Abuse notice FAQs

For more information on AWS Trust & Safety, see AWS Trust & Safety Center.

What is abuse?
Any usage of AWS services in a manner that violates the AWS Service Terms and the AWS Acceptable Use Policy, is considered "abuse." Types of abuse include, but are not limited to, copyright violations, intrusion attempts, email spam, DDoS, and phishing. For more information on different types of abuse, see How do I report abuse of AWS resources?

What do I do when I receive an abuse notice from AWS?
The abuse notice that you receive includes the abuse report that AWS Trust & Safety received from the abuse reporter. The notice describes the suspected abusive activity or content. If the reporter submitted log extracts, then the report might include them.

Review the abuse notice to identify the content or activity that was reported. Then, if required, respond directly to the abuse notice email with information about actions that you've taken to confirm that the reported abusive activity was stopped and content was removed. If you don't agree that the reported content or activity is abusive, provide the reasons in your response. If the abuse notice specifies a timeline by when you must respond, and you fail to respond within that timeline, then AWS might take action against your resources or suspend your AWS services or account. For more information, see What do I do when I receive an abuse report from AWS about my resources?

What do I do if I need more time to review the incident that's described in the abuse notice?
If necessary, you might exceptionally request additional time to review the incident described in the abuse notice. Respond to the abuse notice email with the amount of additional time that's needed and reason for the extension. If your extension request is approved, you'll receive an email from AWS Trust & Safety.

How did AWS identify me as the customer who is responsible for the suspected abuse?
AWS Trust & Safety reviews each abuse report and attributes ownership of the implicated resource based on several factors. These factors include the IP address that was active when the reported activity occurred or when the reported content was made publicly available. If you believe that you were incorrectly implicated in an abuse report, contact AWS Trust & Safety in the email thread that includes your AWS case number.

What should I do if I've responded to the abuse notice but haven't heard back?
You will receive an email after AWS Trust & Safety reviews your response. You don't need to respond again.

What do I need to do if AWS takes action on my AWS resources?

1. Review the issue that's described in the abuse notice. Then, either remediate the issue or dispute the notice.
2. If you can't remediate the issue because AWS took action on your resources, respond to the abuse notice through email. In your response, mention that you're unable to remediate the issue. Specify that you will remediate the issue if AWS restores your access to your resources, and that you will do so immediately after you regain access. AWS will inform you if it has restored access to your resources.
3. After you resolve the issue, respond to the abuse notice through email and provide information on the remediation steps that you've taken and measures that you've put in place to prevent future abuse.

If you can't find the abuse notice from AWS Trust & Safety, check the email addresses for your account's primary and security contacts.

If you suspect that your account might be compromised, see What can I do if I notice unauthorized activity in my AWS account?

How do I ensure that I don't miss an abuse notice from AWS?
Make sure that all of your account contact information is up to date. AWS Trust & Safety sends abuse notices to the email address that you provided as your account's primary contact. If you've added a security contact as an alternate contact, the team sends the notices to the security contact's email address as well. To update your account contact information, see Update your AWS account contact information.

How does the AWS Trust & Safety team partner with Enterprise and Unified Operations Support Customers?
AWS Trust & Safety sends the abuse notices to the AWS account email contacts as well as the AWS account team for Enterprise and Unified Operations customers. While it's encouraged that you respond directly to abuse notices from the AWS Trust & Safety team, your AWS account team is available to help address any abuse reports that you might receive.