revoking user access To immediately revoke a user's access, you can revoke their sessions directly in your identity provider's admin portal: + **Okta** — In the Okta Admin Console, navigate to **Directory** > **People**, select the user, choose **More Actions** > **Clear User Sessions** + **Microsoft Entra ID** — In the Azure portal, navigate to **Users**, select the user, and choose **Revoke sessions** ## Security considerations **Client secret storage** — The client secret you provide during setup is encrypted using your customer-managed KMS key if you provided one when creating the Agent Space, or a service-owned key otherwise. It is never returned in API responses or displayed in the console after initial configuration. **Client secret rotation** — Entra client secrets have a configurable expiration. Set a reminder to rotate the secret before it expires using the **Rotate client secret** option in the AWS DevOps Agent console. If the secret expires, users will be unable to log in until it is rotated. **Token lifetime management** — The lifetime of tokens (access tokens, refresh tokens) issued by your identity provider is controlled by your IdP's configuration. We recommend configuring appropriate token lifetimes in your IdP: + **Okta** — Configure token lifetimes under **Security** > **API** > **Authorization Servers** > **Access Policies** + **Microsoft Entra ID** — Configure token lifetimes using [token lifetime policies](https://learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes) **Groups claim** — Do not enable the groups claim in your identity provider's token configuration. AWS DevOps Agent does not currently use group membership from your IdP. **User identifier** — AWS DevOps Agent uses a provider-specific claim to uniquely identify users: + **Okta** — Uses the `sub` claim from the ID token + **Microsoft Entra ID** — Uses the `oid` (object identifier) claim from the ID token These identifiers are immutable and appear in CloudTrail logs for audit purposes. ## Disconnecting external IdP 1. In the AWS DevOps Agent console, select your Agent Space 1. Go to the **Access** tab 1. Under **User access**, choose **Disconnect** 1. Review the impacts listed in the confirmation dialog and confirm Disconnecting will: + Remove the IdP configuration from the Agent Space + Prevent users from logging in through the external identity provider + Remove individual chat and artifact history associated with IdP user accounts Active user sessions will continue until they expire or the next credential refresh fails. ## Troubleshooting + **Redirect to IdP fails** — Verify the Issuer URL matches your IdP's OIDC discovery endpoint. For Okta, ensure the **Issuer** is set to **Okta URL** (not **Dynamic**) on the **Sign On** tab. For Entra, use the format `https://login.microsoftonline.com/{tenant-id}/v2.0`. + **Access denied or policy error (Okta)** — Verify the user or their group is assigned to the application under **Assignments**. Check **Sign On** > **Sign On Policy** rules. + **IdP configuration error after login** — Your identity provider did not return a refresh token. Ensure the `offline_access` scope and refresh token grant type are enabled: + **Okta** — Go to your application's **General** tab and enable the **Refresh Token** checkbox under **Grant type** + **Entra** — Go to **API permissions** and ensure `offline_access` is listed under delegated permissions + **Authentication succeeds but web app shows error** — Verify the redirect URI in your IdP exactly matches the **Callback URL** shown in the AWS DevOps Agent console. + **Authentication failures** — If the **groups** optional claim is enabled in your IdP, disable it. AWS DevOps Agent does not use group claims. + **Login fails after IdP authentication** — For Entra, verify `requestedAccessTokenVersion` is not set to `null` in the application **Manifest**. For Okta, verify the **Issuer URL** is correct. + **Error page after clicking Logout (Okta)** — If you see a `post_logout_redirect_uri` error after logging out, add `https://{agentSpaceId}.aidevops.global.app.aws/authorizer/welcome` as a **Sign-out redirect URI** in your Okta application's **General** tab. + **Users stay on identity provider page after logout (Entra)** — To redirect users back to the web app after logout, add `https://{agentSpaceId}.aidevops.global.app.aws/authorizer/welcome` as a **Redirect URI** in your Entra application's **Authentication** page. # Encryption at rest for AWS DevOps Agent AWS DevOps Agent encrypts all customer data at rest. By default, AWS DevOps Agent uses AWS owned keys to automatically encrypt your data at no additional charge. You cannot view, manage, or audit the use of AWS owned keys. However, you do not need to take any action to protect these keys. Your data is automatically secured. You can choose to encrypt your data using a symmetric customer managed key that you create, own, and manage in AWS Key Management Service (AWS KMS). Because you have full control of this layer of encryption, you can perform tasks such as the following: + Establishing and maintaining key policies + Enabling and disabling key policies + Rotating key cryptographic material + Adding tags + Creating key aliases + Scheduling keys for deletion For more information, see [Customer managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) in the *AWS Key Management Service Developer Guide*. **Note** ** AWS DevOps Agent automatically enables encryption at rest using AWS owned keys to protect customer data at no charge. Standard AWS KMS charges apply when you use a customer managed key. For more information about pricing, see [AWS Key Management Service pricing](https://aws.amazon.com/kms/pricing/). ## Customer managed keys Customer managed keys are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys, including establishing and maintaining their key policies. When you configure a customer managed key, AWS DevOps Agent uses it to protect sensitive resource data. AWS DevOps Agent uses [envelope encryption](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#envelope-encryption) with the AWS Encryption SDK hierarchical keyring. Your KMS key is used to generate branch keys, which in turn protect your data. You can specify a customer managed key when you create the following resources: + **Agent Space** — Encrypts Agent Space details and content created from the DevOps Agent Web App related to investigations, skills, and chat. + **Service** — Encrypts third-party service credentials at rest. To configure a customer managed key in AWS DevOps Agent, follow these steps. ### Step 1: Create a customer managed key You can create a symmetric customer managed key by using the AWS KMS console or the AWS KMS API. The key must meet the following requirements: | Property | Requirement | | --- | --- | | Key type | Symmetric | | Key spec | SYMMETRIC\$1DEFAULT | | Key usage | ENCRYPT\$1DECRYPT | **Note** ** AWS DevOps Agent only supports symmetric encryption KMS keys with the `SYMMETRIC_DEFAULT` key spec and the `ENCRYPT_DECRYPT` key usage. Multi-Region keys and asymmetric keys are not currently supported. For more information, see [Creating a symmetric customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk) in the *AWS Key Management Service Developer Guide*. ### Step 2: Set the key policy Key policies control access to your customer managed key. Every customer managed key must have exactly one key policy, which contains statements that determine who can use the key and how they can use it. Your key policy must grant permissions to both the calling principal (your IAM identity) and the AWS DevOps Agent service. AWS DevOps Agent accesses your key using two sets of credentials: 1. **Your caller credentials** — Used for all synchronous operations, including key validation, encryption at resource creation time, and any API call that returns a direct response to the caller. 1. **AWS DevOps Agent service principal** — Used for asynchronous operations that run in the background, such as operational investigations, incident analysis, event correlation, and root cause analysis generation. The following table lists the required KMS actions: | KMS action | Description | | --- | --- | | kms:DescribeKey | Validate key configuration at resource creation time | | kms:GenerateDataKey | Generate data encryption keys for envelope encryption | | kms:Decrypt | Decrypt data | | kms:Encrypt | Encrypt data | | kms:ReEncrypt | Re-encrypt data under the same or different key | AWS DevOps Agent validates all of these permissions at configuration time using dry-run operations. If any permission is missing, the request fails with an exception. The following is an example key policy. Replace the placeholder values with your own. ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowCallerAccessViaService", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/DevOpsAgentUserRole" }, "Action": [ "kms:DescribeKey", "kms:GenerateDataKey*", "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*" ], "Resource": "*", "Condition": { "StringEquals": { "kms:ViaService": "aidevops.us-east-1.amazonaws.com" } } }, { "Sid": "AllowDevOpsAgentServiceDescribeKeyAccess", "Effect": "Allow", "Principal": { "Service": "aidevops.amazonaws.com" }, "Action": [ "kms:DescribeKey" ], "Resource": "*" }, { "Sid": "AllowDevOpsAgentAccessForAgentSpace", "Effect": "Allow", "Principal": { "Service": "aidevops.amazonaws.com" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*" ], "Resource": "*", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:aidevops:us-east-1:111122223333:agentspace/*" }, "StringLike": { "kms:EncryptionContext:aws-crypto-ec:aws:aidevops:arn": "arn:aws:aidevops:us-east-1:111122223333:agentspace/*" } } }, { "Sid": "AllowDevOpsAgentAccessForService", "Effect": "Allow", "Principal": { "Service": "aidevops.amazonaws.com" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*" ], "Resource": "*", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:aidevops:us-east-1:111122223333:service/*" }, "StringLike": { "kms:EncryptionContext:aws-crypto-ec:aws:aidevops:arn": "arn:aws:aidevops:us-east-1:111122223333:service/*" } } } ] } ``` The policy contains the following statements: + **AllowKeyAdministration** — Grants the account root full administrative access to the key. Replace `111122223333` with your AWS account ID. + **AllowCallerAccessViaService** — Grants your IAM principals the KMS permissions required for all synchronous AWS DevOps Agent operations. This includes key validation at resource creation time, as well as encrypt and decrypt operations for any API call that returns a direct response to the caller. The `kms:ViaService` condition ensures that you can use the key only through the AWS DevOps Agent service. Replace `111122223333` with your AWS account ID and `us-east-1` with your AWS Region. + **AllowDevOpsAgentServiceAccessForAgentSpace** / **AllowDevOpsAgentServiceAccessForService** — Grants the `aidevops.amazonaws.com` service principal the KMS permissions required for asynchronous operations. AWS DevOps Agent uses this service principal to encrypt and decrypt your data when performing background operations such as operational investigations, analyzing incidents, correlating events across services, and generating root cause analyses. Without this access, AWS DevOps Agent cannot read the encrypted data needed to carry out investigations on your behalf. The `aws:SourceArn` condition restricts access to requests originating from your AWS DevOps Agent resources, and the `kms:EncryptionContext` condition ensures that the encryption context matches your resource ARNs. Replace `111122223333` with your AWS account ID and `us-east-1` with your AWS Region. For more information about key policies, see [Key policies in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) in the *AWS Key Management Service Developer Guide*. ### Step 3: Specify the key when creating a resource After you create your key and configure the key policy, you can specify the key when creating AWS DevOps Agent resources. #### Console To configure a customer managed key when creating an Agent Space in the console: 1. Open the AWS DevOps Agent console. 1. Choose **Create Agent Space** or **Register Service**. 1. Enter the agent space details (name, description, and IAM role). 1. Expand the **Advanced Configuration** section. 1. Under **Encryption key type**, select **Customer managed key**. 1. Choose a KMS key from the dropdown list, or enter a KMS key ARN. 1. Review the key policy displayed in the **Key policy** expandable section. Ensure that you have attached this policy to your KMS key. You can use the copy button to copy the policy. 1. Complete the remaining configuration and choose **Create**. **Note** ** If you do not see your KMS key in the dropdown list, verify that the key meets the requirements in [Step 1](#step-1-create-a-customer-managed-key) and that you have `kms:ListKeys` and `kms:DescribeKey` permissions. #### API ##### Creating an Agent Space with a customer managed key Specify the `kmsKeyArn` parameter when creating an agent space. The value must be the full KMS key ARN. ``` { "name": "my-agent-space", "description": "An encrypted agent space", "kmsKeyArn": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ``` ##### Registering a Service with a customer managed key Specify the `kmsKeyArn` parameter when registering a service. The value must be the full KMS key ARN. This parameter is supported across all service types, including Dynatrace, ServiceNow, PagerDuty, GitLab, GitHub, and MCP Servers. ``` { "service": "dynatrace", "kmsKeyArn": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "serviceDetails": { ... } } ``` **Note** ** You must specify the customer managed key at resource creation time. You cannot add or change the customer managed key for an existing resource. ## AWS DevOps Agent encryption context An [encryption context](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) is a set of non-secret key-value pairs that contain additional contextual information about the data. AWS KMS uses the encryption context as [additional authenticated data](https://docs.aws.amazon.com/crypto/latest/userguide/cryptography-concepts.html#term-aad) to support authenticated encryption. When you include an encryption context in a request to encrypt data, AWS KMS binds the encryption context to the encrypted data. To decrypt data, you must include the same encryption context in the request. AWS DevOps Agent uses the following encryption context on all cryptographic operations: ``` { "aws-crypto-ec:aws:aidevops:arn": "arn:aws:aidevops:{region}:{accountId}:{resourceType}/{resourceId}" } ``` The encryption context value is the ARN of the AWS DevOps Agent resource being encrypted. You can use this encryption context in your key policy conditions and in AWS CloudTrail logs to audit how your key is being used. ## Key management If you disable or schedule deletion of your KMS key, AWS DevOps Agent cannot decrypt your data. This results in `AccessDeniedException` errors on operations that read encrypted data. **Important** ** If you choose to use a customer managed key, you are responsible for managing the key and its permissions. If the key is disabled or deleted, or if AWS DevOps Agent loses permission to use the key, you lose access to the encrypted data. The following table describes common failure scenarios: | Action | Impact | | --- | --- | | Key policy permissions revoked | AccessDeniedException on encrypt and decrypt operations | | KMS key is disabled | DisabledException on encrypt and decrypt operations | | KMS key is scheduled for deletion | KMSInvalidStateException on encrypt and decrypt operations | | KMS key is deleted | Permanent data loss — encrypted data cannot be recovered | Before disabling or deleting a key: 1. Verify that no active AWS DevOps Agent resources depend on the key. 1. Consider disabling the key first to test the impact before scheduling deletion. 1. AWS KMS enforces a minimum waiting period before key deletion, giving you time to cancel if needed. **Note:**: AWS DevOps Agent does not automatically re-encrypt data under a new key. If you need to rotate to a new customer managed key, you must create a new resource with the new key. ## Monitoring your encryption keys When you use a customer managed key with AWS DevOps Agent, you can use [AWS CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html) to track requests that AWS DevOps Agent sends to AWS KMS. You can filter CloudTrail events by: + **Event source** — `kms.amazonaws.com` + **Encryption context key** — `aws-crypto-ec:aws:aidevops:arn` + **Key ARN** — Your customer managed key ARN in the request parameters For more information, see [Logging AWS KMS API calls with AWS CloudTrail](https://docs.aws.amazon.com/kms/latest/developerguide/logging-using-cloudtrail.html) in the *AWS Key Management Service Developer Guide*. # VPC Endpoints (AWS PrivateLink) You can use AWS PrivateLink to create a private connection between your VPC and AWS DevOps Agent. You can access AWS DevOps Agent as if it were in your VPC, without the use of an internet gateway, NAT device, VPN connection, or Direct Connect connection. Instances in your VPC don't need public IP addresses to access AWS DevOps Agent. You establish this private connection by creating an interface endpoint, powered by AWS PrivateLink. We create an endpoint network interface in each subnet that you enable for the interface endpoint. These are requester-managed network interfaces that serve as the entry point for traffic destined for AWS DevOps Agent. For more information, see [Access AWS services through AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-aws-services.html) in the *AWS PrivateLink Guide*. ## Considerations for AWS DevOps Agent VPC endpoints Before you set up an interface endpoint for AWS DevOps Agent, review [Considerations](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#considerations-interface-endpoints) in the *AWS PrivateLink Guide*. AWS DevOps Agent supports making API calls through the following VPC endpoints. | Category | Endpoint suffix | | --- | --- | | AWS DevOps Agent Control Plane API Actions | aidevops | | AWS DevOps Agent Runtime Operations | aidevops-dataplane | | AWS DevOps Agent Webhook Events | event-ai | ## Create an interface endpoint for AWS DevOps Agent You can create an interface endpoint for AWS DevOps Agent using either the Amazon VPC console or the AWS Command Line Interface (AWS CLI). For more information, see [Create an interface endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) in the *AWS PrivateLink Guide*. Create an interface endpoint for AWS DevOps Agent using the following service names: + com.amazonaws.\$1region\$1.aidevops + com.amazonaws.\$1region\$1.aidevops-dataplane + com.amazonaws.\$1region\$1.event-ai After you create the endpoint, you have the option to enable a private DNS hostname. Enable this setting by selecting **Enable Private DNS Name** in the VPC console when you create the VPC endpoint. If you enable private DNS for the interface endpoint, you can make API requests to AWS DevOps Agent using its default Regional DNS name. The following example shows the format of the default Regional DNS name. + aidevops.\$1region\$1.api.aws + aidevops-dataplane.\$1region\$1.amazonaws.com + event-ai.\$1region\$1.api.aws ## Create an endpoint policy for your interface endpoint An endpoint policy is an IAM resource that you can attach to an interface endpoint. The default endpoint policy allows full access to AWS DevOps Agent through the interface endpoint. To control the access allowed to AWS DevOps Agent from your VPC, attach a custom endpoint policy to the interface endpoint. An endpoint policy specifies the following information: + The principals that can perform actions (AWS accounts, IAM users, and IAM roles). + The actions that can be performed. + The resources on which the actions can be performed. For more information, see [Control access to services using endpoint policies](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html) in the *AWS PrivateLink Guide*.