Firstly, what is a penetration test? A penetration test, or pentest, is essentially an authorized cyber attack on your own environment and infrastructure that is used to determine its weak points and vulnerabilities, in addition to its strengths, against defined security standards.
This is a good security practice to perform on your environments to understand the areas of improvement required at all layers of your architecture. It is better for an authorized attacker to find a weak spot, allowing you to fix and remediate the risk, than to have a malicious attacker who would exploit the flaw for their own gain.
However, within AWS, you must adhere to some strict policies and procedures when penetration testing. For example, you can't carry out penetration testing on whatever service you would like to; in fact, there are very few services that you can pentest without prior approval from AWS. These services are as follows:
- Amazon EC2 instances, NAT...