AWS and its customers share control over the IT environment, both parties have responsibility for managing the IT environment. AWS’ part in this shared responsibility includes providing its services on a highly secure and controlled platform and providing a wide array of security features customers can use. The customers’ responsibility includes configuring their IT environments in a secure and controlled manner for their purposes. While customers don’t communicate their use and configurations to AWS, AWS does communicate its security and control environment relevant to customers. AWS does this by doing the following: Obtaining industry certifications and independent third-party attestations described in this document Publishing information about the AWS security and control practices in whitepapers and web site content Providing certificates, reports, and other documentation directly to AWS customers under NDA (as required)
Amazon Web Services Risk and Compliance
