AWS Services in Scope by Compliance Program

• Alexa for Business [for healthcare skills only – requires Alexa Skills BAA. See HIPAA whitepaper for details]
  
• AWS Amplify Console
• HAQM API Gateway
• AWS App Mesh
• AWS AppFabric
• HAQM AppFlow
• AWS Application Migration Service
  
• HAQM AppStream 2.0
  
• AWS AppSync
  
• HAQM Athena
• AWS Audit Manager
• HAQM Augmented AI [excludes Public Workforce and Vendor Workforce for all features]
• HAQM Aurora
• AWS B2B Data Interchange
• AWS Backup
• AWS Batch
  
• HAQM Bedrock
  
• AWS Certificate Manager
  
• HAQM Chime
  
• HAQM Chime SDK
• AWS Clean Rooms
  
• AWS Cloud 9
  
• HAQM Cloud Directory
  
• AWS Cloud Map
  
• AWS CloudEndure
  
• AWS CloudFormation
  
• HAQM CloudFront [excludes content delivery through HAQM CloudFront Embedded Point of Presences]
  
• AWS CloudHSM
  
• AWS CloudShell
  
• AWS CloudTrail
  
• HAQM CloudWatch
  
• HAQM CloudWatch Logs
  
• HAQM CloudWatch SDK Metrics
  
• AWS CodeBuild
  
• AWS CodeCommit
  
• AWS CodeDeploy
  
• AWS CodePipeline
  
• HAQM Cognito
  
• HAQM Comprehend
  
• HAQM Comprehend Medical
  
• AWS Config
  
• HAQM Connect
  
• AWS Control Tower
  
• AWS Data Exchange
  
• AWS Database Migration Service (DMS)
  
• AWS DataSync
• HAQM DataZone
• HAQM Detective
  
• HAQM DevOps Guru
  
• AWS Direct Connect
  
• AWS Directory Service [excludes Simple AD]
• HAQM DocumentDB [with MongoDB compatibility]
  
• HAQM DynamoDB
  
• HAQM EC2 Auto Scaling
  
• HAQM ElastiCache
  
• AWS Elastic Beanstalk
  
• HAQM Elastic Block Store (HAQM EBS)
  
• HAQM Elastic Compute Cloud (HAQM EC2)
  
• HAQM Elastic Container Registry (ECR)
  
• HAQM Elastic Container Service (ECS)
• AWS Elastic Disaster Recovery
  
• HAQM Elastic File System (EFS)
  
• HAQM Elastic Kubernetes Service (EKS)
  
• Elastic Load Balancing
  
• HAQM Elastic MapReduce (EMR)
  
• AWS Elemental MediaConnect
  
• AWS Elemental MediaConvert
  
• AWS Elemental MediaLive
• AWS Entity Resolution
• HAQM EventBridge [formerly HAQM Cloudwatch Events]
• AWS Fargate [ECS and EKS engines only]
  
• AWS Fault Injection Simulator
  
• AWS Firewall Manager
  
• HAQM Forecast
  
• HAQM FreeRTOS
  
• HAQM FSx
  
• AWS Global Accelerator
  
• AWS Glue
  
• AWS Glue DataBrew
  
• HAQM GuardDuty
  
• AWS HealthLake
  
• AWS HealthOmics
  
• AWS HealthImaging
• AWS IAM Identity Center
• HAQM Inspector
  
• AWS IoT Core
  
• AWS IoT Device Management
  
• AWS IoT Events
  
• AWS IoT Greengrass
  
• AWS IoT SiteWise
  
• HAQM Kendra
  
• AWS Key Management Service (KMS)
  
• HAQM Managed Service for Apache Flink 
  
• HAQM Keyspaces [For Apache Cassandra]
  
• HAQM Kinesis Data Streams
  
• HAQM Kinesis Data Firehose
  
• HAQM Kinesis Video Streams
• AWS Lake Formation
  
• AWS Lambda
  
• HAQM Lex
  
• HAQM Location Service
  
• HAQM Macie
  
• AWS Mainframe Modernization
  
• AWS Managed Services [excluding Operations on Demand Services, except for the RFC Expedite feature]
• HAQM Managed Service for Prometheus
• HAQM Managed Workflow for Apache Airflow
  
• HAQM Managed Streaming for Apache Kafka
  
• HAQM MemoryDB
  
• HAQM MQ
  
• HAQM Neptune
  
• AWS Network Firewall
  
• HAQM OpenSearch Service
  
• AWS OpsWorks for Chef Automate
  
• AWS OpsWorks for Puppet Enterprise
  
• AWS OpsWorks Stacks
  
• AWS Organizations
  
• AWS Outposts
  
• HAQM Personalize
  
• HAQM Pinpoint and End User Messaging (formerly HAQM Pinpoint) [excluding Voice Message capabilities and WhatsApp Channel]
  
• HAQM Polly
  
• AWS Private Certificate Authority
• HAQM Q Business
  
• HAQM Quantum Ledger Database (QLDB)
  
• HAQM QuickSight
  
• HAQM Rekognition
  
• HAQM Redshift
  
• HAQM Relational Database Service (HAQM RDS) [SQL Server, MySQL, Oracle, PostgreSQL, Db2 and MariaDB engines only]
• AWS Resilience Hub
• AWS Resource Access Manager (RAM)
• AWS Resource Explorer
• AWS RoboMaker
  
• HAQM Route 53
  
• HAQM S3 Glacier
  
• HAQM SageMaker AI [formerly HAQM Sagemaker, excludes Studio Lab, Ground Truth Plus, Public Workforce and Vendor Workforce for all features]
  
• AWS Secrets Manager
  
• AWS Security Hub
  
• AWS Service Catalog
  
• AWS Serverless Application Repository
• AWS Shield [Standard and Advanced]
• HAQM Simple Email Service (HAQM SES)
  
• HAQM Simple Notification Service (SNS)
  
• HAQM Simple Queue Service (SQS)
  
• HAQM Simple Storage Service (S3)
  
• HAQM Simple Workflow Service (SWF)
  
• AWS Snowball
  
• AWS Snowball Edge
• AWS Step Functions
  
• AWS Storage Gateway
  
• AWS Systems Manager
  
• HAQM Textract
  
• HAQM Timestream
  
• AWS Transcribe
  
• AWS Transfer Family
  
• HAQM Translate
• AWS Verified Access
• HAQM Verified Permissions
• HAQM Virtual Private Cloud (VPC)
  
• AWS Web Application Firewall (WAF)
  
• AWS Wickr
  
• HAQM WorkDocs [Excluding Adding Controls for Deleting Previous File Version Feature]
  
• HAQM WorkLink
  
• HAQM WorkSpaces
• HAQM WorkSpaces Thin Client
• HAQM WorkSpaces Secure Browser
  
• AWS X-Ray
  
• VM Import/Export  

NOTE: If you are a Covered Entity or Business Associate as defined by the Health Insurance Portability and Accountability Act of 1996 (as amended, “HIPAA”), you agree not to use these HIPAA Eligible Services for any purpose or in any manner involving Protected Health Information (as defined by HIPAA) without first entering into an AWS business associate agreement.

Unless specifically excluded, generally available features of each of the HIPAA eligible services listed are also considered HIPAA eligible.

The services listed above are eligible for workloads involving electronic Protected Health Information (ePHI). It's important to note that some AWS services are not listed here. Customers still may use services not listed here, including within HIPAA Accounts, provided that the services do not process or store ePHI. For more information, please speak to your AWS account representative. Customers are responsible for ensuring their own HIPAA compliance when using any AWS service.