AWS Artifact Explained: A self-service audit artifact retrieval portal accessible from the console, gives on-demand access to AWS compliance materials and AWS agreements.
Downloading AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports, is possible using AWS Artifact Reports.
You can review, accept, and keep track of the status of AWS agreements like the Business Associate Addendum (BAA) using AWS Artifact Agreements.
Additionally, Independent Software Vendors (ISVs) that sell their products on the AWS Marketplace can download security and compliance records such as ISO certifications and Service Organization Control (SOC) reports on demand through AWS Artifact.
It is accessible to all AWS Accounts. By accepting the corresponding terms and conditions, root users and IAM users with admin permissions can download all audit artifacts accessible to their account.
You must use IAM permissions to give IAM users who don’t have admin privileges access to AWS Artifact. This enables you to limit access to other services and resources in your AWS Account while granting a user access to an AWS Artifact.
All reports, or artifacts as they are known by AWS, are divided into two groups: public and confidential. All AWS accounts have access to public artifacts. Confidential artifacts need Amazon’s approval and, in some cases, a non-disclosure agreement from the requesting client in order to be delivered. An administrator with AWS Identity and Access Management permissions can limit or distribute access to an artifact.
AWS is required by the shared responsibility model to secure compliance documents in the cloud, but if a user downloads an agreement, they are still responsible for protecting the downloaded file. A distinctive, trackable watermark is included with each downloaded artifact.
Each report’s description in this includes information about the applicable date ranges, regions, and cloud services.
Imager Source