AWS – Compliance reports


Compliance Reports

  • Enables customers to understand the robust controls in place at AWS to maintain security and data protection in the cloud
  • AWS compliance enablers build on traditional programs, helping you to establish and operate in an AWS security control environment.

Overview of Compliance in AWS

  • When customers move their production workloads to the AWS cloud, the IT environment is managed by both the parties.
  • The environment can be set by the customers in a secure and controlled manner.
  • An adequate governance can be maintained by the customers over their entire IT control environment.

Strong Compliance Governance

  • Regardless of how their IT is deployed, it is still the responsibility of the customer to maintain adequate governance over the entire IT control environment.
  • The customers can apply different types of controls and various verification methods by deploying to the AWS Cloud.

Evaluating and Integrating AWS Controls

  • A wide range of information regarding its IT control environment is provided by AWS via white papers, reports, certifications, and other third-party attestations.
  • Internal and/or external auditors validate the design and operating effectiveness of controls and control objectives.

Risk Management

  • A strategic business plan has developed by AWS that includes risk identification and the implementation of controls to mitigate or manage risks.
  • An information security framework and policies have been established by the AWS compliance and security teams based on the Control Objectives for Information and Related Technology (COBIT) framework.
  • Any public-facing endpoint IP addresses are regularly scanned by the AWS security team for vulnerabilities, and these scans do not include customer instances.
  • Findings and recommendations resulting from these assessments are categorized and delivered to AWS leadership.
  • Customers can request permission to conduct their own vulnerability scans on their own environments.

Control Environment

  • A comprehensive control environment, consists of policies, processes, and control activities, for the secure delivery of AWS service offerings, has been managed by AWS.
  • To establish and maintain an environment that supports the operating effectiveness of AWS control framework, the collective control environment includes people, processes, and technology.

Information Security

  • To protect the confidentiality, integrity, and availability of customer’s systems and data, a formal information security program is used by AWS.
  • Several security white papers has been published by AWS that are available on the main AWS website.
  • These white papers are recommended for reading befor you should take the AWS Solutions Architect Associate exam.


  • A hardware security module (HSM) is a hardware appliance that provides secure key storage and cryptographic operations within a tamper-resistant hardware module.
  • It helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated HSM appliances within the AWS cloud.

AWS Key Management Service

  • AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.
  • It is integrated with other AWS services to make it simple to encrypt your data with encryption keys that you manage.
  • It is also integrated with AWS CloudTrail to provide you with key usage logs to help meet your auditing, regulatory and compliance needs.
  • The following management actions can be performed on master keys by using AWS KMS:

○Create, describe, and list master keys

○Enable and disable master keys

○Set and retrieve master key usage policies (access control)

○Create, delete, list, and update aliases, which are friendly names that point to your master keys

○Delete master keys to complete the key lifecycle

  • The following cryptographic functions can be performed using master keys:

○Encrypt, decrypt, and re-encrypt data

○Generate data encryption keys that you can export from the service in plaintext or encrypted under a master key that doesn’t leave the service

○Generate random numbers suitable for cryptographic applications

AWS Organizations

  • AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
  • AWS Organizations includes all the functionality of Consolidated Billing.
  • You can use your organization to create accounts and invite existing accounts to join your organization.
  • Features

○Centralized management of all of your AWS accounts

○Consolidated billing for all member accounts

○Hierarchical grouping of your accounts to meet your budgetary, security, or compliance needs

○Control over the AWS services and actions that each account can access

○Integration and support for AWS Identity and Access Management (IAM)

○Data replication that is “eventually consistent”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s