AWS Services in Scope by Compliance Program

— Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.


Click here for full list of services covered under the AWS compliance programs.

Services going through DoD CC SRG assessment and authorization will have the following status:

  • Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment by our third-party assessor
  • Joint Authorization Board (JAB) Review: This service is currently undergoing a JAB review
  • Defense Information Systems Agency (DISA) Review: This service is currently undergoing a DISA review

* Services not within the scope of DISA review. As such, DISA has issued neither an approval nor disapproval decision regarding this product under the DoD CC SRG. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent Mission Owner approval.
** Denotes the service is Impact Level 6 authorized, but not Generally Available (GA) in the region.

(AWS Secret Region
Amazon API Gateway apigateway 
Amazon AppStream 2.0 appstream   
Amazon Athena** athena 
Amazon Aurora MySQL  
Amazon Aurora PostgreSQL  
Amazon Bedrock   3PAO Assessment        
Amazon Chime chime         
Amazon Chime SDK chime
3PAO Assessment 

Amazon Cloud Directory clouddirectory   
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences] cloudfront         
Amazon CloudWatch cloudwatch 
Amazon CloudWatch Logs logs 
Amazon Cognito cognito-idp, cognito-identity, cognito-sync   
Amazon Comprehend comprehend   
Amazon Comprehend Medical comprehendmedical   
Amazon Connect [excludes Wisdom, VoiceID, Outbound Campaigns, and GetMetricDataV2 API] connect   
Amazon Detective detective   
Amazon DevOps Guru          
Amazon DynamoDB dynamodb 
Amazon EC2 Auto Scaling [feature of EC2] autoscaling 
Amazon EC2 Image Builder imagebuilder 
Amazon Elastic Block Store (EBS) ebs 
Amazon Elastic Compute Cloud (EC2) ecs 
Amazon Elastic Container Registry (ECR)
Amazon Elastic Container Service (ECS) ecs 
Amazon Elastic File System (EFS) efs 
Amazon Elastic Kubernetes Service (EKS) eks 
Amazon ElastiCache
Amazon EMR elasticmapreduce 
Amazon EventBridge events 
Amazon FinSpace finspace         
Amazon Forecast amazonforecast         
Amazon FSx
Amazon GuardDuty [excludes Amazon GuardDuty EKS Runtime Monitoring]
Amazon HealthLake   3PAO Assessment         
Amazon Inspector inspector2       
Amazon Inspector Classic
Amazon Kendra kendra     
Amazon Keyspaces (for Apache Cassandra) keyspaces   
Amazon Kinesis Data Analytics kinesisanalytics 

Amazon Kinesis Data Firehose firehose 
Amazon Kinesis Data Streams kinesis 
Amazon Lex runtime.lex, models.lex   
Amazon Macie macie2         
Amazon Macie Classic macie         
Amazon Managed Streaming for Apache Kafka (Amazon MSK) kafka   
Amazon MemoryDB for Redis          
Amazon MQ mq 

Amazon Neptune neptune-db 
Amazon Omics          
Amazon OpenSearch Service elasticsearchservice
Amazon Pinpoint mobiletargeting   
Amazon Polly polly   
Amazon Quantum Ledger Database (QLDB) qldb         
Amazon QuickSight quicksight   
Amazon RDS (MariaDB)  
Amazon RDS (MySQL)  
Amazon RDS (Oracle)  
Amazon RDS (Postgres)  
Amazon RDS (SQL Server)  
Amazon Redshift redshift 
Amazon Rekognition rekognition   
Amazon Route 53 route53 
Amazon S3 Glacier glacier 
Amazon SageMaker [excludes Amazon SageMaker Studio Lab]
Amazon Simple Email Service (SES) ses   
Amazon Simple Notification Service (SNS) sns 
Amazon Simple Queue Service (SQS) sqs 
Amazon Simple Storage Service (S3) s3 
Amazon Simple Workflow Service (SWF) swf 
Amazon Textract textract   
Amazon Timestream timestream 3PAO Assessment       
Amazon Transcribe transcribe   
Amazon Translate translate   
Amazon Virtual Private Cloud (VPC) ec2 
Amazon WorkDocs workdocs         
Amazon WorkSpaces workspaces
Amazon WorkSpaces Web   JAB Review        
AWS Application Auto Scaling application-autoscaling   
AWS Application Migration Service (MGN)          
AWS App Mesh appmesh         
AWS Artifact*   ✓  ✓  ✓  ✓   
AWS Audit Manager auditmanager         
AWS Auto Scaling autoscaling        
AWS Backup backup   
AWS Batch batch   
AWS Billing Conductor billingconductor  ✓  ✓  ✓  ✓   
AWS Budgets* budgets   
AWS Certificate Manager (ACM) acm   
AWS Chatbot          
AWS Cloud9 cloud9         
AWS Cloud Map servicediscovery   
AWS CloudFormation cloudformation 
AWS CloudHSM cloudhsm   
AWS CloudShell    
AWS CloudTrail cloudtrail 
AWS CodeBuild codebuild   
AWS CodeCommit codecommit   
AWS CodeDeploy codedeploy 
AWS CodePipeline codepipeline   
AWS Compute Optimizer     JAB Review      
AWS Config config 
AWS Control Tower controltower  DISA Review DISA Review  
AWS Cost and Usage Reports*    
AWS Cost Explorer* ce   
AWS Database Migration Service (DMS) dms 
AWS Data Pipeline datapipeline         
AWS DataSync datasync   
AWS Diode      
AWS Direct Connect directconnect 
AWS Directory Service ds 
AWS Elastic Beanstalk elasticbeanstalk   
AWS Elastic Disaster Recovery (DRS)          
AWS Elemental MediaConvert mediaconvert   
AWS Fargate [feature of ECS]  
AWS Fargate [feature of EKS]          
AWS Fault Injection Simulator        
AWS Firewall Manager fms   
AWS Global Accelerator   3PAO Assessment        
AWS Glue glue   
AWS Glue DataBrew databrew  3PAO Assessment       
AWS Ground Station groundstation         
AWS Health Dashboard health
AWS Identity and Access Management (IAM) iam 
AWS IAM Identity Center
(Successor to AWS Single Sign-On)
AWS IoT Core iot   
AWS IoT Device Defender   JAB Review JAB Review      
AWS IoT Device Management iot   
AWS IoT Events   DISA Review DISA Review  
AWS IoT Greengrass greengrass   
AWS IoT SiteWise      
AWS IoT TwinMaker     JAB Review      
AWS Key Management Service (KMS) kms 
AWS Lambda lambda 
AWS Liberty          
AWS License Manager license-manager 
AWS Mainframe Modernization   3PAO Assessment         
AWS Managed Services (AMS)    
AWS Management Console*   ✓  ✓  ✓  ✓   
AWS Marketplace*    
AWS Network Firewall network-firewall   
AWS Outposts (Software)** outposts 

AWS Organizations organizations   
AWS Opsworks (Chef Automate and Puppet Enterprise)          
AWS Private Certificate Authority      
AWS PrivateLink [feature of VPC]  
AWS Resource Access Manager (AWS RAM) ram 
AWS Resource Groups resource-groups   
AWS Secrets Manager secretsmanager 
AWS Security Hub securityhub   
AWS Server Migration Service (SMS) sms   
AWS Serverless Application Repository serverlessrepo   
AWS Service Catalog servicecatalog   
AWS Service Quotas* servicequotas  ✓  ✓  ✓  ✓   
AWS Shield (Standard and Advanced) shield, DDoSProtection         
AWS Signer          
AWS Snowball snowball 
AWS Snowball Edge  
AWS Snowmobile  

AWS Step Functions states 
AWS Storage Gateway storagegateway   
AWS Systems Manager ssm 
AWS Transfer Family transfer   
AWS Transit Gateway [feature of VPC]  
AWS Trusted Advisor  
AWS Web Application Firewall (WAF) wafv2  3PAO Assessment
AWS Web Application Firewall Classic (WAF Classic) waf-regional  
AWS Well-Architected Tool wellarchitected      
AWS Wickr wickr  JAB Review      
AWS X-Ray xray   
Elastic Load Balancing [feature of EC2] elasticloadbalancing 
Network Load Balancer (NLB) [feature of Elastic Load Balancing]   
VM Import/Export [feature of EC2]  

*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.  

Want More Information About Services in Scope?