Adding app runner to AWS compliance program

[princepathria97]

Background - Customers may use any AWS service in an account designated as a HIPAA account, but they should only process, store, and transmit protected health information (PHI) in the HIPAA-eligible services defined in the Business Associate Addendum (BAA). Ref. - https://aws.amazon.com/compliance/hipaa-compliance/

This is a feature request for adding App runner to compliance scope. AWS Services in Scope by Compliance Program

[NapalmCodes]

HIPPA compliance is key for our industry. I cannot consider AppRunner until we get some kind of certification here.

[vladshcherbin]

Any news with this one? Would love to use App Runner but w/o HIPAA it's not an option. Looking at Fargate atm.

@napalm684 @princepathria97 and other, what are you using instead until App Runner is HIPAA compliant ?

[NapalmCodes]

Any news with this one? Would love to use App Runner but w/o HIPAA it's not an option. Looking at Fargate atm.

@napalm684 @princepathria97 and other, what are you using instead until App Runner is HIPAA compliant ?

Fargate ECS

[f0rk]

Any progress here? This would be great for us.

[zachallia]

This would be great to have, or at least some information on why it is not covered as it seems under the hood it uses all covered services.

[msetegn]

They have documentation kinda outlining the overall architecture diagram of App Runner services and it is indeed using all of their already compliant services. Find more information here: https://aws.amazon.com/blogs/containers/deep-dive-on-aws-app-runner-vpc-networking/.

[acooper]

I suspect the main issue for app runner getting HIPAA compliance (and others) is that it uses a VPC (at least one per region) that is shared among customers. Ideally, app runner would be able to run in a customer controlled VPC.

[masterbater]

Now there is private vpc, is this hipaa compliant now?

[veeru-artrya]

Would love to see HIPAA compliance in App Runner! It'd be a game-changer for healthcare deployments like ours.