Banner Image

PCI-DSS Compliant Hosting on Amazon Web Services (AWS)

Protecting card owner information has become very important for e-commerce companies as they have become frequent targets for hackers. In order to safeguard the interests of the card owners, four industry majors, VISA, MasterCard, Discover and American Express, joined hands to create a set of policies and procedures to protect the debit, credit and cash card transactions and to safeguard the personal information of the cardholders. These policies and procedures are collectively known as the Payment Card Industry Data Security Standard (PCI DSS). In simple terms these standards alert companies that they are wholly responsible for the credit card information of their customers. The PCI directs companies to use the information diligently and to store only that information that is required for their business. This white paper provides an overview of architectural features in the AWS cloud that ensure the hosting of e-commerce web applications that are PCI DSS compliant. PCI DSS consists of a set of 12 directives that set industry standards for all companies who directly or indirectly process credit card information.

Key objectives

Some of the key objectives of the PCI DSS are:

  • Build and maintain a safe and secured network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks for any malicious activity
  • Maintain an information security policy


PCI DSS has development a set of 12 requirements. Any system or application that intends to use the credit card information must ensure strict compliance to these requirements. The scope of PCI DSS requirements include:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Protect all systems against malware and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need to know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

PCI-DSS Compliance on AWS

Amazon Web Services (AWS) provides a secure, elastic and compliant hosting environment with the requisite tools to ensure PCI-DSS compliance. The architectural blueprint for hosting applications and data in AWS includes:

  1. Basic AWS identity and Access management configuration with custom IAM policies with associated groups, roles and instance policies.
  2. Amazon Virtual Private Cloud multi A-Z architecture with separate subnets for different application tiers and private subnets for application and database.
  3. Amazon simple storage service (Amazon S3) buckets for encrypted web content, logging and backup data.
  4. Standard Amazon Virtual Private Cloud security groups for Amazon Elastic compute cloud instances and load balances used in the sample application stack
  5. 3-tier Linux web application using Auto Scaling and Elastic Load balancing, which can be modified and /or boot strapped with customer applications
  6. A secured bastion login host to facilitate command line secure shell access to Amazon EC2 instances for troubleshooting and systems administration activities.
  7. Encrypted, Multi – AZ Amazon Relational Database service (Amazon RDS) MySQL database.
  8. Logging, monitoring and alerts using AWS Cloud Trail, Amazon Cloud watch and AWS configuration rules.


Ready for PCI-DSS Compliance?

StackBuilderTM is an easy to use cloud app store front that allows users to quickly select and operate an AWS cloud hosted website, dev & test, data analytics or ecommerce service. The StackBuilderTM cloud app store allows users to quickly deploy and use their PCI DSS compliant e-commerce website hosted on AWS. StackBuilder’s intelligent cloud deployment engine takes care of instance selection, AWS VPC configuration and software installation.

AWS Hosting on StackBuilder
In order to get started with PCI-DSS compliance hosting on AWS go to

Step 1: Select E-commerce as the workload profile and click Next

Step 2: Describe the workload environment in terms of size, security by industry and management model

Step 3: Configure environment by selecting stack – PCI DSS Web App

Step 4: Review Hosting Cost inclusive of software and maintenance fees

Step 5: Fill out form and submit request to provision environment. Once, the environment has been provisioned you will get an email with the access URL and a User Name & Password.

Step 6: Login into the e-commerce application

Step 7: You have now successfully launched the standardized architecture for PCI DSS

StackBuilder for rapidly deploying PCI DSS Compliant Applications in AWS

Ready to get started with your PCI-DSS compliant hosting project ? Send us an email solutions at or call us at 888-964-1644.

Interested in learning more about Cybersecurity and Compliance in Cloud Hosting?

Secure and Scalable Magento Hosting with AWS EC2 and Aurora


Is your business ready for the coming Cybersecurity Tsunami?

Security is critical for SaaS CEO’s and SaaS Investors

Contact Us Please write to us at solutions at stackarmor dot com