Amazon · AWS Acceptable Use Policy

Prohibition on Unauthorized System Access and Network Interference

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

You cannot use AWS to hack into systems you don't own, disrupt other AWS customers' services, or run security scans against systems without explicit permission from the system owner.

Consumer impact (what this means for users)

Security professionals and researchers who use AWS for legitimate penetration testing or vulnerability research must obtain explicit authorization from both the system owner and AWS before conducting such activities, or risk immediate account termination and potential CFAA criminal exposure.

Cross-platform context

See how other platforms handle Prohibition on Unauthorized System Access and Network Interference and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This provision directly references conduct prohibited by the Computer Fraud and Abuse Act, meaning violations expose users to both AWS account termination and federal criminal prosecution.

View original clause language
You may not use the Services to gain unauthorized access to any system, network, service, or account; to interfere with the use of the Services by other customers; or to attempt to probe, scan, or test the vulnerability of any system or network without proper authorization.

Institutional analysis (Compliance & legal intelligence)

1) REGULATORY FRAMEWORK: This provision directly implicates the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030), which criminalizes unauthorized computer access and carries penalties up to 10 years imprisonment for first offenses. The Electronic Communications Privacy Act (ECPA, 18 U.S.C. § 2511) applies to interception of network communications. EU equivalents include Directive 2013/40/EU on attacks against information systems. The primary enforcement authority is the DOJ Computer Crime and Intellectual Property Section (CCIPS) and FBI Cyber Division. 2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority over unfair or deceptive practices in cybersecurity, and unauthorized access facilitated through cloud services falls within its consumer protection mandate.
    File a complaint →

Provision details

Document information
Document
AWS Acceptable Use Policy
Entity
Amazon
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003249
Document ID
CA-D-00028
Evidence Provenance
Source URL
https://aws.amazon.com/aup/
Wayback Machine
View archived versions →
SHA-256
35a0e34b7136e83dd0dca01e14dd192b01d7012211f2617232fe3d1a27218091
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Amazon | Document: AWS Acceptable Use Policy | Record: CA-P-003249
Captured: 2026-04-27 10:50:37 UTC | SHA-256: 35a0e34b7136e83d…
URL: https://conductatlas.com/platform/amazon/aws-acceptable-use-policy/prohibition-on-unauthorized-system-access-and-network-interference/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document