Compliance Tooling by AWS

AWS services for governance and compliance

Organizations that are subject to most stringent regulatory and compliance requirements, such as HIPAA, GLBA, and PCI, partner with AWS to securely migrate their workloads to the AWS Cloud. AWS provides services that help you with the cloud compliance efforts at your company that are purpose-built for use with AWS. These tools automate monitoring and logging, simplify compliance evaluations and reporting, enforce and manage user access, help you secure data stored in your AWS Cloud environment, and centrally control AWS service use.

 

Explore our solutions and tooling for compliance.
Choose a Solution
  • Choose a Solution
  • Monitoring and Logging
  • Compliance Assessment
  • Access Management
  • Data Protection
  • Central Management of IT Services
  • Compliance Reporting

Monitoring and Logging

Record logs, track changes, and monitor your AWS infrastructure to help you meet your compliance audit requirements.
Monitor Resources

Amazon CloudWatch

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Learn more »

Log Account Activity

AWS CloudTrail

CloudTrail accelerates analysis of operational and security issues by providing visibility into API activity in your AWS account. With CloudWatch Logs integration, support for multi-region configurations, and log file integrity validation, CloudTrail provides comprehensive, secure, and searchable historical data of calls made with the AWS Management Console, AWS SDKs, command line tools, and other AWS services. Learn more »

Compliance Assessment

Audit your AWS resources to help you ensure compliance with your organization’s policies and guidelines.
Evaluate Configurations

AWS Config

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. Learn more »

Assess Application Security

Amazon Inspector

Amazon Inspector gives security teams and auditors visibility into the security testing that is being performed during development of applications on AWS. This streamlines the process of validating and demonstrating that security and compliance standards and best practices are being followed throughout the development process. Learn more »

Discover, Classify, and Protect Sensitive Data

Amazon Macie

Amazon Macie uses machine learning to better understand where your sensitive information is located and how it’s typically accessed, including user authentication, locations, and times of access. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks. Learn more »

Access Management

Define, enforce, and manage user access policies across AWS services.
Control Access to AWS Services

AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. Learn more »

Data Protection

Tools designed to secure data stored in your AWS Cloud environment that enable you to meet corporate, contractual, and regulatory compliance requirements.
Control the Encryption Keys

AWS Key Management Service (KMS)

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. Learn more »

Manage Cryptographic Keys

AWS CloudHSM

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. The AWS CloudHSM service allows you to protect your encryption keys within HSMs designed and validated to government standards for secure key management. You can securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. Learn more »

Central Management of IT Services

The ability to ensure that entities in your organization can use only the services that meet your corporate security and compliance policy requirements.
Manage Catalogs of IT Services

AWS Service Catalog

AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need. Learn more »

Create Service Control Policies

AWS Organizations

AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes. Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. Learn more »

Compliance Reporting

Access AWS compliance documents and compliance reports that help you evaluate the compliance of the AWS infrastructure and services that you use.
Review Configuration Compliance

Amazon EC2 Systems Manager

Amazon EC2 Systems Manager is a management service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems. EC2 Systems Manager helps keep your systems compliant with your defined configuration policies. EC2 Systems Manager can also be used to report and take action on configuration compliance for Patch Manager, State Manager, and custom compliance types. Learn more »

Review and Download Reports

AWS Artifact

AWS Artifact provides on-demand access to our security and compliance documents, also known as audit artifacts. You can use the artifacts to demonstrate the security and compliance of your AWS infrastructure and services to your auditors or regulators. Examples of audit artifacts include Service Organization Control (SOC) and Payment Card Industry (PCI) reports. Learn more »