AWS holds account holders responsible for AUP compliance not only for their own use, but also for all end users and anyone else using AWS services through their account.
This analysis describes what Amazon's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause creates upstream liability for AWS customers whose platforms, applications, or resold services allow end users to use AWS infrastructure, meaning a violation by an end user may trigger enforcement action against the primary account holder.
Organizations that build platforms, applications, or services on top of AWS and allow end users to access or use AWS infrastructure are responsible under the AUP for those users' compliance, which may require implementing their own acceptable use policies and monitoring mechanisms.
How other platforms handle this
You are solely responsible for your use of the Service and for all Inputs you make available to Pika, whether by uploading them through the Service or otherwise making them accessible to others. You are also solely responsible for any Outputs generated via the Service. You assume all risk associated...
You agree to indemnify, defend, and hold harmless AI21 and its officers, directors, employees, agents, licensors, and service providers from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or rela...
You agree to defend, indemnify, and hold harmless Scale, its affiliates, licensors, and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns from and against any claims, liabilities, damages, judgments, awa...
Monitoring
Amazon has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"This policy applies to you and anyone using the Services on your behalf, including your end users. You are responsible for ensuring that your use of the Services, and the use of the Services by others on your behalf, complies with this Policy.— Excerpt from Amazon's AWS Acceptable Use Policy
(1) REGULATORY LANDSCAPE: This upstream liability structure engages platform liability frameworks including Section 230 of the Communications Decency Act (which provides certain immunities for third-party content but does not eliminate contractual obligations), the EU Digital Services Act (which imposes specific obligations on intermediaries for illegal content), and general agency and vicarious liability principles under applicable law. (2) GOVERNANCE EXPOSURE: High for platform and SaaS providers built on AWS. Organizations that allow third parties to use AWS resources through their accounts must implement adequate controls to prevent AUP violations by those third parties, or face enforcement action directed at their AWS account. (3) JURISDICTION FLAGS: EU platform providers are subject to the Digital Services Act's obligations regarding illegal content and user conduct, which interact with this AUP provision. Providers serving minors should assess COPPA (US) and equivalent laws regarding liability for minor users' conduct. California-based providers should assess CCPA and California Consumer Privacy Act obligations regarding data collected through their platforms. (4) CONTRACT AND VENDOR IMPLICATIONS: SaaS and platform providers using AWS as their cloud infrastructure should include equivalent acceptable use obligations in their own end-user agreements, establishing a contractual chain of compliance. This is a standard vendor risk management consideration for cloud-based platforms. (5) COMPLIANCE CONSIDERATIONS: Platform operators should implement end-user acceptable use policies that mirror or exceed AWS AUP requirements. Monitoring and enforcement mechanisms for end-user conduct should be documented. Organizations should assess whether their incident response procedures address scenarios where an end-user AUP violation triggers AWS enforcement action against the primary account.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause creates upstream liability for AWS customers whose platforms, applications, or resold services allow end users to use AWS infrastructure, meaning a violation by an end user may trigger enforcement action against the primary account holder.
Organizations that build platforms, applications, or services on top of AWS and allow end users to access or use AWS infrastructure are responsible under the AUP for those users' compliance, which may require implementing their own acceptable use policies and monitoring mechanisms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amazon.