Explanation
According to AWS's penetration testing policy, prior authorization is required before conducting penetration tests on EC2 instances. AWS has specific guidelines for penetration testing that customers must follow:
- AWS allows penetration testing of EC2 instances without prior approval for the following services: EC2 instances, NAT Gateways, and Elastic Load Balancers
- However, customers must still comply with AWS's penetration testing policy and avoid testing that could impact AWS infrastructure or other customers
- The policy is documented at: https://aws.amazon.com/security/penetration-testing/
Key Points:
- While some services don't require explicit approval, customers should still review and understand AWS's penetration testing policy
- Certain services (like RDS, DynamoDB, etc.) do require prior approval
- Always follow AWS's acceptable use policy and security best practices
Therefore, the statement is True - you do need authorization, though for EC2 instances specifically, AWS has streamlined this process and doesn't require explicit pre-approval for basic testing, but you must still operate within their policy framework.
