AWS Services in Scope by Compliance Program

— Canadian Centre for Cyber Security (CCCS)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of CCCS Assessment. Unless specifically excluded, generally available features of each of the services are considered in the scope, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.


Click here for full list of services covered under the AWS compliance programs.

CCCS Last updated: July 2, 2024
(formerly PBMM)
Amazon API Gateway  
Amazon AppFlow  
Amazon AppStream 2.0  
Amazon Athena  
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]  
Amazon Aurora [feature of Amazon RDS]   
Amazon Chime  
Amazon Chime SDK  
Amazon Cloud Directory  
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences]  
Amazon CloudWatch  
Amazon Cognito  
Amazon Comprehend  
Amazon Comprehend Medical  
Amazon Connect
Amazon Detective  
Amazon DevOps Guru  
Amazon DocumentDB (with MongoDB compatibility)  
Amazon DynamoDB  
Amazon EC2  
Amazon Elastic Block Store (EBS)  
Amazon Elastic Container Registry (ECR)  
Amazon Elastic Container Service (ECS) (includes ECS Anywhere)
Amazon Elastic File System (EFS)  
Amazon Elastic Kubernetes Service (EKS) (includes EKS Anywhere)
Amazon Elastic MapReduce (EMR)  
Amazon ElastiCache  
Amazon Eventbridge  
Amazon FinSpace  
Amazon FSx
Amazon GuardDuty  
Amazon Inspector  
Amazon Kendra  
Amazon Keyspaces (for Apache Cassandra)  
Amazon Kinesis Data Firehose  
Amazon Kinesis Data Streams  
Amazon Kinesis Video Streams  
Amazon Lex  
Amazon Location Service  
Amazon Macie  
Amazon Managed Service for Apache Flink  
Amazon Managed Streaming for Apache Kafka  
Amazon Managed Workflows for Apache Airflow  
Amazon MemoryDB (formerly MemoryDB for Redis)  
Amazon MQ  
Amazon Neptune  
Amazon OpenSearch Service
Amazon Personalize  
Amazon Pinpoint  
Amazon Polly  
Amazon Quantum Ledger Database (QLDB)  
Amazon QuickSight  
Amazon Redshift  
Amazon Rekognition  
Amazon Relational Database Service (RDS)  
Amazon Route 53  
Amazon S3 Glacier  
Amazon Sagemaker [excludes Studio Lab, Public Workforce and Vendor Workforce]  
Amazon Simple Email Service (SES)  
Amazon Simple Notification Service (SNS)  
Amazon Simple Queue Service (SQS)  
Amazon Simple Storage Service (S3)  
Amazon Simple Workflow Service (SWF)  
Amazon Textract  
Amazon Transcribe  
Amazon Transcribe Medical  
Amazon Translate  
Amazon Virtual Private Cloud (VPC)  
Amazon VPC Lattice [feature of Amazon VPC]  
Amazon WorkSpaces  
Amazon WorkSpaces Secure Browser (formerly Amazon Workspaces Web)  
AWS Amplify  
AWS Application Migration Service (formerly CloudEndure Migration)  
AWS App Mesh  
AWS AppSync  
AWS Audit Manager  
AWS Auto Scaling [feature of EC2]  
AWS Backup  
AWS Batch  
AWS Certificate Manager  
AWS Chatbot  
AWS Cloud9  
AWS Cloud Map  
AWS CloudFormation  
AWS CloudHSM  
AWS CloudShell  
AWS CloudTrail  
AWS CodeBuild  
AWS CodeCommit  
AWS CodeDeploy  
AWS CodePipeline  
AWS CodeStar  
AWS Config  
AWS Control Tower  
AWS Database Migration Service  
AWS DataSync  
AWS Direct Connect  
AWS Directory Service [excludes Simple AD]  
AWS Elastic Beanstalk  
AWS Elastic Disaster Recovery (AWS DRS) (formerly CloudEndure Disaster Recovery)  
AWS Elemental MediaConnect  
AWS Elemental MediaConvert  
AWS Elemental MediaLive  
AWS Fargate [feature of EKS and ECS]  
AWS Fault Injection Simulator  
AWS Firewall Manager [feature of WAF]  
AWS Global Accelerator  
AWS Glue  
AWS Health Dashboard  
AWS Identity and Access Management (IAM)  
AWS IAM Identity Center (successor to AWS Single Sign-On)   
AWS IoT Core  
AWS IoT Device Defender  
AWS IoT Device Management  
AWS IoT Events  
AWS IoT Greengrass  
AWS IoT SiteWise  
AWS Key Management Service  
AWS Lake Formation [feature of Glue]  
AWS Lambda  
AWS License Manager  
AWS Mainframe Modernization  
AWS Network Firewall  
AWS OpsWorks Stacks  
AWS Organizations  
AWS Outposts  
AWS Private CA  
AWS PrivateLink [feature of Amazon VPC]  
AWS Resilience Hub  
AWS Resource Access Manager (RAM)  
AWS Resource Groups  
AWS Secrets Manager  
AWS Security Hub  
AWS Server Migration Service (SMS)  
AWS Service Catalog  
AWS Shield  
AWS Signer  
AWS Snow Family  
AWS Step Functions  
AWS Storage Gateway  
AWS Systems Manager  
AWS Transfer Family  
AWS Transit Gateway [feature of Amazon VPC]  
AWS Trusted Advisor  
AWS VPN [feature of Amazon VPC]  
AWS Wickr  
AWS X-Ray  
EC2 Image Builder  
Elastic Load Balancing [feature of EC2]  

Want More Information About Services in Scope?