Resellers of AWS services are responsible for their customers’ security testing activity.ĪWS's policy regarding the use of security assessment tools and services allows significant flexibility for performing security assessments of your AWS assets while protecting other AWS customers and ensuring quality-of-service across AWS.ĪWS understands there are a variety of public, private, commercial, and/or open-source tools and services to choose from for the purposes of performing a security assessment of your AWS assets. When responding, please provide us with approved language detailing your use case, including a point of contact that we can share with any third party reporters. If AWS receives an abuse report for activities related to your security testing, we will forward it to you. If you discover a security issue within any of the AWS services observed in your security assessment, please contact AWS Security immediately. Note: Customers are not permitted to conduct any security assessments of AWS infrastructure or the AWS services themselves. Please ensure that these activities are aligned with the policy set out below. All security testing that includes Command and Control (C2) requires prior approval. AWS customers are welcome to carry out security assessments or penetration tests of their AWS infrastructure without prior approval for the services listed in the next section under “Permitted Services.” Additionally, AWS permits customers to host their security assessment tooling within the AWS IP space or other cloud provider for on-prem, in AWS, or third party contracted testing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |