I'm new to the PCI world, but need to research ETL (extract-transform-load) solutions for my team to move data from one place to another. I looked in amazon's list of PCI DSS compliant resources, and I noticed Glue is not there. Does this mean Glue should not be used when there is a need for PCI DSS compliance? or does it not need to be because its not storing data, just transforming the data and loading data into an RDS data store?
Asked
Active
Viewed 213 times
1 Answers
4
As per the PCI tab in AWS Services in Scope by Compliance Program Glue is not PCI compliant.
I'm not an auditor but I assume processing credit card data on non-PCI-compliant service is not permitted, even if it's not stored there. I guess in cases like this better be safe than sorry and use only compliant services to cover your back side.
That's what I would do anyway ;)
MLu
- 24,849
- 5
- 59
- 86
-
thanks. I saw and referenced that same list. I was hoping to see it there without a check mark. but it was completely absent making me question whether this was just an out-of-date list or if glue just isn't compliant. But I agree on erring on the side of caution. If I can't get a definitive answer, I won't use it. – JonTroncoso Nov 07 '18 at 10:04
-
You are correct. I have confirmation from the paid AWS technical support: >>> Regarding the first question, as you have correctly pointed out from the docs Glue and Data pipeline service are not yet PCI compliant. I regret the inconvenience that this may cause and I am afraid that I cannot provide an ETA when these services will be PCI compliant. – JonTroncoso Nov 13 '18 at 20:01