Abuse reporting FAQs

The AWS Trust & Safety team plays a crucial role in addressing abuse of AWS services. These FAQs provide information about AWS’s abuse handling process, including how you can report suspected abuse to AWS and how AWS handles abuse reports. For more information on AWS Trust & Safety, see AWS Trust & Safety Center.

What is abuse?
Any usage of AWS services in a manner that violates the AWS Service Terms and the AWS Acceptable Use Policy, is considered "abuse." Types of abuse include, but are not limited to, copyright violations, intrusion attempts, email spam, DDoS, and phishing. For more information on different types of abuse, see How do I report abuse of AWS resources?

How do I report suspected abuse to AWS?
If you detect suspicious activity or content that you suspect is abusive and that's hosted on or originating from an AWS service, report it to AWS Trust & Safety using the Report abusive activity from AWS resources form. This reporting method allows for faster case processing times. Or, you can email AWS Trust & Safety at trustandsafety@support.aws.com with information about the suspected abuse. For more information, see How do I report abuse of AWS resources?

Do I need to be an AWS customer to report suspected abuse?
No. Anyone who suspects that AWS resources are being used for abusive activity or content can report abuse.

What information do I need to provide when I report suspected abuse?
The information that you need to provide when you report suspected abuse depends on the type of abuse that you report. When you report suspected abusive network activity such as intrusion attempts, provide as much of the following information as possible:

• Type of abuse
• Dates and times when the suspected abuse occurred
• Time zone
• Source IP addresses
• Source ports and protocols
• Targeted IP addresses or domains
• Targeted ports and protocols
• Log extracts that show the intensity and duration of the activity

When you report suspected abusive content such as phishing websites, provide the following information:

• Specific URLs where the content is located
• Timestamp of the reported violation in the content (for audio or video files)
• Reasons why you suspect that the content violates the AWS Acceptable Use Policy

If you suspect that the content or activity is illegal, provide reasons for why you suspect so and identify the specific laws at issue. If you email an abuse report from an address that doesn't accept replies, include a contact email address in the body of your report.

Can I add attachments to an abuse report?
Yes, if it's critical for the investigation of the reported abuse. Send them in an email to AWS Trust & Safety at trustandsafety@support.aws.com. Don't attach illegal content, such as child sexual abuse or child sexual exploitation material.

Can I report multiple IP addresses in a single report?
Yes. To report multiple IP addresses, send an email to AWS Trust & Safety at trustandsafety@support.aws.com with a CSV attachment that includes the following information for each of the incidents: IP address, date and time of the incident in ISO 8601 (YYYY - MM - DD), and network log lines. Providing information in this format allows for quicker processing of your report.

Does AWS have an API that I can use to report abuse?
No. Use the Report abusive activity from AWS resources form or email AWS Trust & Safety at trustandsafety@support.aws.com to submit all abuse reports.

What happens after I report suspected abuse?
After AWS Trust & Safety receives your abuse report, you will receive an automated confirmation notice from the team. Next, AWS Trust & Safety reviews your abuse report and may contact you for more information. The team notifies the implicated customer of the abuse report and works with them to restore compliance with AWS' terms of service. After the team resolves the report, you will receive an email notification. For more information, see How do I report abuse of AWS resources?

How long does it take for AWS to resolve my abuse report? Can I track the status of my report?
Investigations vary in complexity and scope, which means the time until these are resolved also varies. AWS Trust & Safety provides status updates on reports as they become available. Please don't submit additional abuse reports about the same issue while you await the resolution of your original report. If you have more information or questions about an abuse report that isn't yet resolved, contact AWS Trust & Safety in the email thread that includes your AWS case number.

Does AWS share information related to the customer that was responsible for the suspected abuse or other identifying information with the abuse reporters?
No, AWS doesn't disclose customer information. For more information, see the Privacy Notice.

Who is responsible for content that’s hosted on AWS?
When customers sign up for AWS, they agree to comply with the law and AWS terms of service, including the AWS Acceptable Use Policy. As part of this agreement, our customers are responsible for the content they host and the activities they conduct using AWS services, including ensuring that the content and activities of their end users comply with AWS’s terms.

What if a customer disagrees with an abuse report?
If an AWS customer disagrees with an abuse report or any action AWS has taken with respect to their abuse case, they may provide details explaining why they believe that the reported content or activity isn’t abusive. AWS Trust & Safety will review the customer’s response and work with all relevant parties to resolve the matter.

How does AWS handle cases where a customer doesn’t address prohibited content or activities?
Many abuse reports are resolved as a result of our customers removing or disabling the reported content or activity. In the rare case where a customer hosts prohibited content or activity in violation of AWS’s terms of service and is unable or unwilling to prevent, or identify and remove, the prohibited content or activity, the AWS Trust & Safety team may take suspension action to mitigate the abuse with notice to the customer in accordance with the customer’s agreement with AWS. If suspension is necessary, the AWS Trust & Safety team endeavors to take the least invasive suspension action possible by only disabling access to the specific AWS resource(s) hosting the prohibited content or activity.