Claude Platform on AWS in Practice

Compliance Patterns for Claude Platform on AWS

Auditors don't accept "we use IAM" as an answer. They accept evidence: logs, policies, review records. Here is how the platform's building blocks line up with the questions SOC 2 and ISO 27001 audits actually ask.

Claude 3P 101 · Updated July 2026 · Unofficial guide

When Claude Platform on AWS enters your environment, it enters your audit scope. Frameworks like SOC 2 (a widely used attestation of a service organization's controls) and ISO 27001 (the international information-security management standard) don't name AI services specifically — they ask generic questions about access control, logging, change management, and vendor management. The good news: because this platform's control surface is AWS IAM and CloudTrail, the evidence patterns you already use for other AWS services extend to it. This article maps the pieces; your compliance team and auditor decide how they satisfy your specific control set.

Know who processes what

Start the vendor-management file with the facts of the arrangement. Claude Platform on AWS is Anthropic-operated: Anthropic is the data processor for inference inputs and outputs, while AWS handles authentication, IAM, and Marketplace billing — and data may route to Anthropic's primary cloud rather than residing in AWS. It follows the same data retention policy as the first-party Claude API, with Zero Data Retention available on request through an Anthropic account representative. Anthropic states it has obtained SOC 2 Type I and Type II, ISO 27001:2022, and ISO/IEC 42001:2023 for its commercial products, with reports available through its Trust Center — request the current reports rather than citing this page. Two hard boundaries to record: Anthropic's HIPAA-ready program is not available on Claude Platform on AWS, and Anthropic's docs direct organizations needing FedRAMP High, IL4/IL5, HIPAA readiness, or AWS as sole data processor to Claude in Amazon Bedrock instead. As always, your deployment inherits your providers' compliance postures — confirm specifics with your providers and your own assessors.

Logging: CloudTrail, with one paid checkbox

Audit-logging controls need a tamper-resistant record of administrative and data activity. On this platform, CloudTrail coverage splits in two. Workspace, vault, and webhook actions are management events — logged by default, precisely because vaults and webhooks hold secrets. Inference, batch, model, file, skill, and the remaining Managed Agents actions are data events, logged only if you explicitly enable (paid) data event logging. For a workload in audit scope, enable it — "we log administrative changes but not model invocations" is a finding waiting to happen. Every response also carries an AWS request ID (x-amzn-requestid, indexed in CloudTrail) that ties your application logs to the CloudTrail record.

Access control: IAM policies as the control, reviews as the evidence

Access-control questions ("access restricted to authorized users, least privilege, periodically reviewed") map onto the platform's 65 IAM actions and workspace ARNs. Patterns that review well: least-privilege inference policies scoped to a single workspace ARN; separation of duties via the documented provisioning pattern (a CI/CD role that manages workspaces but holds no inference permissions); and explicit deny statements for data-minimization commitments (denying CreateBatchInference and CreateFile keeps stateful artifacts out of a ZDR-sensitive workspace). Flag the sharp edges in your review procedure: the managed AnthropicInferenceAccess policy's Get*/List* wildcards read all workspace content; suffix wildcards over-match (*File also catches UserProfile actions); and "no delete" intents need care — agents support only archive, and Delete* deny patterns block neither ArchiveAgent nor version deletion via UpdateSkill. Because workspace member management doesn't exist on this platform, your quarterly access review is an IAM review: who can assume which roles touching which workspace ARNs.

The evidence table

Audit questionPlatform mechanismEvidence artifact
Who can invoke the model?IAM policies on workspace ARNs (CreateInference)Policy documents in version control; access-review records
Is activity logged and reviewable?CloudTrail management + enabled data eventsTrail configuration; sample event queries
Are environments segregated?Workspace per environment; region-bound workspacesWorkspace inventory; per-workspace IAM policies
Are changes controlled?IAM and prompts managed as codePull-request history; pipeline approval records
Is the vendor assessed?Anthropic Trust Center reports; AWS agreementsCurrent SOC 2 / ISO reports; DPA and marketplace terms
Is data handling defined?Retention policy; ZDR arrangement; inference_geo controlsContract terms; workspace geo configuration
Hedge, on purpose: nothing here is a compliance conclusion. Control mappings are decided between you and your auditor, and provider certifications cover the provider's side of the shared-responsibility line, not your configuration of it.

Where to go next

The access-control half of this story is expanded in workspace isolation and IAM policy templates; the logging half in CloudTrail logging. For data-handling terms across all four platforms, see the enterprise checklist.

Sources