This analysis describes what Amazon's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Security professionals and penetration testers using AWS infrastructure for authorized engagements need to ensure that their activities are clearly within the scope of written authorization from target system owners, as the prohibition is written broadly and does not include an explicit carve-out for authorized security testing.
Interpretive note: The provision does not define a clear standard for what constitutes unauthorized scanning, and it is unclear from the document text whether authorized penetration testing on AWS is covered by a separate policy or requires a formal exception process.
The AWS AUP applies to all customers and their end users, establishing categories of prohibited conduct that, if violated, may result in service suspension or termination including without prior notice as the policy states. For businesses running production workloads on AWS, an unexpected suspension could disrupt operations, data access, and downstream services. You can review the full list of prohibited activities at https://aws.amazon.com/aup/ and audit your workloads to confirm they do not fall within any prohibited category.
How other platforms handle this
Customer will not, and will not permit any other person (including any End User) to: ... (d) attempt to reverse engineer, decompile, or otherwise attempt to discover the source code or underlying components (e.g., algorithms, weights, or systems) of the Mistral AI Products, including using the Outpu...
You may not use Runway's tools to create content that promotes, glorifies, or facilitates acts of terrorism, mass violence, or genocide, or that could be used to provide material support to individuals or organizations engaged in such activities.
You may not use the Services to attempt to circumvent, disable, or otherwise interfere with safety-related features of the Services, including features that prevent or restrict the generation of certain types of content.
Monitoring
Amazon has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"You may not use the Services to: violate the security or integrity of any network, computer or communications system, software application, or network or computing device; access or use any system without permission, including attempting to probe, scan, or test the vulnerability of a system or to breach any security or authentication measures; monitor or crawl a system in a way that impairs or disrupts the system being monitored or crawled; or perform actions with the intent to interfere with the proper functioning of any system.— Excerpt from Amazon's AWS Acceptable Use Policy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Security professionals and penetration testers using AWS infrastructure for authorized engagements need to ensure that their activities are clearly within the scope of written authorization from target system owners, as the prohibition is written broadly and does not include an explicit carve-out for authorized security testing.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amazon.