AWS Security & Identity Services

AWS Artifact

4 min read
Updated June 23, 2025
3,603 characters

Key Components of AWS Artifact

The service is organized into two main sections: Reports and Agreements.

1. AWS Artifact Reports

This section provides access to compliance reports prepared by independent, third-party auditors who have tested and verified the effectiveness of AWS's security controls.

  • Purpose: To provide you with evidence of AWS's compliance posture. You can provide these reports directly to your auditors to demonstrate that the underlying AWS infrastructure meets various global, regional, and industry standards.

  • Common Reports Available:

    • Service Organization Controls (SOC): SOC 1, SOC 2, and SOC 3 reports.

    • Payment Card Industry (PCI): Reports for PCI Data Security Standard (DSS).

    • ISO/IEC Certifications: Reports for standards like ISO 27001, ISO 27017, ISO 27018, and ISO 9001.

    • Government & Industry Specific Reports: Reports for frameworks such as FedRAMP, HIPAA, and many others.

  • How to Access: You can search for, view, and download these reports at any time. For certain sensitive reports, you may need to agree to a Non-Disclosure Agreement (NDA) directly within the portal before downloading.

2. AWS Artifact Agreements

This section allows you to review, accept, and manage legal agreements with AWS that are relevant to specific types of data or compliance regulations.

  • Purpose: To formally acknowledge and accept terms required for processing certain types of regulated data on AWS.

  • Key Agreements:

    • Business Associate Addendum (BAA): This is the most common agreement. It is a legal requirement under the Health Insurance Portability and Accountability Act (HIPAA) for any customer who plans to process Protected Health Information (PHI) in their AWS account.

    • Other Agreements: Depending on your needs, you might also manage agreements for services that are eligible for other compliance standards.

  • How to Access: You can review the terms of an agreement and accept it on behalf of your account or your entire AWS Organization. This action is recorded for your audit trail.

Core Features & Benefits

  • Centralized Resource: A single source of truth for all AWS security and compliance documents.

  • On-Demand & No Cost: Access reports and manage agreements 24/7 without needing to contact AWS support and at no additional charge.

  • Simplifies Audits: Drastically reduces the time and effort required to gather evidence for your own compliance audits.

  • Audit-Ready: All actions within AWS Artifact, such as downloading a report or accepting an agreement, are logged in AWS CloudTrail. This provides a transparent audit trail for your organization.

  • Secure Access: Access to AWS Artifact is controlled through AWS Identity and Access Management (IAM), ensuring that only authorized users can view and manage compliance information.

Use Case Example

A financial technology startup is preparing for its first PCI DSS audit to be able to process credit card payments.

  1. The startup's compliance officer logs into the AWS Console and navigates to AWS Artifact.

  2. In the Reports section, they search for "PCI" and download the latest AWS PCI DSS Attestation of Compliance (AoC) and Responsibility Summary.

  3. They provide these documents to their auditor as evidence that the AWS infrastructure on which their application is built is PCI compliant. This allows the auditor to focus on the startup's application-level controls, saving significant time and effort.

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide
Complete preparation for AWS certification exams
AWS Cookbook
Practical recipes for AWS cloud solutions
As an Amazon Associate, we earn from qualifying purchases.
Back to All