Action 1: Prevent propagation of incorrect routing information
Today we implement outbound prefix-filters with a strict whitelist policy that only include our own and our customers IP-Space. For inbound we have a mixed filtering policy that looks at both AS-paths and prefix-lists where applicable in combination with some best-practice standard filters such as martians and our own IP-Space.
Action 2: Prevent traffic with spoofed source IP addresses
Customers of AWS builds their virtual network inside something thats called a VPC where they connect containers, storage, instances and other resources alike. Inside the VPC you can only use addresses that has been assigned to you.More documentation on this is available here. https://aws.amazon.com/answers/networking/vpc-security-capabilities/
Action 3: Facilitate global operational communication and coordination
Abuse, Peering, Policy and NOC-details is available on PeeringDB as well as in IRR Objects.
Action 4: Facilitate validation of routing information on a global scale
Amazon Web Services has during the last 6 months published large amounts of Route Origin Authorisations (ROAs) for of our address space. We are encouraging operators to use the ROAs in their filters to do Origin Validation. We also automatically keep our IRR-data update and we encourage people to use AS-AMAZON for their filters.
Action 5: Encourage MANRS adoption
We encourage other operators to follow the principles of MANRS and are happy to see the community grow