Logical Writing Solutions, Inc.
  • Home
  • About Ann
  • About Us
  • Why Us
  • Deliverables
  • Case Studies
  • Blog
  • Fav Quotes
  • Contact

OUR BLOG

Amazon Web Services: Permission No Longer Required to Test Security for 8 Services

3/3/2019

0 Comments

 
By Ann Grove, Logical's President

Amazon recently changed its policies so that customers and their security consultants can perform security assessments without pre-approval on customer-owned AWS resources that make use of eight key services:
  • Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers
  • Amazon RDS
  • Amazon CloudFront
  • Amazon Aurora
  • Amazon API Gateways
  • AWS Lambda and Lambda Edge functions
  • Amazon Lightsail resources
  • Amazon Elastic Beanstalk environments

Teri Radichel alerted the security community to the change on Twitter on March 1. Amazon has since acknowledged the change.
 
Previously, penetration testers looking for security weaknesses on AWS had to request permission a week before testing, and AWS sometimes requested additional information.

This follows Microsoft's lead. Microsoft decided to drop pre-approvals in 2017 for Azure. No pre-approval is required when penetration testing Azure resources. 

Both organizations test the security of their own cloud infrastructure, and allow customers to conduct certain types of additional testing. Although pre-approvals are no longer required, testers still need to follow any other rules or conditions for testing.

0 Comments



Leave a Reply.

    BLOG POSTS

    All
    Advanced Persistent Threats
    Defending Agile Web Apps
    Dilbert: Acronym Madness
    Goals That Inspire
    Hacking The Family Car
    Launching An InfoSec Career
    Learning: Gamification
    Practical Threat Modeling
    Preparing For External Content Developers
    Privacy: Search History
    Sandboxed Web Browsers
    Top Security Podcasts
    User Stories
    Why White Papers Fail

    Archives

    October 2020
    March 2019
    February 2019
    January 2019
    August 2017
    June 2017
    March 2017
    February 2017
    July 2016
    May 2016
    January 2016
    March 2015
    March 2014
    July 2012

    RSS Feed

​© copyright 2021 Logical Writing Solutions, Inc.
  • Home
  • About Ann
  • About Us
  • Why Us
  • Deliverables
  • Case Studies
  • Blog
  • Fav Quotes
  • Contact