This is how you can get compliance documentation on AWS:
AWS (AWS Artifact) offers a number of documents for downloading. Different documents require different permissions, which are controlled by a combination of IAM policies and whitelisting.
The Getting Started tutorial can be found on the AWS website using the following URL:
Getting Started with AWS ArtifactThis tutorial shows you how to set up permissions and download reports by completing the following steps:
1. Step 1: Create an Admin Group and Add an IAM User 2. Step 2: Create an IAM Policy 3. Step 3: Create IAM Users 4. Step 4: Download a Document
Original Message:
Sent: 06-02-2020 12:02 PM
From: Anonymous Member
Subject: vendors and cloud software assessment (AWS)
This message was posted by a user wishing to remain anonymous
I would be interested in hearing from others if they have been successful in obtaining other security documentation from 4th Party Vendor cloud providers (AWS, Microsoft Azure, etc.) other than SOC reports? Is this something that we can obtain without difficulty? Just looking for some guidance.
Original Message:
Sent: 05-20-2020 10:15 AM
From: Anonymous Member
Subject: vendors and cloud software assessment (AWS)
This message was posted by a user wishing to remain anonymous
I have a vendor hosting an application in the cloud and due to the "shared cloud responsibility", I'm wondering if requiring reports (i.e. output of trusted advisor, is IAM used?, cloudtrail etc) makes sense? Outside of the SOC2 made available for cloud vendors, what other due diligence would be required for cloud vendors holding PII data?