We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.
We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative?
This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.
✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.
Click here for a full list of services covered under our ISO and CSA STAR certificates.
-
SOC
-
PCI
-
ISMAP
-
FedRAMP
Services going through FedRAMP assessment and authorization will have the following status:
- Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment by our third-party assessor
- Joint Authorization Board (JAB) Review: This service is currently undergoing a JAB review
*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.
-
DoD CC SRG
Services going through DoD CC SRG assessment and authorization will have the following status:
- Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment by our third-party assessor
- Joint Authorization Board (JAB) Review: This service is currently undergoing a JAB review
- Defense Information Systems Agency (DISA) Review: This service is currently undergoing a DISA review
* Services not within the scope of DISA review. As such, DISA has issued neither an approval nor disapproval decision regarding this product under the DoD CC SRG. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent Mission Owner approval.
** Denotes the service is Impact Level 6 authorized, but not Generally Available (GA) in the region.
SERVICES / PROGRAMS SDKs DoD CC SRG IL2
(East/West)DoD CC SRG IL2
(GovCloud)DoD CC SRG IL4
(GovCloud)DoD CC SRG IL5
(GovCloud)DoD CC SRG IL6
(AWS Secret Region)Amazon API Gateway apigateway ✓ ✓ ✓ ✓ ✓ Amazon AppStream 2.0 appstream ✓ ✓ ✓ ✓ Amazon Athena athena ✓ ✓ ✓ ✓ Amazon Aurora (MySQL) ✓ ✓ ✓ ✓ ✓ Amazon Aurora (Postgres) ✓ ✓ ✓ ✓ Amazon Aurora PostgreSGL ✓ RDS Amazon Aurora MySQL DISA Review RDS Amazon Aurora PostreSQL DISA Review Amazon Chime chime ✓ Amazon Chime SDK meetings-chime ✓ DISA Review DISA Review Amazon Cloud Directory clouddirectory ✓ ✓ ✓ ✓ Amazon CloudFront cloudfront ✓ Amazon CloudWatch cloudwatch ✓ ✓ ✓ ✓ ✓ Amazon CloudWatch Logs logs ✓ ✓ ✓ ✓ ✓ Amazon Cognito cognito-idp, cognito-identity, cognito-sync ✓ ✓ ✓ ✓ Amazon Comprehend comprehend ✓ ✓ ✓ ✓ Amazon Comprehend Medical comprehendmedical ✓ ✓ ✓ ✓ Amazon Connect [excludes Wisdom, VoiceID, and Outbound Communications] connect ✓ Amazon Detective detective ✓ ✓ DISA Review DISA Review Amazon DynamoDB dynamodb ✓ ✓ ✓ ✓ ✓ Amazon EC2 Auto Scaling [feature of EC2] autoscaling ✓ ✓ ✓ ✓ ✓ Amazon EC2 Image Builder imagebuilder ✓ ✓ DISA Review
DISA Review DISA Review Amazon Elastic Block Store (EBS) ebs ✓ ✓ ✓ ✓ ✓ Amazon Elastic Compute Cloud (EC2) ecs ✓ ✓ ✓ ✓ ✓ Amazon Elastic Container Registry (ECR) ecr ✓ ✓ ✓ ✓ ✓ Amazon Elastic Container Service (ECS) ecs ✓ ✓ ✓ ✓ ✓ Amazon Elastic File System (EFS) efs ✓ ✓ ✓ ✓ DISA Review Amazon Elastic Kubernetes Service (EKS) eks ✓ ✓ ✓ ✓ DISA Review Amazon ElastiCache for Redis elasticache ✓ ✓ ✓ ✓ ✓ Amazon EMR elasticmapreduce ✓ ✓ ✓ ✓ ✓ Amazon EventBridge events ✓ ✓ ✓ ✓ ✓ Amazon FinSpace finspace ✓ Amazon Forecast amazonforecast ✓ Amazon FSx for Lustre ✓ ✓ ✓ ✓ Amazon FSx for Windows File Server ✓ ✓ ✓ ✓ Amazon GuardDuty guardduty ✓ ✓ ✓ ✓ Amazon Inspector (Classic)
inspector ✓ ✓ ✓ ✓ Amazon Kendra kendra ✓ 3PAO Assessment Amazon Keyspaces (for Apache Cassandra) keyspaces ✓ ✓ DISA Review DISA Review Amazon Kinesis Data Analytics kinesisanalytics ✓ ✓ DISA Review DISA Review Amazon Kinesis Data Firehose firehose ✓ ✓
✓ ✓ Amazon Kinesis Data Streams kinesis ✓ ✓ ✓ ✓ ✓ Amazon Lex runtime.lex, models.lex ✓ ✓ DISA Review DISA Review Amazon Macie macie2 ✓ Amazon Macie Classic macie ✓ Amazon Managed Streaming for Apache Kafka (Amazon MSK) kafka ✓ ✓ DISA Review DISA Review Amazon MQ mq ✓ ✓ DISA Review DISA Review Neptune neptune-db ✓ ✓ DISA Review DISA Review Amazon OpenSearch Service elasticsearchservice ✓ ✓ ✓ ✓ ✓ Amazon Pinpoint mobiletargeting ✓ ✓ ✓ ✓ Amazon Polly polly ✓ ✓ ✓ ✓ Amazon Quantum Ledger Database (QLDB) qldb ✓ Amazon QuickSight quicksight ✓ ✓ ✓ ✓ Amazon RDS (MariaDB) ✓ ✓ ✓ ✓ ✓ Amazon RDS (MySQL) ✓ ✓ ✓ ✓ ✓ Amazon RDS (Oracle) ✓ ✓ ✓ ✓ ✓ Amazon RDS (Postgres) ✓ ✓ ✓ ✓ ✓ Amazon RDS (SQL Server) ✓ ✓ ✓ ✓ ✓ Amazon Redshift redshift ✓ ✓ ✓ ✓ ✓ Amazon Rekognition rekognition ✓ ✓ ✓ ✓ Amazon Route 53 route53 ✓ ✓ ✓ ✓ ✓ Amazon S3 Glacier glacier ✓ ✓ ✓ ✓ ✓ Amazon SageMaker [excludes Amazon SageMaker Studio Lab]
sagemaker ✓ ✓ ✓ ✓ Amazon Simple Email Service (SES) ses ✓ ✓ ✓ ✓ Amazon Simple Notification Service (SNS) sns ✓ ✓ ✓ ✓ ✓ Amazon Simple Queue Service (SQS) sqs ✓ ✓ ✓ ✓ ✓ Amazon Simple Storage Service (S3) s3 ✓ ✓ ✓ ✓ ✓ Amazon Simple Workflow Service (SWF) swf ✓ ✓ ✓ ✓ ✓ Amazon Textract textract ✓ ✓ ✓ ✓ Amazon Timestream timestream ✓ Amazon Transcribe transcribe ✓ ✓ ✓ ✓ Amazon Translate translate ✓ ✓ ✓ ✓ Amazon Virtual Private Cloud (VPC) ec2 ✓ ✓ ✓ ✓ ✓ Amazon WorkDocs workdocs ✓ Amazon WorkSpaces workspaces
✓ ✓ ✓ ✓ DISA Review AWS Application Auto Scaling application-autoscaling 3PAO Assessment 3PAO Assessment DISA Review AWS App Mesh appmesh ✓ AWS Artifact* ✓ ✓ ✓ ✓ AWS Audit Manager auditmanager ✓ AWS Backup backup ✓ ✓ ✓ ✓ AWS Batch batch ✓ ✓ ✓ ✓ AWS Billing Conductor* billingconductor ✓ ✓ ✓ ✓ AWS Budgets* budgets ✓ ✓ ✓ ✓ AWS Certificate Manager acm ✓ ✓ ✓ ✓ AWS Chatbot ✓ AWS Cloud9 cloud9 ✓ AWS Cloud Map servicediscovery ✓ 3PAO Assessment AWS CloudFormation cloudformation ✓ ✓ ✓ ✓ ✓ AWS CloudHSM cloudhsm ✓ ✓ ✓ ✓ AWS CloudShell 3PAO Assessment AWS CloudTrail cloudtrail ✓ ✓ ✓ ✓ ✓ AWS CodeBuild codebuild ✓ ✓ ✓ ✓ AWS CodeCommit codecommit ✓ ✓ ✓ ✓ AWS CodeDeploy codedeploy ✓ ✓ ✓ ✓ ✓ AWS CodePipeline codepipeline ✓ ✓ ✓ ✓ AWS Config config ✓ ✓ ✓ ✓ ✓ AWS Control Tower controltower ✓ AWS Cost and Usage Reports* ✓ ✓ ✓ ✓ AWS Cost Explorer* ce ✓ ✓ ✓ ✓ AWS Database Migration Service (DMS) dms ✓ ✓ ✓ ✓ ✓ AWS Data Pipeline datapipeline ✓ AWS DataSync datasync ✓ ✓ ✓ ✓ AWS Diode ✓ AWS Direct Connect directconnect ✓ ✓ ✓ ✓ ✓ AWS Directory Service ds ✓ ✓ ✓ ✓ ✓ AWS Elastic Beanstalk elasticbeanstalk ✓ ✓ ✓ ✓ AWS Elemental MediaConvert mediaconvert ✓ ✓ ✓ ✓ AWS Fargate [feature of ECS] ✓ ✓ ✓ ✓ ✓ AWS Firewall Manager fms ✓ ✓ DISA Review DISA Review AWS Glue glue ✓ ✓ ✓ ✓ AWS Glue DataBrew databrew ✓ AWS Ground Station groundstation ✓ AWS Identity and Access Management (IAM) iam ✓ ✓ ✓ ✓ ✓ AWS IoT Core iot ✓ ✓ ✓ ✓ AWS IoT Device Management iot ✓ ✓ ✓ ✓ AWS IoT Greengrass greengrass ✓ ✓ ✓ ✓ AWS Key Management Service (KMS) kms ✓ ✓ ✓ ✓ ✓ AWS Lambda lambda ✓ ✓ ✓ ✓ ✓ AWS Liberty DISA Review AWS License Manager license-manager ✓ ✓ ✓ ✓ ✓ AWS Managed Services (AMS)
✓ 3PAO Assessment AWS Management Console* ✓ ✓ ✓ ✓ AWS Marketplace* ✓ ✓ ✓ ✓ AWS Network Firewall network-firewall ✓ ✓ DISA Review DISA Review AWS Outposts (Software)
outposts ✓
✓
DISA Review
DISA Review
AWS Organizations organizations ✓ ✓ ✓ ✓ AWS Opsworks (Chef Automate and Puppet Enterprise) ✓ AWS Personal Health Dashboard health ✓ ✓ ✓ ✓ ✓ AWS PrivateLink [feature of VPC] ✓ ✓ ✓ ✓ ✓ AWS Resource Access Manager (AWS RAM) ram ✓ ✓ DISA Review DISA Review DISA Review AWS Resource Groups resource-groups ✓ ✓ ✓ ✓ AWS Secrets Manager secretsmanager ✓ ✓ ✓ ✓ AWS Security Hub securityhub ✓ ✓ ✓ ✓ AWS Server Migration Service (SMS) sms ✓ ✓ ✓ ✓ AWS Serverless Application Repository serverlessrepo ✓ ✓ ✓ ✓ AWS Service Catalog servicecatalog ✓ ✓ ✓ ✓ AWS Service Quotas* servicequotas ✓ ✓ ✓ ✓ AWS Shield (Standard and Advanced) shield, DDoSProtection ✓ AWS Single Sign-On sso 3PAO Assessment AWS Snowball snowball ✓ ✓ ✓ ✓ ✓ AWS Snowball Edge ✓ ✓ ✓ ✓ ✓ AWS Snowmobile ✓
✓
✓ ✓ ✓ AWS Step Functions states ✓ ✓ ✓ ✓ ✓ AWS Storage Gateway storagegateway ✓ ✓ ✓ ✓ AWS Systems Manager ssm ✓ ✓ ✓ ✓ ✓ AWS Transfer Family transfer ✓ ✓ DISA Review DISA Review AWS Transit Gateway [feature of VPC] ✓ ✓ ✓ ✓ ✓ AWS Trusted Advisor ✓ ✓ ✓ ✓ ✓ AWS WAFv2 wafv2 3PAO Assessment 3PAO Assessment AWS Web Application Firewall (WAF) waf ✓ ✓ ✓ ✓ AWS X-Ray xray ✓ ✓ ✓ ✓ Elastic Load Balancing [feature of EC2] elasticloadbalancing ✓ ✓ ✓ ✓ ✓ Network Load Balancer (NLB) [feature of Elastic Load Balancing] ✓ ✓ DISA Review VM Import/Export [feature of EC2] ✓ ✓ ✓ ✓ ✓ -
HIPAA BAA
-
IRAP
*Namespaces help you identify services across your AWS environment. For example, when you create IAM policies, work with Amazon Resource Names (ARNs), and read AWS CloudTrail logs. Learn more about namespaces on the documentation page.
-
MTCS
-
C5
For more information, see Cloud Computing Compliance Controls Catalog (C5).
-
K-ISMS
-
ENS High
-
OSPAR
-
HITRUST CSF
-
FINMA
-
GSMA
For more information, see GSMA Compliance Page.
-
PiTuKri
-
CCCS