51 HOW TO OPEN THIS ARTIFACT d8 1 Please scroll through to next page to view the artifact downloaded. To access any supporting attachments, click the paperclip icon in the left of this document and double click the file you would like to open. o If you do not see a paperclip icon, right click and select “Show Navigation Pane Buttons”. o Use latest version of Adobe Acrobat Reader (Windows | Mac | Additional guidance) a4 • 50 TERMS AND CONDITIONS f-0 01 You hereby agree that you will not distribute, display, or otherwise make this document available to an individual or entity, unless expressly permitted herein. This document is AWS Confidential Information (as defined in the AWS Customer Agreement), and you may not remove these terms and conditions from this document, nor take excerpts of this document, without Amazon’s express written consent. You may not use this document for purposes competitive with Amazon. e5 67 61 d7 -7 2c 1- 48 ba -b c2 You further (i) acknowledge and agree that you do not acquire any rights against Amazon’s Service Auditors in connection with your receipt or use of this document, and (ii) release Amazon’s Service Auditor from any and all claims or causes of action that you have now or in the future against Amazon’s Service Auditor arising from this document. The foregoing sentence is meant for the benefit of Amazon’s Service Auditors, who are entitled to enforce it. “Service Auditor” means the party that created this document for Amazon or assisted Amazon with creating this document. Amazon Web Services d8 1 SWIPO Code of Conduct for Data Portability and Cloud Service Switching for IaaS Cloud Services 51 AMAZON CONFIDENTIAL CSP Transparency Statement for Amazon Simple Storage Service (Amazon S3) a4 Version 1.0 50 Date: 10 May 2021 f-0 01 This Transparency Statement is designed to assist AWS customers in anticipating their switching and porting needs for Amazon Simple Storage Service (“S3”) and in conformance with applicable SWIPO Code of Conduct for Data Portability and Cloud Service Switching for Iaas Cloud Services requirements. References to defined SWIPO terms contained herein are used exactly as they appear in the SWIPO Common Terminology (Version 2020, Date: 08-07-2020). c2 At AWS, customers (“Cloud Service Customers” or “CSCs”) have full control over the switching and porting process for S3, and as a result, have significant flexibility to adopt a plan best-suited for their needs. Under the Shared Responsibility Model, Amazon S3 relies on receiving a CSC’s instructions before acting on a CSC’s Infrastructure Artefacts. Porting to and from S3 ba 1.1 -b 1. Procedural Requirements (PR01, PR02, PR03, PR06, PR07, SCR01, SCR02, FR01, FR02) 48 S3 has publicly available documentation that provides CSCs with in-depth information on the features/configuration settings available to port Infrastructure Artefacts to and from S3. For a full list of supported features, please see: S3 User Guide: https://docs.aws.amazon.com/AmazonS3/latest/dev/Introduction.html#overview 2c 1- • For documentation on specific switching and porting functionality, please see: • • • Downloading: https://docs.aws.amazon.com/AmazonS3/latest/user-guide/downloadobjects.html Uploading: https://docs.aws.amazon.com/AmazonS3/latest/user-guide/upload-objects.html API-based object retrieval: https://docs.aws.amazon.com/AmazonS3/latest/dev/GettingObjectsUsingAPIs.html Deleting: https://docs.aws.amazon.com/AmazonS3/latest/gsg/DeletingAnObjectandBucket.html 61 d7 -7 • The documentation also provides information about mechanisms that can be used by the CSC to secure the Infrastructure Artefacts both during transfer and at rest when using S3: https://docs.aws.amazon.com/AmazonS3/latest/dev/security.html e5 67 CSCs can also leverage S3’s API commands to download configuration and policy information pertaining to their S3 assets. For more information about GET API, please see: Page 1 of 4 https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/index.html#cliaws-s3api For additional porting considerations related to buckets and metadata, please see: https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html a4 d8 1 51 AMAZON CONFIDENTIAL 50 S3 provides CSCs with the ability to configure storage classes based on their needs. For more information, please see: https://aws.amazon.com/s3/storage-classes/ https://aws.amazon.com/cloud-migration/ https://aws.amazon.com/cloud-migration/how-to-migrate/ f-0 • • 01 AWS also offers other cloud migration solutions both online and offline that CSCs can leverage to port their assets over from S3. For information on cloud migration options available, please see: Charges Associated with Porting (PR04) -b 1.2 c2 For details on the terms covering use of S3 (including intellectual property rights), please refer to the AWS Customer Agreement located at: https://aws.amazon.com/agreement/. ba For a description of charges and terms associated with porting, please refer to AWS service-specific pricing (e.g., for data transfer out), for example on our publicly available S3 pricing pages at: https://aws.amazon.com/s3/pricing/ 48 • 2c 1- 2. Portability Requirements (DP01, DP03, DP07, DP09, SCR01, SCR02) 61 d7 -7 Amazon S3 service is an object storage service that supports APIs that allow a CSC to handle CSC-tocloud-service and cloud-service-to-CSC use cases by uploading/downloading Infrastructure Artefacts through secure connection channels. S3 provides public documentation that provides CSCs in-depth information on the features/configuration settings available in the service for these purposes. The S3 supports many connectivity options that a CSC can leverage to secure the channel for communication. These are detailed in the service documentation. Additionally, S3 provides CSCs with the ability to perform client-side encryption before uploading Infrastructure Artefacts to the cloud. CSCs can leverage the publicly available documentation links below to learn more about the networking and client-side encryption offered by S3. For details, please see: https://docs.aws.amazon.com/AmazonS3/latest/dev/inter-network-traffic-privacy.html https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html e5 67 Page 2 of 4 51 AMAZON CONFIDENTIAL d8 1 CSCs looking to transfer their Infrastructure Artefacts from one cloud service to another can download, make transformations on the data as needed, and move Infrastructure Artefacts to the destination CSP or download Infrastructure Artefacts from the source CSP, make transformations on the data as needed, and upload to AWS. To facilitate porting, S3 CLI/APIs support input/outputs in both JSON and YAML formats. 50 a4 S3 supports the REST API, and it is recommended that CSCs use either the REST API or the AWS SDKs. S3 is designed to be highly flexible. CSCs can store any type and amount of data they want; read the same piece of data a million times or use the service only for emergency disaster recovery; build a simple FTP application, or a sophisticated web application. The functionality described above is supported by a set of clear documentation. For details, please see: 01 S3 Documentation: https://docs.aws.amazon.com/AmazonS3/latest/dev/index.html S3 API Guide: https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html S3 Features: https://aws.amazon.com/s3/features/ SOAP API information: https://docs.aws.amazon.com/AmazonS3/latest/API/APISoap.html f-0 c2 3. Planning Requirements (PLR01, PLR02, PLR03, PLR04, PLR05) ba -b S3 has publicly available documentation (see links above) to help CSCs understand the capabilities of the user, administrator, and business functions related to the service. With regard to interoperability, S3 supports multiple connection mechanisms that CSCs can leverage to connect to the service. For details, please see: https://docs.aws.amazon.com/AmazonS3/latest/userguide/inter-network-traffic-privacy.html https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html https://docs.aws.amazon.com/AmazonS3/latest/dev/optimizing-performance.html 61 d7 -7 2c 1- 48 Under the Shared Responsibility Model, security and compliance responsibilities are divided between AWS and the CSC. S3 has change management controls place and has regular testing and deployments, to ensure that the APIs, console, and service features are operating effectively. The CSC has the responsibility to implement necessary tests to ensure successful connectivity and porting of Infrastructure Artefacts to/from S3. CSCs are responsible for managing their S3 Infrastructure Artefacts in accordance with published best practices: CSCs can also use information contained in the links below to validate the integrity and completeness of their Infrastructure Artefacts stored/retrieved when using S3: https://aws.amazon.com/premiumsupport/knowledge-center/data-integrity-s3/ https://docs.aws.amazon.com/cli/latest/topic/s3-faq.html e5 67 CSCs can leverage the performance tuning guidance provided in the link above to manage effectively their performance needs when using S3. The above link also describes other AWS services and S3 features that can be used by CSCs seeking faster transfer rates. Page 3 of 4 51 AMAZON CONFIDENTIAL d8 1 Finally, AWS offers other cloud migration solutions both online and offline (see links above) that can handle larger volume of data. CSCs can evaluate and use these solutions based on the applicability to its requirements. 4. Transparency Requirements (TR01, TR02, TR03, TR04, TR05, TR06) https://aws.amazon.com/about-aws/whats-new/ https://aws.amazon.com/about-aws/whats-new/storage/?whats-new-content.sortby=item.additionalFields.postDateTime&whats-new-content.sort-order=desc 01 • • 50 a4 AWS understands the importance of transparency in helping customers anticipate their switching and porting needs and offers publically available information about new service-specific features along with changes to existing features. For details, please see: https://aws.amazon.com/blogs/aws/amazon_rss_feed/ e5 67 61 d7 -7 2c 1- 48 ba -b c2 • f-0 CSCs can also elect to receive push notifications of news and changes by signing up for the Amazon RSS Feed: Page 4 of 4
