AWS Cloud Pentesting is unique, and provide their own set of security considerations. While some vulnerabilities are mitigated through Amazon's security measures, The complexity of these services leaves many companies exposed.
One of the strongest features of AWS is the immense flexibility it gives users to configure the environment.. While flexibility is excellent, It is also an important facet when it comes to security..
In general, you can perform a Pentesting on any Amazon service and, since 2019, Prior company approval is no longer required.
Cloud analytics of user-operated services can be performed where there is little or no interaction with the hosting provider and, In general terms, can be thoroughly tested and with few restrictions, except denial of service (DDoS) and business continuity disruptions.
On the other hand, They can also be performed on services operated by the provider and provided “as a service”. Examples would be Gmail services, Dropbox, Salesforce and AWS as Cloudfront. That's not to say that implementations of these don't have vulnerabilities., but testing focuses on deployment and configuration, instead of provider-owned infrastructure testing.
The AWS architecture consists of a set of APIs deeply integrated into the AWS ecosystem and a variety of AWS-specific configurations need to be tested.. In an evaluation of this service, customer provides an audit account to the AWS Management Console to the assessment team. By enabling this view, Analysts can provide guidance on security details that, otherwise, would be inaccessible to attackers.
This approach is designed from an audit standpoint to perform a thorough security analysis of your AWS infrastructure and recommends this approach rather than an attacker-centric approach.