In this article

  • Bulk Email Sending Without SES
  • Penetration Testing Without Approval
  • Cryptocurrency Mining
  • Mass SMS and Voice Campaigns
  • Network Security Research
  • Bulk IP Address Scanning
  • DNS Query Testing and Benchmarking
  • Load Testing Against External Sites
  • Tor Exit Nodes
  • SMTP Open Relays
  • Additional Restricted Workloads Worth Mentioning
  • The OpenMetal Difference: Your Infrastructure, Your Rules

Every day, legitimate businesses discover their innovative workload violates some obscure AWS policy, requires special approval, or hits an arbitrary limit that brings their operations to a grinding halt.

You’re not doing anything illegal. You’re not sending spam. You’re just trying to run your business, but AWS’s restrictions treat your legitimate workload like a potential threat.

Here are 10 completely legal, business-critical workloads that AWS makes unnecessarily difficult, along with the actual policies that restrict them and a simpler alternative.

1. Bulk Email Sending Without SES

The AWS Reality

By default, AWS blocks outbound traffic on port 25 for all EC2 instances. Want to send email directly from your servers? You’ll need to request removal of port 25 restrictions, which AWS may deny without explanation.

Even if approved, you’re pushed toward Amazon SES, which comes with its own limitations:

  • Starting limit of 200 emails per day
  • Maximum sending rate of 1 email per second
  • Gradual “reputation building” that can take months
  • Immediate suspension for bounce rates over 5%

Why It’s Frustrating

Imagine running a legitimate newsletter with 100,000 subscribers. A 5.1% bounce rate (completely normal after a list cleaning) could shut down your entire email operation. Your business communication stops while you plead your case to AWS support.

The OpenMetal Alternative

Run your own mail servers with dedicated IP blocks. No port restrictions, no sending limits, no arbitrary suspension. Full control over your IP reputation, SPF records, and sending patterns. You can scale from 1 to 1 million emails without asking permission.

2. Penetration Testing Without Approval

The AWS Reality

According to AWS’s Penetration Testing Policy, you need prior written approval for security testing. Prohibited activities include:

  • DNS zone walking
  • Denial of Service (DoS) testing
  • Port flooding
  • Protocol flooding
  • Request flooding (API or login requests)

Why It’s Frustrating

You’re a security firm hired to test a client’s infrastructure. Before you can start, you need AWS approval. The approval process can take days. Certain critical tests are completely forbidden, leaving security gaps you can’t properly assess. One mistaken test without approval? Account suspension.

The OpenMetal Alternative

Your bare metal, your rules. Run full penetration tests, vulnerability scans, and security research without restrictions. Set up isolated networks for honeypots, malware analysis, and security training environments. No approval needed, no techniques forbidden. Check out our cybersecurity customer running their ClickHouse deployment on OpenMetal infrastructure. It’s their hardware and their rules!

3. Cryptocurrency Mining

The AWS Reality

The AWS Customer Agreement explicitly states that cryptocurrency mining requires prior written approval. Without approval, your account faces immediate termination.

Why It’s Frustrating

While mining might be restricted, what about running blockchain nodes? Validators? The line isn’t always clear. Many legitimate blockchain operations have faced suspension because AWS flagged their activity as “mining-related”. The approval process is opaque, and denials don’t include explanations.

The OpenMetal Alternative

Run validators, nodes, and blockchain infrastructure without seeking permission. Your hardware, your choice. Whether you’re validating Ethereum transactions or running a Bitcoin full node, there are no restrictions or approval processes.

4. Mass SMS and Voice Campaigns

The AWS Reality

Amazon SNS starts with strict limits:

  • SMS spending limit of $1.00 per month
  • Voice calling requires Amazon Connect with complex approval
  • Promotional SMS requires additional registration
  • 160-character limit counting toward your quota

Amazon SNS documentation details extensive registration requirements for different countries, with some taking weeks for approval.

Why It’s Frustrating

Running a legitimate alert system for 10,000 customers? Hope you enjoy the approval process for every country, carrier registration requirements, and spending limit increase requests! Emergency notification system? Better hope you’ve pre-approved everything months in advance.

The OpenMetal Alternative

Deploy your own SMS gateways and SIP infrastructure. Connect directly with carriers or aggregators of your choice. No spending limits, no character counting, no geographic restrictions. Full control over your communication infrastructure.

5. Network Security Research

The AWS Reality

AWS explicitly prohibits:

  • Running open proxies
  • Operating network honeypots
  • Packet sniffing or network monitoring
  • Operating “any form of network monitors or packet sniffers”

Why It’s Frustrating

You’re a cybersecurity researcher studying attack patterns. Your honeypot collects valuable threat intelligence. But to AWS, you’re indistinguishable from a malicious actor. Your legitimate research could end with account termination.

The OpenMetal Alternative

Deploy honeypots, run packet capture, analyze network traffic all without restrictions. Create isolated environments for malware analysis, threat research, and security training. It’s your infrastructure!

6. Bulk IP Address Scanning

The AWS Reality

The AWS Acceptable Use Policy prohibits “unauthorized port scans or network discovery tools.” Even scanning your own allocated IP ranges at scale can trigger automatic suspension.

Why It’s Frustrating

You’re managing a large infrastructure and need to audit your assets. Or you’re a security company providing vulnerability scanning services. AWS’s automated systems can’t distinguish between legitimate scanning and malicious activity, leading to sudden account suspension.

The OpenMetal Alternative

Scan your networks, audit your infrastructure, run network discovery tools without fear of suspension. Deploy Nmap, Masscan, or custom scanning tools at any scale.

7. DNS Query Testing and Benchmarking

The AWS Reality

AWS explicitly prohibits DNS query flooding and “benchmarking tests” against their infrastructure. Even testing your own Route 53 configurations at scale can violate terms.

Why It’s Frustrating

You’re developing a DNS-based service that needs load testing. Or you’re benchmarking failover configurations. AWS’s restrictions mean you can’t properly test your architecture’s limits before production deployment.

The OpenMetal Alternative

Run DNS benchmarks, load tests, and query flooding against your own infrastructure. Test failover scenarios, benchmark response times, and validate your architecture’s limits without restrictions.

8. Load Testing Against External Sites

The AWS Reality

AWS prohibits load testing without explicit consent from target sites. This includes testing your own external infrastructure or APIs hosted elsewhere.

Why It’s Frustrating

Your company runs infrastructure across multiple providers. Testing disaster recovery requires load testing failover between environments. But AWS’s policy means you need written permission to test your own systems if they’re external to AWS.

The OpenMetal Alternative

Load test any infrastructure you have permission to test. No AWS approval needed for testing your own external systems. Full freedom to validate your disaster recovery and failover procedures.

9. Tor Exit Nodes

The AWS Reality

While not explicitly banned in the AUP, running Tor exit nodes on AWS consistently results in account suspension. AWS treats Tor traffic as suspicious activity, regardless of your legitimate privacy-focused use case.

Why It’s Frustrating

You’re providing privacy infrastructure for journalists in oppressive regimes or running privacy research. To AWS’s automated systems, you’re a security threat. Your humanitarian or research project gets shut down without warning.

The OpenMetal Alternative

Run Tor nodes, VPN services, or any privacy infrastructure without restrictions. Support internet freedom, privacy research, or anonymous communication platforms without fear of suspension.

10. SMTP Open Relays

The AWS Reality

AWS explicitly prohibits running open SMTP relays, even for legitimate email forwarding services. The AWS Service Terms treat any open relay as a violation.

Why It’s Frustrating

You’re running a legitimate email forwarding service, backup MX service, or email gateway for multiple domains. AWS’s blanket prohibition means you can’t offer services that require relay functionality, even with proper authentication and anti-spam measures.

The OpenMetal Alternative

Configure your mail servers however your business requires. Run relay services, backup MX, or email gateways with your own security controls. Implement authentication, rate limiting, and anti-spam measures on your terms.

Additional Restricted Workloads Worth Mentioning

Proxy and VPN Services

AWS regularly suspends accounts running proxy or VPN services, even legitimate business VPNs or privacy services. Their automated systems can’t distinguish between corporate VPNs and malicious proxies.

Distributed Computing Projects

Running Folding@home or other distributed computing projects violates AWS’s resource usage policies. Your contribution to scientific research could result in account termination.

Automated Trading Systems

High-frequency trading systems that make rapid API calls trigger AWS’s rate limiting and abuse detection. Your legitimate trading algorithm gets throttled just when market conditions are most favorable.

Phishing and Security Training Infrastructure

Even legitimate security awareness training that simulates phishing attacks violates AWS policies. Your employee security training platform could be suspended for doing exactly what it’s designed to do.

Network Monitoring Tools

Running tools like Wireshark, tcpdump, or custom packet analysis violates AWS’s network monitoring prohibition. Your legitimate network troubleshooting becomes a terms violation.

The Pattern Is Clear

AWS’s restrictions make sense for a shared, multi-tenant environment where one customer’s activity can affect thousands of others. But these same restrictions strangle innovation and make legitimate business operations unnecessarily difficult.

Every approval process adds delay. Every restriction requires workarounds. Every false positive suspension costs money and reputation.

The OpenMetal Difference: Your Infrastructure, Your Rules

OpenMetal Hosted Private Cloud CoreOpenMetal provides dedicated bare metal servers and private clouds where you have complete control:

  • No approval processes – Deploy what you need, when you need it
  • No arbitrary limits – Scale based on your hardware, not policy restrictions
  • No suspensions – Your legitimate workload won’t trigger automated bans
  • Full root access – Complete control over your infrastructure
  • Dedicated resources – No noisy neighbors, no shared restrictions
  • Your IP blocks – Manage your own IP reputation and allocation

When Restrictions Become Business Barriers

If you’ve ever:

  • Waited days for AWS approval to run basic operations
  • Been suspended for legitimate business activity
  • Hit arbitrary limits that stopped your service
  • Spent more time working around restrictions than building your product
  • Had to explain to customers why AWS won’t let you serve them

Then it’s time to consider infrastructure without limits.

Make the Switch to Unrestricted Infrastructure

Your workload shouldn’t be subject to arbitrary restrictions. Whether you’re sending millions of emails, running security research, operating blockchain infrastructure, or building the next innovation that doesn’t fit neatly into AWS’s policies you need infrastructure that adapts to your needs, not the other way around.

OpenMetal provides the same API-driven, on-demand infrastructure experience as AWS, but on dedicated hardware where you make the rules. Deploy in seconds, scale on-demand, and never worry about your legitimate workload.

Ready to remove restrictions from your infrastructure?

Calculate Your Savings | Start Your Free Trial | Talk to an Engineer


Have you been restricted, throttled, or suspended by AWS for legitimate workloads? We’d love to hear your story. Contact us at marketing@openmetal.io to share your experience.

Chat With Our Team

We’re available to answer questions and provide information.

Reach Out

Schedule a Consultation

Get a deeper assessment and discuss your unique requirements.

Schedule Consultation

Try It Out

Take a peek under the hood of our cloud platform or launch a trial.

Trial Options

 

 

 Read More on the OpenMetal Blog

Top 8 Reasons Companies Leave Public Cloud in 2026

Jul 06, 2026

A skimmable breakdown of the main business and technical drivers pushing companies from public cloud to hosted private cloud, covering cost control, compliance, performance, and operational control.

What AI Startups Need to Plan for Before Their Cloud Credits Run Out

Jul 01, 2026

Hyperscaler credits are worth taking, but the architecture built during the subsidized period determines your real cost when billing starts. This covers the credit lifecycle, which decisions create long-term cost exposure, and when private infrastructure makes sense for AI startups in production.

How Nutanix and OpenMetal Compare as VMware Alternatives for Mid-Market IT Teams

Jun 29, 2026

Nutanix is a legitimate VMware alternative with real advantages. But its per-core subscription model has cost implications that compound at scale. This article compares both platforms honestly across pricing, operations, migration tooling, and use case fit.

Why MSPs Should Own Their Cloud Infrastructure Instead of Reselling It

Jun 26, 2026

Azure CSP resale margins are thin and getting thinner as Microsoft shifts incentives away from transaction volume. This article covers the commercial model for MSPs who own their infrastructure instead, how OpenStack multi-tenancy enables per-client isolation on shared hardware, and what the right client segment looks like.

When Running Apache Spark and Delta Lake Without Databricks Makes Financial Sense

Jun 22, 2026

Databricks’ Standard tier is being retired, forcing Premium upgrades with higher DBU rates. This article covers how the DBU billing model works, what the open-source stack underneath Databricks looks like, what you give up by self-managing it, and when private cloud infrastructure changes the economics.

How MSPs Can Win Clients With Compliance and Private Cloud

Apr 30, 2026

Enterprise clients in regulated industries are asking harder infrastructure questions than most MSPs are equipped to answer. This article covers where the Microsoft stack has limits for compliance workloads, what private cloud adds to an MSP’s portfolio, and how to start without overhauling your entire stack.

How US Companies Get EU Infrastructure Without Building EU Operations

Apr 23, 2026

EU expansion means facing data residency questions your US infrastructure can’t easily answer. This guide breaks down what EU customers actually need, why Amsterdam is the right location, how fixed-cost hosted infrastructure compares to hyperscaler EU regions, and what you don’t actually need to build.

Multi-Cloud Disaster Recovery: Building a Hybrid DR Strategy with OpenMetal and AWS or Azure

Apr 22, 2026

Running production and recovery on the same provider creates vendor concentration risk that most DR plans don’t address. This article covers both hybrid DR architectures, how to choose the right direction for your organization, what hyperscaler DR actually costs, and the tooling that makes cross-provider recovery work reliably.

Why Proof-of-Stake Validators Outgrow Their Hosting Provider

Apr 21, 2026

Professional PoS validator operations have specific infrastructure demands that general hosting and public cloud weren’t built for. This guide covers the five requirements that separate adequate from production-grade hosting, where public cloud falls short, and what to verify before signing with a provider.

Proxmox vs. OpenStack: Which VMware Replacement Actually Fits Your Organization?

Apr 17, 2026

Broadcom’s VMware repricing has pushed IT teams to evaluate open-source alternatives. This guide breaks down how Proxmox VE and OpenStack compare across operational complexity, performance, scale, compliance, and cost, so you can match the right platform to your organization before you commit.