@shinyaz

AWS Security Agent Code Remediation requires a NAT Gateway

1 min read
#aws#security-agent#penetration-testing#github

Hit this during Code Remediation verification. Started a pentest job with a linked GitHub repository and got this in the setup-toolbox phase:

Output
Testing environment setup failed with a client exception: Unable to reach GitHub repository 1201211240. Please ensure your VPC network configuration allows access to GitHub.

The agent's test environment launches in the subnet configured in the Agent Space and pulls source code from GitHub. Even with a public subnet, the agent container doesn't get a public IP, so it can't reach GitHub. Created a private subnet with a NAT Gateway route and the job proceeded normally.

NAT Gateway is only needed when integratedRepositories is specified in the pentest. Pentests without GitHub repos don't require it.

Share this post

Shinya Tahara

Shinya Tahara

Solutions Architect @ AWS

I'm a Solutions Architect at AWS, providing technical guidance primarily to financial industry customers. I share learnings about cloud architecture and AI/ML on this site.The views and opinions expressed on this site are my own and do not represent the official positions of my employer.

Read more