AWS Artifact: Easy On-Demand Access to Security and Compliance Reports

AWS Artifact

If you are an AWS customer who wanted to access AWS’s compliance reports to share with your auditors or review the agreements, you have come to the right place.

AWS Artifact is the solution to your problems. An easy and quick way to access AWS’s compliance documents whenever you need them.

To learn what AWS Artifact is, why you need it, and how to use it, read on.

Contents

What is AWS Artifact?

AWS Artifact is a self-service portal for on-demand access to AWS’s compliance and security reports, also known as audit artifacts. The portal is present in the AWS Management Console. From there, you can download compliance documents like Service Organisation Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies like AWS ISO certifications.

AWS Artifact can be used to accept, manage, and track the status of legal agreements like the Business Associate Addendum (BAA) for individual accounts and all the accounts that are a part of your organization. You can also terminate agreements that are no longer relevant.

Who can use AWS Artifact?

Anybody with an AWS account can access the portal. But only the root users and IAM users with the required admin permissions can download the audit artifacts available to their accounts.

Define: An AWS Identity and Access Management (IAM) user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS.

The administrator is also the only person who has the power to accept or terminate agreements.

If an IAM user doesn’t have admin permissions, you can grant them access to the artifact; refer to this documentation on how to do it.

What is the use of AWS Artifact?

Compliance Reports

Every AWS customer can use the compliance reports to evaluate and validate the AWS infrastructure and services’ compliance and security.

  1. You can submit the reports to show your AWS infrastructure’s current and historical compliance, like cloud architecture and services, to the regulators and auditors.
  2. You can use it if you are interested in using audit artifacts to validate that your AWS-implemented controls operate effectively.
  3. It can help you continuously monitor or audit your suppliers.
  4. These documents can also function as guidelines to design and evaluate your own cloud architecture and assess your company’s internal controls’ effectiveness.

Note: AWS Artifact provides compliance documents about only AWS. You are responsible for providing the reports that demonstrate the compliance and security of your company.

Agreements

Different types of agreements are available in AWS Artifact Agreements to address customers’ needs subject to specific regulations.

  1. You can review, accepts, and terminate AWS agreements like BAA.
  2. It simplifies agreement management by allowing you to accept a single agreement on behalf of all the accounts that are a part of your organization.
  3. Both the present and the future member accounts will be automatically covered under the terms of the agreement.

Note: A BAA is required for companies that need to comply with Health Insurance Portability and Accountability Act (HIPAA).

Getting started with AWS Artifact

You need an AWS account to access AWS Artifact. If you don’t have one, you easily sign up to create one. Since Artifact is part of the AWS free tier, you will not be charged. But you will need to give billing information for the process.

AWS Artifact Sign up

There are more than 85 products in free tier for you to explore and build.

To sign up, click here. You can choose from a personal or business account. Fill in the contact and card information to create an account.

How to download compliance reports?

1. Sign in to AWS Management Console.

2. Search for an artifact in the “Find Services” search field and click on ‘Artifact‘.

Search for artifact

3. On the home page, click on “View Reports” under the “Get Started with Artifact” section on the right-hand side.

View reports

4. You can type a keyword in the search field to locate the reports.

5. Click on the radio button on the left side of the report name and select the “Download report” button.

download report

6. Sometimes, you will be asked to accept the terms and conditions before downloading.

7. You can open the downloaded file only using Adobe Acrobat Reader.

8. You can share the report with your auditors or other members of your company by permitting them to use IAM policies.

Note: AWS classifies reports into two types, public and confidential. Anyone with an AWS account can access public reports. Confidential ones require approval from Amazon and sometimes can ask you to sign an NDA.

How do accept agreements?

1. Sign in to AWS Management Console.

2. Search for an artifact in the “Find Services” search field and click on “Artifact“.

3. On the home page, click on “View Agreements” under the “Get Started with Artifact” section on the right-hand side.

4. For downloading the agreement, click on the radio button on the left side of the agreement name and select the “Download Agreement” button.

5. Before the download starts, you need to review the Non-Disclosure Agreement (NDA) and accept it.

6. For accepting the agreement, click on the radio button on the left side of the agreement name and select the “Accept Agreement” button.

accept agreement

Note: Only the master account can accept agreements.

Also, Read >>> How Can ServiceBench Help in Managing Service Application?

FAQs on AWS Artifact

What is AWS Artifact?

It is a self-service portal that provides you with on-demand access to AWS’ compliance documentation and agreements.

Is it free to access?

Yes, you can access reports and agreements without facing any charge. They are part of the free tier of AWS.

Is there a limit on the number of reports I can download?

No, you can download all the available reports as many times as you want.

In the end…

AWS Artifact provides your organization with a free self-service portal that can help you review and manage security and compliance reports of AWS infrastructure. It helps ensure you meet the security and compliance standards set by the regulators. It makes it easy to deal with the auditors and handle regulatory requirements. It also helps you manage and accept agreements made with AWS for your entire organization with ease.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top