Unless you are working directly with AWS then you will not be able to run a pentest against the AWS cloud environment directly. You are only permitted to test against 'your' deployments of specific AWS services as detailed within the following guidance from Amazon.
AWS customers are permitted to carry out security assessments and penetration tests against their AWS infrastructure without prior approval against the following:
This must only be against your deployments and on your side of the Shared Responsibility Model. Certain types of cyber attack such as port flooding and denial of service are prohibited.
More information can be found here: https://aws.amazon.com/security/penetration-testing/
For pentesting tools specific to ‘testing’ the security of the deployment onto AWS consider the following:
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
Prowler is a command-line tool that helps you with AWS security assessment, auditing, hardening and incident response.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
If you like this blog post, find more content in our Glossary.