AWS Services in Scope by Compliance Program

Canadian Centre for Cyber Security (CCCS)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative?

Unless specifically excluded, generally available features of each of the services are considered in the scope, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

Click here for full list of services covered under the AWS compliance programs.

CCCS

Last updated: December 17, 2024

SERVICES / PROGRAMS	CCCS MEDIUM (formerly PBMM)	Protected B High Value Assets (PBHVA)
Amazon API Gateway	✓	✓
Amazon AppFlow	✓	✓
Amazon AppStream 2.0	✓	✓
Amazon Athena	✓	✓
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]	✓	✓
Amazon Aurora [feature of Amazon RDS]	✓	✓
Amazon Bedrock	✓
Amazon Chime	✓	✓
Amazon Chime SDK	✓	✓
Amazon Cloud Directory	✓	✓
Amazon CloudFront [excludes content delivery through Amazon CloudFront Embedded Point of Presences]	✓	✓
Amazon CloudWatch	✓	✓
Amazon Cognito	✓	✓
Amazon Comprehend	✓	✓
Amazon Comprehend Medical	✓	✓
Amazon Connect	✓	✓
Amazon Data Firehose	✓	✓
Amazon Detective	✓	✓
Amazon DevOps Guru	✓	✓
Amazon DocumentDB (with MongoDB compatibility)	✓	✓
Amazon DynamoDB	✓	✓
Amazon Elastic Block Store (EBS)	✓	✓
Amazon Elastic Compute Cloud (Amazon EC2)	✓	✓
Amazon Elastic Container Registry (ECR)	✓	✓
Amazon Elastic Container Service (ECS) [includes ECS Anywhere]	✓	✓
Amazon Elastic File System (EFS)	✓	✓
Amazon Elastic Kubernetes Service (EKS) [includes EKS Anywhere]	✓	✓
Amazon Elastic MapReduce (EMR)	✓	✓
Amazon ElastiCache	✓	✓
Amazon Eventbridge	✓	✓
Amazon FinSpace	✓	✓
Amazon FSx	✓	✓
Amazon GuardDuty	✓	✓
Amazon Inspector	✓	✓
Amazon Kendra	✓	✓
Amazon Keyspaces (for Apache Cassandra)	✓	✓
Amazon Kinesis Data Streams	✓	✓
Amazon Kinesis Video Streams	✓	✓
Amazon Lex	✓	✓
Amazon Location Service	✓	✓
Amazon Macie	✓	✓
Amazon Managed Service for Apache Flink	✓	✓
Amazon Managed Streaming for Apache Kafka	✓	✓
Amazon Managed Workflows for Apache Airflow	✓	✓
Amazon MemoryDB (formerly MemoryDB for Redis)	✓	✓
Amazon MQ	✓	✓
Amazon Neptune	✓	✓
Amazon OpenSearch Service	✓	✓
Amazon Personalize	✓	✓
Amazon Pinpoint and End User Messaging	✓	✓
Amazon Polly	✓	✓
Amazon Quantum Ledger Database (QLDB)	✓	✓
Amazon QuickSight	✓	✓
Amazon Redshift	✓	✓
Amazon Rekognition	✓	✓
Amazon Relational Database Service (RDS)	✓	✓
Amazon Route 53	✓	✓
Amazon S3 Glacier	✓	✓
Amazon Sagemaker	✓	✓
Amazon Simple Email Service (SES)	✓	✓
Amazon Simple Notification Service (SNS)	✓	✓
Amazon Simple Queue Service (SQS)	✓	✓
Amazon Simple Storage Service (S3)	✓	✓
Amazon Simple Workflow Service (SWF)	✓	✓
Amazon Textract	✓	✓
Amazon Transcribe	✓	✓
Amazon Transcribe Medical	✓	✓
Amazon Translate	✓	✓
Amazon Virtual Private Cloud (VPC)	✓	✓
Amazon VPC Lattice [feature of Amazon VPC]	✓	✓
Amazon WorkSpaces	✓	✓
Amazon WorkSpaces Secure Browser (formerly Amazon Workspaces Web)	✓	✓
AWS Amplify	✓	✓
AWS App Mesh	✓	✓
AWS Application Migration Service (formerly CloudEndure Migration)	✓	✓
AWS AppSync	✓	✓
AWS Audit Manager	✓	✓
AWS Auto Scaling [feature of EC2]	✓	✓
AWS Backup	✓	✓
AWS Batch	✓	✓
AWS Certificate Manager	✓	✓
AWS Chatbot	✓	✓
AWS Cloud Map	✓	✓
AWS Cloud9	✓	✓
AWS CloudFormation	✓	✓
AWS CloudHSM	✓	✓
AWS CloudShell	✓	✓
AWS CloudTrail	✓	✓
AWS CodeBuild	✓	✓
AWS CodeCommit	✓	✓
AWS CodeDeploy	✓	✓
AWS CodePipeline	✓	✓
AWS Config	✓	✓
AWS Control Tower	✓	✓
AWS Database Migration Service	✓	✓
AWS DataSync	✓	✓
AWS Direct Connect	✓	✓
AWS Directory Service [excludes Simple AD]	✓	✓
AWS Elastic Beanstalk	✓	✓
AWS Elastic Disaster Recovery (AWS DRS)	✓	✓
AWS Elemental MediaConnect	✓	✓
AWS Elemental MediaConvert	✓	✓
AWS Elemental MediaLive	✓	✓
AWS Fargate [feature of EKS and ECS]	✓	✓
AWS Fault Injection Service	✓	✓
AWS Firewall Manager [feature of WAF]	✓	✓
AWS Global Accelerator	✓	✓
AWS Glue	✓	✓
AWS Health Dashboard	✓	✓
AWS IAM Identity Center (successor to AWS Single Sign-On)	✓	✓
AWS Identity and Access Management (IAM)	✓	✓
AWS IoT Core	✓	✓
AWS IoT Device Defender	✓	✓
AWS IoT Device Management	✓	✓
AWS IoT Events	✓	✓
AWS IoT Greengrass	✓	✓
AWS IoT SiteWise	✓	✓
AWS Key Management Service	✓	✓
AWS Lake Formation [feature of Glue]	✓	✓
AWS Lambda	✓	✓
AWS License Manager	✓	✓
AWS Mainframe Modernization	✓	✓
AWS Network Firewall	✓	✓
AWS OpsWorks Stacks	✓	✓
AWS Organizations	✓	✓
AWS Outposts	✓	✓
AWS Private Certificate Authority (AWS Private CA)	✓	✓
AWS PrivateLink [feature of Amazon VPC]	✓	✓
AWS Resilience Hub	✓	✓
AWS Resource Access Manager (RAM)	✓	✓
AWS Resource Groups	✓	✓
AWS Secrets Manager	✓	✓
AWS Security Hub	✓	✓
AWS Service Catalog	✓	✓
AWS Shield	✓	✓
AWS Signer	✓	✓
AWS Snowball	✓	✓
AWS Snowcone	✓	✓
AWS Step Functions	✓	✓
AWS Storage Gateway	✓	✓
AWS Systems Manager	✓	✓
AWS Transfer Family	✓	✓
AWS Transit Gateway [feature of Amazon VPC]	✓	✓
AWS Trusted Advisor	✓	✓
AWS VPN [feature of Amazon VPC]	✓	✓
AWS WAF	✓	✓
AWS Wickr	✓	✓
AWS X-Ray	✓	✓
EC2 Image Builder	✓	✓
Elastic Load Balancing [feature of EC2]	✓	✓

AWS Services in Scope by Compliance Program

Want More Information About Services in Scope?

Ending Support for Internet Explorer