Abuse reporting FAQs

For more information on AWS Trust & Safety, see AWS Trust & Safety Center.

What is abuse?
Any usage of AWS services in a manner that violates the AWS Service Terms and the AWS Acceptable Use Policy, is considered "abuse." Types of abuse include, but are not limited to, copyright violations, intrusion attempts, email spam, DDoS, and phishing. For more information on different types of abuse, see How do I report abuse of AWS resources?

How do I report suspected abuse to AWS?
If you detect suspicious activity or content that you suspect is abusive and that's hosted on or originating from an AWS service, report it to AWS Trust & Safety using the Report abusive activity from AWS resources form. This reporting method allows for faster case processing times. Or, you can email AWS Trust & Safety at trustandsafety@support.aws.com with information about the suspected abuse. For more information, see How do I report abuse of AWS resources?

Do I need to be an AWS customer to report suspected abuse?
No. Anyone who suspects that AWS resources are being used for abusive activity or content can report abuse.

What information do I need to provide when I report suspected abuse?
The information that you need to provide when you report suspected abuse depends on the type of abuse that you report. When you report suspected abusive network activity such as intrusion attempts, provide as much of the following information as possible:

• Type of abuse
• Dates and times when the suspected abuse occurred
• Time zone
• Source IP addresses
• Source ports and protocols
• Targeted IP addresses or domains
• Targeted ports and protocols
• Log extracts that show the intensity and duration of the activity

When you report suspected abusive content such as phishing websites, provide the following information:

• Specific URLs where the content is located
• Timestamp of the reported violation in the content (for audio or video files)
• Reasons why you suspect that the content violates the AWS Acceptable Use Policy

If you suspect that the content or activity is illegal, provide reasons for why you suspect so and identify the specific laws at issue. If you email an abuse report from an address that doesn't accept replies, include a contact email address in the body of your report.

Can I add attachments to an abuse report?
Yes, if it's critical for the investigation of the reported abuse. Send them in an email to AWS Trust & Safety at trustandsafety@support.aws.com. Don't attach illegal content, such as child sexual abuse or child sexual exploitation material.

Can I report multiple IP addresses in a single report?
Yes. To report multiple IP addresses, send an email to AWS Trust & Safety at trustandsafety@support.aws.com with a CSV attachment that includes the following information for each of the incidents: IP address, date and time of the incident in ISO 8601 (YYYY - MM - DD), and network log lines. Providing information in this format allows for quicker processing of your report.

Does AWS have an API that I can use to report abuse?
No. Use the Report abusive activity from AWS resources form or email AWS Trust & Safety at trustandsafety@support.aws.com to submit all abuse reports.

What happens after I report suspected abuse?
After AWS Trust & Safety receives your abuse report, you will receive an automated confirmation notice from the team. AWS Trust & Safety begins an investigation of the suspected abuse that you've reported and might contact you for more information. After the investigation is concluded and the report is resolved, you will receive an email notification. For more information, see How do I report abuse of AWS resources?

How long does it take for AWS to resolve my abuse report? Can I track the status of my report?
Investigations vary in complexity and scope, which means the time until these are resolved also varies. AWS Trust & Safety provides status updates on reports as they become available. Please don't submit additional abuse reports about the same issue while you await the resolution of your original report. If you have more information or questions about an abuse report that isn't yet resolved, contact AWS Trust & Safety in the email thread that includes your AWS case number.

Does AWS share information related to the customer that was responsible for the suspected abuse or other identifying information with the abuse reporters?
No, AWS doesn't disclose customer information. For more information, see the Privacy Notice.