AWS Artifact
User Guide

What Is AWS Artifact?

AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports. You can submit these documents (also known as audit artifacts) to your auditors or regulators to demonstrate the security and compliance of the AWS infrastructure and services that you use. You also can use these documents as guidelines to evaluate your own cloud architecture and assess the effectiveness of your company's internal controls. AWS Artifact provides documents about AWS only. AWS customers are responsible for developing or obtaining documents that demonstrate the security and compliance of their companies. For more information, see Shared Responsibility Model.

AWS Artifact Agreements is a feature of the AWS Artifact service that enables you to review, accept, and track the status of a Business Associate Addendum (BAA) agreement. A BAA typically is required for companies that are subject to the Health Insurance Portability and Accountability Act (HIPAA) to ensure that protected health information (PHI) is appropriately safeguarded. You can use AWS Artifact Agreements to enter into a BAA agreement with AWS and designate an AWS account that can legally process protected health information (PHI). For more information, see Managing Your Agreements.

Are You a First-Time AWS Artifact User?

If you are a first-time user of AWS Artifact, we recommend that you begin by reading the following sections:

Accessing AWS Artifact

AWS Artifact provides a web-based user interface, the AWS Artifact console. If you've signed up for an AWS account and have contacted AWS for these documents before, you can access the AWS Artifact console by signing into the AWS Management Console and choosing Artifact from the console home page.

Securing Your Documents

Audit artifacts are confidential documents, and should be kept secure at all times. AWS Artifact and AWS Artifact Agreements use the AWS shared compliance responsibility model for its documents. This means that AWS is responsible for keeping documents secure while they are in the AWS Cloud, but you are responsible for keeping them secure after you download them. AWS Artifact might require you to sign a Non-Disclosure Agreement (NDA) before you can download documents. Each document download has a unique, traceable watermark.

Audit artifacts should be shared only with those you trust. We strongly recommend that you use a secure document sharing service, such as Amazon WorkDocs, to share documents with others. Do not send these documents over email or upload them to an unsecure site.

Pricing for AWS Artifact

AWS Artifact and AWS Artifact Agreements are provided to you free of cost.