Here is one of those topics where you can often run into misinformation when you are studying AWS. That is because the rules keep changing, and you will often have textbooks and courses quoting old rules still!
So here is the skinny as of 10/20/2019! You no longer have to obtain permission from AWS for pen testing your own resources within 8 of the total services of AWS. NOTE: Be sure not to pen test against any AWS services themselves, as this is never permitted. In fact, if you should discover vulnerabilities in a service itself when you are pen testing your resources, you are encouraged to report that to the AWS Security team. What are the 8 services? Here they are:
EC2, including NAT Gateways and Elastic Load Balancers
Lambda and Lambda Edge
You should also note that Amazon currently prohibits the following tests:
DNS zone walking via Amazon Route 53 Hosted Zones
Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS
Request flooding (login request flooding, API request flooding)
These rules will change again in the future. Be sure to subscribe to the blog using the widget in the right column. When the rules change – I will be sure to let you know!
Thanks for reading, and have fun in AWS! Just not too much fun!
Are you interested in creating AWS solutions that adhere to the various pillars of the AWS Well-Architected Framework but don’t know where to start? There is a brand new AWS tool that you can check out in this video. It is aptly named the AWS Well Architected Tool and it is available in your AWS Management Console.
This tool will not only help you pinpoint key areas for the architecture to focus on, but Amazon will also analyze your answers and identify the points at which you are the most at risk!