The AWS Privacy Reference Architecture

Survey

We would love to hear from you. Please provide feedback on the AWS PRA by taking a short survey.

The following diagram illustrates the AWS Privacy Reference Architecture (AWS PRA). This is an example of an architecture that connects many privacy-related AWS services and features. This architecture is built on a landing zone that is governed by AWS Control Tower.

Diagram of the AWS services deployed in the AWS Privacy Reference Architecture

The AWS PRA includes a serverless web architecture that is hosted in the Personal Data (PD) Application account. The architecture in this account is an example workload that collects personal data directly from consumers. In this workload, users connect through a web tier. The web tier interacts with the application tier. This tier receives inputs from the web tier, processes and stores the data, allows authorized internal teams and third parties to access the data, and eventually archives and deletes the data when it's no longer required. The architecture is purposefully modular and event-driven in order to demonstrate many of the foundational privacy engineering techniques without delving into specific use cases, such as data lakes, containers, compute, or Internet of Things (IoT).

Next, this guide describes each account in the organization in detail. It discusses the privacy-related services and features, considerations and recommendations, and diagrams for each of the following accounts:

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Operationalizing AWS privacy services

Org Management account