AWS Acceptable Use Policy

The AWS Acceptable Use Policy (AUP) governs all use of Amazon Web Services cloud infrastructure, services, and APIs, and is incorporated by reference into the AWS Customer Agreement and other governing service contracts as a binding legal instrument. The AUP imposes absolute prohibitions on specific categories of use — including illegal content distribution, security violations, network abuse, email/messaging abuse, and the operation of systems designed to harm third parties — and requires customers to ensure downstream end-users comply with equivalent restrictions. Notable provisions include AWS's unilateral right to investigate suspected violations and to remove or disable access to any content or resource, a broad prohibition on 'harmful contact' and 'phishing' that extends liability to customers whose end-users engage in such conduct, and an explicit prohibition on using services to generate or distribute content that violates third-party intellectual property rights. The AUP engages the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the CAN-SPAM Act (15 U.S.C. § 7701), the DMCA (17 U.S.C. § 512), GDPR Article 28 (processor obligations), and the FTC Act Section 5 for unfair or deceptive trade practices. Compliance teams must ensure their service agreements with end-users incorporate equivalent use restrictions and that incident response procedures address AWS's self-help enforcement rights, which include suspension without prior notice.

REGULATORY EXPOSURE: This document engages the Computer Fraud and Abuse Act (18 U.S.C. § 1030) through its prohibition on unauthorized access and network interference; the CAN-SPAM Act (15 U.S.C. § 7701) and analogous international anti-spam frameworks through its email/messaging abuse provisions; …