AWS Services in Scope by Compliance Program

— Federal Risk and Authorization Management Program (FedRAMP)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 


This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

 

Click here for full list of services covered under the AWS compliance programs.


Services going through FedRAMP assessment and authorization will have the following status:

  • Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment by our third-party assessor
  • Joint Authorization Board (JAB) Review: This service is currently undergoing a JAB review
FedRAMP
SERVICES / PROGRAMS SDKs FedRAMP Moderate (East/West) FedRAMP High (GovCloud) FedRAMP Not Required (Confirmed with JAB)*
Amazon API Gateway apigateway  
Amazon AppStream 2.0 appstream  
Amazon AppFlow appflow 3PAO Assessment    
Amazon Athena athena  
Amazon Aurora MySQL    
Amazon Aurora PostgreSQL    
Amazon Bedrock   JAB Review 3PAO Assessment  
Amazon Chime chime    
Amazon Chime SDK chime
identity-chime
media-pipelines-chime
messaging-chime
meetings-chime
voice-chime
 
Amazon Cloud Directory clouddirectory  
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences] cloudfront    
Amazon CloudWatch cloudwatch  
Amazon CloudWatch Logs logs  
Amazon Cognito cognito-idp, cognito-identity, cognito-sync  
Amazon Comprehend comprehend  
Amazon Comprehend Medical comprehendmedical  
Amazon Connect [excludes Amazon Q in Connect, VoiceID, Outbound Campaigns, and GetMetricDataV2 API] connect  
Amazon Data Firehose firehose  
Amazon Detective detective  
Amazon DevOps Guru      
Amazon DocumentDB (with MongoDB compatibility) docdb 3PAO Assessment 3PAO Assessment  
Amazon DynamoDB dynamodb  
Amazon EC2 Auto Scaling [feature of EC2] autoscaling  
Amazon Elastic Block Store (EBS) ebs  
Amazon Elastic Compute Cloud (EC2) ec2  
Amazon EC2 Image Builder imagebuilder  
Amazon Elastic Container Registry (ECR) ecr  
Amazon Elastic Container Service (ECS) ecs  
Amazon Elastic File System (EFS) efs  
Amazon Elastic Kubernetes Service (EKS) eks  
Amazon ElastiCache elasticache  
Amazon Elastic MapReduce (EMR) elasticmapreduce  
Amazon EventBridge events  
Amazon FinSpace finspace    
Amazon Forecast amazonforecast    
Amazon FSx    
Amazon GuardDuty [excludes Runtime Monitoring and EKS Runtime Monitoring] guardduty  
Amazon Inspector inspector2  
Amazon Inspector Classic inspector  
Amazon Kendra kendra  
Amazon Keyspaces (for Apache Cassandra) keyspaces  
Amazon Kinesis Data Streams kinesis  
Amazon Lex runtime.lex, models.lex  
Amazon Macie macie2    
Amazon Managed Service for Apache Flink [formerly Amazon Kinesis Data Analytics] kinesisanalytics  
Amazon Managed Streaming for Apache Kafka (Amazon MSK) kafka  
Amazon MemoryDB for Redis      
Amazon MQ mq  
Amazon Neptune neptune-db  
Amazon OpenSearch Service elasticsearchservice  
Amazon Pinpoint mobiletargeting  
Amazon Polly polly  
Amazon Quantum Ledger Database (QLDB) qldb    
Amazon QuickSight quicksight  
Amazon RDS (MariaDB)    
Amazon RDS (MySQL)    
Amazon RDS (Oracle)    
Amazon RDS (Postgres)    
Amazon RDS (SQL Server)    
Amazon Redshift redshift  
Amazon Rekognition rekognition  
Amazon Route 53 route53  
Amazon S3 Glacier glacier  
Amazon SageMaker [excludes Amazon SageMaker Studio Lab] sagemaker  
Amazon Simple Email Service (SES) ses  
Amazon Simple Notification Service (SNS) sns  
Amazon Simple Queue Service (SQS) sqs  
Amazon Simple Storage Service (S3) s3  
Amazon Simple Workflow Service (SWF) swf  
Amazon Textract textract  
Amazon Timestream for LiveAnalytics timestream  
Amazon Transcribe transcribe  
Amazon Translate translate  
Amazon Virtual Private Cloud (VPC) ec2  
Amazon WorkDocs workdocs    
Amazon WorkSpaces workspaces  
Amazon WorkSpaces Web      
AWS Application Auto Scaling application-autoscaling    
AWS Application Migration Service (MGN) mgn 3PAO Assessment  
AWS App Mesh appmesh    
AWS Artifact      
AWS Audit Manager auditmanager    
AWS Backup backup  
AWS Batch batch  
AWS Billing Conductor billingconductor    
AWS Budgets budgets    
AWS Certificate Manager (ACM) acm  
AWS Chatbot      
AWS Cloud9 cloud9    
AWS CloudFormation cloudformation  
AWS CloudHSM cloudhsm  
AWS Cloud Map servicediscovery  
AWS CloudShell    
AWS CloudTrail cloudtrail  
AWS CodeBuild codebuild  
AWS CodeCommit codecommit  
AWS CodeDeploy codedeploy  
AWS CodePipeline codepipeline  
AWS Compute Optimizer      
AWS Config config  
AWS Control Tower controltower  
AWS Cost and Usage Reports      
AWS Cost Explorer ce    
AWS Database Migration Service (DMS) dms  
AWS DataSync datasync  
AWS Direct Connect directconnect  
AWS Directory Service ds  
AWS Edge Hub      
AWS Elastic Beanstalk elasticbeanstalk  
AWS Elastic Disaster Recovery (AWS DRS)      
AWS Elemental MediaConvert mediaconvert  
AWS Fargate [feature of ECS]    
AWS Fargate [feature of EKS]      
AWS Fault Injection Service    
AWS Firewall Manager fms  
AWS Global Accelerator   3PAO Assessment    
AWS Glue glue  
AWS Glue DataBrew databrew  
AWS Ground Station groundstation    
AWS Health Dashboard health  
AWS HealthLake      
AWS HealthOmics      
AWS Identity and Access Management (IAM) iam  
AWS IAM Identity Center (successor to AWS Single Sign-On) sso    
AWS IoT Core iot  
AWS IoT Device Defender    
AWS IoT Device Management iot  
AWS IoT Events    
AWS IoT Greengrass greengrass  
AWS IoT SiteWise      
AWS IoT TwinMaker      
AWS Key Management Service (KMS) kms  
AWS Lambda lambda  
AWS License Manager license-manager  
AWS Mainframe Modernization      
AWS Managed Services (AMS)    
AWS Management Console      
AWS Marketplace      
AWS Network Firewall network-firewall  
AWS Network Manager nm 3PAO Assessment 3PAO Assessment  
AWS Organizations organizations  
AWS OpsWorks (Chef Automate and Puppet Enterprise)      
AWS Outposts (Software) outposts  
AWS Private Certificate Authority acm 3PAO Assessment  
AWS Resource Access Manager (AWS RAM) ram  
AWS Resource Groups resource-groups  
AWS Secrets Manager secretsmanager  
AWS Security Hub securityhub  
AWS Server Migration Service (SMS) sms  
AWS Serverless Application Repository serverlessrepo  
AWS Service Catalog servicecatalog  
AWS Service Quotas servicequotas    
AWS Shield (Standard and Advanced) shield, DDoSProtection    
AWS Signer      
AWS Snowball snowball  
AWS Snowball Edge    
AWS Snowmobile    
AWS Step Functions states  
AWS Systems Manager ssm  
AWS Storage Gateway storagegateway  
AWS Transfer Family transfer  
AWS Transit Gateway [feature of Amazon VPC]    
AWS Trusted Advisor    
AWS Web Application Firewall (WAF) wafv2  
AWS Web Application Firewall Classic (WAF Classic) waf-regional  
AWS Well-Architected Tool wellarchitected  
AWS Wickr wickr  
AWS X-RAY xray  
Elastic Load Balancing [feature of EC2] elasticloadbalancing  
VM Import/Export    
Managed AWS Landing Zone (MALz) [feature of AWS Managed Services]      
Network Load Balancer(NLB) [feature of Elastic Load Balancing]    
Inter-Region VPC Peering [feature of Amazon VPC]    

*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.  

Want More Information About Services in Scope?