1. Home
  2. Training Library
  3. Amazon Web Services
  4. Amazon Web Services Courses
  5. How to Find Compliance Data Using AWS Artifact

Finding Compliance Data With AWS Artifact

Contents

keyboard_tab
Finding Compliance Data with AWS Artifact
1
Introduction
PREVIEW1m 37s
Finding Compliance Data With AWS Artifact
Difficulty
Beginner
Duration
11m
Students
74
Ratings
5/5
starstarstarstarstar
Description

In this course, we will be examining AWS Artifact, a free self-service resource that provides you with immediate access to AWS security and compliance reports, as well as the ability to view and accept agreements with AWS at both the account and organization level.

Learning Objectives

The objective of this course is to introduce you to AWS Artifact and explain how it is used to view compliance reports and accept legally binding agreements with AWS.

Intended Audience

This course is ideal for those who have a responsibility for managing governance, preparing audit compliance documentation, or anyone who is unfamiliar with the AWS Artifact service and is simply looking to learn more about it at an introductory level.

Prerequisites

As a prerequisite to this course, you should have a very basic understanding of AWS and cloud computing. This is an introductory course that will cover the basics of AWS Artifact.

Transcript

Hello, and welcome to this lecture where I will be examining AWS Artifact, a free self-service portal that provides you with immediate access to AWS security and compliance reports. Within AWS Artifact, you also have the ability to view, download, accept, and terminate legal agreements between you and AWS at both the account and organization level.

So you may be asking yourself: why would I ever need to access the information in AWS Artifact? And as it turns out, there could be several reasons. For starters, you might be asked to provide evidence of the current or historical compliance of different AWS services used within your architecture as part of a required audit to ensure that your enterprise may continue to leverage the AWS cloud. And this audit could potentially extend out to include your suppliers as well. Or perhaps you just want to learn more about your responsibilities when it comes to complying with various regulatory standards such as Payment Card Industry, or PCI, or Service Organization Control, or SOC. After all, simply leveraging the AWS cloud does not guarantee that the systems you build within it will be fully secure or compliant. We’ll discuss this more in a moment.

AWS Artifact can be accessed directly from the AWS console by searching “Artifact.” From there, the AWS Artifact home page gives you options to view reports and view agreements, so let’s spend a little time discussing reports and agreements in more detail.

AWS Artifact Reports consist of AWS auditor-issued reports and include everything from ISO certifications to PCI and SOC reports.

These reports, known as audit artifacts, may be shared with auditors and regulators by creating IAM users with an associated identity-based policy that grants access only to the necessary reports. And these audit artifacts allow you to provide evidence of AWS security controls to ensure compliance with any applicable governance, regulations, or frameworks when architecting solutions in the AWS cloud. Now of course this is always done in accordance with the AWS Shared Responsibility Model, where AWS is responsible for the underlying security OF the cloud, but you remain responsible for your own systems’ and applications’ security IN the cloud. Now to learn more about the AWS Shared Responsibility Model, I encourage you to check out this resource. Consequently, the compliance reports provided within AWS Artifact pertain only to AWS and do not in any way certify the security or compliance of your own company, organization, or application. However, these audit artifacts can and should inform the security controls you choose to implement as part of your own cloud architecture and solution design.

In addition to security and compliance reports, AWS Artifact also allows you to view and execute legally binding agreements between you and AWS.

These agreements can be applied at the individual account level, or if you are signed in to the AWS console with the management account of an organization in AWS Organizations, you can also apply an agreement to all member accounts within your organization. One example of a commonly used agreement is the AWS Business Associate Addendum, or BAA, which governs your use of AWS services when storing personal health information, or PHI.

To accept an agreement, you must first accept the AWS Artifact non-disclosure agreement or NDA.

After you have accepted this NDA, then downloaded and reviewed the agreement, you may accept the agreement by checking a box acknowledging that you accept all of its relevant terms and conditions. Note that when accepting an agreement on behalf of all member accounts within an AWS Organization, you must also certify that you have the full power and authority to accept the agreement on behalf of every entity that either currently has, or may ever subsequently have, a member account within your organization at any point in the future.

So that’s how we can use AWS Artifact to not only view compliance reports and agreements but also to help ensure the solutions we architect in the AWS cloud remain secure and compliant with all necessary rules and regulations.

About the Author
Students
36847
Courses
26
Learning Paths
20

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.