AWS Services in Scope by Compliance Program

— Multi-Tier Cloud Security (MTCS)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.


Click here for full list of services covered under the AWS compliance programs.

Singapore Seoul
Amazon API Gateway
Amazon AppFlow 
Amazon AppStream 2.0    
Amazon Athena
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]   
Amazon Chime
Amazon Cloud Directory
Amazon CloudFront
Amazon CloudWatch
Amazon CloudWatch Logs
Amazon Cognito
Amazon Comprehend  
Amazon Comprehend Medical      
Amazon Connect [excludes Wisdom, VoiceID, and High Volume Outbound Communications]    
Amazon Detective 
Amazon DevOps Guru 
Amazon DocumentDB (with MongoDB compatibility)  
Amazon DynamoDB
Amazon EC2 Auto Scaling 
Amazon Elastic Block Store (EBS)
Amazon Elastic Compute Cloud (EC2)
Amazon Elastic Container Registry (ECR)
Amazon Elastic Container Service (ECS)  [both Fargate and EC2 launch types]
Amazon Elastic Kubernetes Service (EKS)
Amazon Elastic File System (EFS)
Amazon Elastic MapReduce (EMR)
Amazon ElastiCache
Amazon EventBridge
Amazon Finspace      
Amazon Forecast  
Amazon Fraud Detector     
Amazon FSx
Amazon GuardDuty
Amazon HealthLake       
Amazon Inspector Classic 
Amazon Kendra     
Amazon Keyspaces (for Apache Cassandra) 
Amazon Kinesis Data Analytics
Amazon Kinesis Data Firehose
Amazon Kinesis Data Streams
Amazon Kinesis Video Streams  
Amazon Lex    
Amazon Location Service     
Amazon Macie
Amazon Managed Service for Prometheus     
Amazon Managed Streaming for Apache Kafka
Amazon MemoryDB for Redis 
Amazon MQ
Amazon Neptune
Amazon OpenSearch Service
Amazon Personalize  
Amazon Pinpoint    
Amazon Polly
Amazon Quantum Ledger Database (QLDB)  
Amazon QuickSight  
Amazon Redshift
Amazon Rekognition
Amazon Relational Database Service (RDS) (includes Amazon Aurora)
Amazon Route 53
Amazon Route 53 Resolver
Amazon S3 Glacier
Amazon SageMaker [excludes Studio Lab, Public Workforce and Vendor Workforce for all features]
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)
Amazon Simple Queue Service (SQS)
Amazon Simple Storage Service (S3)
Amazon Simple Workflow Service (SWF)
Amazon Textract
Amazon Timestream       
Amazon Transcribe
Amazon Translate
Amazon Virtual Private Cloud (VPC)
Amazon WorkDocs      
Amazon WorkLink      
Amazon WorkMail        
Amazon WorkSpaces    
AWS Amplify
AWS App Mesh 
AWS App Runner       
AWS Application Migration Service 
AWS AppSync
AWS Artifact
AWS Audit Manager   
AWS Backup
AWS Batch
AWS Certificate Manager (ACM)
AWS Chatbot
AWS Cloud Map 
AWS Cloud9 
AWS CloudFormation
AWS CloudShell       
AWS CloudTrail
AWS CodeBuild
AWS CodeCommit
AWS CodeDeploy
AWS CodePipeline
AWS CodeStar
AWS Config
AWS Control Tower  
AWS Data Exchange
AWS Database Migration Service (DMS)
AWS DataSync
AWS Device Farm 
AWS Direct Connect
AWS Directory Service [excludes Simple AD]
AWS Elastic Beanstalk
AWS Elastic Disaster Recovery Service 
AWS Elemental MediaConnect
AWS Elemental MediaConvert
AWS Elemental MediaLive  
AWS Firewall Manager
AWS Global Accelerator
AWS Glue
AWS Glue DataBrew 
AWS Ground Station     
AWS Identity and Access Management (IAM)
AWS IAM Identity Center (successor to AWS Single Sign-On)     
AWS IoT 1-Click      
AWS IoT Analytics      
AWS IoT Core 
AWS IoT Device Defender 
AWS IoT Device Management 
AWS IoT Events  
AWS IoT Greengrass  
AWS IoT SiteWise   
AWS Key Management Service (KMS)
AWS Lake Formation 
AWS Lambda
AWS License Manager
AWS Managed Services
AWS Network Firewall 
AWS OpsWorks for CM (includes Chef Automate, Puppet Enterprise)
AWS OpsWorks Stacks
AWS Organizations
AWS Outposts
AWS Personal Health Dashboard 
AWS Private Certificate Authority 
AWS Resource Access Manager (AWS RAM) 
AWS Resource Groups
AWS RoboMaker    
AWS Secrets Manager
AWS Security Hub
AWS Server Migration Service (SMS)
AWS Serverless Application Repository
AWS Service Catalog
AWS Shield
AWS Snowball
AWS Snowball Edge
AWS Snowmobile    
AWS Step Functions
AWS Storage Gateway
AWS Systems Manager
AWS Transfer Family
AWS Trusted Advisor
EC2 Image Builder 
Elastic Load Balancing
VM Import/Export

Want More Information About Services in Scope?