Last updated on November 15, 2024
AWS Artifact Cheat Sheet
- A self-service central repository of AWS’ security and compliance reports and select online agreements.
- An audit artifact is a piece of evidence that demonstrates that an organization is following a documented process or meeting a specific requirement (business compliant).
- AWS Artifact Reports include the following:
- ISO,
- Service Organization Control (SOC) reports,
- Payment Card Industry (PCI) reports,
- and certifications that validate the implementation and operating effectiveness of AWS security controls.
- AWS Artifacts Agreements include
- the Nondisclosure Agreement (NDA)
- the Business Associate Addendum (BAA), which typically is required for companies that are subject to the HIPAA Act to ensure that protected health information (PHI) is appropriately safeguarded.
- All AWS Accounts with AWS Artifact IAM permissions have access to AWS Artifact. Root users and IAM users with admin permissions can download all audit artifacts available to their account by agreeing to the associated terms and conditions. You will need to grant IAM users with non-admin permissions access to AWS Artifact.
- To use organization agreements in AWS Artifact, your organization must be enabled for all features.
- AWS Artifact Agreements
- AWS Artifact Account Agreements apply only to the individual account you used to sign into AWS.
- AWS Artifact Organization Agreements apply to all accounts in an organization created through AWS Organizations, including the organization’s management account and all member accounts. Only the management account in an organization can accept agreements in AWS Artifact Organization Agreements.
- Management accounts and member accounts of an Organization can have AWS Artifact Account Agreements and AWS Artifact Organization Agreements of the same type in place at the same time.
- If you have accounts in separate organizations that you want covered by an agreement, you must log in to each organization’s management account and accept the relevant agreements through AWS Artifact Organization Agreements.
- Terminating the organization agreement does not terminate the account agreement.
- When a member account is removed from an organization (e.g. by leaving the organization, or by being removed from the organization by the management account), any organization agreements accepted on its behalf will no longer apply to that member account.
- Business Associate Addendum (BAA)
- You can accept the AWS BAA for your individual account, or if you are a management account in an organization, you can accept the AWS BAA on behalf of all accounts in your organization.
- Upon accepting the AWS BAA in AWS Artifact Agreements, you will instantly designate your AWS account(s) for use in connection with protected health information (PHI) and HIPAA.
- If you terminate an online BAA under the Account agreements tab in AWS Artifact, the account you used to sign into AWS will immediately cease to be a HIPAA Account, unless it was also covered by an organization BAA.
- If you are a user of a management account and terminate an online BAA in AWS Artifact, all accounts within your organization will immediately be removed as HIPAA Accounts, unless they were covered by individual account BAAs.
- If you have both an account BAA and an organization BAA in place at the same time, the terms of the organization BAA will apply instead of the terms of the account BAA.
- AWS Australian Notifiable Data Breach Addendum (ANDB Addendum)
- Using the management account of your organization you can use the Organization agreements tab in AWS Artifact Agreements to accept an ANDB Addendum on behalf of all existing and future member accounts in your organization.
- When both the account ANDB Addendum and organizations ANDB Addendum are accepted, the organizations ANDB Addendum will apply instead of the account ANDB Addendum.
- If you terminate an account ANDB Addendum under the Account agreements tab in AWS Artifact, the AWS account you used to sign into AWS Artifact will not be covered by an ANDB Addendum with AWS, unless it is also covered by an organizations ANDB Addendum.
- If you are a user of a management account and terminate an organizations ANDB Addendum within the Organization agreements tab in AWS Artifact, the AWS accounts in that AWS organization will not be covered by an ANDB Addendum with AWS, unless they are covered by an account ANDB Addendum
- Most errors you receive from AWS Artifact can be resolved by adding the necessary IAM permissions.
Note: If you are studying for the AWS Certified Security Specialty exam, we highly recommend that you take our AWS Certified Security – Specialty Practice Exams and read our Security Specialty exam study guide.
AWS Artifact Cheat Sheet References:
https://aws.amazon.com/artifact/
https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html
https://aws.amazon.com/artifact/faq/