US flag signifying that this is a United States Federal Government website An official website of the United States government

Penetration test authorization

Penetration test authorization

If you plan to perform a penetration test on your customer applications, please send the following information to support at least a week ahead of your planned test:

* Source IPs (for testers and their tools): 
* Start date:  
* End date: 
* Estimated bandwidth: 

This will enable us to submit a penetration test authorization request to Amazon Web Services on your behalf.

This request is only necessary for in-depth security testing, which is a common step in agency ATO processes for customer systems. You can always run routine vulnerability scans on your own applications without special authorization.