Welcome to AWS compliance! After securing your data and networks, you often need to prove to auditors that you are following specific industry or government regulations.

Compliance means adhering to a set of rules for how you handle data, especially sensitive data like credit card numbers or health records.

Engagement Message

Can you think of any industries where strict data handling rules would be especially important?

Remember the Shared Responsibility Model? This is critical for compliance. AWS is responsible for the compliance of its infrastructure, and it undergoes many third-party audits to prove it.

You can view these audit reports, like SOC 2 or ISO 27001, through a service called AWS Artifact.

Engagement Message

Why are third-party audits more trustworthy than a company's own claims?

You are then responsible for building compliant applications on top of AWS's compliant infrastructure. For example, if you process credit cards, you must follow the Payment Card Industry Data Security Standard (PCI DSS).

AWS provides the secure infrastructure, but you must ensure your application handles cardholder data correctly.

Engagement Message

What could happen to a business if they fail to comply with PCI DSS requirements?

Another common framework is HIPAA, the Health Insurance Portability and Accountability Act, which governs protected health information (PHI) in the United States.

If you build a healthcare application, you must configure AWS services in a HIPAA-compliant way to protect patient data.

Engagement Message

Why might healthcare data require stricter protection than other types of personal information?

AWS gives you the tools to meet these standards. For example, CloudTrail provides audit logs, KMS allows you to control encryption keys, and IAM lets you enforce strict access controls.