AWS 服务的隐私功能
AWS 对您的隐私保持警惕,并且我们可以提供当前最灵活、最安全的云计算环境。通过 AWS,您可以拥有自己的数据,控制其位置以及谁可以访问这些数据。我们对 AWS 服务如何处理您上传至 AWS 账户的个人数据(客户数据)保持透明,并提供支持您加密、删除和监控客户数据处理的功能。
您可以放心地使用 AWS 服务,因为您的客户数据会保留在您选择的 AWS 区域内。少量 AWS 服务涉及客户数据传输,例如,出于开发和改进服务的需要,您可以在此过程中选择退出传输,或者因为传输是服务(例如内容分发服务)的重要部分。我们禁止且我们的系统旨在防止 AWS 人员出于任何目的(包括服务维护)远程访问客户数据,除非您要求访问或者出于防止欺诈和滥用或遵守法律的需要。有关 AWS 如何设计其系统以防止 AWS 员工未经授权访问客户数据的相关信息,您可以访问我们的 AWS 操作员访问网页以获取更多信息。
我们将会在下面提供 AWS 服务的关键隐私功能概述,您可以使用这些服务来根据欧盟法院的 Schrems II 判决以及欧盟数据保护委员会有关补充传输工具措施的建议 01/2020 执行数据传输评测。要了解更多信息,请参阅我们关于了解 AWS 上的 GDPR 合规性的白皮书。
请参阅 AWS 安全文档以了解有关下列 AWS 服务如何支持客户加密、删除和监控客户数据处理的更多信息。
| AWS 服务 | 客户可以加密 | 客户可以删除 | 客户可以监控处理 | 无远程访问* |
|---|---|---|---|---|
| Amazon API Gateway | ✓ | ✓ | ✓ | ✓ |
| Amazon AppFlow | ✓ | ✓ | ✓ | ✓
|
| Amazon AppStream 2.0 | ✓ | ✓ | ✓ | ✓
|
| Amazon AppStream 2.0 用户池 | ✓ | ✓ | ✓ | ✓
|
| Amazon Athena | ✓ | ✓ | ✓ | ✓
|
| Amazon Augmented AI (A2I) | ✓ | ✓
|
✓ | ✓ |
| Amazon Aurora | ✓ | ✓ | ✓ | ✓
|
| Amazon Bedrock1 | ✓ | ✓ | ✓ | ✓
|
| Amazon Braket | ✓ | ✓ | ✓ | ✓ |
| Amazon Chime | ✓ | ✓ | ✓ | ✓
|
| Amazon Cloud Directory | ✓ | ✓ | ✓ | ✓
|
| Amazon CloudFront | ✓ | ✓ | ✓ | ✓
|
| Amazon CloudWatch | ✓ | ✓ | ✓ | ✓
|
| Amazon CloudWatch Logs
|
✓ | ✓ | ✓ | ✓
|
| Amazon CodeGuru Profiler | ✓ | ✓ | ✓ | ✓ |
| Amazon CodeGuru Reviewer | ✓ | ✓ | ✓ | ✓
|
| Amazon Cognito | ✓ | ✓ | ✓ | ✓
|
| Amazon Comprehend | ✓ | ✓ | ✓ | ✓
|
| Amazon Connect2 | ✓ | ✓ | ✓ | ✓
|
| Amazon Detective | ✓ | ✓ | ✓ | ✓
|
| Amazon DocumentDB (与 MongoDB 兼容) | ✓ | ✓ | ✓ | ✓
|
| Amazon DynamoDB | ✓ | ✓ | ✓ | ✓
|
| Amazon Elastic Block Store (Amazon EBS) | ✓ | ✓ | ✓ | ✓
|
| Amazon Elastic Compute Cloud (Amazon EC2) | ✓ | ✓ | ✓ | ✓
|
| Amazon Elastic Container Registry (Amazon ECR) | ✓ | ✓ | ✓
|
✓
|
| Amazon Elastic Container Service (Amazon ECS) | ✓ | ✓ | ✓ | ✓
|
| Amazon Elastic File System (Amazon EFS) | ✓ | ✓
|
✓
|
✓
|
| Amazon Elastic Kubernetes Service (Amazon EKS) | ✓ | ✓
|
✓
|
✓
|
| Amazon ElastiCache for Memcached3 | ✓2 | ✓ | ✓
|
✓
|
| Amazon ElastiCache for Redis | ✓ | ✓
|
✓
|
✓
|
| Amazon EMR | ✓ | ✓
|
✓
|
✓
|
| Amazon EventBridge | ✓ | ✓
|
✓
|
✓
|
| Amazon Forecast | ✓ | ✓
|
✓
|
✓ |
| Amazon Fraud Detector | ✓ | ✓
|
✓
|
✓
|
| 适用于 Lustre 的 Amazon FSx | ✓ | ✓ | ✓
|
✓
|
| 适用于 ONTAP 的 Amazon FSx | ✓ | ✓
|
✓
|
✓
|
| 适用于 OpenZFS 的 Amazon FSx | ✓ | ✓
|
✓
|
✓
|
| 适用于 Windows File Server 的 Amazon FSx | ✓ | ✓
|
✓
|
✓
|
| Amazon GameLift | ✓ | ✓
|
✓
|
✓
|
| Amazon GuardDuty | ✓ | ✓
|
✓
|
✓
|
| Amazon Healthlake | ✓ | ✓ | ✓ | ✓
|
| Amazon Inspector | ✓ | ✓
|
✓
|
✓
|
| Amazon Inspector Classic | ✓ | ✓
|
✓
|
✓
|
| Amazon Interactive Video Service (IVS) | ✓ | ✓
|
✓
|
✓
|
| Amazon Kendra | ✓ | ✓
|
✓
|
✓
|
| Amazon Keyspaces | ✓ | ✓ | ✓ | ✓
|
| 面向 Java 应用程序的适用于 Apache Flink 的亚马逊托管服务 | ✓ | ✓
|
✓
|
✓
|
| 面向 SQL 应用程序的适用于 Apache Flink 的亚马逊托管服务 | ✓ | ✓
|
✓
|
✓
|
| Amazon Kinesis Data Firehose | ✓ | ✓
|
✓
|
✓
|
| Amazon Kinesis Data Streams | ✓ | ✓
|
✓
|
✓
|
| Amazon Kinesis VideoStreams | ✓ | ✓
|
✓
|
✓
|
| Amazon Lex | ✓ | ✓
|
✓
|
✓
|
| Amazon Lightsail | ✓ | ✓
|
✓
|
✓
|
| Amazon Location Service | ✓ | ✓
|
✓
|
✓
|
| Amazon Macie | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Blockchain (AMB) | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Service for Grafana (AMG) | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Service for Prometheus (AMP) | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Streaming for Kafka (MSK) | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Workflows for Apache Airflow (MWAA) | ✓ | ✓
|
✓
|
✓
|
| 适用于 Redis 的 Amazon MemoryDB | ✓ | ✓
|
✓
|
✓
|
| Amazon MQ | ✓ | ✓
|
✓
|
✓
|
| Amazon Neptune | ✓ | ✓
|
✓
|
✓
|
| Amazon OpenSearch Service | ✓ | ✓ | ✓ | ✓
|
| Amazon Personalize | ✓ | ✓ | ✓ | ✓
|
| Amazon Pinpoint | ✓ | ✓ | ✓ | ✓
|
| Amazon Polly | ✓ | ✓ | ✓ | ✓
|
| Amazon Q Business | ✓ | ✓ | ✓ | ✓
|
| Amazon Q 开发者版 | ✓ | ✓ | ✓ | ✓
|
| Amazon QuickSight2 | ✓ | ✓ | ✓ | ✓
|
| Amazon Redshift | ✓ | ✓ | ✓ | ✓
|
| Amazon Rekognition | ✓ | ✓
|
✓
|
✓
|
| Amazon Relational Database Service (Amazon RDS) | ✓ | ✓
|
✓
|
✓
|
| Amazon SageMaker | ✓ | ✓
|
✓
|
✓ |
| Amazon Simple Email Service (Amazon SES) | ✓ | ✓
|
✓
|
✓
|
| Amazon Simple Notification Service (Amazon SNS) | ✓ | ✓
|
✓
|
✓
|
| Amazon Simple Queue Service (Amazon SQS) | ✓ | ✓ | ✓ | ✓
|
| Amazon Simple Storage Service (Amazon S3) | ✓ | ✓
|
✓
|
✓
|
| Amazon Simple Storage Service Glacier | ✓ | ✓
|
✓
|
✓
|
| Amazon Simple Workflow Service (Amazon SWF) | ✓ | ✓
|
✓
|
✓
|
| Amazon Textract | ✓ | ✓
|
✓
|
✓
|
| Amazon Timestream | ✓ | ✓
|
✓
|
✓
|
| Amazon Transcribe
|
✓ | ✓
|
✓
|
✓
|
| Amazon Translate | ✓ | ✓
|
✓
|
✓
|
| Amazon Virtual Private Cloud (Amazon VPC) | ✓ | ✓
|
✓
|
✓
|
| Amazon WorkDocs | ✓ | ✓
|
✓
|
✓
|
| Amazon WorkLink | ✓ | ✓
|
✓
|
✓
|
| Amazon WorkMail | ✓ | ✓
|
✓
|
✓
|
| Amazon WorkSpaces
|
✓ | ✓
|
✓
|
✓
|
| Amazon WorkSpaces Application Manager (Amazon WAM) | ✓ | ✓
|
✓
|
✓
|
| AWS Amplify | ✓ | ✓
|
✓
|
✓
|
| AWS App Mesh | ✓ | ✓
|
✓
|
✓
|
| AWS App Runner | ✓ | ✓ | ✓
|
✓
|
| AWS Application Discovery Service | ✓
|
✓
|
✓
|
✓
|
| AWS Application Migration Service | ✓
|
✓
|
✓
|
✓
|
| AWS AppSync | ✓
|
✓
|
✓
|
✓
|
| AWS Audit Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Backup | ✓
|
✓
|
✓
|
✓
|
| AWS Certificate Manager (ACM) | ✓
|
✓
|
✓
|
✓
|
| AWS Clean Rooms | ✓
|
✓
|
✓
|
✓
|
| AWS Cloud9 | ✓
|
✓
|
✓
|
✓
|
| AWS CloudFormation | ✓
|
✓
|
✓
|
✓
|
| AWS CloudHSM | ✓
|
✓
|
✓
|
✓
|
| AWS CloudShell | ✓
|
✓
|
✓
|
✓
|
| AWS CloudTrail | ✓
|
✓
|
✓
|
✓
|
| AWS CodeArtifact | ✓
|
✓
|
✓
|
✓ |
| AWS CodeBuild | ✓
|
✓
|
✓
|
✓
|
| AWS CodeCommit | ✓
|
✓
|
✓
|
✓
|
| AWS CodeDeploy | ✓
|
✓
|
✓
|
✓
|
| AWS CodePipeline | ✓
|
✓
|
✓
|
✓
|
| AWS CodeStar | ✓
|
✓
|
✓
|
✓
|
| AWS Config | ✓
|
✓
|
✓
|
✓
|
| AWS Control Tower | ✓
|
✓
|
✓
|
✓
|
| AWS Database Migration Service (AWS DMS) | ✓
|
✓
|
✓
|
✓
|
| AWS Data Exchange | ✓
|
✓
|
✓
|
✓
|
| AWS DataSync | ✓
|
✓
|
✓
|
✓
|
| AWS Device Farm | ✓
|
✓
|
✓
|
✓
|
| AWS DevOps 代理 | ✓ | ✓ | ✓ | ✓ |
| AWS Direct Connect | ✓
|
✓
|
✓
|
✓
|
| AWS Directory Service | ✓
|
✓
|
✓
|
✓
|
| AWS Elastic Beanstalk | ✓
|
✓
|
✓
|
✓
|
| AWS 弹性灾难恢复 | ✓
|
✓
|
✓
|
✓
|
| AWS Elastic Transcoder | ✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaConnect | ✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaConvert
|
✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaLive
|
✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaPackage | ✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaStore | ✓
|
✓
|
✓
|
✓
|
| AWS Entity Resolution 数据匹配服务 | ✓
|
✓
|
✓
|
✓
|
| AWS Fargate | ✓
|
✓
|
✓
|
✓
|
| AWS Firewall Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Global Accelerator | ✓
|
✓
|
✓
|
✓
|
| AWS Glue | ✓
|
✓
|
✓
|
✓
|
| AWS Glue DataBrew | ✓
|
✓
|
✓
|
✓
|
| AWS IAM Identity Center | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Analytics | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Core | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Device Management | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Events | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Greengrass V1
|
✓
|
✓
|
✓
|
✓
|
| AWS IoT Greengrass V2 | ✓
|
✓
|
✓
|
✓
|
| AWS IoT SiteWise | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Things Graph | ✓
|
✓
|
✓
|
✓
|
| AWS IQ | ✓
|
✓
|
✓
|
✓
|
| AWS Key Management Service (AWS KMS) | ✓
|
✓
|
✓
|
✓
|
| AWS Lake Formation | ✓
|
✓
|
✓
|
✓
|
| AWS Lambda | ✓
|
✓
|
✓
|
✓
|
| AWS License Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Migration Hub | ✓
|
✓
|
✓
|
✓
|
| AWS Outposts | ✓
|
✓
|
✓
|
✓
|
| AWS Security Agent | ✓ | ✓ | ✓ | ✓ |
| AWS Secrets Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Security Hub CPSM | ✓
|
✓
|
✓
|
✓
|
| AWS Security Hub | ✓
|
✓
|
✓
|
✓
|
| AWS Serverless Application Repository
|
✓
|
✓
|
✓
|
✓
|
| AWS Service Catalog | ✓
|
✓
|
✓
|
✓
|
| AWS Snowball Edge
|
✓
|
✓
|
✓
|
✓
|
| AWS Snowcone | ✓
|
✓
|
✓
|
✓
|
| AWS Snowmobile | ✓
|
✓
|
✓
|
✓
|
| AWS Step Functions | ✓
|
✓
|
✓
|
✓
|
| AWS Storage Gateway for FSx File Gateway | ✓
|
✓
|
✓
|
✓
|
| AWS Storage Gateway for S3 File Gateway | ✓
|
✓
|
✓
|
✓
|
| AWS Storage Gateway for Tape Gateway | ✓
|
✓
|
✓
|
✓
|
| AWS Storage Gateway for Volume Gateway | ✓
|
✓
|
✓
|
✓
|
| AWS Supply Chain2 | ✓
|
✓ | ✓
|
✓
|
| AWS Systems Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Transfer Family | ✓
|
✓
|
✓
|
✓
|
| AWS Transform | ✓
|
✓
|
✓
|
✓
|
| AWS WAF | ✓
|
✓
|
✓
|
✓
|
| AWS X-Ray | ✓
|
✓
|
✓
|
✓
|
| CloudEndure Disaster Recovery(一家 AWS 公司) | ✓
|
✓
|
✓
|
✓
|
| CloudEndure Migration(一家 AWS 公司) | ✓
|
✓
|
✓
|
✓
|
| FreeRTOS | ✓
|
✓
|
✓
|
✓
|
| Kiro | ✓
|
✓
|
✓
|
✓
|
* 除非您要求访问或者出于防止欺诈和滥用或遵守法律的需要。
1 结合使用您选择的基础模型(FM)进行处理。
2 有关 Amazon Q 的信息,请参阅适用的服务文档。
3 Amazon ElastiCache for Memcached 支持传输中加密。按设计,Memcached 不提供持久磁盘存储,只在客户应用程序需要时将数据存储在内存中。ElastiCache 在选择系列类型 r6g 和 m6g 的 Graviton 实例时,还支持内存加密。所有的数据存储 AWS 服务均提供加密。
客户数据的传输
对于一小部分服务而言,从您所选择的 AWS 区域传输数据是该服务的一项基本功能。例如,如果您选择通过 Amazon Simple Notification Service 发送消息给收件人,则这些消息内容将传输至收件人的位置。有关类似 AWS 服务的列表,请参见下文。
- Amazon AppStream 2.0 用户池
- Amazon Chime
- Amazon CloudFront
- Amazon Cognito*
- AWS IAM Identity Center**
- Amazon Interactive Video Service(IVS)
- Amazon Location Service
- AWS End User Messaging(前身为 Amazon Pinpoint)
- Amazon Simple Email Service
- Amazon Simple Notification Service
- Amazon WorkMail
- AWS Elemental MediaConnect
- AWS IoT Core***
* 在某些情况下,Amazon Cognito 使用 Amazon Simple Email Service(Amazon SES)向用户发送电子邮件,并使用 Amazon Simple notification Service(Amazon SNS)向用户发送短信。如果 Amazon SES 在区域中不可用,Amazon Cognito 将在其他 AWS 区域调用 Amazon SES 的端点。可在此处找到更多信息。同样,如果 Amazon SNS 在区域中不可用,Amazon Cognito 将在其他 AWS 区域调用 Amazon SNS 的端点。可在此处找到更多信息。
** 在某些情况下,AWS IAM Identity Center 使用 Amazon Simple Email Service(Amazon SES)向用户发送电子邮件。如果 Amazon SES 在区域中不可用,IAM Identity Center 将在其他 AWS 区域调用 Amazon SES 的端点。可在此处找到更多信息。
*** 在使用适用于 Amazon Sidewalk 的 IoT Core 功能或启用 HERE 支持的设备定位功能的情况下。
此外,我们的一些服务采用跨区域推理技术,以提升性能或出于其他技术原因,比如为了帮助客户扩展其生成式人工智能工作负载。请参阅此处了解有关跨区域推理服务的更多信息,并参阅 AWS 文档。
一些 AWS 服务在开发和改进这些服务的过程中,可能会涉及传输客户数据。您可以使用适用的服务条款或 AWS 文档中规定的选择退出机制来选择退出这些传输。
- Amazon CodeGuru Profiler
- Amazon Comprehend
- Amazon Connect*
- Amazon Fraud Detector
- Amazon GuardDuty**
- Amazon Lex
- Amazon Polly
- Amazon Q 开发者版免费套餐
- Amazon Rekognition
- Amazon SageMaker 数据代理
- Amazon Textract
- Amazon Transcribe
- Amazon Translate
- AWS Entity Resolution 数据匹配服务
- AWS Security Hub
- AWS Supply Chain
- AWS Transform
- Kiro 免费套餐/个人订阅用户
* 例如,此条目包括 Amazon Connect 的 Contact Lens、Amazon Connect Customer Profiles、Amazon Connect 对外营销宣传、Amazon Q in Connect 以及 Amazon Connect 预测、容量规划和日程安排。请参见服务条款 54.7。
** 如果您启用了新的 Amazon GuardDuty 恶意软件防护功能,此 AWS 服务将涉及数据传输。
AWS European Sovereign Cloud
对于 AWS European Sovereign Cloud 而言,将数据移出您所选的 AWS 区域或由 AWS 人员进行远程访问的限制程度甚至比上述描述还要严格,详情请参阅白皮书 AWS European Sovereign Cloud 概述和 AWS European Sovereign Cloud 附录。