Amazon Trust Services

Amazon Trust Services
Name	Amazon Trust Services
Type	Certificate authority
Industry	Information technology
Founded	2011
Headquarters	Seattle, Washington
Area served	Worldwide
Key people	Andy Jassy, Werner Vogels
Parent	Amazon.com

Amazon Trust Services Amazon Trust Services is a certificate authority operated by an arm of Amazon.com that issues digital certificates and cryptographic credentials for internet identity and secure communications. It functions within the broader ecosystem of cloud computing and online services alongside entities such as Amazon Web Services, Let's Encrypt, DigiCert, Entrust, and GlobalSign. The organization interacts with standards bodies and regulators including Internet Engineering Task Force, CA/Browser Forum, National Institute of Standards and Technology, Federal Communications Commission, and European Commission.

History

Amazon Trust Services emerged as part of Amazon.com's expansion into infrastructure offerings during the early 2010s, contemporaneous with developments by Mozilla Foundation, Google, Microsoft Corporation, Apple Inc., and Facebook. Its establishment coincided with global shifts in web encryption policy influenced by incidents like the Heartbleed vulnerability and regulatory attention from United States Department of Justice and European Data Protection Board. Partnerships and cross-signing arrangements connected Amazon Trust Services with legacy authorities such as Izenpe, SwissSign, GlobalSign, and commercial entities including Symantec (later assets acquired by DigiCert). Over time, it integrated into compliance regimes shaped by Payment Card Industry Security Standards Council, Health Level Seven International, and standards driven by the Internet Society.

Services and products

Amazon Trust Services offers TLS/SSL certificates, code signing, and identity validation services that support platforms like Amazon Web Services, Amazon CloudFront, Amazon S3, Amazon Elastic Load Balancing, and Amazon API Gateway. Offerings intersect with developer toolchains from GitHub, GitLab, Docker, Kubernetes, and continuous integration systems such as Jenkins and Travis CI. It provides certificate management compatible with protocols and specifications authored by Internet Engineering Task Force, World Wide Web Consortium, OAuth 2.0, and OpenID Connect. Customers span sectors represented by NASDAQ, New York Stock Exchange, Fortune 500, and public institutions like United States Department of Defense contractors and healthcare providers aligned with HIPAA compliance.

Technology and infrastructure

The infrastructure relies on public key infrastructure concepts standardized by Internet Engineering Task Force and hardware security modules similar to those evaluated under FIPS 140-2 and FIPS 140-3, with supply-chain practices connected to vendors such as Intel Corporation, AMD, NVIDIA, Hewlett Packard Enterprise, and Dell Technologies. Operational tooling integrates with cloud orchestration frameworks from HashiCorp, Ansible, Terraform, and observability stacks including Prometheus, Grafana, Elasticsearch, and Kibana. The service supports certificate automation via protocols used by Let's Encrypt and ACME-compatible clients, while cryptographic choices reflect guidance from National Institute of Standards and Technology and algorithm work from RSA Security, Elliptic Curve Cryptography research groups, and OpenSSL development.

Security, compliance, and trustworthiness

Amazon Trust Services participates in audits and assessments by firms such as the American Institute of Certified Public Accountants and common auditors in the space that validate conformity with standards promulgated by CA/Browser Forum, WebTrust, ISO/IEC 27001, and SOC 2. Its trust model interacts with root-program policies administered by platform vendors including Mozilla Foundation, Microsoft Corporation, Apple Inc., and Google. Compliance requirements draw on legislation and frameworks like General Data Protection Regulation, California Consumer Privacy Act, Payment Card Industry Data Security Standard, and procurement rules influenced by Federal Risk and Authorization Management Program. Transparency efforts mirror initiatives by Electronic Frontier Foundation and reporting practices common to certificate authorities such as DigiCert and Entrust.

Governance and organizational structure

Governance is embedded within the corporate structures of Amazon.com and interfaces with technical leadership associated with executives and engineers connected to Amazon Web Services and AWS Leadership. Oversight includes legal, security, and compliance teams that engage external advisory and standards stakeholders such as Internet Engineering Task Force working groups, the CA/Browser Forum board, and industry consortia including Cloud Native Computing Foundation and OpenID Foundation. Corporate governance aligns with public company practices overseen by boards and committees similar to those at Amazon.com and major technology corporations listed on NASDAQ and New York Stock Exchange.

Controversies and incidents

Like other certificate authorities, Amazon Trust Services has faced scrutiny related to certificate issuance, revocation practices, cross-signing, and transparency reporting that echo historical controversies involving Symantec, Comodo, DigiNotar, and WoSign. Incidents in the CA ecosystem, such as misissuance events and root-program disputes involving Mozilla Foundation and Google, inform public debate about trust, prompting governance responses similar to remediation actions taken by DigiCert and regulatory inquiries involving Federal Trade Commission. Security researchers and advocacy groups including Electronic Frontier Foundation and academic teams from institutions like Massachusetts Institute of Technology, Stanford University, and Carnegie Mellon University have examined certificate practices across providers, contributing to broader discussions about transparency and accountability.

Category:Amazon (company) Category:Public key infrastructure