AWS Services in Scope by Compliance Program

Canadian Centre for Cyber Security (CCCS)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative?

Unless specifically excluded, generally available features of each of the services are considered in the scope, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

Click here for full list of services covered under the AWS compliance programs.

CCCS

Last updated: April 11, 2025

SERVICES / PROGRAMS	CCCS MEDIUM (formerly PBMM)	Protected B High Value Assets (PBHVA)
HAQM API Gateway	✓	✓
HAQM AppFlow	✓	✓
HAQM AppStream 2.0	✓	✓
HAQM Athena	✓	✓
HAQM Augmented AI [excludes Public Workforce and Vendor Workforce for all features]	✓	✓
HAQM Aurora [feature of HAQM RDS]	✓	✓
HAQM Bedrock [excludes HAQM Bedrock Marketplace]	✓
HAQM Chime	✓	✓
HAQM Chime SDK	✓	✓
HAQM Cloud Directory	✓	✓
HAQM CloudFront [excludes content delivery through HAQM CloudFront Embedded Point of Presences]	✓	✓
HAQM CloudWatch	✓	✓
HAQM Cognito	✓	✓
HAQM Comprehend	✓	✓
HAQM Comprehend Medical	✓	✓
HAQM Connect	✓	✓
HAQM Data Firehose	✓	✓
HAQM Detective	✓	✓
HAQM DevOps Guru	✓	✓
HAQM DocumentDB (with MongoDB compatibility)	✓	✓
HAQM DynamoDB	✓	✓
HAQM Elastic Block Store (EBS)	✓	✓
HAQM Elastic Compute Cloud (HAQM EC2)	✓	✓
HAQM Elastic Container Registry (ECR)	✓	✓
HAQM Elastic Container Service (ECS) [includes ECS Anywhere]	✓	✓
HAQM Elastic File System (EFS)	✓	✓
HAQM Elastic Kubernetes Service (EKS) [includes EKS Anywhere]	✓	✓
HAQM Elastic MapReduce (EMR)	✓	✓
HAQM ElastiCache	✓	✓
HAQM Eventbridge	✓	✓
HAQM FinSpace	✓	✓
HAQM FSx	✓	✓
HAQM GuardDuty	✓	✓
HAQM Inspector	✓	✓
HAQM Kendra	✓	✓
HAQM Keyspaces (for Apache Cassandra)	✓	✓
HAQM Kinesis Data Streams	✓	✓
HAQM Kinesis Video Streams	✓	✓
HAQM Lex	✓	✓
HAQM Location Service	✓	✓
HAQM Macie	✓	✓
HAQM Managed Service for Apache Flink	✓	✓
HAQM Managed Streaming for Apache Kafka	✓	✓
HAQM Managed Workflows for Apache Airflow	✓	✓
HAQM MemoryDB (formerly MemoryDB for Redis)	✓	✓
HAQM MQ	✓	✓
HAQM Neptune	✓	✓
HAQM OpenSearch Service	✓	✓
HAQM Personalize	✓	✓
HAQM Pinpoint and End User Messaging	✓	✓
HAQM Polly	✓	✓
HAQM Quantum Ledger Database (QLDB)	✓	✓
HAQM QuickSight	✓	✓
HAQM Redshift	✓	✓
HAQM Rekognition	✓	✓
HAQM Relational Database Service (RDS)	✓	✓
HAQM Route 53	✓	✓
HAQM S3 Glacier	✓	✓
HAQM SageMaker AI [formerly HAQM Sagemaker]	✓	✓
HAQM Simple Email Service (SES)	✓	✓
HAQM Simple Notification Service (SNS)	✓	✓
HAQM Simple Queue Service (SQS)	✓	✓
HAQM Simple Storage Service (S3)	✓	✓
HAQM Simple Workflow Service (SWF)	✓	✓
HAQM Textract	✓	✓
HAQM Transcribe	✓	✓
HAQM Transcribe Medical	✓	✓
HAQM Translate	✓	✓
HAQM Virtual Private Cloud (VPC)	✓	✓
HAQM VPC Lattice [feature of HAQM VPC]	✓	✓
HAQM WorkSpaces	✓	✓
HAQM WorkSpaces Secure Browser (formerly HAQM Workspaces Web)	✓	✓
AWS Amplify	✓	✓
AWS App Mesh	✓	✓
AWS Application Migration Service (formerly CloudEndure Migration)	✓	✓
AWS AppSync	✓	✓
AWS Audit Manager	✓	✓
AWS Auto Scaling [feature of EC2]	✓	✓
AWS Backup	✓	✓
AWS Batch	✓	✓
AWS Certificate Manager	✓	✓
AWS Chatbot	✓	✓
AWS Cloud Map	✓	✓
AWS Cloud9	✓	✓
AWS CloudFormation	✓	✓
AWS CloudHSM	✓	✓
AWS CloudShell	✓	✓
AWS CloudTrail	✓	✓
AWS CodeBuild	✓	✓
AWS CodeCommit	✓	✓
AWS CodeDeploy	✓	✓
AWS CodePipeline	✓	✓
AWS Config	✓	✓
AWS Control Tower	✓	✓
AWS Database Migration Service	✓	✓
AWS DataSync	✓	✓
AWS Direct Connect	✓	✓
AWS Directory Service [excludes Simple AD]	✓	✓
AWS Elastic Beanstalk	✓	✓
AWS Elastic Disaster Recovery (AWS DRS)	✓	✓
AWS Elemental MediaConnect	✓	✓
AWS Elemental MediaConvert	✓	✓
AWS Elemental MediaLive	✓	✓
AWS Fargate [feature of EKS and ECS]	✓	✓
AWS Fault Injection Service	✓	✓
AWS Firewall Manager [feature of WAF]	✓	✓
AWS Global Accelerator	✓	✓
AWS Glue	✓	✓
AWS Health Dashboard	✓	✓
AWS IAM Identity Center (successor to AWS Single Sign-On)	✓	✓
AWS Identity and Access Management (IAM)	✓	✓
AWS IoT Core	✓	✓
AWS IoT Device Defender	✓	✓
AWS IoT Device Management	✓	✓
AWS IoT Events	✓	✓
AWS IoT Greengrass	✓	✓
AWS IoT SiteWise	✓	✓
AWS Key Management Service	✓	✓
AWS Lake Formation [feature of Glue]	✓	✓
AWS Lambda	✓	✓
AWS License Manager	✓	✓
AWS Mainframe Modernization	✓	✓
AWS Network Firewall	✓	✓
AWS OpsWorks Stacks	✓	✓
AWS Organizations	✓	✓
AWS Outposts	✓	✓
AWS Private Certificate Authority (AWS Private CA)	✓	✓
AWS PrivateLink [feature of HAQM VPC]	✓	✓
AWS Resilience Hub	✓	✓
AWS Resource Access Manager (RAM)	✓	✓
AWS Resource Groups	✓	✓
AWS Secrets Manager	✓	✓
AWS Security Hub	✓	✓
AWS Service Catalog	✓	✓
AWS Shield	✓	✓
AWS Signer	✓	✓
AWS Snowball	✓	✓
AWS Snowcone	✓	✓
AWS Step Functions	✓	✓
AWS Storage Gateway	✓	✓
AWS Systems Manager	✓	✓
AWS Transfer Family	✓	✓
AWS Transit Gateway [feature of HAQM VPC]	✓	✓
AWS Trusted Advisor	✓	✓
AWS VPN [feature of HAQM VPC]	✓	✓
AWS WAF	✓	✓
AWS Wickr	✓	✓
AWS X-Ray	✓	✓
EC2 Image Builder	✓	✓
Elastic Load Balancing [feature of EC2]	✓	✓

AWS Services in Scope by Compliance Program

Canadian Centre for Cyber Security (CCCS)

Want More Information About Services in Scope?

Ending Support for Internet Explorer