AWS GovCloud (US)
User Guide

Penetration Testing

Penetration testing can be indistinguishable from activity that is prohibited by AWS, such as certain security violations and network abuse. As a result, AWS has established a policy that you must submit a request for permission to conduct penetration testing on your AWS GovCloud (US) instances.

You are required to sign in by using the standard AWS root account credentials that are associated with your AWS GovCloud (US) account. You can request up to three months of penetration testing by specifying the start and end times. The form also includes our testing terms and policies. After you submit the form, AWS reviews your request and will respond in approximately one to two business days.

If you do not have standard AWS root account credentials, submit your request by sending an email to with the following information:

  • Account name:

  • Account number:

  • Email address:

  • Additional email address to cc:

    • Account owner must be specified on cc.

  • IPs to be scanned:

  • Target or source:

  • Instance IDs:

    • Be aware that testing to or from m1.small or t1.micro instances is prohibited.

    • These instances must be specified.

  • Source IPs:

  • Region:

  • Time zone:

  • Start date/time:

  • End date/time:

  • Additional comments:

For more information, see Penetration Testing.