AWS Artifact — A service that provides on-demand access to AWS security and compliance documents and agreements.
Overview
AWS Artifact is your central repository for AWS compliance documentation — including audit reports, certifications, and agreements with AWS.
Key Insight: When your auditor asks “prove that AWS is compliant,” you use AWS Artifact to download the necessary documentation.
Core Artifact Concepts
| Concept | Description | Key Point |
|---|---|---|
| Audit Reports | Third-party audit reports (SOC, ISO, PCI, etc.) | Prove AWS compliance |
| Agreements | Your agreements with AWS (BAA, MSA) | Legal documents |
| Artifact Reports | Custom compliance reports | Your-specific compliance |
| Artifact Docs | Self-service access to compliance docs | No need to contact support |
Available Documents
Audit Reports
| Report Type | Description |
|---|---|
| SOC 1/2/3 | AICPA SOC reports |
| ISO 27001 | Information security certification |
| ISO 27017/27018 | Cloud security and privacy |
| PCI DSS | Payment card industry compliance |
| FedRAMP | US federal government compliance |
| HIPAA BAA | Business Associate Agreement |
| CSA STAR | Cloud security alliance |
AWS Agreements
| Agreement | Description |
|---|---|
| Business Associate Agreement (BAA) | HIPAA compliance |
| Customer Agreement | Master service agreement |
| Service Terms | Terms of service |
How Artifact Works
flowchart LR Auditor["Auditor"] Regulator["Regulator"] Customer["Customer"] Need["Compliance evidence needed"] Portal["AWS Artifact"] Browse["Browse available reports and agreements"] Select["Select required document"] Download["Download PDF"] Share["Share with stakeholders"] Auditor --> Need Regulator --> Need Customer --> Need Need --> Portal --> Browse --> Select --> Download --> Share
Key Features
| Feature | Description |
|---|---|
| Self-Service | Access documents without contacting AWS support |
| Multi-Account | Aggregates reports for all accounts in organization |
| Sharing | Direct sharing with auditors and regulators |
| Historical Access | Access previous report versions (December 2025 enhancement) |
| Encrypted Download | Secure document transfer |
Use Cases
| Use Case | Description |
|---|---|
| Compliance Audits | Provide auditors with SOC, ISO, PCI reports |
| Regulatory Requirements | Prove compliance to regulators |
| Customer Due Diligence | Share compliance with customers |
| Contractual Requirements | Fulfill AWS agreement obligations |
| Risk Assessment | Review AWS security controls |
Notable Updates
| Date | Update | Why It Matters |
|---|---|---|
| December 2025 | Previous Version Access | Retrieve older report versions directly in Artifact without opening a support case |
| 2025 | Enhanced Sharing | Simpler workflows for sharing compliance documents with auditors and regulators |
Pricing
AWS Artifact is a no-cost service. All compliance documents are available at no charge.
Artifact vs Audit Manager
| Aspect | AWS Artifact | AWS Audit Manager |
|---|---|---|
| Focus | AWS compliance documents | Your compliance evidence |
| Content | AWS reports, certifications | Your resource configurations |
| Use Case | Prove AWS is compliant | Prove YOU are compliant |
| Cost | Free | Varies by support plan |
Use Both: Artifact for AWS compliance; Audit Manager for your compliance.
TL;DR
- AWS Artifact = Central repository for AWS compliance documentation
- Contains = Audit reports (SOC, ISO, PCI), agreements (BAA), certifications
- Use For = Compliance audits, regulatory requirements, customer due diligence
- Self-Service = Download documents without contacting support
- Pricing = Free
- Recent Enhancement = Access previous report versions (Dec 2025)
- Complementary = Use with Audit Manager (Artifact = AWS; Audit Manager = You)
Resources
AWS Artifact Documentation Complete Artifact user guide.
AWS Artifact Console Access compliance documents.
AWS Compliance Programs Overview of all AWS compliance certifications.