diff --git a/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go b/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go
index 56692b49..8278611e 100644
--- a/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go
+++ b/v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.go
@@ -76,8 +76,7 @@ func detonate(params map[string]string, providers stratus.CloudProviders) error
 		return errors.New("expected ec2:RunInstances to return an error")
 	}
 
-	if !strings.Contains(err.Error(), "AccessDenied") {
-		// We expected an *AccessDenied* error
+	if !isExpectedError(err) {
 		return errors.New("expected ec2:RunInstances to return an access denied error, got instead: " + err.Error())
 	}
 
@@ -85,3 +84,10 @@ func detonate(params map[string]string, providers stratus.CloudProviders) error
 
 	return nil
 }
+
+func isExpectedError(err error) bool {
+	// We expected an *AccessDenied* or *UnauthorizedOperation* error
+	errorMessage := err.Error()
+	return strings.Contains(errorMessage, "AccessDenied") ||
+		strings.Contains(errorMessage, "UnauthorizedOperation")
+}