Management’s Report of Its Assertions on the Effectiveness of Its Controls Over the Amazon Web Services System Based on the Trust Services Criteria for Security, Availability, and Confidentiality We, as management of Amazon Web Services, Inc., are responsible for:
• Identifying the Amazon Web Services System (System) and describing the boundaries of the System, which are presented in Attachment A
• Identifying our principal service commitments and system requirements
• Identifying the risks that would threaten the achievement of its principal service commitments and system requirements that are the objectives of our system, which are presented in Attachment B
• Identifying, designing, implementing, operating, and monitoring effective controls over the System to mitigate risks that threaten the achievement of the principal service commitments and system requirements
• Selecting the trust services categories that are the basis of our assertion We assert that the controls over the system were effective throughout the period April 1, 2021 to September 30, 2021, to provide reasonable assurance that the principal service commitments and system requirements were achieved based on the criteria relevant to security, availability, and confidentiality set forth in the AICPA’s TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.