AWS Services in Scope by Compliance Program

— Canadian Centre for Cyber Security (CCCS)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative?

This webpage provides a list of AWS Services in Scope of CCCS Assessment. Unless specifically excluded, generally available features of each of the services are considered in the scope, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

Click here for full list of services covered under the AWS compliance programs.

CCCS

SERVICES / PROGRAMS		CCCS MEDIUM (formerly PBMM)
Amazon API Gateway		✓
Amazon AppFlow		✓
Amazon AppStream 2.0		✓
Amazon Athena		✓
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]		✓
Amazon Aurora [feature of Amazon RDS]		✓
Amazon Chime		✓
Amazon Cloud Directory		✓
Amazon CloudFront		✓
Amazon CloudWatch		✓
Amazon Cognito		✓
Amazon Comprehend		✓
Amazon Comprehend Medical		✓
Amazon Connect		✓
Amazon Detective		✓
Amazon DocumentDB (with MongoDB compatibility)		✓
Amazon DynamoDB		✓
Amazon Elastic Block Store (EBS)		✓
Amazon Elastic Compute Cloud (EC2)		✓
Amazon Elastic Container Registry (ECR)		✓
Amazon Elastic Container Service (ECS) (includes ECS Anywhere)		✓
Amazon Elastic File System (EFS)		✓
Amazon Elastic Kubernetes Service (EKS) (includes EKS Anywhere)		✓
Amazon Elastic MapReduce (EMR)		✓
Amazon ElastiCache		✓
Amazon Eventbridge		✓
Amazon FSx		✓
Amazon GuardDuty		✓
Amazon Inspector		✓
Amazon Kendra		✓
Amazon Keyspaces (for Apache Cassandra)		✓
Amazon Kinesis Data Analytics		✓
Amazon Kinesis Data Firehose		✓
Amazon Kinesis Data Streams		✓
Amazon Kinesis Video Streams		✓
Amazon Lex		✓
Amazon Macie		✓
Amazon Managed Streaming for Apache Kafka		✓
Amazon MQ		✓
Amazon Neptune		✓
Amazon OpenSearch Service (formerly Amazon Elasticsearch service)		✓
Amazon Personalize		✓
Amazon Pinpoint		✓
Amazon Polly		✓
Amazon Quantum Ledger Database (QLDB)		✓
Amazon QuickSight		✓
Amazon Redshift		✓
Amazon Rekognition		✓
Amazon Relational Database Service (RDS)		✓
Amazon Route 53		✓
Amazon S3 Glacier		✓
Amazon Sagemaker [excludes Studio Lab, Public Workforce and Vendor Workforce]		✓
Amazon Simple Email Service (SES)		✓
Amazon Simple Notification Service (SNS)		✓
Amazon Simple Queue Service (SQS)		✓
Amazon Simple Storage Service (S3)		✓
Amazon Simple Workflow Service (SWF)		✓
Amazon Textract		✓
Amazon Transcribe		✓
Amazon Transcribe Medical		✓
Amazon Translate		✓
Amazon Virtual Private Cloud (VPC)		✓
Amazon WorkSpaces		✓
AWS Amplify		✓
AWS Application Migration Service		✓
AWS App Mesh		✓
AWS AppSync		✓
AWS Audit Manager		✓
AWS Auto Scaling [feature of EC2]		✓
AWS Backup		✓
AWS Batch		✓
AWS Certificate Manager		✓
AWS Chatbot		✓
AWS Cloud9		✓
AWS Cloud Map		✓
AWS CloudFormation		✓
AWS CloudHSM		✓
AWS CloudTrail		✓
AWS CodeBuild		✓
AWS CodeCommit		✓
AWS CodeDeploy		✓
AWS CodePipeline		✓
AWS CodeStar		✓
AWS Config		✓
AWS Control Tower		✓
AWS Database Migration Service		✓
AWS DataSync		✓
AWS Direct Connect		✓
AWS Directory Service [excludes Simple AD]		✓
AWS Elastic Beanstalk		✓
AWS Elemental MediaConvert		✓
AWS Fargate [feature of EKS and ECS]		✓
AWS Firewall Manager [feature of WAF]		✓
AWS Global Accelerator		✓
AWS Glue		✓
AWS Health Dashboard		✓
AWS Identity and Access Management (IAM)		✓
AWS IAM Identity Center (successor to AWS Single Sign-On)		✓
AWS IoT Core		✓
AWS IoT Device Defender		✓
AWS IoT Device Management		✓
AWS IoT Greengrass		✓
AWS Key Management Service		✓
AWS Lake Formation [feature of Glue]		✓
AWS Lambda		✓
AWS License Manager		✓
AWS Network Firewall		✓
AWS OpsWorks Stacks		✓
AWS Organizations		✓
AWS Outposts		✓
AWS Private Certificate Authority		✓
AWS PrivateLink [feature of Amazon VPC]		✓
AWS Resource Access Manager (RAM)		✓
AWS Secrets Manager		✓
AWS Security Hub		✓
AWS Server Migration Service (SMS)		✓
AWS Service Catalog		✓
AWS Shield		✓
AWS Snow Family		✓
AWS Step Functions		✓
AWS Storage Gateway		✓
AWS Systems Manager		✓
AWS Transfer Family		✓
AWS Transit Gateway [feature of Amazon VPC]		✓
AWS Trusted Advisor		✓
AWS VPN [feature of Amazon VPC]		✓
AWS WAF		✓
AWS X-Ray		✓
CloudEndure Disaster Recovery		✓
CloudEndure Migration		✓
EC2 Image Builder		✓
Elastic Load Balancing [feature of EC2]		✓

AWS Services in Scope by Compliance Program

— Canadian Centre for Cyber Security (CCCS)

Want More Information About Services in Scope?

Ending Support for Internet Explorer