AWS Cloud Penetration Testing (Basic Test cases and Tools)

AWS customers are welcome to carry out security assessments or penetration tests of their AWS infrastructure without prior approval for the services listed in the below section under “Permitted Services.”

Permitted Services

• Amazon EC2 instances, WAF, NAT Gateways, and Elastic Load Balancers
• Amazon RDS
• Amazon CloudFront
• Amazon Aurora
• Amazon API Gateways
• AWS AppSync
• AWS Lambda and Lambda Edge functions
• Amazon Lightsail resources
• Amazon Elastic Beanstalk environments
• Amazon Elastic Container Service
• AWS Fargate
• Amazon Elasticsearch
• Amazon FSx
• Amazon Transit Gateway
• S3 hosted applications (targeting S3 buckets is strictly prohibited)

Prohibited Activities

• DNS zone walking via Amazon Route 53 Hosted Zones
• DNS hijacking via Route 53
• DNS Pharming via Route 53
• Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS (These are subject to the DDoS Simulation Testing policy
  Port flooding
• Protocol flooding