Penetration Testing on AWS Cloud

Penetration testing involves attempting to attack your own infrastructure to evaluate its security. AWS permits customers to conduct these security assessments and penetration testing against their own infrastructure for specific services without needing prior approval.

Services Permitted for Penetration Testing Without Prior Approval:

• Amazon EC2 Instances
• NAT Gateways
• Elastic Load Balancers
• Amazon RDS
• CloudFront
• Aurora
• API Gateways
• Lambda and Lambda Edge Functions
• Lightsail Resources
• Elastic Beanstalk Environments

These services are subject to change, so it's important to stay updated with AWS documentation. However, this information is not required for AWS certification exams.

Prohibited Activities:

Certain activities are strictly prohibited during penetration testing on AWS due to the potential harm they could cause to the AWS infrastructure or other customers. These include:

• DNS Zone Walking: Via Amazon Route 53 Hosted Zone.
• Denial of Service (DoS) Attacks: Including distributed DoS (DDoS), simulated DoS, and simulated DDoS.
• Port Flooding
• Protocol Flooding