AWS Compliance
💡 Definition
AWS Compliance refers to AWS's adherence to various global, national, and industry-specific security and compliance standards, as well as the tools and programs AWS provides to help customers achieve their own compliance requirements when using the cloud.
🔑 Key Concepts
- AWS Compliance Programs: AWS maintains a broad range of attestations, certifications, and accreditations, such as ISO 27001, PCI DSS, SOC reports, HIPAA, GDPR, FedRAMP, etc. These demonstrate AWS's commitment to securing its infrastructure.
- Customer Responsibility: Under the Shared Responsibility Model, while AWS is responsible for the compliance of the cloud, customers are responsible for compliance in the cloud (i.e., securing their data and applications deployed on AWS services).
- Transparency & Assurance: AWS makes its compliance documentation available to customers to help them meet their audit obligations.
- Tools for Compliance: AWS offers services to help customers manage their compliance posture.
⚙️ How it Works
AWS undergoes regular third-party audits and continuously updates its infrastructure and services to comply with various standards. Customers can access AWS's compliance reports via AWS Artifact to demonstrate to their own auditors that the underlying AWS infrastructure meets required standards. Customers then use AWS services like AWS Config, CloudTrail, and IAM to build and operate compliant applications on AWS.
🎯 Use Cases
- Meeting Regulatory Requirements: Organizations in regulated industries (healthcare, finance, government) must meet specific compliance mandates.
- Auditing: Providing auditors with necessary documentation and evidence of security controls.
- Risk Management: Ensuring that data and applications are protected according to industry best practices.
💰 Pricing Model
- N/A. Compliance is a characteristic of AWS's operations and a set of services/programs. Access to AWS Artifact and many compliance-related services like AWS Config have free tiers or are generally free; you pay for the underlying resources.
📝 Exam Tips (CLF-C02)
- Keywords: "Regulatory standards", "Audits", "PCI DSS", "HIPAA", "GDPR".
- Remember the role of the Shared Responsibility Model in compliance.
- AWS Artifact is the primary place to find AWS compliance reports.
- AWS Config and CloudTrail are key tools for customer compliance in the cloud.
See Also: * AWS Artifact * Shared Responsibility Model * AWS Config * CloudTrail