Stopping threats with security tools is one thing; "proving that we're following the laws and regulations" is another. Banks, hospitals, and government agencies can't just be safe — they have to submit evidence to auditors. They need to be able to answer questions like "Is the AWS you use certified to ISO 27001?" and "Is this an environment that can handle patient data (HIPAA)?"
Today we'll look at the three pillars of compliance: the tool for obtaining certificates (AWS Artifact), the compliance programs AWS adheres to, and data sovereignty and Region selection, which determine which country your data is stored in.