What do I do when I receive an abuse report from AWS about my resources?
Last updated: 2020-11-17
AWS notified me that my account's resources were reported for abusive activity. What does this mean, and what do I need to do?
The AWS Trust & Safety Team sends abuse reports to the security contact on your account. If there is no security contact listed, the AWS Trust & Safety Team contacts you using the email address listed on your account.
If you receive an abuse notice from AWS, do the following:
- Review the abuse notice to see what content or activity was reported. Logs that implicate abuse are included along with the abuse report, as provided by the reporter.
- Reply directly to the abuse report and explain how you're preventing the abusive activity from recurring in the future.
Note: If you don't respond to an abuse notice within 24 hours, AWS might block your resources or suspend your AWS account.
If more information is required, reply directly to the email from the AWS Trust & Safety Team. The team can request additional information from the reporter.
The AWS Trust & Safety Team doesn't provide technical support. If you need technical help and have a Developer or Business AWS Support plan, see How do I get technical support from AWS? For additional resources, see How do I get help with my AWS account and resources?
If you observe unauthorized activity within your AWS account, or you believe that an unauthorized party has accessed your account, see What do I do if I notice unauthorized activity in my AWS account? Make sure that your instances and all applications are properly secured as per the shared responsibility model. You can use AWS services, such as Amazon GuardDuty and AWS Trusted Advisor, to help you identify opportunities to secure your resources.