AWS Services in Scope by Compliance Program

— Federal Risk and Authorization Management Program (FedRAMP)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

 

Click here for full list of services covered under the AWS compliance programs.

Services going through FedRAMP assessment and authorization will have the following status:

  • Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment by our third-party assessor
  • Joint Authorization Board (JAB) Review: This service is currently undergoing a JAB review
FedRAMP
SERVICES / PROGRAMS  SDKs FedRAMP Moderate
(East/West)		 FedRAMP High
(GovCloud)		 FedRAMP Not Required
(Confirmed with JAB)*
Amazon API Gateway apigateway   
Amazon AppStream 2.0 appstream   
Amazon Athena athena   
Amazon Aurora MySQL    
Amazon Aurora PostgreSQL
    
Amazon Bedrock   3PAO Assessment    
Amazon Chime chime     
Amazon Chime SDK chime
identity-chime
media-pipelines-chime
messaging-chime
meetings-chime
voice-chime		 3PAO Assessment   
Amazon Cloud Directory clouddirectory   
Amazon CloudFront cloudfront     
Amazon CloudWatch cloudwatch   
Amazon CloudWatch Logs logs   
Amazon Cognito cognito-idp, cognito-identity, cognito-sync   
Amazon Comprehend comprehend   
Amazon Comprehend Medical comprehendmedical   
Amazon Connect [excludes Wisdom, VoiceID, Outbound Campaigns, and GetMetricDataV2 API]
 connect 
 
Amazon Detective detective   
Amazon DevOps Guru      
Amazon DynamoDB dynamodb   
Amazon EC2 Auto Scaling [feature of EC2] autoscaling   
Amazon Elastic Block Store (EBS) ebs   
Amazon Elastic Compute Cloud (EC2) ec2
  
Amazon EC2 Image Builder imagebuilder   
Amazon Elastic Container Registry (ECR) [excludes Amazon Inspector]
 ecr   
Amazon Elastic Container Service (ECS) ecs   
Amazon Elastic File System (EFS) efs   
Amazon Elastic Kubernetes Service (EKS) eks   
Amazon ElastiCache
 elasticache   
Amazon EMR elasticmapreduce   
Amazon EventBridge events   
Amazon FinSpace finspace     
Amazon Forecast amazonforecast     
Amazon FSx
    
Amazon GuardDuty [excludes Amazon GuardDuty EKS Runtime Monitoring]
 guardduty   
Amazon HealthLake   3PAO Assessment     
Amazon Inspector inspector2 JAB Review JAB Review  
Amazon Inspector Classic [excludes Amazon Inspector]
 inspector   
Amazon Kendra kendra   
Amazon Keyspaces (for Apache Cassandra) keyspaces   
Amazon Kinesis Data Analytics kinesisanalytics   
Amazon Kinesis Data Firehose firehose   
Amazon Kinesis Data Streams kinesis  
Amazon Lex runtime.lex, models.lex   
Amazon Macie macie2     
Amazon Macie Classic macie     
Amazon Managed Streaming for Apache Kafka (Amazon MSK) kafka   
Amazon MemoryDB for Redis      
Amazon MQ mq   
Amazon Neptune neptune-db   
Amazon Omics      
Amazon OpenSearch Service elasticsearchservice   
Amazon Pinpoint mobiletargeting   
Amazon Polly polly   
Amazon Quantum Ledger Database (QLDB) qldb     
Amazon QuickSight quicksight   
Amazon RDS (MariaDB)    
Amazon RDS (MySQL)    
Amazon RDS (Oracle)    
Amazon RDS (Postgres)    
Amazon RDS (SQL Server)    
Amazon Redshift redshift   
Amazon Rekognition rekognition   
Amazon Route 53 route53   
Amazon S3 Glacier glacier   
Amazon SageMaker [excludes Amazon SageMaker Studio Lab]
 sagemaker   
Amazon Simple Email Service (SES) ses   
Amazon Simple Notification Service (SNS) sns   
Amazon Simple Queue Service (SQS) sqs   
Amazon Simple Storage Service (S3) s3   
Amazon Simple Workflow Service (SWF) swf   
Amazon Textract textract   
Amazon Timestream timestream  3PAO Assessment   
Amazon Transcribe transcribe   
Amazon Translate translate   
Amazon Virtual Private Cloud (VPC) ec2   
Amazon WorkDocs workdocs     
Amazon WorkSpaces workspaces   
Amazon WorkSpaces Web   3PAO Assessment    
AWS Application Auto Scaling application-autoscaling     
AWS Application Migration Service (MGN)      
AWS App Mesh appmesh     
AWS Artifact      
AWS Audit Manager auditmanager     
AWS Backup backup   
AWS Batch batch   
AWS Billing Conductor billingconductor     
AWS Budgets budgets     
AWS Certificate Manager (ACM) acm   
AWS Chatbot      
AWS Cloud9 cloud9     
AWS CloudFormation cloudformation   
AWS CloudHSM cloudhsm   
AWS Cloud Map servicediscovery   
AWS CloudShell    
AWS CloudTrail cloudtrail   
AWS CodeBuild codebuild   
AWS CodeCommit codecommit   
AWS CodeDeploy codedeploy   
AWS CodePipeline codepipeline   
AWS Compute Optimizer     3PAO Assessment  
AWS Config config   
AWS Control Tower controltower   
AWS Cost and Usage Reports      
AWS Cost Explorer ce     
AWS Database Migration Service (DMS) dms   
AWS DataSync datasync   
AWS Direct Connect directconnect   
AWS Directory Service ds   
AWS Elastic Beanstalk elasticbeanstalk   
AWS Elastic Disaster Recovery (DRS)      
AWS Elemental MediaConvert mediaconvert   
AWS Fargate [feature of ECS]    
AWS Fargate [feature of EKS]      
AWS Fault Injection Simulator   JAB Review JAB Review  
AWS Firewall Manager fms   
AWS Global Accelerator   3PAO Assessment    
AWS Glue glue   
AWS Glue DataBrew databrew  3PAO Assessment   
AWS Ground Station groundstation     
AWS Health Dashboard health  
AWS Identity and Access Management (IAM) iam   
AWS IAM Identity Center (successor to AWS Single Sign-On)  sso     
AWS IoT Core iot   
AWS IoT Device Defender   3PAO Assessment 3PAO Assessment  
AWS IoT Device Management iot   
AWS IoT Events    
AWS IoT Greengrass greengrass   
AWS IoT SiteWise      
AWS IoT TwinMaker     3PAO Assessment  
AWS Key Management Service (KMS) kms   
AWS Lambda lambda   
AWS License Manager license-manager   
AWS Mainframe Modernization   3PAO Assessment     
AWS Managed Services (AMS)    
AWS Management Console      
AWS Marketplace      
AWS Network Firewall network-firewall   
AWS Organizations organizations   
AWS OpsWorks (Chef Automate and Puppet Enterprise)      
AWS Outposts (Software)
 outposts   
AWS Private Certificate Authority    
 
AWS Resource Access Manager (AWS RAM) ram   
AWS Resource Groups resource-groups   
AWS Secrets Manager secretsmanager   
AWS Security Hub securityhub   
AWS Server Migration Service (SMS) sms   
AWS Serverless Application Repository serverlessrepo   
AWS Service Catalog servicecatalog   
AWS Service Quotas servicequotas     
AWS Shield (Standard and Advanced) shield, DDoSProtection     
AWS Signer      
AWS Snowball
 snowball   
AWS Snowball Edge    
AWS Snowmobile    
AWS Step Functions states   
AWS Systems Manager  ssm   
AWS Storage Gateway storagegateway   
AWS Transfer Family transfer   
AWS Transit Gateway [feature of Amazon VPC]    
AWS Trusted Advisor    
AWS Web Application Firewall (WAF) wafv2  JAB Review  
AWS Web Application Firewall Classic (WAF Classic) waf-regional
  
AWS Well-Architected Tool gaudi  JAB Review JAB Review  
AWS Wickr wickr  JAB Review 3PAO Assessment  
AWS X-RAY xray   
Elastic Load Balancing [feature of EC2] elasticloadbalancing   
VM Import/Export    
Managed AWS Landing Zone (MALz) [feature of AWS Managed Services]      
Network Load Balancer (NLB) [feature of Elastic Load Balancing]     
Inter-Region VPC Peering [feature of Amazon VPC]    

*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.  

Want More Information About Services in Scope?

Contact Us