randpython
Ryan has clearly mentioned in the course and also aws website also states any pen test to/from aws resource requires approval.
https://aws.amazon.com/security/penetration-testing/
Excerpts from the link above
"Requesting Permission
Please complete and submit the AWS Vulnerability / Penetration Testing Request Form to request authorization for penetration testing to or originating from any AWS resources. There are several important things to note about penetration testing requests:
Permission is required for all penetration tests."
I would not trust any market place seller to assume that by buying their solution no pen test approvals are needed.
Request confirmation on the same from Ryan/Team.
IP based scanning, event simulation will need to apply. Also, vulnerability scan != penetration test.
Can you please clarify what you mean by ip based scanning in this context ?
Form has ‘vulnerability’ in title and doesn’t seem to distinguish between the two: https://aws.amazon.com/security/penetration-testing/
Randpython, I agree with your accessment and there is a long discussion in this forum about this topic pen test need permission from Amzn or pre-approved vendor pen test bypass that?. The FINAL WORD is from Amazon papers where in there they still say you need to ask for authorization"Permission is required for all penetration tests." . Until they update their documentation on pen testing this should be the correct answer. Not what a vendor say about their product.
This came up in the security exam. Two of the answers made reference to pre approved AMIs, two didn’t…