AWS Security Agent create-pentest only accepts one subnet

April 5, 20261 min read

#aws #security-agent #penetration-testing

Hit this during authentication flow verification. Passed multiple subnets to create-pentest --vpc-config:

Output

ValidationException: Maximum of 1 subnet id is allowed

The CLI schema defines subnetArns as a list, but the API only accepts one. Note that update-agent-space does accept multiple subnets in awsResources.vpcs[].subnetArns — this restriction is specific to pentest creation. Just use the same subnet as your EC2 target.

Share this post

Shinya Tahara

Solutions Architect @ AWS

I'm a Solutions Architect at AWS, providing technical guidance primarily to financial industry customers. I share learnings about cloud architecture and AI/ML on this site.The views and opinions expressed on this site are my own and do not represent the official positions of my employer.