🌱 JYunth's Garden

Recent Posts

Compliance on AWS

Nov 28, 20242 min read

Compliance on AWS Summary

Compliance on AWS refers to the practices, policies, and tools that ensure users adhere to regulatory, legal, and industry standards while using AWS services.

Shared Responsibility: Security and compliance are a shared responsibility between AWS and the customer. AWS is responsible for the security of the cloud (the underlying infrastructure), while customers are responsible for security in the cloud (their data and applications). For example, in the case of Amazon EC2, AWS secures the physical servers, virtualization layer, and network, but the customer is responsible for the operating system, applications, and network configurations.

AWS Compliance Programs: AWS provides various programs to help customers meet their compliance obligations:

  • Certifications and Attestations: AWS holds numerous certifications and attestations, like SOC 1, SOC 2, ISO 27001, PCI DSS, and FedRAMP, demonstrating its commitment to security and compliance. These certifications cover various aspects of AWS operations and infrastructure, providing assurance to customers about the controls in place.
  • Assurance Programs: AWS offers templates and control mappings to help customers establish and demonstrate the compliance of their environments running on AWS. These programs offer guidance and resources to align customer workloads with specific regulatory requirements.
  • Data Processing Addendum (DPA): AWS provides a DPA that automatically applies whenever customers process personal data on AWS. This DPA incorporates GDPR-compliant terms, offering a high standard for data privacy and exceeding the requirements of many global data protection laws.

Benefits of Compliance on AWS:

  • Third-Party Validation: AWS certifications and attestations provide independent validation of AWS’s compliance with global requirements, giving customers confidence in the security and reliability of AWS services.
  • Inheritance of Security Controls: Customers inherit the benefits of the latest security controls implemented by AWS on its infrastructure, ensuring a robust security foundation for their workloads.
  • Streamlined and Automated Compliance: AWS offers tools and services that simplify and automate compliance tasks, reducing the operational burden on customers. These tools can help with tasks like security assessments, vulnerability management, and compliance reporting.

Graph View

Backlinks