AWS Services in Scope by Compliance Program

— Federal Risk and Authorization Management Program (FedRAMP)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 


This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

 

Click here for full list of services covered under the AWS compliance programs.


Services going through FedRAMP assessment and authorization will have the following status:

  • Third-Party Assessment Organization (3PAO) Assessment: This service is currently undergoing an assessment by our third-party assessor
  • Joint Authorization Board (JAB) Review: This service is currently undergoing a JAB review
FedRAMP
SERVICES / PROGRAMS  SDKs FedRAMP Moderate
(East/West)
FedRAMP High
(GovCloud)
FedRAMP Not Required
(Confirmed with JAB)*
Amazon API Gateway apigateway   
Amazon AppStream 2.0 appstream   
Amazon Athena athena   
Amazon Aurora MySQL    
Amazon Aurora PostgresSQL    
Amazon Chime chime     
Amazon Chime SDK  meetings-chime     
Amazon Cloud Directory clouddirectory   
Amazon CloudFront cloudfront     
Amazon CloudWatch cloudwatch   
Amazon CloudWatch Logs logs   
Amazon Cognito cognito-idp, cognito-identity, cognito-sync   
Amazon Comprehend comprehend   
Amazon Comprehend Medical comprehendmedical   
Amazon Connect [excludes Wisdom, VoiceID, and Outbound Communications] connect 
 
Amazon Detective detective   
Amazon DynamoDB dynamodb   
Amazon EC2 Auto Scaling [feature of EC2] autoscaling   
Amazon Elastic Block Store (EBS) ebs   
Amazon Elastic Compute Cloud (EC2) ec2
 
Amazon EC2 Image Builder imagebuilder   
Amazon Elastic Container Registry (ECR) [excludes Amazon Inspector]
ecr   
Amazon Elastic Container Service (ECS) ecs   
Amazon Elastic File System (EFS) efs   
Amazon Elastic Kubernetes Service (EKS) eks   
Amazon ElastiCache
elasticache   
Amazon EMR elasticmapreduce   
Amazon EventBridge events   
Amazon FinSpace finspace     
Amazon Forecast amazonforecast     
Amazon FSx for Lustre    
Amazon FSx for Windows File Server    
Amazon GuardDuty guardduty   
Amazon Inspector Classic [excludes Amazon Inspector]
inspector   
Amazon Kendra kendra   
Amazon Keyspaces (for Apache Cassandra) keyspaces   
Amazon Kinesis Data Analytics  kinesisanalytics   
Amazon Kinesis Data Firehose firehose   
Amazon Kinesis Data Streams kinesis  
Amazon Lex runtime.lex, models.lex   
Amazon Macie macie2     
Amazon Macie Classic macie     
Amazon Managed Streaming for Apache Kafka (Amazon MSK) kafka   
Amazon MQ mq   
Amazon Neptune  neptune-db   
Amazon OpenSearch Service elasticsearchservice   
Amazon Pinpoint mobiletargeting   
Amazon Polly polly   
Amazon Quantum Ledger Database (QLDB)  qldb     
Amazon QuickSight quicksight   
Amazon RDS (MariaDB)    
Amazon RDS (MySQL)    
Amazon RDS (Oracle)    
Amazon RDS (Postgres)    
Amazon RDS (SQL Server)    
Amazon Redshift redshift   
Amazon Rekognition rekognition   
Amazon Route 53 route53   
Amazon S3 Glacier glacier   
Amazon SageMaker [excludes Amazon SageMaker Studio Lab]
sagemaker   
Amazon Simple Email Service (SES) ses   
Amazon Simple Notification Service (SNS) sns   
Amazon Simple Queue Service (SQS) sqs   
Amazon Simple Storage Service (S3) s3   
Amazon Simple Workflow Service (SWF) swf   
Amazon Textract textract   
Amazon Timestream timestream     
Amazon Transcribe transcribe   
Amazon Translate translate   
Amazon Virtual Private Cloud (VPC) ec2   
Amazon WorkDocs workdocs     
Amazon WorkSpaces workspaces   
AWS Application Auto Scaling  application-autoscaling    JAB Review  
AWS App Mesh appmesh     
AWS Artifact      
AWS Audit Manager auditmanager     
AWS Backup backup   
AWS Batch batch   
AWS Billing Conductor  billingconductor     
AWS Budgets budgets     
AWS Certificate Manager acm   
AWS Chatbot      
AWS Cloud9 cloud9     
AWS CloudFormation cloudformation   
AWS CloudHSM cloudhsm   
AWS Cloud Map  servicediscovery   
AWS CloudShell    3PAO Assessment     
AWS CloudTrail cloudtrail   
AWS CodeBuild codebuild   
AWS CodeCommit codecommit   
AWS CodeDeploy codedeploy   
AWS CodePipeline codepipeline   
AWS Config config   
AWS Control Tower controltower     
AWS Cost and Usage Reports      
AWS Cost Explorer ce     
AWS Database Migration Service (DMS) dms   
AWS DataSync datasync   
AWS Direct Connect directconnect   
AWS Directory Service ds   
AWS Elastic Beanstalk elasticbeanstalk   
AWS Elemental MediaConvert mediaconvert   
AWS Fargate [feature of ECS]    
AWS Fargate [feature of EKS]      
AWS Firewall Manager fms   
AWS Glue glue   
AWS Glue DataBrew databrew     
AWS Ground Station groundstation     
AWS Identity & Access Management (IAM) iam   
AWS IAM Identity Center       
AWS IoT Core iot   
AWS IoT Device Management iot   
AWS IoT Greengrass greengrass   
AWS Key Management Service (KMS) kms   
AWS Lambda lambda   
AWS License Manager license-manager   
AWS Managed Services (AMS)    
AWS Management Console      
AWS Marketplace      
AWS Network Firewall network-firewall   
AWS Organizations organizations   
AWS OpsWorks (Chef Automate and Puppet Enterprise)      
AWS Outposts (Software)
outposts   
AWS Personal Health Dashboard health   
AWS Resource Access Manager (AWS RAM) ram   
AWS Resource Groups resource-groups   
AWS Secrets Manager secretsmanager   
AWS Security Hub securityhub   
AWS Server Migration Service (SMS) sms   
AWS Serverless Application Repository serverlessrepo   
AWS Service Catalog servicecatalog   
AWS Service Quotas servicequotas     
AWS Shield (Standard and Advanced) shield, DDoSProtection     
AWS Single Sign-On  sso    JAB Review  
AWS Snowball snowball   
AWS Snowball Edge    
AWS Snowmobile    
AWS Step Functions states   
AWS Systems Manager  ssm   
AWS Storage Gateway storagegateway   
AWS Transfer Family transfer   
AWS Transit Gateway [feature of Amazon VPC]    
AWS Trusted Advisor    
AWS Web Application Firewall (WAF) waf   
AWS WAFv2  wafv2  3PAO Assessment  3PAO Assessment   
AWS X-RAY xray   
Elastic Load Balancing [feature of EC2] elasticloadbalancing   
VM Import/Export    
Managed AWS Landing Zone (MALz) [feature of AWS Managed Services]      
Network Load Balancer (NLB) [feature of Elastic Load Balancing]     
Inter-Region VPC Peering [feature of Amazon VPC]    

*Services not within the scope of JAB review. As such, the JAB team has issued neither an approval nor disapproval decision regarding this product under FedRAMP. Customers are able to leverage this service by working with their AWS Sales Representative directly to seek independent agency approval.  

Want More Information About Services in Scope?