AWS Control Tower
AWS Service Catalog
The course is part of this learning path
This course covers the core learning objective to meet the requirements of the 'Designing Network & Data Transfer solutions in AWS - Level 1' skill
- Understand the AWS shared responsibility model
- Understand AWS access management capabilities to enforce security at different levels (IAM, AWS Organizations, Control Tower, Service Catalog, Amazon Cognito)
- Understand where to find AWS compliance information (AWS Artifact)
Hello, and welcome to this lecture where I will be examining AWS Artifact, a free self-service portal that provides you with immediate access to AWS security and compliance reports. Within AWS Artifact, you also have the ability to view, download, accept, and terminate legal agreements between you and AWS at both the account and organization level.
So you may be asking yourself: why would I ever need to access the information in AWS Artifact? And as it turns out, there could be several reasons. For starters, you might be asked to provide evidence of the current or historical compliance of different AWS services used within your architecture as part of a required audit to ensure that your enterprise may continue to leverage the AWS cloud. And this audit could potentially extend out to include your suppliers as well. Or perhaps you just want to learn more about your responsibilities when it comes to complying with various regulatory standards such as Payment Card Industry, or PCI, or Service Organization Control, or SOC. After all, simply leveraging the AWS cloud does not guarantee that the systems you build within it will be fully secure or compliant. We’ll discuss this more in a moment.
AWS Artifact can be accessed directly from the AWS console by searching “Artifact.” From there, the AWS Artifact home page gives you options to view reports and view agreements, so let’s spend a little time discussing reports and agreements in more detail.
AWS Artifact Reports consist of AWS auditor-issued reports and include everything from ISO certifications to PCI and SOC reports.
These reports, known as audit artifacts, may be shared with auditors and regulators by creating IAM users with an associated identity-based policy that grants access only to the necessary reports. And these audit artifacts allow you to provide evidence of AWS security controls to ensure compliance with any applicable governance, regulations, or frameworks when architecting solutions in the AWS cloud. Now of course this is always done in accordance with the AWS Shared Responsibility Model, where AWS is responsible for the underlying security OF the cloud, but you remain responsible for your own systems’ and applications’ security IN the cloud. Now to learn more about the AWS Shared Responsibility Model, I encourage you to check out this resource. Consequently, the compliance reports provided within AWS Artifact pertain only to AWS and do not in any way certify the security or compliance of your own company, organization, or application. However, these audit artifacts can and should inform the security controls you choose to implement as part of your own cloud architecture and solution design.
In addition to security and compliance reports, AWS Artifact also allows you to view and execute legally binding agreements between you and AWS.
These agreements can be applied at the individual account level, or if you are signed in to the AWS console with the management account of an organization in AWS Organizations, you can also apply an agreement to all member accounts within your organization. One example of a commonly used agreement is the AWS Business Associate Addendum, or BAA, which governs your use of AWS services when storing personal health information, or PHI.
To accept an agreement, you must first accept the AWS Artifact non-disclosure agreement or NDA.
After you have accepted this NDA, then downloaded and reviewed the agreement, you may accept the agreement by checking a box acknowledging that you accept all of its relevant terms and conditions. Note that when accepting an agreement on behalf of all member accounts within an AWS Organization, you must also certify that you have the full power and authority to accept the agreement on behalf of every entity that either currently has, or may ever subsequently have, a member account within your organization at any point in the future.
So that’s how we can use AWS Artifact to not only view compliance reports and agreements but also to help ensure the solutions we architect in the AWS cloud remain secure and compliant with all necessary rules and regulations.
William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.