AWS Services in Scope by Compliance Program

— Canadian Centre for Cyber Security (CCCS)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of CCCS Assessment. Unless specifically excluded, generally available features of each of the services are considered in the scope, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.


Click here for full list of services covered under the AWS compliance programs.

Amazon API Gateway  
Amazon AppFlow   
Amazon AppStream 2.0   
Amazon Athena  
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]  
Amazon Aurora [feature of Amazon RDS]   
Amazon Chime  
Amazon Cloud Directory  
Amazon CloudFront  
Amazon CloudWatch  
Amazon Cognito  
Amazon Comprehend  
Amazon Comprehend Medical  
Amazon Connect
Amazon Detective  
Amazon DocumentDB (with MongoDB compatibility)  
Amazon DynamoDB  
Amazon Elastic Block Store (EBS)  
Amazon Elastic Compute Cloud (EC2)  
Amazon Elastic Container Registry (ECR)  
Amazon Elastic Container Service (ECS) (includes ECS Anywhere)
Amazon Elastic File System (EFS)  
Amazon Elastic Kubernetes Service (EKS) (includes EKS Anywhere)
Amazon Elastic MapReduce (EMR)  
Amazon ElastiCache  
Amazon Eventbridge  
Amazon FSx
Amazon GuardDuty  
Amazon Inspector   
Amazon Kendra  
Amazon Keyspaces (for Apache Cassandra)  
Amazon Kinesis Data Analytics  
Amazon Kinesis Data Firehose  
Amazon Kinesis Data Streams  
Amazon Kinesis Video Streams  
Amazon Lex  
Amazon Macie  
Amazon Managed Streaming for Apache Kafka  
Amazon MQ  
Amazon Neptune  
Amazon OpenSearch Service (formerly Amazon Elasticsearch service)
Amazon Personalize  
Amazon Pinpoint  
Amazon Polly  
Amazon Quantum Ledger Database (QLDB)   
Amazon QuickSight  
Amazon Redshift  
Amazon Rekognition  
Amazon Relational Database Service (RDS)   
Amazon Route 53  
Amazon S3 Glacier  
Amazon Sagemaker [excludes Studio Lab, Public Workforce and Vendor Workforce]  
Amazon Simple Email Service (SES)  
Amazon Simple Notification Service (SNS)  
Amazon Simple Queue Service (SQS)  
Amazon Simple Storage Service (S3)  
Amazon Simple Workflow Service (SWF)  
Amazon Textract  
Amazon Transcribe  
Amazon Transcribe Medical  
Amazon Translate  
Amazon Virtual Private Cloud (VPC)  
Amazon WorkSpaces  
AWS Amplify  
AWS Application Migration Service   
AWS App Mesh  
AWS AppSync  
AWS Audit Manager  
AWS Auto Scaling [feature of EC2]  
AWS Backup  
AWS Batch  
AWS Certificate Manager  
AWS Chatbot  
AWS Cloud9   
AWS Cloud Map  
AWS CloudFormation  
AWS CloudHSM  
AWS CloudTrail  
AWS CodeBuild  
AWS CodeCommit  
AWS CodeDeploy  
AWS CodePipeline  
AWS CodeStar  
AWS Config  
AWS Control Tower  
AWS Database Migration Service  
AWS DataSync  
AWS Direct Connect   
AWS Directory Service [excludes Simple AD]  
AWS Elastic Beanstalk  
AWS Elemental MediaConvert  
AWS Fargate [feature of EKS and ECS]  
AWS Firewall Manager [feature of WAF]  
AWS Global Accelerator  
AWS Glue  
AWS Health Dashboard   
AWS Identity and Access Management (IAM)  
AWS IAM Identity Center (successor to AWS Single Sign-On)   
AWS IoT Core  
AWS IoT Device Defender  
AWS IoT Device Management  
AWS IoT Greengrass   
AWS Key Management Service  
AWS Lake Formation [feature of Glue]  
AWS Lambda  
AWS License Manager  
AWS Network Firewall   
AWS OpsWorks Stacks  
AWS Organizations  
AWS Outposts  
AWS Private Certificate Authority   
AWS PrivateLink [feature of Amazon VPC]  
AWS Resource Access Manager (RAM)  
AWS Secrets Manager  
AWS Security Hub  
AWS Server Migration Service (SMS)  
AWS Service Catalog  
AWS Shield  
AWS Snow Family   
AWS Step Functions  
AWS Storage Gateway  
AWS Systems Manager  
AWS Transfer Family  
AWS Transit Gateway [feature of Amazon VPC]  
AWS Trusted Advisor   
AWS VPN [feature of Amazon VPC]  
AWS X-Ray  
CloudEndure Disaster Recovery  
CloudEndure Migration  
EC2 Image Builder   
Elastic Load Balancing [feature of EC2]  

Want More Information About Services in Scope?