Curriculum Overview: AWS Trust and Safety and Abuse Reporting
Identifying the role of the AWS Trust and Safety team to report abuse of AWS resources
Curriculum Overview: AWS Trust and Safety
This curriculum focuses on the role of the AWS Trust and Safety team, a critical component of AWS security and compliance operations. Students will learn how to identify, categorize, and report the misuse of AWS resources to maintain the integrity of the cloud environment.
Prerequisites
Before starting this module, students should have a foundational understanding of the following:
- Cloud Concepts: Basic understanding of what cloud computing is and how AWS resources (like EC2 and S3) are used.
- Shared Responsibility Model: Understanding that while AWS secures the "Cloud," customers are responsible for what they put "In" the cloud.
- AWS Global Infrastructure: A general awareness of Regions and Availability Zones.
Module Breakdown
| Module ID | Module Name | Focus Area | Difficulty |
|---|---|---|---|
| TS-01 | Introduction to Trust & Safety | The mission and role of the team within AWS. | Beginner |
| TS-02 | Identifying Abuse | Categories of prohibited activities on AWS. | Intermediate |
| TS-03 | The Reporting Process | Utilizing re:Post and the Abuse Form to notify AWS. | Beginner |
| TS-04 | Post-Report Workflow | How AWS handles investigations and mitigates risk. | Intermediate |
Module Objectives
TS-01: Introduction to Trust & Safety
- Define the primary purpose of the AWS Trust and Safety team.
- Distinguish between the Trust and Safety team and other support roles like the TAM (Technical Account Manager).
TS-02: Identifying Abuse
- Categorize common types of abuse, including Spam, DDoS attacks, and Copyright Infringement.
- Recognize the signs of compromised resources being used for malicious intent.
TS-03: The Reporting Process
- Locate the official AWS Abuse Report form.
- Identify how to use AWS re:Post to find knowledge base articles related to reporting.
Visualizing the Reporting Ecosystem
Success Metrics
To demonstrate mastery of this curriculum, the student must be able to:
- Correctly Identify the Team: Select "AWS Trust and Safety" from a list of AWS services when presented with a scenario involving resource abuse.
- Classify Scenarios: Assign 100% of sample abuse scenarios to the correct reporting category (e.g., classifying a phishing site as "Objectionable Content").
- Navigate Resources: Navigate to the
https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/page within 30 seconds.
Examples of Abuse Scenarios
Below are concrete examples of when the Trust and Safety team should be engaged:
- Abusive Email (Spam): An AWS-hosted instance is used to send millions of unsolicited marketing emails, violating anti-spam regulations.
- Problematic Network Activity: An EC2 instance is detected performing port scanning or attempting a Brute Force attack on external networks.
- Objectionable Content: A public S3 bucket is found to be hosting illegal or copyrighted material without authorization.
- Phishing: A website hosted on AWS is masquerading as a bank login page to steal user credentials.
[!IMPORTANT] Trust and Safety vs. Trusted Advisor: Do not confuse these!
- Trust and Safety is for reporting external abuse/malice.
- Trusted Advisor is an internal tool for optimizing your own account's cost, performance, and security.
Real-World Application
In a professional setting, understanding the role of the Trust and Safety team is vital for:
- Compliance Officers: Ensuring that their organization’s use of AWS adheres to the AWS Acceptable Use Policy.
- Security Analysts: Knowing exactly where to route evidence if they discover that their own AWS resources have been compromised and are being used to attack others.
- Legal Teams: Handling Intellectual Property (IP) and DMCA takedown requests effectively via the proper AWS channels.