AWS 服务的隐私功能
AWS 对您的隐私保持警惕,并且我们可以提供当前最灵活、最安全的云计算环境。通过 AWS,您可以拥有自己的数据,控制其位置并控制谁可以访问这些数据。我们对 AWS 服务如何处理您上传至 AWS 账户的个人数据(客户数据)保持透明,并且我们提供允许您加密、删除和监控客户数据处理的功能。
您可以放心地使用 AWS 服务,因为您的客户数据会保留在您选择的 AWS 区域内。少量 AWS 服务涉及客户数据传输,例如,出于开发和改进服务的需要,您可以在此过程中选择退出传输,或者因为传输是服务(例如内容分发服务)的重要部分。我们禁止且我们的系统旨在防止 AWS 人员出于任何目的(包括服务维护)远程访问客户数据,除非您要求访问或者出于防止欺诈和滥用或遵守法律的需要。
我们将会在下面提供 AWS 服务的关键隐私功能概述,您可以使用这些服务来根据欧盟法院的 Schrems II 判决以及欧盟数据保护委员会有关补充传输工具措施的建议执行数据传输评估。
您可以单击下表中带下划线的复选标记,以查阅 AWS 文档,了解 AWS 服务如何支持客户加密、删除和监控客户数据处理。
AWS 服务 | 客户可以加密 | 客户可以删除 | 客户可以监控处理 | 无远程访问* |
Amazon API Gateway | ✓ | ✓ | ✓ | ✓ |
Amazon AppFlow | ✓ | ✓ | ✓ | ✓ |
Amazon AppStream 2.0 | ✓ | ✓ | ✓ | ✓ |
Amazon AppStream 2.0 用户池 | ✓ | ✓ | ✓ | ✓ |
Amazon Athena | ✓ | ✓ | ✓ | ✓ |
Amazon Augmented AI (A2I) | ✓ | ✓ | ✓ | ✓ |
Amazon Aurora | ✓ | ✓ | ✓ | ✓ |
Amazon Braket | ✓ | ✓ | ✓ | ✓ |
Amazon Chime | ✓ | ✓ | ✓ | ✓ |
Amazon Cloud Directory | ✓ | ✓ | ✓ | ✓ |
Amazon CloudFront | ✓ | ✓ | ✓ | ✓ |
Amazon CloudWatch | ✓ | ✓ | ✓ | ✓ |
Amazon CloudWatch Logs |
✓ | ✓ | ✓ | ✓ |
Amazon CodeGuru Profiler | ✓ | ✓ | ✓ | ✓ |
Amazon CodeGuru Reviewer | ✓ | ✓ | ✓ | ✓ |
Amazon Cognito | ✓ | ✓ | ✓ | ✓ |
Amazon Comprehend | ✓ | ✓ | ✓ | ✓ |
Amazon Connect | ✓ | ✓ | ✓ | ✓ |
Amazon Detective | ✓ | ✓ | ✓ | ✓ |
Amazon DocumentDB(兼容 MongoDB) | ✓ | ✓ | ✓ | ✓ |
Amazon DynamoDB | ✓ | ✓ | ✓ | ✓ |
Amazon Elastic Block Store (Amazon EBS) | ✓ | ✓ | ✓ | ✓ |
Amazon Elastic Compute Cloud (Amazon EC2) | ✓ | ✓ | ✓ | ✓ |
Amazon Elastic Container Registry (Amazon ECR) | ✓ | ✓ | ✓ | ✓ |
Amazon Elastic Container Service (Amazon ECS) | ✓ | ✓ | ✓ | ✓ |
Amazon Elastic File System (Amazon EFS) | ✓ | ✓ | ✓ | ✓ |
Amazon Elastic Inference | ✓ | ✓ | ✓ | ✓ |
Amazon Elastic Kubernetes Service (Amazon EKS) | ✓ | ✓ | ✓ | ✓ |
Amazon ElastiCache for Memcached | ✓** |
✓ | ✓ | ✓ |
Amazon ElastiCache for Redis | ✓ | ✓ | ✓ | ✓ |
Amazon EMR | ✓ | ✓ | ✓ | ✓ |
Amazon EventBridge | ✓ | ✓ | ✓ | ✓ |
Amazon Forecast | ✓ | ✓ | ✓ | ✓ |
Amazon Fraud Detector | ✓ | ✓ | ✓ | ✓ |
Amazon FSx for Lustre | ✓ | ✓ | ✓ | ✓ |
适用于 ONTAP 的 Amazon FSx | ✓ | ✓ | ✓ | ✓ |
Amazon FSx for OpenZFS | ✓ | ✓ | ✓ | ✓ |
Amazon FSx for Windows File Server | ✓ | ✓ | ✓ | ✓ |
Amazon GameLift | ✓ | ✓ | ✓ | ✓ |
Amazon GuardDuty | ✓ | ✓ | ✓ | ✓ |
Amazon Healthlake | ✓ | ✓ | ✓ | ✓ |
Amazon Honeycode | ✓ | ✓ | ✓ | ✓ |
Amazon Inspector | ✓ | ✓ | ✓ | ✓ |
Amazon Inspector Classic | ✓ | ✓ | ✓ | ✓ |
Amazon Interactive Video Service (IVS) | ✓ | ✓ | ✓ | ✓ |
Amazon Kendra | ✓ | ✓ | ✓ | ✓ |
Amazon Keyspaces | ✓ | ✓ | ✓ | ✓ |
面向 Java 应用程序的适用于 Apache Flink 的亚马逊托管服务 | ✓ | ✓ | ✓ | ✓ |
面向 SQL 应用程序的适用于 Apache Flink 的亚马逊托管服务 | ✓ | ✓ | ✓ | ✓ |
Amazon Kinesis Data Firehose | ✓ | ✓ | ✓ | ✓ |
Amazon Kinesis Data Streams | ✓ | ✓ | ✓ | ✓ |
Amazon Kinesis VideoStreams | ✓ | ✓ | ✓ | ✓ |
Amazon Lex | ✓ | ✓ | ✓ | ✓ |
Amazon Lightsail | ✓ | ✓ | ✓ | ✓ |
Amazon Location Service | ✓ | ✓ | ✓ | ✓ |
Amazon Macie | ✓ | ✓ | ✓ | ✓ |
Amazon Managed Blockchain (AMB) | ✓ | ✓ | ✓ | ✓ |
Amazon Managed Service for Grafana (AMG) | ✓ | ✓ | ✓ | ✓ |
Amazon Managed Service for Prometheus (AMP) | ✓ | ✓ | ✓ | ✓ |
Amazon Managed Streaming for Kafka (MSK) | ✓ | ✓ | ✓ | ✓ |
Amazon Managed Workflows for Apache Airflow (MWAA) | ✓ | ✓ | ✓ | ✓ |
Amazon MemoryDB for Redis | ✓ | ✓ | ✓ | ✓ |
Amazon MQ | ✓ | ✓ | ✓ | ✓ |
Amazon Neptune | ✓ | ✓ | ✓ | ✓ |
Amazon OpenSearch Service | ✓ | ✓ | ✓ | ✓ |
Amazon Personalize | ✓ | ✓ | ✓ | ✓ |
Amazon Pinpoint | ✓ | ✓ | ✓ | ✓ |
Amazon Polly | ✓ | ✓ | ✓ | ✓ |
Amazon Quantum Ledger Database (QLDB) | ✓ | ✓ | ✓ | ✓ |
Amazon QuickSight | ✓ | ✓ | ✓ | ✓ |
Amazon Redshift | ✓ | ✓ | ✓ | ✓ |
Amazon Rekognition | ✓ | ✓ | ✓ | ✓ |
Amazon Relation Database Service (Amazon RDS) | ✓ | ✓ | ✓ | ✓ |
Amazon SageMaker | ✓ | ✓ | ✓ | ✓ |
Amazon Simple Email Service (Amazon SES) | ✓ | ✓ | ✓ | ✓ |
Amazon Simple Notification Service (Amazon SNS) | ✓ | ✓ | ✓ | ✓ |
Amazon Simple Queue Service (Amazon SQS) | ✓ | ✓ | ✓ | ✓ |
Amazon Simple Storage Service (Amazon S3) | ✓ | ✓ | ✓ | ✓ |
Amazon Simple Storage Service Glacier | ✓ | ✓ | ✓ | ✓ |
Amazon Simple Workflow Service (Amazon SWF) | ✓ | ✓ | ✓ | ✓ |
Amazon Textract | ✓ | ✓ | ✓ | ✓ |
Amazon Timestream | ✓ | ✓ | ✓ | ✓ |
Amazon Transcribe |
✓ | ✓ | ✓ | ✓ |
Amazon Translate | ✓ | ✓ | ✓ | ✓ |
Amazon Virtual Private Cloud (Amazon VPC) | ✓ | ✓ | ✓ | ✓ |
Amazon WorkDocs | ✓ | ✓ | ✓ | ✓ |
Amazon WorkLink | ✓ | ✓ | ✓ | ✓ |
Amazon WorkMail | ✓ | ✓ | ✓ | ✓ |
Amazon WorkSpaces |
✓ | ✓ | ✓ | ✓ |
Amazon WorkSpaces Application Manager (Amazon WAM) | ✓ | ✓ | ✓ | ✓ |
AWS Amplify | ✓ | ✓ | ✓ | ✓ |
AWS App Mesh | ✓ | ✓ | ✓ | ✓ |
AWS App Runner | ✓ | ✓ | ✓ | ✓ |
AWS Application Discovery Service | ✓ | ✓ | ✓ | ✓ |
AWS Application Migration Service | ✓ | ✓ | ✓ | ✓ |
AWS AppSync | ✓ | ✓ | ✓ | ✓ |
AWS Audit Manager | ✓ | ✓ | ✓ | ✓ |
AWS Backup | ✓ | ✓ | ✓ | ✓ |
AWS Certificate Manager (ACM) | ✓ | ✓ | ✓ | ✓ |
AWS Cloud9 | ✓ | ✓ | ✓ | ✓ |
AWS CloudFormation | ✓ | ✓ | ✓ | ✓ |
AWS CloudHSM | ✓ | ✓ | ✓ | ✓ |
AWS CloudShell | ✓ | ✓ | ✓ | ✓ |
AWS CloudTrail | ✓ | ✓ | ✓ | ✓ |
AWS CodeArtifact | ✓ | ✓ | ✓ | ✓ |
AWS CodeBuild | ✓ | ✓ | ✓ | ✓ |
AWS CodeCommit | ✓ | ✓ | ✓ | ✓ |
AWS CodeDeploy | ✓ | ✓ | ✓ | ✓ |
AWS CodePipeline | ✓ | ✓ | ✓ | ✓ |
AWS CodeStar | ✓ | ✓ | ✓ | ✓ |
AWS Config | ✓ | ✓ | ✓ | ✓ |
AWS Control Tower | ✓ | ✓ | ✓ | ✓ |
AWS Database Migration Service (AWS DMS) | ✓ | ✓ | ✓ | ✓ |
AWS Data Exchange | ✓ | ✓ | ✓ | ✓ |
AWS DataSync | ✓ | ✓ | ✓ | ✓ |
AWS Device Farm | ✓ | ✓ | ✓ | ✓ |
AWS Direct Connect | ✓ | ✓ | ✓ | ✓ |
AWS Directory Service | ✓ | ✓ | ✓ | ✓ |
AWS Elastic Beanstalk | ✓ | ✓ | ✓ | ✓ |
AWS Elastic Disaster Recovery | ✓ | ✓ | ✓ | ✓ |
AWS Elastic Transcoder | ✓ | ✓ | ✓ | ✓ |
AWS Elemental MediaConnect | ✓ | ✓ | ✓ | ✓ |
AWS Elemental MediaConvert |
✓ | ✓ | ✓ | ✓ |
AWS Elemental MediaLive |
✓ | ✓ | ✓ | ✓ |
AWS Elemental MediaPackage | ✓ | ✓ | ✓ | ✓ |
AWS Elemental MediaStore | ✓ | ✓ | ✓ | ✓ |
AWS Fargate | ✓ | ✓ | ✓ | ✓ |
AWS Firewall Manager | ✓ | ✓ | ✓ | ✓ |
AWS Global Accelerator | ✓ | ✓ | ✓ | ✓ |
AWS Glue | ✓ | ✓ | ✓ | ✓ |
AWS Glue DataBrew | ✓ | ✓ | ✓ | ✓ |
AWS IAM Identity Center | ✓ | ✓ | ✓ | ✓ |
AWS IoT Analytics | ✓ | ✓ | ✓ | ✓ |
AWS IoT Core | ✓ | ✓ | ✓ | ✓ |
AWS IoT Device Management | ✓ | ✓ | ✓ | ✓ |
AWS IoT Events | ✓ | ✓ | ✓ | ✓ |
AWS IoT Greengrass V1 |
✓ |
✓ |
✓ |
✓ |
AWS IoT Greengrass V2 |
✓ | ✓ | ✓ | ✓ |
AWS IoT SiteWise | ✓ | ✓ | ✓ | ✓ |
AWS IoT Things Graph | ✓ | ✓ | ✓ | ✓ |
AWS IQ | ✓ | ✓ | ✓ | ✓ |
AWS Key Management Service (AWS KMS) | ✓ | ✓ | ✓ | ✓ |
AWS Lake Formation | ✓ | ✓ | ✓ | ✓ |
AWS Lambda | ✓ | ✓ | ✓ | ✓ |
AWS License Manager | ✓ | ✓ | ✓ | ✓ |
AWS Migration Hub | ✓ | ✓ | ✓ | ✓ |
AWS OpsWorks for Chef Automate | ✓ | ✓ | ✓ | ✓ |
AWS OpsWorks for Puppet Enterprise | ✓ | ✓ | ✓ | ✓ |
AWS OpsWorks Stacks | ✓ | ✓ | ✓ | ✓ |
AWS Outposts | ✓ | ✓ | ✓ | ✓ |
AWS RoboMaker | ✓ | ✓ | ✓ | ✓ |
AWS Secrets Manager | ✓ | ✓ | ✓ | ✓ |
AWS Security Hub | ✓ |
✓ |
✓ |
✓ |
AWS Serverless Application Repository |
✓ | ✓ | ✓ | ✓ |
AWS Service Catalog | ✓ | ✓ | ✓ | ✓ |
AWS Snowball Edge |
✓ | ✓ | ✓ | ✓ |
AWS Snowcone | ✓ | ✓ | ✓ | ✓ |
AWS Snowmobile | ✓ | ✓ | ✓ | ✓ |
AWS Step Functions | ✓ | ✓ | ✓ | ✓ |
AWS Storage Gateway for FSx File Gateway |
✓ | ✓ | ✓ | ✓ |
AWS Storage Gateway for S3 File Gateway | ✓ | ✓ | ✓ | ✓ |
AWS Storage Gateway for Tape Gateway | ✓ | ✓ | ✓ | ✓ |
AWS Storage Gateway for Volume Gateway | ✓ | ✓ | ✓ | ✓ |
AWS Systems Manager | ✓ | ✓ | ✓ | ✓ |
AWS Transfer Family | ✓ | ✓ | ✓ | ✓ |
AWS X-Ray | ✓ | ✓ | ✓ | ✓ |
CloudEndure Disaster Recovery(一家 AWS 公司) | ✓ | ✓ | ✓ | ✓ |
CloudEndure Migration(一家 AWS 公司) | ✓ | ✓ | ✓ | ✓ |
Contact Lens for Amazon Connect | ✓ | ✓ | ✓ | ✓ |
FreeRTOS | ✓ | ✓ | ✓ | ✓ |
*除非您要求访问或者出于防止欺诈和滥用或遵守法律的需要。
**Amazon ElasticCache for Memcached 支持传输中加密。按设计,Memcached 不提供持久磁盘存储,只在客户应用程序需要时将数据存储在内存中。ElastiCache 在选择系列类型 r6g 和 m6g 的 Graviton 实例时,还支持内存加密。所有的数据存储 AWS 服务均提供加密。
允许客户选择退出客户数据传输的 AWS 服务
以下 AWS 服务会出于开发和改进服务的需要传输客户数据,并且您可以选择退出该传输。
- Amazon CodeGuru Profiler
- Amazon Comprehend
- Amazon Connect Customer Profiles
- Amazon Connect 预测、容量规划和调度
- Amazon Connect 对外营销宣传
- Amazon Connect Wisdom
- Amazon Fraud Detector
- Amazon GuardDuty*
- Amazon Lex
- Amazon Polly
- Amazon Rekognition
- Amazon Textract
- Amazon Transcribe
- Amazon Translate
- Contact Lens for Amazon Connect
- Quicksight Q for Amazon Quicksight
*如果您启用了新的 Amazon GuardDuty 恶意软件防护功能,此 AWS 服务将涉及数据传输。
将传输客户数据作为一项重要功能的 AWS 服务
以下 AWS 服务可以传输客户数据,这是该服务的一项重要功能。例如,如果您选择通过 Amazon Simple Notification Service 发送消息,则这些消息内容将传输至收件人的位置。
- Amazon AppStream 2.0 用户池
- Amazon Chime
- Amazon CloudFront
- AWS IAM Identity Center*
- Amazon Interactive Video Service (IVS)
- Amazon Location Service
- Amazon Pinpoint
- Amazon Simple Email Service
- Amazon Simple Notification Service
- Amazon WorkMail
- AWS Elemental MediaConnect
- AWS IoT Core**
* 在某些情况下,AWS IAM Identity Center 使用 Amazon Simple Email Service(Amazon SES)向用户发送电子邮件。如果 Amazon SES 在区域中不可用,IAM Identity Center 将在其他 AWS 区域调用 Amazon SES 的端点。可在此处找到更多信息。
** 在使用适用于 Amazon Sidewalk 的 IoT Core 功能或启用 HERE 支持的设备定位功能的情况下。