AWS Services in Scope by Compliance Program

— Canadian Centre for Cyber Security (CCCS)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative?

This webpage provides a list of AWS Services in Scope of CCCS Assessment. Unless specifically excluded, generally available features of each of the services are considered in the scope, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

Click here for full list of services covered under the AWS compliance programs.

CCCS

SERVICES / PROGRAMS		CCCS MEDIUM (formerly PBMM)
Amazon API Gateway		✓
Amazon AppFlow		✓
Amazon AppStream 2.0		✓
Amazon Athena		✓
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]		✓
Amazon Aurora [feature of Amazon RDS]		✓
Amazon Chime		✓
Amazon Chime SDK		✓
Amazon Cloud Directory		✓
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences]		✓
Amazon CloudWatch		✓
Amazon Cognito		✓
Amazon Comprehend		✓
Amazon Comprehend Medical		✓
Amazon Connect		✓
Amazon Detective		✓
Amazon DevOps Guru		✓
Amazon DocumentDB (with MongoDB compatibility)		✓
Amazon DynamoDB		✓
Amazon EC2		✓
Amazon Elastic Block Store (EBS)		✓
Amazon Elastic Container Registry (ECR)		✓
Amazon Elastic Container Service (ECS) (includes ECS Anywhere)		✓
Amazon Elastic File System (EFS)		✓
Amazon Elastic Kubernetes Service (EKS) (includes EKS Anywhere)		✓
Amazon Elastic MapReduce (EMR)		✓
Amazon ElastiCache		✓
Amazon Eventbridge		✓
Amazon FinSpace		✓
Amazon FSx		✓
Amazon GuardDuty		✓
Amazon Inspector		✓
Amazon Kendra		✓
Amazon Keyspaces (for Apache Cassandra)		✓
Amazon Kinesis Data Firehose		✓
Amazon Kinesis Data Streams		✓
Amazon Kinesis Video Streams		✓
Amazon Lex		✓
Amazon Location Service		✓
Amazon Macie		✓
Amazon Managed Service for Apache Flink		✓
Amazon Managed Streaming for Apache Kafka		✓
Amazon Managed Workflows for Apache Airflow		✓
Amazon MemoryDB for Redis		✓
Amazon MQ		✓
Amazon Neptune		✓
Amazon OpenSearch Service		✓
Amazon Personalize		✓
Amazon Pinpoint		✓
Amazon Polly		✓
Amazon Quantum Ledger Database (QLDB)		✓
Amazon QuickSight		✓
Amazon Redshift		✓
Amazon Rekognition		✓
Amazon Relational Database Service (RDS)		✓
Amazon Route 53		✓
Amazon S3 Glacier		✓
Amazon Sagemaker [excludes Studio Lab, Public Workforce and Vendor Workforce]		✓
Amazon Simple Email Service (SES)		✓
Amazon Simple Notification Service (SNS)		✓
Amazon Simple Queue Service (SQS)		✓
Amazon Simple Storage Service (S3)		✓
Amazon Simple Workflow Service (SWF)		✓
Amazon Textract		✓
Amazon Transcribe		✓
Amazon Transcribe Medical		✓
Amazon Translate		✓
Amazon Virtual Private Cloud (VPC)		✓
Amazon VPC Lattice [feature of Amazon VPC]		✓
Amazon WorkSpaces		✓
Amazon Workspaces Web		✓
AWS Amplify		✓
AWS Application Migration Service (formerly CloudEndure Migration)		✓
AWS App Mesh		✓
AWS AppSync		✓
AWS Audit Manager		✓
AWS Auto Scaling [feature of EC2]		✓
AWS Backup		✓
AWS Batch		✓
AWS Certificate Manager		✓
AWS Chatbot		✓
AWS Cloud9		✓
AWS Cloud Map		✓
AWS CloudFormation		✓
AWS CloudHSM		✓
AWS CloudShell		✓
AWS CloudTrail		✓
AWS CodeBuild		✓
AWS CodeCommit		✓
AWS CodeDeploy		✓
AWS CodePipeline		✓
AWS CodeStar		✓
AWS Config		✓
AWS Control Tower		✓
AWS Database Migration Service		✓
AWS DataSync		✓
AWS Direct Connect		✓
AWS Directory Service [excludes Simple AD]		✓
AWS Elastic Beanstalk		✓
AWS Elastic Disaster Recovery (AWS DRS) (formerly CloudEndure Disaster Recovery)		✓
AWS Elemental MediaConnect		✓
AWS Elemental MediaConvert		✓
AWS Elemental MediaLive		✓
AWS Fargate [feature of EKS and ECS]		✓
AWS Fault Injection Simulator		✓
AWS Firewall Manager [feature of WAF]		✓
AWS Global Accelerator		✓
AWS Glue		✓
AWS Health Dashboard		✓
AWS Identity and Access Management (IAM)		✓
AWS IAM Identity Center (successor to AWS Single Sign-On)		✓
AWS IoT Core		✓
AWS IoT Device Defender		✓
AWS IoT Device Management		✓
AWS IoT Events		✓
AWS IoT Greengrass		✓
AWS IoT SiteWise		✓
AWS Key Management Service		✓
AWS Lake Formation [feature of Glue]		✓
AWS Lambda		✓
AWS License Manager		✓
AWS Mainframe Modernization		✓
AWS Network Firewall		✓
AWS OpsWorks Stacks		✓
AWS Organizations		✓
AWS Outposts		✓
AWS Private CA		✓
AWS PrivateLink [feature of Amazon VPC]		✓
AWS Resilience Hub		✓
AWS Resource Access Manager (RAM)		✓
AWS Resource Groups		✓
AWS Secrets Manager		✓
AWS Security Hub		✓
AWS Server Migration Service (SMS)		✓
AWS Service Catalog		✓
AWS Shield		✓
AWS Signer		✓
AWS Snow Family		✓
AWS Step Functions		✓
AWS Storage Gateway		✓
AWS Systems Manager		✓
AWS Transfer Family		✓
AWS Transit Gateway [feature of Amazon VPC]		✓
AWS Trusted Advisor		✓
AWS VPN [feature of Amazon VPC]		✓
AWS WAF		✓
AWS Wickr		✓
AWS X-Ray		✓
EC2 Image Builder		✓
Elastic Load Balancing [feature of EC2]		✓

AWS Services in Scope by Compliance Program

— Canadian Centre for Cyber Security (CCCS)

Want More Information About Services in Scope?

Ending Support for Internet Explorer