AWS Artifact のアイコン

AWS Artifact Specialized2016年〜

A service for on-demand access to AWS compliance reports and agreements

About 3 min read

What It Does

AWS Artifact is a self-service portal that lets you download AWS security and compliance reports and agreements on demand. You can obtain audit reports from independent third-party auditors, including SOC reports, PCI DSS attestations, and ISO certifications, all at no cost. You can also review and accept agreements such as Business Associate Addendums (BAA) and Data Processing Addendums (DPA) directly through the portal.

Use Cases

Used for obtaining documentation to prove AWS certification status during internal compliance audits, presenting security certifications requested by customers or business partners, signing BAAs (Business Associate Addendums) for HIPAA compliance, and reviewing data processing agreements for GDPR compliance.

Everyday Analogy

Think of it like a government records office. When you need official documents (compliance reports) to prove the safety and legal standing of a property (AWS infrastructure), you can visit the office (Artifact) anytime to get the latest paperwork. The documents are issued by independent third parties (audit firms), so they carry credibility.

What Is Artifact?

AWS Artifact is a portal for obtaining AWS compliance reports and agreements. When businesses use AWS, they sometimes need to prove that their infrastructure meets certain security standards. With Artifact, you can download various certification reports that AWS holds at any time, making it useful for audit responses and compliance verification.

Compliance Reports

Artifact provides downloadable compliance reports including SOC 1/2/3 reports, PCI DSS attestations, ISO 27001/27017/27018 certifications, and FedRAMP authorizations. These are the results of independent third-party auditors evaluating AWS's control environment. When your audit asks whether your cloud provider's security measures are adequate, you can present these reports as evidence.

Agreement Management

The Agreements section in Artifact lets you review and accept various agreements with AWS. For example, you may need a HIPAA BAA (Business Associate Addendum) when handling medical information, or a GDPR DPA (Data Processing Addendum) when processing EU personal data. By integrating with Organizations, you can apply agreements across all accounts in your organization at once. For a deeper understanding of agreement management, books on Amazon can also be helpful.

Getting Started

Open Artifact in the AWS Console and select the report you need from the Reports tab to download it. Some reports require you to agree to an NDA (Non-Disclosure Agreement). To sign agreements, go to the Agreements tab, select the required agreement, and accept it. Configure IAM policies to set appropriate access permissions for Artifact so that only authorized personnel can retrieve reports.

Things to Watch Out For

  • Artifact itself is free to use, and there is no charge for downloading reports
  • Some reports require NDA (Non-Disclosure Agreement) acceptance and may have restrictions on sharing outside your organization
  • Reports are updated periodically, so always download the latest version when preparing for audits. Older versions remain available for a limited time
共有するXB!

Related Services

AWS Config iconAWS ConfigA service that records and evaluates AWS resource configuration changes and continuously monitors complianceAWS Security Hub iconAWS Security HubCentrally manage your AWS security posture and automatically check compliance with best practicesAWS Organizations iconAWS OrganizationsA service for centrally managing multiple AWS accountsAWS CloudTrail iconAWS CloudTrailA service that records and monitors API activity in your AWS account

Related Articles

Retrieving Compliance Reports with AWS Artifact - Audit Response and Agreement ManagementLearn how to retrieve SOC, PCI DSS, and ISO audit reports on demand and apply BAA and GDPR DPA agreements across your entire AWS Organizations structure.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWSAWS Firewall Manager iconAWS Firewall Manager SpecializedA service for centrally managing firewall rules across your entire AWS Organization

Similar Articles and Services

Retrieving Compliance Reports with AWS Artifact - Audit Response and Agreement ManagementLearn how to retrieve SOC, PCI DSS, and ISO audit reports on demand and apply BAA and GDPR DPA agreements across your entire AWS Organizations structure.AWS Compliance - Over 143 Certifications from ISMAP to PCI DSS That Outpace the CompetitionExplore the breadth of AWS's 143+ compliance certifications, focusing on ISMAP, SOC, PCI DSS, and HIPAA, and compare the certification coverage with Azure and GCP.AWS Audit ManagerA service that automates evidence collection and assessment for compliance auditsAWS Audit ManagerA service that automates compliance audit evidence collection and continuously assesses adherence to frameworks such as SOC 2, PCI DSS, and HIPAAAutomating Audits - Continuously Collecting Compliance Evidence with AWS Audit ManagerLearn how to automate audit evidence collection with AWS Audit Manager. This guide covers automated assessments based on frameworks such as SOC 2, PCI DSS, and GDPR, centralized evidence management, and audit report generation.