Security Violations. Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System. Intercepting or monitoring data or traffic on a System without permission.
Security researchers and penetration testers must obtain explicit authorization before conducting any testing through AWS infrastructure, or they risk immediate account suspension and potential law enforcement referral under the CFAA.
AWS's AUP binds all customers — from individual developers to large enterprises — to a broad set of prohibited use categories, and makes customers responsible for ensuring their own end-users comply. AWS retains the unilateral right to investigate suspected violations and to suspend or remove access to content or resources without prior notice, which can cause immediate service disruption. If you host applications or services on AWS, you should review whether your own terms of service pass these obligations through to your end-users, as failure to do so creates direct liability under your AWS contract.