19
18

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

AWSの侵入テストを同一VPCで完結したい場合の申請方法

Last updated at Posted at 2015-02-23

AWSで脆弱性診断を行うときには「ちゃんと意図してやってますよ、sourceもdestinationも特定してますよ」ということを申請する必要があります。

今回同一VPCで完結した侵入テストを行う申請をしましたが、外部からの侵入テストとはすこし違う申請方法が必要でしたのでまとめます。
注意点はsource IPとdestination IPはプライベートアドレスで届け出をすることです。
同一VPC(更に今回は同一subnet)で完結する場合、プライベートアドレスで届け出をする必要があります。

申請後しばらく時間が経過して、許可された場合以下のようなフォーマットでメールが届きます。

Hello,

Thank you for contacting us.  We have received your request for authorization for penetration testing.

Your request as detailed below has been approved.
Your authorization number is: XXXXXXXXXX

As a reminder,
- you have agreed to abide by the Terms and Conditions and AWS’s Procedures Regarding the Use of Security Assessment Tools and Services.  You can review what you have agreed to at https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/AWSSecurityPenTestRequest
- you have agreed to abide by Amazon Web Services Customer Agreement available at http://aws.amazon.com/agreement/
- if you discover any vulnerabilities or other issues that are the direct result of AWS, you have agreed to contact aws-security@amazon.com within 24 hours of completion of your testing.

Best regards,

AWS CUSTOMER SERVICER NAME
http://aws.amazon.com

---- Original message: ----

AWS AccountId                   XXXXYYYYZZZZ
Name                    YOUR NAME
CompanyName
Email                   EMAIL@YOUR.DOMAIN
AccountNumber                   XXXXYYYYZZZZ
AdditionalEmail
ThirdPartyContact                       THIRD PARTY CONTACT
ScannedIPAddrs                  172.31.BBB.BBB
InstancesAre                    source<br>target
InstanceIDs                     i-XXXXXXXX
i-YYYYYYYY
SourceIPAddrs                   172.31.AAB.AAA
Region                  TOK
Timezone                        gmt+9
StartDateandTime                        YYYY-MM-DD hh:mm
EndDateandTime                  YYYY-MM-DD hh:mm
Comments
TermsAndConditions                      i-agree
ScanPolicyAgreement                     i-agree

残念ながら許可されなかった場合には以下のようなメールが届きますので内容を再確認して再申請しましょう。

Hello,

Thank you for your email. While verifying your request we found that the provided source IPs do not conform to our policies for testing. You are welcome to have that company contact us so that we can remedy this directly with them in order for your testing to proceed.

We apologize for any inconvenience this may cause.Please feel free to contact us with any questions.

Best regards,

AWS CUSTOMER SERVICER NAME
http://aws.amazon.com

---- Original message: ----
19
18
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
19
18

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?