以往要取得 AWS 的稽核報告都必須簽署 NDA 並透過 support ticket 取得 (或是找窗口拿),現在 AWS 把這件事情做成一個服務:「Introducing AWS Artifact: Speeding Access to Compliance Reports」。
服務叫做 AWS Artifact,還是要簽保密協議,不過電子化了:
You can start downloading the audit reports in the AWS Management Console today. Many of the documents are confidential and require you to accept Amazon’s confidentiality terms and conditions, but after you review and agree to those terms, you will be granted instant access to review documents.
這樣取得資料就可以透過系統直接拉出來了:
To document the current and historical compliance of the AWS infrastructure and services, many AWS customers provide compliance reports—including those for ISO, SOC, and PCI—to their auditors or regulators.