I received an abuse report from AWS about my resources– what should I do?
Last updated: 2019-07-26
AWS notified me that my account's resources were reported for abusive activity. What does this mean, and what do I need to do?
The AWS Abuse team sends abuse reports to the security contact on your account. If there is no security contact listed, the AWS Abuse team contacts you using the email address listed on your account.
If you receive an abuse notice from AWS, do the following:
- Review the abuse notice to see what content or activity was reported. Logs that implicate abuse are included along with the abuse report, as provided by the reporter.
- Reply directly to the abuse report and explain how you're preventing the abusive activity from recurring in the future.
Note: If you don't respond to an abuse notice within 24 hours, AWS might block your resources or suspend your AWS account.
If more information is required, reply directly to the email from the abuse team. The AWS Abuse team can request additional information from the reporter.
AWS Abuse doesn't provide technical support. If you need technical help and have a Developer or Business AWS Support plan, create a support case through the AWS Support Center and choose Technical support. You can find additional resources at How do I get help with my AWS account and resources?
If you believe that the account may have been compromised, see My AWS account may be compromised. Make sure that your instances and all applications are properly secured as per the shared responsibility model. You can use AWS services such as Amazon GuardDuty and AWS Trusted Advisor to help you identify opportunities to secure your resources.