As an AWS cloud service user, you can conduct penetration tests or other security assessments for 8 services without prior approval. These 8 services are listed as permitted services. Also, AWS has a customer service policy regarding penetrations testing which we’ll have a close look at in the further sections of the blog. You need to make sure that your testing activities are in line with these policies.
is the market share of AWS among all the organizations that use cloud infrastructure.
fully functional services you get through a dynamic ecosystem in AWS.
of the Fortune 100 organizations leverage APN (AWS Partner Network).
million is the number of active AWS users around the world.
Usually, the process of penetration testing involves the exploitation of the system by ethical hackers to find out vulnerabilities. However, the traditional ways of penetration testing are not applicable to AWS infrastructure. AWS clouds have a shared responsibility model where the core infrastructure is owned by Amazon. Hence, the methodologies you are using for AWS Pen Testing should coincide with the AWS policies.
AWS allows penetration testing with certain specific boundaries. You can run the test fully over the AWS EC2 but make sure to exclude the tasks that might cause a disruption in continuity. The specific areas of EC2 (Elastic Cloud Computing) you can perform pen testing upon are:
As already discussed, AWS has a shared responsibility model. This divides the responsibility of the security procedure such as Pen Testing as well.