Publishing guidelines - AWS Data Exchange User Guide

Publishing guidelines

The following guidelines outline restrictions for listing products on AWS Data Exchange. As a provider, you're responsible for complying with these guidelines and the Terms and Conditions for AWS Marketplace Sellers and the AWS Customer Agreement. AWS may update these guidelines from time to time. AWS removes any product that breaches these guidelines and may suspend the provider from future use of the service.

In addition to accepting and following the guidelines under the Terms and Conditions for AWS Marketplace Sellers, providers must abide by the following publishing guidelines for data products.

AWS Data Exchange publishing guidelines for data products
  1. Your data products may not contain any illegal content, viruses, malware, or any other material that is harmful to others.

  2. Your data products may not include any information that can be used to trace or associate a device or an identifiable person with a Sensitive Location. A Sensitive Location includes the following: any location offering cancer treatment, treatment for HIV/AIDS, fertility or abortion clinics, mental health treatment facilities, and emergency room trauma centers; places of religious worship; correctional facilities; dependency or addiction treatment centers; domestic abuse or rape crisis centers; places that may be used to infer an LGBTQ+ identification or other sexual orientation; military bases; temporary places of assembly such as political rallies, marches, or protests, during the times that such rallies, marches or protests take place; places primarily intended to be occupied by children under 16; places that may be used to infer engagement with explicit sexual content, material, or acts; places that may be used to infer refugee or immigrant status, such as refugee or immigration centers and immigration services; welfare or homeless shelters; halfway houses, credit repair, debt services, bankruptcy services, or payday lending institutions.

    In addition, unless you're a qualified data provider under AWS Data Exchange’s Extended Provider Program (EPP), your data products may not include information that can be used to identify any person, unless that information is Publicly Available Information. Publicly Available Information means information: (1) that is lawfully made available through federal, state, local government records, open court records, or public company filings; or (2) that is lawfully made available to the general public by the data subject.

  3. The following categories of information must be aggregated or anonymized so that no person in your data product can be identified: biometric or genetic data, health, racial or ethnic origin, political opinions, religious or philosophical beliefs, sex or sexual orientation, trade union membership, personal payment or financial information (for example, credit history), Sensitive Locations, or other similar categories of sensitive information.

    • Some examples of data sets that can be included on AWS Data Exchange – Historic stock prices for public companies, names of judges and their court opinions, and aggregated or anonymized research findings from pharmaceutical drug studies.

    • For HCLS use-cases, data that has been de-identified through Expert Determination or Safe Harbor methods in compliance with HIPAA de-identification guidelines.

    • Some examples of data sets that are prohibited on AWS Data Exchange – Lists of names organized by race, geo-location data that can be used to identify a person, and protected health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

  4. You should carefully consider how subscribers may and may not use your data products, and you should clearly include this information in your Data Subscription Agreement (DSA).

  5. Product listing descriptions must be accurate, contain valid contact information, and note if any data has been aggregated or anonymized.

  6. You may not use AWS Data Exchange to promote any other products or solutions not listed on AWS Marketplace, except for products or solutions that are not compatible with AWS Marketplace.

  7. You are limited to distributing data sets that meet the legal eligibility requirements set forth in the Terms and Conditions for AWS Marketplace Sellers. If you breach these terms in any way, the prohibited product is removed from AWS Data Exchange and you might be suspended from the service.

  8. If you're listing an API data set in a product:

    • You must first integrate your API with Amazon API Gateway. For more information about how to integrate your REST API with API Gateway, see Working with REST APIs in the API Gateway Developer Guide.

    • You must respond to support-related questions from subscribers about the data product in 1 business day. Not following this guideline may result in your products being removed from AWS Data Exchange.

  9. Logos, DSAs, and other attachments added to your product might be stored separately from where your actual data products sits.


Providers who are enrolled in the Extended Provider Program are subject to the restrictions set forth in the Extended Provider Program Addendum to the Terms and Conditions for AWS Marketplace Providers which are supplemental to guidelines 2 and 3 above. For more information, see Extended Provider Program (EPP).

If you have questions about the eligibility of your data set:

After you've reviewed the publishing guidelines for data products on AWS Data Exchange, and you've confirmed that your data set can be listed, you can create your product.