You cannot use AWS to hack into systems, scan networks without permission, or disrupt internet services — even if you are doing security research without explicit authorization.
This analysis describes what Amazon's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes AWS's security requirements as a contractual obligation, creating a baseline standard that protects AWS infrastructure and other customers' systems from exploitation or disruption through the AWS platform.
Security professionals and researchers using AWS for testing must ensure they have explicit written authorization for every target system they test; unauthorized scanning or probing — even for defensive purposes — violates the AUP and can result in immediate account termination and potential referral to law enforcement.
How other platforms handle this
Avoid Professional Advice: Don't seek to receive or provide medical, legal, financial, or tax advice through the platform.
To the maximum extent permitted by applicable law, Kit shall not be liable for any indirect, incidental, special, consequential or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting ...
We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technolo...
Monitoring
Amazon has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"No Security Violations. You may not use the Services to violate the security or integrity of any network, computer or communications system, software application, or network or computing device. Prohibited activities include: unauthorized access to or use of data, systems or networks; attempting to probe, scan or test the vulnerability of a system, network or account; interference with service to any user, host or network.— Excerpt from Amazon's AWS Acceptable Use Policy
(1) REGULATORY FRAMEWORK: This provision mirrors prohibitions in the Computer Fraud and Abuse Act (18 U.S.C. § 1030, DOJ/FBI enforcement), UK Computer Misuse Act 1990, EU Directive 2013/40/EU on attacks against information systems, and equivalent cybercrime statutes globally. Unauthorized access attempts, even if unsuccessful, constitute federal criminal violations under CFAA with penalties up to 10 years imprisonment for aggravated cases. NIS2 Directive (EU 2022/2555) imposes security obligations on operators of essential services that may interact with this provision where AWS is used for critical infrastructure. (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes AWS's security requirements as a contractual obligation, creating a baseline standard that protects AWS infrastructure and other customers' systems from exploitation or disruption through the AWS platform.
Security professionals and researchers using AWS for testing must ensure they have explicit written authorization for every target system they test; unauthorized scanning or probing — even for defensive purposes — violates the AUP and can result in immediate account termination and potential referral to law enforcement.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amazon.