Answer-first summary for fast verification
Answer: May be performed by the customer on their own instances with prior authorization from AWS.
According to AWS Acceptable Use Policy, customers are allowed to perform penetration testing on their own EC2 instances, but they must obtain prior authorization from AWS. This is a security measure to ensure that AWS is aware of the testing activities and can distinguish them from actual malicious attacks. AWS does not perform penetration testing on customer instances by default or upon request - customers are responsible for their own security testing. Penetration testing is not prohibited, but requires proper authorization to avoid triggering AWS security monitoring systems.
Author: Ritesh Yadav
Ultimate access to all questions.
No comments yet.
As per the AWS Acceptable Use Policy, penetration testing of EC2 instances:
A
May be performed by AWS, and will be performed by AWS upon customer request.
B
May be performed by AWS, and is periodically performed by AWS.
C
Are expressly prohibited under all circumstances.
D
May be performed by the customer on their own instances with prior authorization from AWS.
E
May be performed by the customer on their own instances, only if performed from EC2 instances.