Change log of AWS IAM permissions

2026-01-28

22 new actions, 2 new resources | 3 updated resources

Additions

Actions

BatchGetAgentSpaces
- Description: Grants permission to retrieve multiple agent spaces in a single request
- Access: Read
BatchGetPentestJobTasks
- Description: Grants permission to retrieve multiple pentest job tasks in a single request
- Access: Read
CreateAgentSpace
- Description: Grants permission to create an agent space record
- Access: Write
CreateDesignReview
- Description: Grants permission to create a design review
- Access: Write
CreateSecurityRequirement
- Description: Grants permission to add a customer managed Security Requirement
- Access: Write
DeleteAgentSpace
- Description: Grants permission to delete an agent space record
- Access: Write
DeleteDesignReview
- Description: Grants permission to delete a design review
- Access: Write
DeleteDocumentReview
- Description: Grants permission to delete a document review
- Access: Write
DeleteSecurityRequirement
- Description: Grants permission to delete a customer managed Security Requirement
- Access: Write
GetDesignReview
- Description: Grants permission to get the status of the associated agent space design review
- Access: Read
GetDesignReviewArtifact
- Description: Grants permission to get design review artifact for a specific document
- Access: Read
GetSecurityRequirement
- Description: Grants permission to retrieve a Security Requirement
- Access: Read
ListAgentSpaces
- Description: Grants permission to list agent spaces
- Access: List
ListDesignReviewComments
- Description: Grants permission to list design review comments
- Access: List
ListDesignReviews
- Description: Grants permission to list all design reviews for the given project
- Access: List
ListPentestJobTasks
- Description: Grants permission to list pentest job tasks associated with a pentest job
- Access: List
ListSecurityRequirements
- Description: Grants permission to list all Security Requirements
- Access: List
StartPentestJob
- Description: Grants permission to initiate the execution of a penetration test
- Access: Write
StopPentestJob
- Description: Grants permission to stop the execution of a running penetration test
- Access: Write
ToggleManagedSecurityRequirement
- Description: Grants permission to toggle the status of a managed Security Requirement
- Access: Write
UpdateAgentSpace
- Description: Grants permission to update an agent space record
- Access: Write
UpdateSecurityRequirement
- Description: Grants permission to update a customer managed Security Requirement
- Access: Write

Resources

SecurityRequirement
- Arn: arn:${Partition}:securityagent:${Region}:${Account}:security-requirement/${SecurityRequirementId}
AgentSpace
- Arn: arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}

Updates

Resources

PentestJob
- Old: arn:${Partition}:securityagent:${Region}:${Account}:agent-instance/${AgentId}/artifact/${ArtifactId}
  New: arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/artifact/${ArtifactId}
PentestTask
- Old: arn:${Partition}:securityagent:${Region}:${Account}:agent-instance/${AgentId}/pentest/${PentestId}
  New: arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/pentest/${PentestId}
Finding
- Old: arn:${Partition}:securityagent:${Region}:${Account}:agent-instance/${AgentId}/pentest-job/${JobId}
  New: arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/pentest-job/${JobId}

AWS Security Agent (securityagent)

Additions

Updates