How do I run security assessments or penetration tests on AWS?
I want to run a security test or other simulated event on my AWS architecture.
Resolution
To carry out penetration tests against or from resources on your AWS account, follow the policies and guidelines at Penetration Testing. You don't need approval from AWS to run penetration tests against or from resources on your AWS account. For a list of prohibited activities, see Customer service policy for penetration testing.
If you plan to run a security test other than a penetration test, see the guidelines at Other simulated events.
Note: You're not permitted to conduct any security assessments of AWS infrastructure that isn't on your AWS account. You also aren't permitted to conduct security assessments of AWS services themselves. If you discover a security issue within any AWS service in the course of your security assessment, contact AWS Security immediately.
To request permission for network stress-testing
Before stress-testing your network, review the Amazon EC2 Testing Policy. If your planned tests exceed the limits outlined in the policy, then submit a request using the Simulated Event form.
Important: Submit the simulated event request at least 14 business days before your planned test. Provide a full description of your plan, including expected risks and outcomes.
To request permission for other simulated events
For any other simulated events, submit a request using the Simulated Event form. Provide a full description of your planned event, including details, risks, and desired outcomes.
Other simulated event types can include:
- Red, blue, or purple team
- Capture the flag
- Disaster recovery
- Simulated phishing
- Malware testing
Relevant content
- Accepted Answer
asked 5 years ago - asked 5 years ago
- asked 2 years ago
- asked 3 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
