From c2eb4084232bf62e8c8859b9ed96591fa98a7acf Mon Sep 17 00:00:00 2001 From: Vasil Lozanov Date: Mon, 25 Feb 2019 12:25:39 +0100 Subject: [PATCH] Update PCI compliancy status of services (#691) --- README.md | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 1e544db..6d9df68 100644 --- a/README.md +++ b/README.md @@ -343,30 +343,30 @@ It’s important to know the maturity of each AWS product. Here is a mostly comp | Service | Original release | Availability | CLI Support | HIPAA Compliant | PCI-DSS Compliant | |------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------------------------------------------|:-----------:|:---------------:|:-----------------:| -| πŸ₯[X-Ray](https://aws.amazon.com/releasenotes/AWS-X-Ray?browse=1) | 2016-12 | General |βœ“ | | | +| πŸ₯[X-Ray](https://aws.amazon.com/releasenotes/AWS-X-Ray?browse=1) | 2016-12 | General |βœ“ | |βœ“ | | πŸ₯[Lex](https://aws.amazon.com/releasenotes/Amazon-Lex?browse=1) | 2016-11 | Preview | | | | -| πŸ₯[Polly](https://aws.amazon.com/releasenotes/Amazon-Polly?browse=1) | 2016-11 | General |βœ“ | | | -| πŸ₯[Rekognition](https://aws.amazon.com/releasenotes/Amazon-Rekognition?browse=1) | 2016-11 | General |βœ“ | | | -| πŸ₯[Athena](http://docs.aws.amazon.com/athena/latest/ug/what-is.html) | 2016-11 | General |βœ“ | | | -| πŸ₯[Batch](http://docs.aws.amazon.com/batch/latest/userguide/what-is-batch.html) | 2016-11 | General |βœ“ | | | +| πŸ₯[Polly](https://aws.amazon.com/releasenotes/Amazon-Polly?browse=1) | 2016-11 | General |βœ“ | |βœ“ | +| πŸ₯[Rekognition](https://aws.amazon.com/releasenotes/Amazon-Rekognition?browse=1) | 2016-11 | General |βœ“ | |βœ“ | +| πŸ₯[Athena](http://docs.aws.amazon.com/athena/latest/ug/what-is.html) | 2016-11 | General |βœ“ | |βœ“ | +| πŸ₯[Batch](http://docs.aws.amazon.com/batch/latest/userguide/what-is-batch.html) | 2016-11 | General |βœ“ | |βœ“ | | πŸ₯[Database Migration Service](https://aws.amazon.com/releasenotes/AWS-Database-Migration-Service?browse=1) | 2016-03 | General | | βœ“ | βœ“ | -| πŸ₯[Certificate Manager](https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/) | 2016-01 | General | βœ“ | | | -| πŸ₯[IoT](https://aws.amazon.com/blogs/aws/aws-iot-now-generally-available/) | 2015-08 | General | βœ“ | | | +| πŸ₯[Certificate Manager](https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/) | 2016-01 | General | βœ“ | |βœ“ | +| πŸ₯[IoT](https://aws.amazon.com/blogs/aws/aws-iot-now-generally-available/) | 2015-08 | General | βœ“ | |βœ“[13](#user-content-pci-iot) | | πŸ₯[WAF](https://aws.amazon.com/releasenotes/AWS-WAF?browse=1) | 2015-10 | General | βœ“ | βœ“ | βœ“ | | πŸ₯[Data Pipeline](https://aws.amazon.com/releasenotes/AWS-Data-Pipeline?browse=1) | 2015-10 | General | βœ“ | | | -| πŸ₯[Elasticsearch](https://aws.amazon.com/releasenotes/Amazon-Elasticsearch-Service?browse=1) | 2015-10 | General | βœ“ | | | +| πŸ₯[Elasticsearch](https://aws.amazon.com/releasenotes/Amazon-Elasticsearch-Service?browse=1) | 2015-10 | General | βœ“ | |βœ“ | | πŸ₯[Aurora](https://aws.amazon.com/releasenotes/2775579329314699) | 2015-07 | General | βœ“ | βœ“[3](#user-content-hipaa-aurora) | βœ“[3](#user-content-hipaa-aurora) | -| πŸ₯[Service Catalog](https://aws.amazon.com/releasenotes/AWS-Service-Catalog?browse=1) | 2015-07 | General | βœ“ | | | +| πŸ₯[Service Catalog](https://aws.amazon.com/releasenotes/AWS-Service-Catalog?browse=1) | 2015-07 | General | βœ“ | |βœ“ | | πŸ₯[Device Farm](https://aws.amazon.com/releasenotes/AWS-Device-Farm?browse=1) | 2015-07 | General | βœ“ | | | | πŸ₯[CodePipeline](https://aws.amazon.com/releasenotes/AWS-CodePipeline?browse=1) | 2015-07 | General | βœ“ | | | -| πŸ₯[CodeCommit](https://aws.amazon.com/releasenotes/AWS-CodeCommit?browse=1) | 2015-07 | General | βœ“ | | | +| πŸ₯[CodeCommit](https://aws.amazon.com/releasenotes/AWS-CodeCommit?browse=1) | 2015-07 | General | βœ“ | |βœ“ | | πŸ₯[API Gateway](https://aws.amazon.com/releasenotes/Amazon-API-Gateway?browse=1) | 2015-07 | General | βœ“ | βœ“[1](#user-content-hipaa-apigateway) | βœ“ | | πŸ₯[Config](https://aws.amazon.com/releasenotes/AWS-Config?browse=1) | 2015-06 | General | βœ“ | | βœ“ | -| πŸ₯[EFS](https://aws.amazon.com/releasenotes/Amazon-EFS?browse=1) | 2015-05 | General | βœ“ | | | +| πŸ₯[EFS](https://aws.amazon.com/releasenotes/Amazon-EFS?browse=1) | 2015-05 | General | βœ“ | |βœ“ | | πŸ₯[Machine Learning](https://aws.amazon.com/releasenotes/AmazonML?browse=1) | 2015-04 | General | βœ“ | | | | [Lambda](https://aws.amazon.com/releasenotes/AWS-Lambda?browse=1) | 2014-11 | General | βœ“ | | βœ“ | | [ECS](https://aws.amazon.com/ecs/release-notes/) | 2014-11 | General | βœ“ | βœ“ | βœ“ | -| [EKS](https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html) | 2018-06 | General | βœ“[12](#user-content-eks-cli) | | | +| [EKS](https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html) | 2018-06 | General | βœ“[12](#user-content-eks-cli) | |βœ“ | | [KMS](https://aws.amazon.com/releasenotes/AWS-KMS?browse=1) | 2014-11 | General | βœ“ | | βœ“ | | [CodeDeploy](https://aws.amazon.com/releasenotes/AWS-CodeDeploy?browse=1) | 2014-11 | General | βœ“ | | | | [Kinesis](https://aws.amazon.com/releasenotes/Amazon-Kinesis?browse=1) | 2013-12 | General | βœ“ | | βœ“[11](#user-content-pci-kinesis) | @@ -380,21 +380,21 @@ It’s important to know the maturity of each AWS product. Here is a mostly comp | [Glacier](https://aws.amazon.com/releasenotes/Amazon-Glacier?browse=1) | 2012-08 | General | βœ“ | βœ“ | βœ“ | | [CloudSearch](https://aws.amazon.com/releasenotes/Amazon-CloudSearch?browse=1) | 2012-04 | General | βœ“ | | | | [SWF](https://aws.amazon.com/releasenotes/Amazon-SWF?browse=1) | 2012-02 | General | βœ“ | | βœ“ | -| [Storage Gateway](https://aws.amazon.com/releasenotes/AWS-Storage-Gateway?browse=1) | 2012-01 | General | βœ“ | | | +| [Storage Gateway](https://aws.amazon.com/releasenotes/AWS-Storage-Gateway?browse=1) | 2012-01 | General | βœ“ | |βœ“ | | [DynamoDB](https://aws.amazon.com/releasenotes/Amazon-DynamoDB?browse=1) | 2012-01 | General | βœ“ | βœ“ | βœ“ | | [DirectConnect](https://aws.amazon.com/releasenotes/AWS-Direct-Connect?browse=1) | 2011-08 | General | βœ“ | βœ“ | βœ“ | -| [ElastiCache](https://aws.amazon.com/releasenotes/Amazon-ElastiCache?browse=1) | 2011-08 | General | βœ“ | | | +| [ElastiCache](https://aws.amazon.com/releasenotes/Amazon-ElastiCache?browse=1) | 2011-08 | General | βœ“ | |βœ“[14](#user-content-pci-elasticache) | | [CloudFormation](https://aws.amazon.com/releasenotes/AWS-CloudFormation?browse=1) | 2011-04 | General | βœ“ | | βœ“ | | [SES](https://aws.amazon.com/releasenotes/Amazon-SES?browse=1) | 2011-01 | General | βœ“ | | | | [Elastic Beanstalk](https://aws.amazon.com/releasenotes/AWS-Elastic-Beanstalk?browse=1) | 2010-12 | General | βœ“ | | βœ“ | | [Route 53](https://aws.amazon.com/releasenotes/Amazon-Route-53?browse=1) | 2010-10 | General | βœ“ | | βœ“ | | [IAM](https://aws.amazon.com/releasenotes/AWS-Identity-and-Access-Management?browse=1) | 2010-09 | General | βœ“ | | βœ“ | -| [SNS](https://aws.amazon.com/releasenotes/Amazon-SNS?browse=1) | 2010-04 | General | βœ“ | βœ“ | | +| [SNS](https://aws.amazon.com/releasenotes/Amazon-SNS?browse=1) | 2010-04 | General | βœ“ | βœ“ | βœ“ | | [EMR](https://aws.amazon.com/releasenotes/Elastic-MapReduce?browse=1) | 2010-04 | General | βœ“ | βœ“ | βœ“ | | [RDS](https://aws.amazon.com/releasenotes/Amazon-RDS?browse=1) | 2009-12 | General | βœ“ |βœ“[2](#user-content-hipaa-rds) |βœ“[9](#user-content-pci-rds) | | [VPC](https://aws.amazon.com/releasenotes/Amazon-VPC?browse=1) | 2009-08 | General | βœ“ | βœ“ | βœ“ | -| [Snowball](https://aws.amazon.com/releasenotes/AWS-ImportExport?browse=1) | 2015-10 | General | βœ“ | βœ“ | | -| [Snowmobile](https://aws.amazon.com/snowmobile/) | 2016-11 | General | | | | +| [Snowball](https://aws.amazon.com/releasenotes/AWS-ImportExport?browse=1) | 2015-10 | General | βœ“ | βœ“ |βœ“[15](#user-content-pci-snowball) | +| [Snowmobile](https://aws.amazon.com/snowmobile/) | 2016-11 | General | | |βœ“ | | [CloudWatch](https://aws.amazon.com/releasenotes/CloudWatch?browse=1) | 2009-05 | General | βœ“ |βœ“ | βœ“ | | [CloudFront](https://aws.amazon.com/releasenotes/CloudFront?browse=1) | 2008-11 | General | βœ“ | βœ“[4](#user-content-hipaa-cloudfront) | βœ“ | | [Fulfillment Web Service](https://aws.amazon.com/releasenotes/Amazon-FWS?browse=1) | 2008-03 | Obsolete? | | | | @@ -418,8 +418,11 @@ It’s important to know the maturity of each AWS product. Here is a mostly comp **8**: Includes S3 Transfer Acceleration
**9**: Includes RDS MySQL, Oracle, PostgreSQL, SQL Server, and MariaDB
**10**: Includes Auto-Scaling
-**11**: Streams only
+**11**: Data Analytics, Streams, Video Streams and Firehose
**12**: Kubernetes uses a custom CLI for Pod/Service management called kubectl. AWS CLI only handles Kubernetes Master concerns
+**13**: IoT Core (includes Device Management) and Greengrass
+**14**: ElastiCache for Redis only
+**15**: Snowball and Snowball Edge
### Compliance @@ -873,7 +876,7 @@ EC2 - Instance user-data is [limited to 16 KB](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-add-user-data). (This limit applies to the data in raw form, not base64-encoded form.) If more data is needed, it can be downloaded from S3 by a user-data script. - Very new accounts may not be able to launch some instance types, such as GPU instances, because of an initially imposed β€œsoft limit” of zero. This limit can be raised by making a support request. See [AWS Service Limits](http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) for the method to make the support request. Note that this limit of zero is [not currently documented](http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ec2). - Since multiple AWS instances all run on the same physical hardware, early cloud adopters encountered what became known as the [Noisy Neighbor problem](https://searchcloudcomputing.techtarget.com/definition/noisy-neighbor-cloud-computing-performance). This feeling of not getting what you are paying for led to [user frustration](https://twitter.com/technicallyjosh/status/668963405831651328), however "steal" may not be the best word to describe what's actually happening based on a [detailed explanation of how the kernel determine steal time](https://support.cloud.engineyard.com/hc/en-us/community/posts/203751578-Explanation-of-Steal-Time). Avoiding having CPU steal affect your application in the cloud may be best handled by [properly designing your cloud architecture](https://www.infoworld.com/article/3073503/cloud-computing/debunking-the-clouds-noisy-neighbor-myth.html). -- AWS [introduced Dedicated Tenancy](https://aws.amazon.com/blogs/aws/amazon-ec2-dedicated-instances/) in 2011. This allows customers to have all resources from a single server. Some saw this as a way to solve the [noisy neighbor problem](https://www.infoworld.com/article/3008225/cloud-computing/amazon-dedicated-hosts-bye-bye-to-noisy-cloud-neighbors.html) since only that customer uses the CPU. This approach comes with a significant risk if that physical system needed any type of maintenance. If a customer had 20 instances running using shared tenancy and one underlying server needed maintenance, only the instance on that server would go offline. If that customer had 20 instances running using dedicated tenancy, when the underlying server needs maintenance, all 20 instances would go offline. +- AWS [introduced Dedicated Tenancy](https://aws.amazon.com/blogs/aws/amazon-ec2-dedicated-instances/) in 2011. This allows customers to have all resources from a single server. Some saw this as a way to solve the [noisy neighbor problem](https://www.infoworld.com/article/3008225/cloud-computing/amazon-dedicated-hosts-bye-bye-to-noisy-cloud-neighbors.html) since only that customer uses the CPU. This approach comes with a significant risk if that physical system needed any type of maintenance. If a customer had 20 instances running using shared tenancy and one underlying server needed maintenance, only the instance on that server would go offline. If that customer had 20 instances running using dedicated tenancy, when the underlying server needs maintenance, all 20 instances would go offline. - πŸ”ΈOnly **i3.metal** type instances providing an ability to run Android x86 emulators on AWS at the moment.