Getting started with AWS Artifact

AWS Artifact provides a central resource for AWS security and compliance reports. The artifacts available in AWS Artifact include Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies that validate the implementation and operating effectiveness of AWS security controls. Additionally, AWS Artifact provides on-demand access to the security and compliance documents such as ISO certifications, and Service Organization Control (SOC) reports of the Independent Software Vendors (ISVs) who sell their products on AWS Marketplace. For more information, see AWS Marketplace Vendor Insights.

AWS Artifact enables you to accept and manage legal agreements such as the Business Associate Addendum (BAA). If you use AWS Organizations, you can accept agreements on behalf of all accounts within your organization. When accepted, all existing and subsequent member accounts are automatically covered by the agreement.

Step 1: Sign up for AWS

If you do not have an AWS account, complete the following steps to create one.

To sign up for an AWS account

1. Open https://portal.aws.amazon.com/billing/signup.

2. Follow the online instructions.

   Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

   When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and use only the root user to perform tasks that require root user access.

Step 2: Download a report

You can download reports using Adobe Acrobat Reader. Other PDF readers are not supported. For more information, see Downloading reports.

To download a report

1. Open the AWS Artifact console at https://console.aws.amazon.com/artifact/.

2. On the AWS Artifact home page, choose View reports.

3. On the Reports page, use the AWS reports tab to access an AWS reports and navigate to the Third-party reports tab to access the reports of the Independent Software Vendors (ISVs) who sell their products on AWS Marketplace.

4. (Optional) Enter a keyword in the search field to locate a report.

5. Select a report, and then choose Download report.

6. (Optional) On the Third-party reports tab, you can access the details page of an ISV report by clicking on the Report title to learn more about the report.

7. You might be asked to accept Terms and conditions that apply to the specific report you are downloading. We recommend that you read them closely. When you are finished, select I have read and agree to the terms and then choose Accept terms and download report.

8. Open the downloaded file via a PDF viewer. Review the terms and conditions for acceptance and scroll down to find the audit report. Reports could have additional information embedded as attachments within the PDF document, so please make sure to check for attachments within the PDF file for supporting documentation. Check here for instructions on how to view attachments.

Third-party reports are accessible only for AWS customers who have onboarded to AWS Marketplace Vendor Insights. To learn more, see AWS Marketplace Vendor Insights.

Step 3: Manage agreements

Before you enter into an agreement, you must download and agree to the terms of the AWS Artifact nondisclosure agreement (NDA). Each agreement is confidential and cannot be shared with others outside of your company.

To accept an agreement with AWS

1. Open the AWS Artifact console at https://console.aws.amazon.com/artifact/.

2. On the AWS Artifact navigation pane, choose Agreements.

3. Choose Account agreements to manage agreements for your account or Organization agreements to manage agreements on behalf of your organization.

4. Expand the section of the agreement.

5. Choose Download and review.

6. Read the Terms and conditions. When you are finished, choose Accept and download.

7. Review the agreement and then select the check boxes to indicate that you agree.

8. Choose Accept to accept the agreement.

For more information, see Managing agreements.

Step 4: Manage notifications

You can subscribe to notifications for the availability of new reports and agreements or updates to existing reports and agreements. AWS Artifact uses the AWS User Notification service to send notifications. Notifications are sent to email addresses that the user provides during the notification configuration setup.

To create a configuration

1. Open the notification hubs page in AWS User Notifications service

2. Select the region(s) where you want to store your AWS User Notifications resources. By default, your User Notifications data will be stored in US East (N. Virginia), and replicated across other regions you select. See notification hubs documentation for more details.

3. Click on Create configuration.

4. To receive notifications for agreements, click the checkbox for Updates on AWS Agreements.

5. To receive notifications for reports, click the checkbox for Updates on AWS Reports. To only receive notifications for reports under specific categories and series, click the checkbox for A subset of reports and click the checkbox for the categories and series you are interested in.

6. Enter a name for your configuration.

7. Enter a comma separated list of emails where notifications should be sent.

8. (Optional) To assign a tag to the notification configuration, enter the key-value pairs by expanding the Tags section. Note: A tag is a label that you can assign to an AWS resource and each tag consists of a key and an optional value that you can define. Tags help you manage, search for, and filter resources.

9. Click Submit.

10. A verification email will be sent to the provided email addresses and the email recipients will need to click Verify email link within the verification email sent to them. Please note that only verified email addresses will start receiving notifications.

For more information, see Managing notifications.