Compliance Tooling by AWS
AWS services for governance and compliance
Organizations that are subject to most stringent regulatory and compliance requirements, such as HIPAA, GLBA, and PCI, partner with AWS to securely migrate their workloads to the AWS Cloud. AWS provides services that help you with the cloud compliance efforts at your company that are purpose-built for use with AWS. These tools automate monitoring and logging, simplify compliance evaluations and reporting, enforce and manage user access, help you secure data stored in your AWS Cloud environment, and centrally control AWS service use.
- Choose a Solution
- Monitoring and Logging
- Compliance Assessment
- Access Management
- Data Protection
- Central Management of IT Services
- Compliance Reporting
Monitoring and Logging
Amazon CloudWatch
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Learn more »
AWS CloudTrail
CloudTrail accelerates analysis of operational and security issues by providing visibility into API activity in your AWS account. With CloudWatch Logs integration, support for multi-region configurations, and log file integrity validation, CloudTrail provides comprehensive, secure, and searchable historical data of calls made with the AWS Management Console, AWS SDKs, command line tools, and other AWS services. Learn more »
Compliance Assessment
AWS Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. Learn more »
Amazon Inspector
Amazon Inspector gives security teams and auditors visibility into the security testing that is being performed during development of applications on AWS. This streamlines the process of validating and demonstrating that security and compliance standards and best practices are being followed throughout the development process. Learn more »
Amazon Macie
Amazon Macie uses machine learning to better understand where your sensitive information is located and how it’s typically accessed, including user authentication, locations, and times of access. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks. Learn more »
Access Management
AWS Identity and Access Management (IAM)
AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. Learn more »
Data Protection
AWS Key Management Service (KMS)
AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. Learn more »
AWS CloudHSM
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. The AWS CloudHSM service allows you to protect your encryption keys within HSMs designed and validated to government standards for secure key management. You can securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. Learn more »
Central Management of IT Services
AWS Service Catalog
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need. Learn more »
AWS Organizations
AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes. Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. Learn more »
Compliance Reporting
Amazon EC2 Systems Manager
Amazon EC2 Systems Manager is a management service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems. EC2 Systems Manager helps keep your systems compliant with your defined configuration policies. EC2 Systems Manager can also be used to report and take action on configuration compliance for Patch Manager, State Manager, and custom compliance types. Learn more »
AWS Artifact
AWS Artifact provides on-demand access to our security and compliance documents, also known as audit artifacts. You can use the artifacts to demonstrate the security and compliance of your AWS infrastructure and services to your auditors or regulators. Examples of audit artifacts include Service Organization Control (SOC) and Payment Card Industry (PCI) reports. Learn more »