Requirement to announce any penetration or vulnerability test

In order to prevent outage and security alerts caused by a penetration or vulnerability test, you should announce this kind of automated test to root360. Please note that only tests are allowed which are compliant to the AWS acceptable use policy and AWS penetration tests rules. Currently you can perform security assessments or penetration tests against AWS infrastructure used by you without prior approval for 8 services.

Permitted Services:

• Amazon EC2 Instances, NAT Gateways and Elastic Load Balancers

• Amazon RDS

• Amazon CloudFront

• Amazon Aurora

• Amazon API Gateways

• AWS Lambda- and Lambda Edge functions

• Amazon Lightsail ressources

• Amazon Elastic Beanstalk environments

Prohibited Activities – The following activities are prohibited at this time:

• DNS zone walking via Amazon Route 53 Hosted Zones

• Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS

• Port flooding

• Protocol flooding

• Request flooding (login request flooding, API request flooding)

Please send the following information to support@root360.de:

• Contact

• Public IP(s) from which the test will be performed

• Services to be tested

• Type of test

• Test period