Situation 

We are planning to conduct performance testing within AWS. We understand that certain types of performance tests require prior notification to AWS before proceeding. In what cases is this necessary, and how can we apply? 

Solution 

AWS allows customers to perform security assessments or penetration tests on the infrastructure for eight specified services without prior approval.

You can review the policy at the following page:
[+] http://aws.amazon.com/security/penetration-testing/

There are certain restrictions on the types of tests permitted: 

• Permitted Services 

  • Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers

  • Amazon RDS

  • Amazon CloudFront

  • Amazon Aurora

  • Amazon API Gateways

  • AWS Fargate

  • AWS Lambda and Lambda Edge functions

  • Amazon Lightsail resources

  • Amazon Elastic Beanstalk environments

• Prohibited Activities 

  • DNS zone walking via Amazon Route 53 Hosted Zones

  • Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS (These are subject to the DDoS Simulation Testing policy)

  • Port flooding

  • Protocol flooding

  • Request flooding (login request flooding, API request flooding)

To conduct simulated event-type testing on Amazon AWS Services, you can submit the following form: 

[+] Simulated Event Form : https://console.aws.amazon.com/support/contacts#/simulated-events