Posted On: Mar 1, 2018

Containers running on the AWS Fargate Launch Type now meet the criteria for ISO, PCI, SOC 1, SOC 2, and SOC 3 compliance along with the criteria for HIPAA eligibility. This means container workloads on AWS Fargate can now process regulated financial data or protected health information (PHI).

AWS Fargate is a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters. Amazon ECS schedules the containers and Fargate handles provisioning and scaling the required compute resources to run them.

In keeping with the requirements for HIPAA and other certifications, regulated and protected data must be encrypted in transit or at rest when accessed by containers launched with Fargate. Additionally, you must execute a Business Associate Addendum (BAA) with AWS to meet the eligibility requirements for processing encrypted Protected Health Information (PHI) under HIPAA using Amazon ECS and Fargate. Fargate does not support encryption at rest, which is something customers need to manage to meet HIPAA requirements.

To learn more, visit our site on services compliance or see our compliance resources. You can get more information about AWS Fargate on the product page.

Amazon Fargate is available in the US East (N. Virginia) region. For more information on AWS regions and service, please visit here.