AWS Services in Scope by Compliance Program

— Information System Security Management and Assessment Program (ISMAP)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.


Click here for full list of services covered under the AWS compliance programs.

ISMAP Last updated: July 2, 2024
Amazon API Gateway apigateway
Amazon AppFlow appflow
Amazon AppStream 2.0 appstream
Amazon Athena athena
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]   sagemaker 
Amazon Bedrock bedrock
Amazon Chime chime
Amazon Chime SDK  
Amazon Cloud Directory clouddirectory 
Amazon CloudFront cloudfront
Amazon CloudWatch cloudwatch
Amazon CloudWatch Logs logs
Amazon Cognito cognito-idp, cognito-identity, cognito-sync
Amazon Comprehend comprehend
Amazon Comprehend Medical comprehendmedical 
Amazon Connect connect
Amazon Detective detective 
Amazon DevOps Guru devops-guru
Amazon DocumentDB (with MongoDB compatibility) rds
Amazon DynamoDB dynamodb
Amazon EC2 Auto Scaling autoscaling
Amazon Elastic Block Store (EBS) ebs
Amazon Elastic Compute Cloud (EC2) ec2
Amazon Elastic Container Registry (ECR) ecr
Amazon Elastic Container Service (ECS) [both Fargate and EC2 launch types] ecs
Amazon Elastic File System (EFS) elasticfilesystem
Amazon Elastic Kubernetes Service (EKS) [both Fargate and EC2 launch types] eks
Amazon Elastic MapReduce (EMR) elasticmapreduce
Amazon ElastiCache for Redis elasticache
Amazon EventBridge events
Amazon FinSpace finspace
Amazon Forecast amazonforecast
Amazon Fraud Detector frauddetector
Amazon FSx fsx
Amazon GuardDuty guardduty
Amazon HealthLake healthlake
Amazon Inspector inspector
Amazon Inspector Classic inspector
Amazon Kendra kendra 
Amazon Keyspaces (for Apache Cassandra) keyspaces 
Amazon Kinesis Data Analytics kinesisanalytics
Amazon Kinesis Data Firehose firehose
Amazon Kinesis Data Streams kinesis
Amazon Kinesis Video Streams kinesisvideo
Amazon Lex  runtime.lex, models.lex
Amazon Location Service location
Amazon Macie macie
Amazon Managed Service for Prometheus amp
Amazon Managed Streaming for Apache Kafka msk
Amazon Managed Workflows for Apache Airflow airflow
Amazon MemoryDB for Redis memorydb
Amazon MQ mq
Amazon Neptune neptune-db
Amazon OpenSearch Service opensearch
Amazon Personalize personalize
Amazon Pinpoint pinpoint
Amazon Polly polly
Amazon Quantum Ledger Database (QLDB) qldb
Amazon QuickSight quicksight
Amazon Redshift redshift
Amazon Rekognition rekognition
Amazon Relational Database Service (RDS) [includes Amazon Aurora]  rds 
Amazon Route 53 route53
Amazon Route 53 Resolver route53resolver
Amazon S3 Glacier glacier
Amazon SageMaker [excludes Studio Lab; Public Workforce and Vendor Workforce for all features]
Amazon Simple Email Service (SES) ses
Amazon Simple Notification Service (SNS) sns
Amazon Simple Queue Service (SQS) sqs
Amazon Simple Storage Service (S3) s3
Amazon Simple Workflow Service (SWF) swf
Amazon SimpleDB sbd
Amazon Textract textract 
Amazon Timestream timestream 
Amazon Transcribe transcribe
Amazon Translate translate
Amazon Virtual Private Cloud (VPC) ec2
Amazon WorkDocs workdocs
Amazon WorkMail workmail 
Amazon WorkSpaces workspaces
Amazon WorkSpaces Web workspaces-web
AWS Amplify amplify
AWS App Mesh appmesh 
AWS App Runner apprunner
AWS Application Migration Service mgn
AWS AppSync appsync
AWS Artifact artifact
AWS Audit Manager   auditmanager 
AWS Backup backup
AWS Batch batch
AWS Certificate Manager (ACM) acm
AWS Chatbot chatbot
AWS Cloud9 cloud9
AWS Cloud Map servicediscovery 
AWS CloudFormation cloudformation
AWS CloudHSM cloudhsm
AWS CloudShell  
AWS CloudTrail cloudtrail
AWS CodeBuild codebuild
AWS CodeCommit codecommit
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline
AWS CodeStar codestar
AWS Config config
AWS Control Tower controltower
AWS Data Exchange dataexchange
AWS Database Migration Service (DMS) dms
AWS DataSync datasync
AWS Device Farm devicefarm 
AWS Direct Connect directconnect
AWS Directory Service [excludes Simple AD] ds
AWS Elastic Beanstalk elasticbeanstalk
AWS Elastic Disaster Recovery drs
AWS Elemental MediaConnect mediaconnect
AWS Elemental MediaConvert mediaconvert
AWS Elemental MediaLive medialive
AWS Fault Injection Simulator fis
AWS Firewall Manager fms
AWS Global Accelerator globalaccelerator
AWS Glue (including AWS Lake Formation) glue
AWS Glue DataBrew databrew 
AWS Ground Station groundstation 
AWS Health Dashboard
AWS HealthOmics omics
AWS IAM Identity Center (successor to AWS Single Sign-On) sso
AWS Identity and Access Management (IAM) iam
AWS IoT 1-Click iot1click
AWS IoT Analytics iotanalytics
AWS IoT Core iot-device
AWS IoT Device Defender iot-device
AWS IoT Device Management iot-device
AWS IoT Events iotevents
AWS IoT Greengrass greengrass
AWS IoT SiteWise iotsitewise
AWS Key Management Service (KMS) kms
AWS Lake Formation lakeformation
AWS Lambda lambda
AWS License Manager license-manager
AWS Mainframe Modernization  
AWS Managed Services  
AWS Network Firewall network-firewall
AWS OpsWorks for CM [includes Chef Automate, Puppet Enterprise] opsworks-cm
AWS OpsWorks Stacks opsworks
AWS Organizations organizations
AWS Outposts outpost
AWS Private CA acm-pca
AWS Resource Access Manager ram
AWS Resource Groups resource-groups
AWS RoboMaker robomaker
AWS Secrets Manager secretsmanager
AWS Security Hub securityhub
AWS Server Migration Service (SMS) sms
AWS Serverless Application Repository serverlessrepo
AWS Service Catalog servicecatalog
AWS Shield shield, DDoSProtection
AWS Signer  
AWS Snowball snowball
AWS Snowball Edge snowballedge 
AWS Snowmobile  
AWS Step Functions states
AWS Storage Gateway storagegateway
AWS Systems Manager ssm
AWS Transfer Family transfer
AWS Trusted Advisor trustedadvisor
AWS Web Application Firewall (WAF) waf
AWS Wickr  
AWS X-Ray xray
EC2 Image Builder imagebuilder
Elastic Load Balancing (ELB) elasticloadbalancing
FreeRTOS freertos
VM Import/Export  

Want More Information About Services in Scope?