Penetration testing for Amazon API Gateway and AWS Lambda Functions


I want to do a penetration test by applying a load to a solution developed with API Gateway and Lambda Functions.

Is it possible for them to do it without any approval from AWS? Or does AWS prohibit this kind of tests for security purposes?


1 Answer
Accepted Answer

For the most up to date information on what you can and cannot execute in terms of penetration testing, please refer to This will also include a list of prohibited activities.

At the time of this answer you're welcome to conduct security assessments against AWS resources that you own if they make use of the services listed below.

  • Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers
  • Amazon RDS
  • Amazon CloudFront
  • Amazon Aurora
  • Amazon API Gateways
  • AWS Lambda and Lambda Edge functions
  • Amazon Lightsail resources
  • Amazon Elastic Beanstalk environments
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions