AWS Artifact

As distinct from CodeArtifact & Artifactory, this is a much less interactive “Service” than those typically encountered within AWS Console… to the extent that I was surprised to find it classed as such, i.e. as an asset equivalent to EC2, S3, SageMaker; under the same information architecture. After all, the typical service interactively offers something broadly approximating either compute or storage.

Artifact is just a set of documents (“artifacts”) describing security policy. The interactive element is limited to the customer’s having to digitally sign an NDA before being able to access specific files like “FedRAMP Partner Package” and “Cloud Computing Compliance Controls Catalogue” (“C5”) that are downloadable from this interface. You can see that process being demoed here by Brandon Rich (Adjunct Professor at the University of Notre Dame).

Further ambiguity comes from the use of “artifact” throughout the API endpoints of other Services; e.g. AWS Toolkit where artifact guid has caused confusion for developers. Perhaps we valuably ask “Who is the audience for AWS Artifact?” and derive some insight from considering how governance professionals (corporate governance, data governance, etc) are expected to use it: as a single source of truth for security policy and SLAs, to inform strategy & project design. Perhaps also enterprise architects… but not typically any of the builders or architects to whom most Services are catering.

Does it feature in Certified Solution Architect and/or other certifications available for AWS? According to this cheat sheet site, Yes. Is there an equivalent phenomenon on GCP and/or Azure? Possibly.