AWS Artifact
Self-service portal for AWS compliance reports.
❓ What is it?
A portal for downloading AWS's own audit artifacts — SOC reports, ISO certificates, PCI attestations — and accepting agreements such as the Business Associate Addendum (BAA) for HIPAA workloads.
💡 Why does it exist?
When your auditor asks "is the cloud provider compliant?", you need AWS's evidence, on demand. Artifact is where the shared-responsibility model's AWS half gets documented.
⏱️ When should you use it?
Pull reports during vendor assessments, customer audits, and certification pushes; accept the BAA before processing PHI in AI pipelines.
🗺️ Where does it fit?
Outside the runtime path entirely — a console portal for compliance teams; its documents feed your audit binder, not your architecture.
🔌 How do you integrate it?
Open Artifact in the console, download the needed report under NDA terms, and manage organisation-wide agreements from the same page.
🧩 Commonly integrated with
🎯 Exam angle (AIF-C01)
- "Download AWS SOC/ISO/PCI reports" → Artifact. It provides AWS's compliance evidence, not an assessment of YOUR resources (that is Audit Manager/Config).
- Free, self-service, on demand — no ticket to AWS support needed.