AWS Services in Scope by Compliance Program

— SNI 27001

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative? 

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

= This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.


Click here for full list of services covered under the AWS compliance programs.

SNI 27001
Amazon API Gateway
Amazon Athena
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences]
Amazon CloudWatch
Amazon CloudWatch Logs
Amazon DynamoDB
Amazon EC2 Auto Scaling
Amazon Elastic Block Store (EBS)
Amazon Elastic Compute Cloud (EC2)
Amazon Elastic Container Registry (ECR)
Amazon Elastic Container Service (ECS) [both Fargate and EC2 launch types]
Amazon Elastic Disaster Recovery
Amazon Elastic File System (EFS)
Amazon Elastic Kubernetes Service (EKS) [both Fargate and EC2 launch types]
Amazon Elastic MapReduce (EMR)
Amazon ElastiCache
Amazon EventBridge
Amazon FSx
Amazon GuardDuty
Amazon Kinesis Data Firehose
Amazon Kinesis Data Streams
Amazon Managed Service for Apache Flink(MSK)
Amazon Managed Streaming for Apache Kafka
Amazon MQ
Amazon OpenSearch Service
Amazon Redshift
Amazon Relational Database Service (RDS) [includes Amazon Aurora]
Amazon Route 53
Amazon SageMaker [excludes Studio Lab, Public Workforce and Vendor Workforce for all features]
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)
Amazon Simple Queue Service (SQS)
Amazon Simple Storage Service (S3)
Amazon Simple Workflow Service (SWF)
Amazon Virtual Private Cloud (VPC)
AWS App Mesh
AWS Application Migration Service
AWS AppSync
AWS Artifact
AWS Backup
AWS Batch
AWS Certificate Manager (ACM)
AWS Chatbot
AWS Cloud Map
AWS CloudFormation
AWS CloudTrail
AWS CodeBuild
AWS CodeCommit
AWS CodeDeploy
AWS Config
AWS Database Migration Service (DMS)
AWS DataSync
AWS Direct Connect
AWS Directory Service [excludes Simple AD]
AWS Elastic Beanstalk
AWS Firewall Manager
AWS Glue
AWS Health Dashboard
AWS IAM Identity Center (successor to AWS Single Sign-On)
AWS Identity and Access Management (IAM)
AWS Key Management Service (KMS)
AWS Lake Formation
AWS Lambda
AWS License Manager
AWS Network Firewall
AWS Organizations
AWS Outposts
AWS Private Certificate Authority
AWS Resource Access Manager (RAM)
AWS Resource Groups
AWS Secrets Manager
AWS Security Hub
AWS Service Catalog
AWS Shield
AWS Snowball
AWS Step Functions
AWS Storage Gateway
AWS Systems Manager
AWS Transfer Family
AWS Trusted Advisor
EC2 Image Builder
Elastic Load Balancing (ELB)

Want More Information About Services in Scope?