AWS Services in Scope by Compliance Program
ISO and CSA STAR Certified
AWS ISO and CSA STAR Certifications and Services
AWS has certification for compliance with ISO/IEC 27001:2022, 27017:2015, 27018:2019, 27701:2019, 22301:2019, 20000-1:2018, 9001:2015, and CSA STAR CCM v4.0. AWS services that are covered under the certifications are listed below.
Unless specifically excluded, all features of a services are in scope. Refer to AWS Documentation to see service features.
Last updated: April 11, 2025
| AWS Services |
|---|
| HAQM API Gateway |
| HAQM AppFlow |
| HAQM Application Recovery Controller |
| HAQM AppStream 2.0 |
| HAQM Athena |
| HAQM Augmented AI [Excludes Public Workforce and Vendor Workforce for all features] |
| HAQM Bedrock [excludes HAQM Bedrock Marketplace] |
| HAQM Chime |
| HAQM Chime SDK |
| HAQM Cloud Directory |
| HAQM CloudFront [excludes content delivery through HAQM CloudFront Embedded Point of Presences] |
| HAQM CloudWatch |
| HAQM CloudWatch Logs |
| HAQM Cognito |
| HAQM Comprehend |
| HAQM Comprehend Medical |
| HAQM Connect |
| HAQM Data Firehose |
| HAQM Datazone |
| HAQM Detective |
| HAQM DevOps Guru |
| HAQM DocumentDB [with MongoDB compatibility] |
| HAQM DynamoDB |
| HAQM EC2 Auto Scaling |
| HAQM Elastic Block Store (EBS) |
| HAQM Elastic Compute Cloud (EC2) |
| HAQM Elastic Container Registry (ECR) |
| HAQM Elastic Container Service – [both Fargate and EC2 launch types] |
| HAQM Elastic File System (EFS) |
| HAQM Elastic Kubernetes Service (EKS) [both Fargate and EC2 launch types] |
| HAQM Elastic MapReduce (EMR) |
| HAQM ElastiCache |
| HAQM EventBridge |
| HAQM FinSpace |
| HAQM Forecast |
| HAQM Fraud Detector |
| HAQM FSx |
| HAQM GuardDuty |
| HAQM Inspector |
| HAQM Inspector Classic |
| HAQM Kendra |
| HAQM Keyspaces (for Apache Cassandra) |
| HAQM Kinesis Data Streams |
| HAQM Kinesis Video Streams |
| HAQM Lex |
| HAQM Location Service |
| HAQM Macie |
| HAQM Managed Grafana |
| HAQM Managed Service for Apache Flink |
| HAQM Managed Service for Prometheus |
| HAQM Managed Streaming for Apache Kafka |
| HAQM Managed Workflows for Apache Airflow (HAQM MWAA) |
| HAQM MemoryDB |
| HAQM MQ |
| HAQM Neptune |
| HAQM OpenSearch Service |
| HAQM Personalize |
| HAQM Pinpoint and End User Messaging |
| HAQM Polly |
| HAQM Q Business |
| HAQM Q Developer |
| HAQM Quantum Ledger Database (QLDB) |
| HAQM QuickSight |
| HAQM Redshift |
| HAQM Rekognition |
| HAQM Relational Database Service (RDS) |
| HAQM Route 53 |
| HAQM S3 Glacier |
| HAQM SageMaker AI [formerly HAQM Sagemaker, excludes Studio Lab, Public Workforce and Vendor Workforce for all features] |
| HAQM Security Lake |
| HAQM Simple Email Service (SES) |
| HAQM Simple Notification Service (SNS) |
| HAQM Simple Queue Service (SQS) |
| HAQM Simple Storage Service (S3) |
| HAQM Simple Workflow Service (SWF) |
| HAQM SimpleDB |
| HAQM Textract |
| HAQM Timestream |
| HAQM Transcribe |
| HAQM Translate |
| HAQM Verified Permissions |
| HAQM Virtual Private Cloud (VPC) |
| HAQM WorkDocs |
| HAQM WorkMail |
| HAQM WorkSpaces |
| HAQM WorkSpaces Secure Browser |
| HAQM WorkSpaces Thin Client |
| AWS Amplify |
| AWS App Mesh |
| AWS App Runner |
| AWS AppFabric |
| AWS Application Migration Service |
| AWS AppSync |
| AWS Artifact |
| AWS Audit Manager |
| AWS B2B Data Interchange |
| AWS Backup |
| AWS Batch |
| AWS Certificate Manager (ACM) |
| AWS Clean Rooms |
| AWS Cloud Map |
| AWS Cloud9 |
| AWS CloudFormation |
| AWS CloudHSM |
| AWS CloudShell |
| AWS CloudTrail |
| AWS CodeBuild |
| AWS CodeCommit |
| AWS CodeDeploy |
| AWS CodePipeline |
| AWS Config |
| AWS Control Tower |
| AWS Data Exchange |
| AWS Database Migration Service (DMS) |
| AWS DataSync |
| AWS Device Farm |
| AWS Direct Connect |
| AWS Directory Service [Excludes Simple AD] |
| AWS Elastic Beanstalk |
| AWS Elastic Disaster Recovery |
| AWS Elemental MediaConnect |
| AWS Elemental MediaConvert |
| AWS Elemental MediaLive |
| AWS Entity Resolution |
| AWS Fault Injection Service |
| AWS Firewall Manager |
| AWS Global Accelerator |
| AWS Glue |
| AWS Glue DataBrew |
| AWS Ground Station |
| AWS Health Dashboard |
| AWS HealthImaging |
| AWS Healthlake |
| AWS HealthOmics |
| AWS IAM Identity Center |
| AWS Identity and Access Management (IAM) |
| AWS IoT Analytics |
| AWS IoT Core |
| AWS IoT Device Defender |
| AWS IoT Device Management |
| AWS IoT Events |
| AWS IoT Greengrass |
| AWS IoT SiteWise |
| AWS IoT TwinMaker |
| AWS Key Management Service (KMS) |
| AWS Lake Formation |
| AWS Lambda |
| AWS License Manager |
| AWS Mainframe Modernization |
| AWS Managed Services |
| AWS Network Firewall |
| AWS OpsWorks [includes Chef Automate, Puppet Enterprise] |
| AWS OpsWorks Stacks |
| AWS Organizations |
| AWS Outposts |
| AWS Payment Cryptography |
| AWS Private Certificate Authority |
| AWS Professional Services (Only in scope of ISO 27001) |
| AWS Resilience Hub |
| AWS Resource Access Manager (RAM) |
| AWS Resource Groups |
| AWS RoboMaker |
| AWS Secrets Manager |
| AWS Security Assurance Services LLC (Only in scope of ISO 27001) |
| AWS Security Hub |
| AWS Serverless Application Repository |
| AWS Service Catalog |
| AWS Shield |
| AWS Signer |
| AWS Snowball |
| AWS Step Functions |
| AWS Storage Gateway |
| AWS Systems Manager |
| AWS Transfer Family |
| AWS Trusted Advisor |
| AWS User Notifications |
| AWS Verified Access |
| AWS WAF |
| AWS Wickr |
| AWS X-Ray |
| EC2 Image Builder |
| Elastic Load Balancing (ELB) |
| FreeRTOS |
| VM Import/Export |
*Namespaces help you identify services across your AWS environment. For example, when you create IAM policies, work with HAQM Resource Names (ARNs), and read AWS CloudTrail logs. Learn more about namespaces on the documentation page.
