Curriculum Overview: AWS Compliance and Governance Frameworks

This curriculum provides a structured pathway to mastering the identification and management of compliance requirements across various AWS services, a critical component of the AWS Certified Cloud Practitioner (CLF-C02) exam.

## Prerequisites

Before starting this module, students should have a foundational understanding of:

• Cloud Computing Basics: Understanding of On-demand delivery, Pay-as-you-go pricing, and Scalability.
• AWS Global Infrastructure: Familiarity with Regions, Availability Zones, and Edge Locations.
• Identity and Access Management (IAM): Basic knowledge of users, groups, and the principle of least privilege.

## Module Breakdown

## Learning Objectives per Module

Module 1: The Shared Responsibility Model

• Outcome: Differentiate between security "of" the cloud and security "in" the cloud.
• Key Concept: Understand how responsibility shifts based on the service model (e.g., EC2 vs. Lambda).

Module 2: AWS Artifact & Documentation

• Outcome: Locate and download AWS compliance reports (SOC, PCI DSS) for auditors.
• Key Concept: Using AWS Artifact as a central repository for compliance "artifacts."

Module 3: Auditing & Monitoring

• Outcome: Differentiate between API logging (CloudTrail) and resource monitoring (CloudWatch).
• Key Concept: Establishing an audit trail for compliance verification.

Module 4: AWS Config & Audit Manager

• Outcome: Automate the assessment of resource configurations against compliance rules.
• Key Concept: Continuous compliance monitoring and evidence collection.

## Visual Anchors

Compliance Service Ecosystem

The Shift in Responsibility

## Examples: Compliance in Action

[!NOTE] Real-World Scenario 1: Healthcare (HIPAA) A hospital uses AWS to store Patient Health Information (PHI).

• Compliance Step: Use AWS Artifact to sign a Business Associate Addendum (BAA) with AWS.
• Security Step: Enable encryption at rest in Amazon S3 using keys managed by AWS KMS.

[!TIP] Real-World Scenario 2: Finance (PCI DSS) A fintech startup processes credit card payments.

• Compliance Step: Run Amazon Inspector to scan EC2 instances for vulnerabilities required by PCI standards.
• Auditing Step: Use AWS CloudTrail to log every access request to the payment database for future audits.

## Success Metrics

To demonstrate mastery of this curriculum, the student must be able to:

1. Categorize Services: Correctly identify whether a security task (like patching the OS) belongs to AWS or the customer for a given service.
2. Tool Selection: Choose the correct tool for a scenario (e.g., "Which service provides a list of SOC reports?" $\rightarrow$ AWS Artifact).
3. Explain Variation: Describe why the compliance burden is higher for an Amazon EC2 user than for an AWS Lambda user.
4. Tagging Logic: Explain how resource tags can be used to identify assets subject to specific regulations (e.g., tagging a resource as Compliance: HIPAA).

## Real-World Application

Understanding these requirements is essential for roles such as:

• Cloud Architect: Ensuring the architecture meets regional data residency laws (e.g., GDPR).
• Security Analyst: Implementing continuous monitoring to detect deviations from corporate governance.
• Compliance Officer: Gathering evidence for annual audits without manually inspecting every server.

Comparison Table: Audit vs. Config vs. Artifact