AWS Security Agent - Functional Testing Report

Executive Summary

Review Date: December 2025

Region: us-east-1

Status: Public Preview

This functional testing report evaluates AWS Security Agent, a security service in public preview offering automated security reviews and penetration testing. The report documents functional capabilities, configuration options, and observed limitations based on console testing and exploration.

Functional Testing Results

Core Capabilities Testing

Capability	Test Status	Functional Test Results
Design Security Review	Functional	Interface accessible; security requirements configurable; requires web app URL for actual review execution
Code Security Review	Functional	GitHub OAuth integration works; repository selection functional; PR scanning can be enabled per repository
Penetration Testing	Functional	Domain verification via DNS TXT records works; supports Route 53 and custom domains; test initiation interface available

Functional Capabilities Assessment

Design Security Review

Status: Ready
Security Requirements: 12 enabled (11 AWS-managed + 2 custom)
Notes: Capability is ready but requires web application access to perform reviews

Code Security Review

Status: Ready
Repository Integration: GitHub integration available
PR Scanning: Can be enabled for pull requests
Settings: Configurable security requirements and vulnerability findings
Notes: GitHub integration interface is functional; code review can be enabled for connected repositories

Penetration Testing

Status: Ready
Target Configuration: Supports multiple target domains (Route 53 and custom domains)
Domain Verification: DNS TXT record verification method available
Infrastructure Context: Supports optional configuration of VPCs, CloudWatch logs, Lambda functions, Secrets, and S3 buckets
Notes: Configuration interface is functional; infrastructure context can be added to enhance pentest effectiveness

Operational Assessment

Assessment Area	Rating	Notes
Setup Complexity	Low	Agent Space creation is straightforward via console wizard
Console Usability	Good	Standard AWS console interface; navigation is intuitive
Documentation Quality	Adequate	Help links available; documentation accessible
Error Handling	Good	Clear status indicators and error messages observed
Monitoring & Alerts	Limited	No CloudWatch logs configured; monitoring capabilities not fully explored

Findings and Limitations

ID	Severity	Category	Description	Status
F-001	Info	Configuration	Agent Space successfully created and configured with all three capabilities ready	Verified
F-002	Info	Integration	GitHub integration interface functional; code review can be enabled	Verified
F-003	Info	Security Requirements	12 security requirements enabled (11 AWS-managed + 2 custom requirements)	Verified
F-004	Info	Pentest Configuration	Target domain configuration interface functional; supports multiple domain types	Verified
F-005	Medium	Limitation	Console-only access limits automation and integration capabilities	Observed
F-006	Medium	Limitation	Only us-east-1 region available; all resources must be in this region	Observed
F-007	Medium	Limitation	Code review requires GitHub integration; no other SCM support visible	Observed
F-008	Low	Limitation	Web app requires time-limited authentication tokens that expire	Observed
F-009	Low	Configuration	No infrastructure context (VPCs, CloudWatch logs, Lambda) configured for pentesting	Observed

Summary

Overall Assessment: Positive

Key Takeaways:

AWS Security Agent is functional and ready for use in public preview
All three core capabilities (Design Review, Code Review, Penetration Testing) are configured and ready
GitHub integration works as expected with code review enabled
Console-only access and region restrictions are current limitations
Custom security requirements demonstrate flexibility of the platform

Recommendation: Evaluate Further - The service shows promise but is limited by console-only access and single-region support. Recommend continued evaluation as the service matures and additional features become available.