Sign In to the Console
Standardized Architecture for PCI DSS on AWS
PCI DSS Quick Start

AWS Documentation » Quick Start Guides » PCI DSS Quick Start » Standardized Architecture for PCI DSS on the AWS Cloud: Quick Start Reference Deployment

Standardized Architecture for PCI DSS on the AWS Cloud: Quick Start Reference Deployment

Deployment Guide

AWS Envision Engineering, AWS Professional Services, and AWS Quick Start Reference Team

May 2016  (last update: July 2019)

This Quick Start reference deployment guide discusses architectural considerations and steps for deploying security-focused baseline environments on the Amazon Web Services (AWS) cloud. Specifically, this Quick Start deploys a standardized environment that helps organizations with workloads that fall in scope for Payment Card Industry (PCI) Data Security Standard (DSS) compliance. The template relies on the requirements of PCI DSS version 3.2. The deployment guide includes links for viewing and launching AWS CloudFormation templates that automate the deployment.

This Quick Start is part of a set of AWS compliance offerings, which provide security-focused, standardized architecture solutions to help Managed Service Providers (MSPs), cloud provisioning teams, developers, integrators, and information security teams adhere to strict security, compliance, and risk management controls.

The following links are for your convenience. The launch button runs the main Quick Start template, which sets up a multi-tier, Linux-based web application using nested templates. For descriptions of the templates included in this Quick Start and information about using the nested templates separately, see the Templates Used in This Quick Start section of this guide.

  • If you have an AWS account that already meets the technical requirements for the PCI deployment, you can launch the Quick Start to build the architecture shown in Figure 2. The template is launched in the US East (N. Virginia) by default. If you have an AWS GovCloud (US-West) account, you can launch the template in the AWS GovCloud (US-West) Region.

    The deployment takes approximately 30 minutes. If you’re new to AWS or to PCI-compliant architectures on AWS, please read the overview and follow the detailed pre-deployment and deployment steps described in this guide.

    PCI Quick Start launch button

  • If you want to take a look under the covers, you can view the main template that automates this deployment. The main template includes references to child templates, and provides default settings that you can customize by following the instructions in this guide. For descriptions of the templates and guidance for using the nested templates separately, see the Templates Used in this Quick Start section of this guide.

    PCI Quick Start view template button

  • To see how PCI DSS controls map to Quick Start architecture decisions, components, and configuration, view the security controls reference (Microsoft Excel spreadsheet). The excerpt in Figure 1 provides a sample of the available information.

    PCI Quick Start security controls reference

    Excerpt from the PCI DSS security controls reference

    Figure 1: Excerpt from the PCI DSS security controls reference

We'd like your feedback

After you deploy this Quick Start, please take a few minutes to fill out our survey. Your response is anonymous and will help us improve this and other compliance-related reference deployments.

About Quick Starts

Quick Starts are automated reference deployments for key workloads on the AWS Cloud. Each Quick Start launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability.

On this page: