[kstrauser]

Specifically, you have to get them to sign a HIPAA Business Associate Agreement (BAA). The good news is that Amazon makes this an automated process in their compliance portal, so you can knock that out in 5 minutes and then go on with the rest of the planning.

[haldujai]

Also worth noting that not every resource and instance type is covered by a BAA so there’s a bit more to it than just signing an agreement and doing whatever you want.

The responsibility remains with the user rather than the cloud provider to ensure compliance but they will do their part if you set things up correctly.