Our Acceptable Use Policy describes permitted and prohibited behavior on AWS and includesdescriptions of prohibited security violations and network abuse. However, because penetrationtesting and other simulated events are frequently indistinguishable from these activities, we haveestablished a policy for customers to request permission to conduct penetration tests andvulnerability scans to or originating from the AWS environment. http://aws.amazon.com/security/penetration-testing/