Prohibited activities
It's essential to understand what activities are allowed and which ones are not when it comes to pentesting. As we have stated throughout this book, this is what we call within scope and out of scope. When we mention systems that are within scope, we are discussing what we can test, at what times, and how much impact we can have on those within scoped hosts. However, it is just as important to know what is out of scope as well. Knowing what is out of scope ensures that you only test what the client is requesting and keeps you and your team from dodging any type of legal fines or punishment.
The following sections are going to discuss what AWS states as prohibited activities toward their infrastructure and service. Remember that part of the shared security model relies on AWS and its uptime for its hardware – so AWS has a say in how its product is tested.
Let's move forward and discuss the prohibited attacks on AWS – DoS...