AWS Artifact | Compliance Reports Flashcards
What is AWS Artifact?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
AWS Artifact, available in the console, is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS’ compliance documentation.
Who should use AWS Artifact?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
AWS Artifact can be used by all AWS customers to assess and validate the security and compliance of the AWS infrastructure and services that they use.
You should use AWS Artifact if you are:
Obligated to demonstrate the compliance of your cloud architectures during system design, development and audit life cycles. In order to demonstrate the historical and current compliance of your AWS infrastructure (specific to the services that you use), auditors and regulators require you to provide evidence in the form of audit artifacts.
Required to, or are interested in using audit artifacts to validate that your AWS implemented controls are operating effectively.
Interested in continuously monitoring or auditing your suppliers.
A member of a development team that is building secure cloud architectures, and are in need of guidance in understanding your responsibility for complying with ISO, PCI, SOC, and other regulatory standards. Often, the work of your team will either enable your enterprise to use AWS, or ensure that your enterprise can continue to use AWS.
What is an audit artifact?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
An audit artifact is a piece of evidence that demonstrates that an organization is following a documented process, or meeting a specific requirement. Audit artifacts are gathered and archived throughout the system development life cycle, and are to be used as evidence in internal and/or external audits and assessments.
Who has access to AWS Artifact?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
All AWS Accounts have access to AWS Artifact. Root users and IAM users with admin permissions can download all audit artifacts available to their account by agreeing to the associated terms and conditions.
You will need to grant IAM users with non-admin permissions access to AWS Artifact using IAM permissions. This allows you to grant a user access to AWS Artifact, while restricting access to other services and resources within your AWS Account. For information on how to grant access using IAM, refer to this help topic in the AWS Artifact documentation.
How can I use these artifacts to meet my audit requirements?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
You can provide the AWS audit artifacts to your auditors or regulators as evidence of AWS security controls.
You can also use the responsibility guidance provided by some of the AWS audit artifacts to design your cloud architecture. This guidance helps determine the additional security controls you should put in place in order to support the specific use cases of your system.
Is there a limit to the number of artifacts I can download?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
No. You can access and download all available artifacts at any time, as many times as you need.
How do I share audit artifacts with my auditors?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
You will often need to provide your auditors with access to AWS compliance reports. You can easily accomplish this by creating IAM user credentials specific to each auditor, and configuring the credentials so that the auditor can only access the reports that are relevant to the audit that they are conducting. For more information, see this help topic in the AWS Artifact documentation.
How do I share audit artifacts with my customers who have a need to assess the security of AWS?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
Your customers can access AWS compliance reports using their own AWS Account. If they do not already have an account, you should direct them to create one. There is no charge associated with creating an account.
After logging into their account, your customers can access available reports in the AWS Console by navigating to Compliance Reports under Security, Identity & Compliance. If your customer would like to access a report that requires and NDA, they can receive access by signing a click-through NDA inside of the Artifact Console.
For more information refer to Getting Started with AWS Artifact.
How do I share audit artifacts with other individuals within my organization?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
You will often need to provide other individuals within your organization access to AWS compliance reports. Documents that you download from AWS Artifact are specifically generated for you, and every document has a unique watermark. For this reason, you should only share the documents with individuals that you trust. Do not email the documents as attachments, and do not share them online. To share a document, use a secure sharing service such as Amazon WorkDocs, or create an IAM permissions policy that gives IAM users in the group access to the AWS Artifact documents. For more information, refer to the AWS Artifact documentation.
Can I grant individuals within my organization access only to AWS Artifact?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
Yes. Using IAM, you can create a permissions policy for a non-admin group that gives the IAM users in the group access to AWS Artifact. You can then use the policty to restrict access to other services and resources within the associated account. For more information on how to create a non-admin group, refer to the AWS Artifact documentation.
Can I restrict access to individuals within my organization to only select artifacts?
Compliance Reports
AWS Artifact | Security, Identity & Compliance
Yes. Access can be granted to one or more artifacts using IAM permissions, giving you full control over who has access to each artifact. For example, if you want your PCI team to only have access to the AWS PCI report, but your SOX team to only have access to the AWS SOC 1 report, you can customize each users access permissions. For information on how to grant access using IAM, refer to this help topic in the AWS Artifact documentation.
